Financial Consumer Protection in Ireland

Principle 1 states that financial consumer protection should be an integral part of the legal, regulatory and supervisory framework. Financial consumer protection should be comprehensive, cover all financial products and services and should reflect the diversity of national circumstances and global market and regulatory developments within the financial sector. Regulation needs to be tailored and proportionate to the characteristics, risks and variety of financial products, services, providers and consumers and it should be responsive to evolving technology and delivery channels and promote consumers’ financial well-being. There should be robust legal, judicial and supervisory mechanisms in place to safeguard consumers from misconduct, financial fraud, abuses and errors, and sanctions should be imposed when necessary. The regulatory toolkit should be flexible to effectively address emerging risks. Finally, when developing and reviewing policies, relevant governmental and non-governmental stakeholders, including industry, consumer organisations, professional bodies, and research communities must be consulted.

Ireland’s legal, regulatory and supervisory financial consumer protection framework comprises European Union (EU) legislation (as transposed into Irish Law), including guidelines issued by the European Supervisory Authorities (ESAs), Irish domestic legislation, the Central Bank’s codes of conduct and regulations, and the Central Bank’s guidance and supervisory expectations. EU legislation typically sets out either harmonised or minimum standards and provides for firms to be authorised in a single “home” Member State. Firms are then typically able to “passport” from their home Member State into other EU “host” Member States without seeking additional authorisation. Member State requirements (such as domestic legislation or Central Bank codes of conduct and regulations) set out additional consumer protection and conduct of business requirements and may also apply to a firm passporting into a host jurisdiction where EU legislation has not fully harmonised the regime.

Ireland’s legal, regulatory and supervisory framework has elements of both a principles-based system, where regulated firms must comply with a set of broad principles and a rules-based system, where regulated firms need to comply with a set of detailed rules. For example, the Central Bank’s Consumer Protection Code (Code) sets out the General Principles that require firms to act honestly, fairly and professionally in the best interest of its customers (see section 2.1.2 for details on the Code). Similar principles are also included in sectoral legislation such as MiFID II. Moreover, the Central Bank also defines consumer outcomes applying its Retail Conduct Supervisory Framework (see section 2.2.4 for details on the Central Bank’s Retail Conduct Supervisory Framework) and communicating identified risks and expected consumer outcomes in its Regulatory and Supervisory Outlook (Central Bank of Ireland, 2024[1]) and other communications (such as the “Dear CEO” letters, Risk Mitigation Programmes, newsletters).

The following paragraphs provide a description of the key elements of Ireland’s legal, regulatory and supervisory framework relating to financial consumer protection. The report refers to this and other legislation as appropriate, and further detail as regards the standards, requirements and guidance that address each of the FCP Principles is set out in the relevant sections below. Box 2.1 provides a brief overview of different types of firms authorised and regulated by the Central Bank that provide services to consumers.

This section briefly outlines the legislation under which firms are authorised and the key legislation of Ireland’s legal, regulatory and supervisory framework relating to financial consumer protection. Generally, all references to legislation are to the legislation as amended up to the date of the report. It is important to note that, while the Central Bank supervises and enforces compliance with these requirements, individual firms have a responsibility to ensure that they comply with the regulatory requirements applicable to them and to meet their obligations to act in the best interests of their customers.

The Consumer Credit Act 1995 sets out requirements for the advertisement of credit, the form and content of credit agreements and provisions to protect consumers’ interests during the duration of the agreement and at its termination. It also sets out requirements in relation to hire-purchase and consumer hire agreements. Finally, section 149 requires certain firms, including banks and retail credit firms, to notify the Central Bank if they wish to introduce any new customer charges or increase any existing customer charges in respect of certain services, which the Central Bank assesses against the criteria set out in that section.1

The European Union (Consumer Mortgage Credit Agreements) Regulations 2016 transposed into Irish Law the EU Mortgage Credit Directive. These Regulations set out requirements aimed at enhancing consumer protection in the context of residential and non-residential property credit agreements. They establish provisions concerning the transparency of credit terms, disclosure requirements and the provision of information to consumers. Additionally, they address responsible lending practices and the assessment of consumer creditworthiness, and they outline rules regarding the advertising and marketing of credit agreements. The Regulations were recently amended to expand upon the existing forbearance provisions and a list of possible measures are now included as part of that amendment. They also include provisions for mortgage credit intermediaries to assist consumers in undertaking preparatory work or other pre-contractual administration in respect of credit agreements and to conclude credit agreements on behalf of a creditor.

The European Communities (Consumer Credit Agreements) Regulations 2010 transposed into Irish Law the EU Consumer Credit Directive, and aim at enhancing consumer protection, transparency and competition in consumer credit markets. Key provisions include requirements for clear and standardised disclosure to consumers prior to entering into credit agreements, such as total cost of credit, annual percentage rate, repayment schedules and other terms and conditions. The Regulations also mandate responsible lending practices including assessing the creditworthiness of consumers before granting credit and ensuring affordability. The Regulations were recently amended to include a new regulation in relation to forbearance options and a list of possible measures are now included as part of that amendment. The revised Consumer Credit Directive will bring additional types of loans such as crowdfunding credit, interest-free credit products, certain leasing agreements and others into the scope of the EU regulatory regime, although many of these activities are already regulated under Irish law.

The Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Licensed Moneylenders) Regulations 2020 set conduct standards, disclosure obligations, and consumer protection measures for high-cost credit providers (previously known as ‘moneylenders’). For example, they include the requirement that providers of high-cost credit products should take reasonable steps to identify vulnerable consumers (Central Bank of Ireland, 2021[2]). The Consumer Credit Act 1995 sets out interest rate caps on high-cost credit agreements.

The Credit Union Act 1997 established the Central Bank as the regulator of credit unions in Ireland and sets out the requirements for the establishment, governance, and operation of credit unions, including membership eligibility lending practices and financial reporting obligations.

The European Banking Authority (EBA) Guidelines on product oversight and governance arrangements for retail banking products (such as mortgages, personal loans, deposits, payment accounts, payment services and electronic money) provide a framework to ensure the effective management of retail banking products throughout their lifecycle. Key provisions include the requirement for banks to create clear procedures for the development, approval, monitoring and review of retail banking products, including identifying target markets and ensuring that products meet consumer needs. Banks are also required to have a robust governance structure to oversee product development and to integrate product oversight and governance into their overall risk management framework. The guidelines also emphasise the importance of ensuring fair treatment of consumers.

The European Union (Payment Accounts) Regulations 2016 transposed into Irish Law the EU Payment Accounts Directive and set out requirements about transparency and comparability of fees on payment accounts, introduce the right of access to payment accounts with basic features and other rules about switching payment accounts and to facilitate cross-border account opening.

The European Union (Payment Services) Regulations 2018 (PSR) transposed into Irish Law the EU Payment Services Directive 2 (PSD2). The PSR sets out transparency and information requirements for payment services and introduces the requirement for firms to adopt strong customer authentication to improve payment security and reduce risks of fraud. The PSR also facilitates open banking by allowing authorised third-party providers to access account information and payment initiation services, requires firms to provide clear and transparent information about payment transactions, including charges and other terms and conditions, and establishes procedures for handling consumer complaints.

The European Union (Markets in Financial Instruments) Regulations 2017 (MiFID II Regulations) transposed into Irish Law the EU Markets in Financial Instruments Directive (MiFID II). These Regulations, together with the EU Markets in Financial Instruments Regulation (MiFIR), aim at enhancing investor protection, increasing transparency and promoting integrity of financial markets. Concerning financial consumer protection, this legislation requires firms to disclose costs and charges, to ensure suitability and appropriateness of investment products for consumers and to provide clear information on risks associated to the investment product. Firms are also required to manage conflicts of interest to ensure that clients’ interests are protected.

The Investment Intermediaries Act 1995 (IIA) regulates the activities of investment intermediaries and, together with the requirements of the Code, sets requirements that are analogous to certain provisions of the MiFID II Regulations, including provisions relating to conduct of business in respect of their activities such as requirements relating to complaints handling, disclosure and fair treatment of clients.

The European Communities (Undertakings for Collective Investment in Transferable Securities) Regulations 2011 (UCITS Regulations), which transpose Council Directive 2009/65/EC, Commission Directive 2010/EC and Commission Directive 2010/44/EC into Irish law, set out requirements in respect of UCITS, a type of investment fund. The Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Undertakings for Collective Investment in Transferable Securities) Regulations 2019 (the Central Bank UCITS Regulations) consolidate into one location all the requirements which the Central Bank imposes on UCITS, UCITS management companies and depositories of UCITS. UCITS are designed for the retail market and as such are easy for investors to understand. They are subject to disclosure, liquidity, diversification and investment limit rules.

The European Union (Alternative Investment Fund Managers) Regulations 2013 (AIFM Regulations) and the Central Bank’s AIF Rulebook set out requirements for Retail Investor AIFs (RIAIFs). A RIAIF is an alternative investment fund (AIF) authorised by the Central Bank which may be marketed to retail investors. RIAIFs are subject to less investment and eligible asset restrictions than UCITS but are subject to a regime more restrictive than the regime for AIFs that may be marketed to qualifying investors.

Fund management companies are responsible for the investment management, administration and distribution of UCITS and AIFs. Fund management companies can be authorised as UCITS management companies, or Alternative Investment Fund Managers. The eligibility criteria and authorisation/approval requirements for each is set out in the UCITS Regulations and AIFM Regulations, respectively.

The European Union (Insurance Distribution) Regulations 2018 (IDR) transposed the EU Insurance Distribution Directive (IDD) into Irish Law. The IDR regulates how insurance products are designed and distributed in Ireland and it seeks to improve consumer protection standards. More prescriptive rules apply to distributors selling insurance products that have an investment element, for example insurance-based investment products The IDR also requires insurance undertakings and distributors to implement product oversight and governance processes to ensure that recommended products are suitable to a consumers’ needs and objectives. The IDR sets out the information to be given to consumers before they sign an insurance contract. It also imposes conduct of business and transparency rules on distributors. Finally, the IDR seeks to identify and mitigate conflicts of interest, in particular in the area of commissions, and requires insurance distributors to have procedures in place to process consumer complaints promptly and fairly.

The Consumer Insurance Contracts Act 2019 (CICA) sets out requirements relating to protection, clarity, fairness, accountability, and transparency of insurance customer contracts. It applies to both life and non-life insurance. The CICA also prohibits unfair contract terms and requires insurers to handle insurance claims promptly, fairly and transparently. The CICA removed the principle of “utmost good faith” where the onus was on the consumer to disclose all facts and information which a reasonable insurer might consider to be material to the risk for which they are seeking indemnity. The pre-contractual duty of disclosure of a consumer is now confined to providing responses to questions asked by the insurer, and the consumer is not under any duty to volunteer any information over and above that required by such questions.

The European Union (Key Information Documents for Packaged Retail and Insurance-based Investment Products (PRIIPs)) Regulations 2017 transposed into Irish Law the EU Regulation on key information documents for packaged retail and insurance-based products (PRIIPs Regulation). These Regulations set out standardised disclosure requirements for specified investment products including investment funds, life insurance policies with an investment element, structured investment products, structured deposits and financial instruments issued by special purpose vehicles.

The Fitness and Probity Regime (F&P Regime) was introduced under the Central Bank Reform Act 2010 and it requires firms to ensure that individuals in key controlled functions possess the necessary skills, integrity and competence to effectively perform their role and safeguard the interests of consumers. In addition, firms must seek the Central Bank’s pre-approval for appointments to the most senior roles. Firms are also required to monitor the fitness and probity of individuals in key roles and to report any concerns to the Central Bank.

The recently introduced Individual Accountability Framework (IAF) comprises four key elements:

• the Senior Executive Accountability Regime (SEAR), requiring firms in-scope of the SEAR to set out clearly and fully where responsibility and decision-making lie within the firm’s senior management. The SEAR became applicable to executive Pre-Approval Controlled Function (PCF) roles from 1 July 2024 and will apply to (Independent) Non-Executive Directors from 1 July 2025.

• the Common Conduct Standards, which are a set of expected standards of conduct that apply to certain individuals in regulated firms, and the Additional Conduct Standards that apply to senior executives in regulated firms since 29 December 2023,

• the enhancements to the current F&P Regime, clarifying firms’ obligations to proactively certify that individuals carrying out certain specified functions are fit and proper, and

• the amendments to the Administrative Sanctions Procedure (ASP) that allows the Central Bank to take enforcement action under the ASP directly against individuals for breaches of their obligations rather than only for their participation in breaches committed by a firm.

As part of its statutory objectives, the Central Bank provides analysis to support Ireland’s economic policy development. This includes the Central Bank’s advocacy activity for consumer protection in financial services and fair treatment of consumers at local, EU and international levels, including influencing and shaping the financial consumer protection agenda at EU level, for example via participation on the Board and in relevant Committees of European Supervisory Authorities. The Central Bank also provides technical assistance to the Department of Finance on the development of domestic legislation and transposition of EU Directives and responds to consultation papers both at EU and domestic levels.

The Central Bank can introduce standalone codes or regulations to address specific issues or risks as they are identified, and it has the authority to amend both codes and regulations it has issued. For instance, the Central Bank has issued several addenda to the existing Consumer Protection Code (Code) and has recently launched a comprehensive review of the Code as well as its transposition into regulations.

As described above, the Central Bank can impose requirements on regulated firms to ensure that they i) act in the best interests of customers and of the integrity of the market, ii) act honestly, fairly and professionally, and iii) act with due skill, care and diligence. The Central Bank has used these powers in a number of areas, including conduct (e.g. consumer protection, management of conflicts of interest, provision of information, advertising), minimum competency requirements and dealing with customers in vulnerable circumstances. This section describes the main codes of conduct developed by the Central Bank.

In 2006 the Central Bank developed the Code, which introduces certain minimum standards of business that apply to firms providing financial services to consumers in Ireland. Since then, the Code has been amended several times. The Code applies to most regulated entities (Central Bank of Ireland, 2013[3]). However, the Code does not apply to MiFID investment firms (who are subject to investor protection requirements based on EU legislation) nor to the core savings and lending activities of credit unions or to bureaux de change. As part of the review of the Code, it is intended to bring credit unions and bureaux de change fully within its scope.

The Code aims at safeguarding consumers in their dealings with financial institutions setting out principles and rules for regulated firms regarding, inter alia, the provision of clear and understandable information, product suitability, fair treatment of consumers, complaints handling, and advertising of financial services. In 2021 the Central Bank updated its guidance on the Code for firms (Central Bank of Ireland, 2021[4]).

The Central Bank is currently conducting a comprehensive review of the Code. The objectives of the review are to ensure that the revised Code reflects the recent developments in Ireland’s retail financial markets, enhances clarity and predictability of firms’ consumer protection obligations and provides an integrated regulatory format in a more structured manner. The Central Bank published a discussion paper in October 2022 (Central Bank of Ireland, 2022[5]) and a consultation paper in March 2024 (Central Bank of Ireland, 2024[6]). As part of the Central Bank’s consultation on its review of the Code, it is proposed that the Code will be re-issued as statutory regulations including Standards for Business which will build on and update the existing General Principles of the Code. The finalisation of the consultation and the enactment of these new regulations is expected for early 2025. The new regulations will aim to require, among other things, that financial services firms i) act in the best interest of customers and in the integrity of the market, ii) act honestly, fairly and professionally, and iii) act with due skills, care and diligence.

Another code of conduct of the Central Bank is the Code of Conduct on Mortgage Arrears (CCMA), which sets out measures to protect borrowers experiencing difficulties in meeting their mortgage repayments on a primary residence. The CCMA requires firms to follow a mortgage arrears resolution process when dealing with borrowers in or facing mortgage arrears. In accordance with this process, firms must provide borrowers with clear and transparent information and engage in fair and proactive communication with borrowers. They must ensure that communications are proportionate and not excessive, taking into account the borrowers’ circumstances. Firms must also gather relevant information from borrowers using a specified template and examine each case on its individual merits. They must determine which options for alternative repayment arrangements offered by the firm are viable for the particular case, providing borrowers with appropriate and sustainable solutions to help them manage their mortgage arrears effectively. If an alternative repayment arrangement cannot be agreed with the borrower, the firm must inform the borrower about other options (Central Bank of Ireland, 2013[7]).

Other codes of conduct and regulations relevant for this review include: the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Lending to Small and Medium-Sized Enterprises) Regulations 2015; Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Insurance Requirements) Regulations 2022; Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Investment Firms) Regulations 2023; the Code of Conduct on the Switching of Payment Accounts with Payment Service Providers (Central Bank of Ireland, 2016[8]); the Central Bank (Supervision and Enforcement) Act 2013 (Section 48 (1)) Minimum Competency Regulations 2017; the Minimum Competency Code (Central Bank of Ireland, 2017[9]) and the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Licensed Moneylenders) Regulations 2020.The revised Code will incorporate requirements currently set out in the CCMA, Insurance Requirements and Licensed Moneylenders Regulations.

When exercising its power to make regulations under Section 48 of the Central Bank (Supervision and Enforcement) Act 2013, the Central Bank must consider the need to ensure that the requirements imposed are effective and proportionate having regard to the nature, scale and complexity of the activities of regulated financial service providers to whom the regulations will apply. Where appropriate, the Central Bank consults with interested parties during policy development in order to seek, receive, analyse and respond to feedback from all interested and affected parties on what policy response or codes, standards, regulations or guidelines would be most effective and proportionate (Central Bank of Ireland, 2024[10]). The Access to Cash Bill proposes that, before making regulations the Central Bank should also carry out and publish assessments of the costs and benefits of the proposed regulations, including consideration of the potential impacts on customers, and fair competition in financial markets.3

Finally, European Supervisory Authorities (ESA) guidelines and other measures are developed by ESA groups and committees to which the Central Bank contributes. The ESA issue guidelines to ensure the consistent application of EU law and are typically incorporated into the Central Bank’s supervisory practices. Where these guidelines are addressed to market participants, they must make every effort to comply with them. ESA Guidelines are often issued or revised to support the application of new or revised EU legislation.

The Central Bank regularly provides guidance to regulated firms on how to apply the legal, regulatory and supervisory framework and to set its expectations. The tools used include i) Central Bank guidance or Q&A documents, ii) the Central Bank’s Guide to Consumer Protection Risk Assessment, iii) the Central Bank’s Outlook reports, including its Regulatory and Supervisory Outlook starting in 2024 and Consumer Protection Outlook Reports published up to 2023, iv) industry letters and website communications arising from thematic supervision and v) newsletters which are typically issued to consolidate material in one place (Central Bank of Ireland, 2021[11]).

In some cases, for example in the Central Bank’s Consumer Protection Code Guidance, the Central Bank publishes clarifications and guidance on compliance with specific obligations. This guidance is reviewed and supplemented as compliance issues for which guidance is considered appropriate arise. Central Bank Guidance itself is typically not enforceable. However, it serves as a guide to firms on how they should approach compliance with the primary legally binding obligations set out in codes or regulations. In cases where a firm is called to account for actions or inactions (whether in a court, a tribunal/independent body, or by the Central Bank), Guidance would be an interpretative aid and can be called upon by firms.

The Central Bank’s Guide to Consumer Protection Risk Assessment sets out the elements and modules of an appropriate consumer protection risk management framework and how the Central Bank carries out targeted consumer protection risk assessments.

The Central Bank’s Regulatory and Supervisory Outlook (RSO) sets out the Central Bank’s perspective on the key trends and risks shaping the financial sector operating landscape and the Central Bank’s regulatory and supervisory priorities to support the delivery of its strategy over the next two years. The overall risk outlook and sector by sector assessment of trends, risks and vulnerabilities are provided in an integrated way taking account of all elements of the Central Bank’s regulatory and supervisory mandate. In addition, the RSO includes a separate section exploring consumer risk in more detail. The “Consumer Protection Outlook” section sets out the Central Bank’s assessment of the key drivers of consumer risk, and details how the Central Bank expects firms to address the drivers of the risk identified. The key drivers of consumer risk identified in the RSO published in 2024 are: poor business practices and weak business processes, ineffective disclosures to consumers, the changing operational landscape, technology-driven risks to consumer protection, and the impact of shifting business models.

Communications to industry include “Dear CEO” letters, typically following supervisory activity or a particular market development. “Dear CEO” letters are typically published on the website of the Central Bank depending on whether the findings of a particular supervisory activity may provide useful guidance to a broad cohort of firms. Letters may not be published where findings are firm specific or limited to a small number of firms (to avoid identifying particular entities) or where the matter at issue is very technical.

The Central Bank regularly issues newsletters for selected sectors, particularly those where the Central Bank regulates a large number of individual firms that have a similar business model, to consolidate in one place updates on domestic and international developments in the sectors and on the relevant activity of the Central Bank. The newsletters are published every three to six months, depending on the sector. The Central Bank publishes newsletters for intermediaries (Central Bank of Ireland, 2023[12]), insurance companies (Central Bank of Ireland, 2023[13]) and credit unions (Central Bank of Ireland, 2023[14]). The Central Bank may also publish newsletters for other sectors where there is a sufficient volume of developments to make such a publication useful. For example, the Central Bank published a newsletter for high-cost credit providers in H2 2023.

Subject to those sectors within the remit of other authorities as set out in section 1.3, the Central Bank is the competent authority in Ireland for the authorisation of financial services firms. Gatekeeping is a key part of the supervisory framework applied by the Central Bank. The Central Bank is committed to providing a clear, open and transparent authorisation process while ensuring a rigorous assessment of the applicable regulatory standards (Central Bank of Ireland, 2024[15]). While certain aspects of the authorisation process vary across sectors given the differences in business model and type and scale of services provided to end-users, the Central Bank expects each applicant to satisfy the Central Bank that it can meet the authorisation standards set out in the relevant legislation.

The Central Bank sets out authorisation standards and requirements and/or guidance where necessary to complement sectoral legislation and provides application documentation for applicant firms reflecting different sectoral requirements. These are designed to ensure that applicant firms provide the information necessary for the Central Bank to assess applications against relevant legislative and regulatory requirements. Each application for authorisation is assessed on its own merits and in the context of the sector within which it is applying. Firms are not only expected to meet the minimum authorisation standards set out in the legislation, but they are also expected to look beyond the point of authorisation and to be aware of the Central Bank’s broader financial regulation expectations post-authorisation such as those set out in guidelines issued by European Supervisory Authorities and “Dear CEO” letters issued by the Central Bank.

In addition, the application process for all sectors includes the assessment of specified persons responsible for the management and direction of the firm under the Central Bank’s F&P Regime.

The Central Bank publishes a regular report on its performance against regulatory service standards. This includes information about the performance of the Central Bank against the service standards relating to the authorisation of firms and investment funds, approval of prospectuses, assessment of PCF Individual Questionnaire (IQ) applications, and performance of its third-party contact management service. In the period from January to December 2023, all applicable services standards were met (Central Bank of Ireland, 2024[16]). In 2024, the Central Bank also published an Authorisation and Gatekeeping Report which provides information on the Central Bank’s authorisation framework and risk appetite, its priorities and its expectations of applicant firms (Central Bank of Ireland, 2024[17]). The Report also provides insight into the operation of the F&P Regime and key challenges that it sees for firms seeking authorisation. This is the first edition of this report which will be published annually going forward.

To mitigate the risks to consumers arising from firms operating at the perimeter of the legal, regulatory and supervisory framework, the Central Bank undertakes several activities.

First, the Central Bank provides support for consumers to help them understand whether they are dealing with a regulated firm. It publishes warning notices naming people or firms who are providing financial services or holding themselves out to be a regulated financial services provider without having the appropriate authorisation. The Central Bank also publishes registers of authorised firms, as well as a list of the unauthorised firms that have been subject of the warning notices. Second, the Central Bank may become aware that firms are operating at the perimeter of the framework in various ways. This includes receiving protected disclosures, consumer complaints, media reports, conducting analysis of business returns and supervisory activity such as thematic reviews.

A risk posed to consumers in this area is represented by authorised firms providing unregulated services. There are certain products that can be used for financial and investment purposes that do not fall within the regulatory remit of the Central Bank. Examples include real property, certain investments, for example non-transferable loan notes and, up until recently, cryptocurrencies.4 Where a firm authorised by the Central Bank sells unregulated products, consumers may presume that since the firm is regulated, all the services it offers are protected by standard consumer safeguards. The Central Bank may identify this risk during the authorisation process, or through the channels set out above. The Code requires firms to differentiate between regulated and unregulated services, for example by addressing these on separate sections of its website. To further mitigate this risk, the Central Bank may set expectations for firms at the time of authorisation and through the issuance of “Dear CEO” letters with a view to ensuring that disclosures as regards regulatory status of a service are effective. In addition, the review of the Code (see section 2.1.2) includes a proposal relating to “unregulated activities”. The Central Bank proposes that the revised Code will introduce a requirement for firms to take appropriate steps to mitigate the risks that consumers misunderstand an activity to be regulated where this is not the case. This would require firms to clearly distinguish between the firm’s regulated activities and its unregulated activities.

The Central Bank cannot ban a product from an unregulated sector, nor can it extend the regulatory perimeter to include other activities or firms. Decisions to introduce amendments to the regulatory perimeter are made by either the Oireachtas (Ireland’s Parliament) or the European Parliament. The EU Markets in Crypto-Assets Regulation is an example of where policy makers, through primary legislation, have extended the remit of the Central Bank. The Central Bank has a key responsibility to provide advice to policy makers given its consumer protection mandate and, in this regard, can also advocate for changes where appropriate (Central Bank of Ireland, 2022[18]).

Principle 2 stipulates that financial oversight bodies are crucial for protecting financial consumers. They need clear responsibilities, independence and resources to be effective. These bodies must adhere to high standards, avoid conflicts of interest, and have the flexibility to adapt to new challenges. Enforcement measures should be strong, including penalties and sanctions. Collaboration among oversight authorities and international co-operation are essential for ensuring consumer protection in an evolving financial landscape.

The Governor of the Central Bank (Governor) is appointed by the President of Ireland on the advice of the Government. The Governor holds office for seven years and may be reappointed for one additional period of seven years. There are several mechanisms to ensure the independence of the Governor and the Deputy Governors. The procedures for their appointment are transparent and set out in the Central Bank Act 1942. Moreover, there are limited circumstances in which the Governor could cease to hold office, and these are set out in the Central Bank Act 1942.

The Central Bank Reform Act 2010 established the Central Bank Commission (Commission), which comprises the Governor, the Deputy Governors, the Secretary General of the Department of Finance and six members appointed by the Minister of Finance. The objectives of the Commission are to manage and control the activities of the Central Bank, to ensure that the Central Bank’s financial regulation and supervisory functions are co-ordinated and integrated, and to ensure that the statutory powers and functions of the Central Bank are properly exercised and discharged (Central Bank of Ireland, 2024[19]).

The Central Bank is accountable to the Oireachtas. The Central Bank Act 1942 requires the Central Bank to publish a Strategic Plan every three years, and a statement related to the performance of the Central Bank before 30 April each year. The Central Bank Act 1942 also states that the Oireachtas can require the Central Bank officials to provide evidence to inquiries and Central Bank officials appear regularly before parliamentary committees. The Central Bank is also subject to Freedom of Information requirements and is required to respond to written questions submitted to Ministers by Members of the Dáil Éireann (the Lower House of Ireland’s Parliament). The Central Bank responded to 239 parliamentary queries in 2022 and 211 in 2023, half of which related directly to consumer protection topics.

Finally, the Central Bank Act 1942 requires the Central Bank to make arrangements for an international peer review of the performance of its regulatory functions at least every four years.

The mandate of the Central Bank covers the maintenance of price and financial stability through monetary policy and other measures, the soundness of individual firms through prudential supervision, and the protection of consumers and investors through a mix of rules, supervision and enforcement. Regarding the Central Bank’s responsibilities relating to consumer protection, the Central Bank Act 1942 sets out the objectives of the Central Bank which include “proper and effective regulation of financial service providers and markets, while ensuring that the best interests of consumers of financial services are protected”.

The Central Bank is of the view that it has adequate resources (i.e. financial and human resources) and capabilities (i.e. the technical skills of staff and/or the equipment that staff require to fulfil their role) to effectively carry out its financial consumer protection supervisory functions for its current statutory responsibilities. The Central Bank’s Strategy acknowledges the need to invest in new skills and capabilities, become more agile, and look for continuous improvement in its ways of working to meet the challenges of an evolving financial system. Regarding resources, the Central Bank is committed to seeking efficiencies and to prioritising in line with its risk-based approach to supervision. While each new mandate received by a supervisory authority needs to be considered to assess whether additional resources are required, in some cases the Central Bank has assumed new responsibilities such as the authorisation and supervision of Buy Now Pay Later (BNPL) services providers and Personal Contract Plan (PCP) services providers without increasing its headcount, which totalled 2 234 FTEs as of 31 December 2023 (Central Bank of Ireland, 2024[20]).

Regarding capabilities, the Central Bank provides training programmes to address learning needs of its employees including both bespoke programmes (such as One Bank Foundation, One Bank Curriculum and One Bank Leadership Training) as well as supporting employees to undertake further academic and professional qualifications. The Learning and Development function of the Central Bank implemented a Learning and Development Strategy for the period 2023-2026. The goals of the Learning and Development Strategy (L&D Strategy) include developing stronger alignment between learning and development and business goals and building future skills and capabilities. As part of the L&D Strategy, the Central Bank has developed a Technical Training Academy with training content aligned to business needs inclusive of training for supervisors.

The Central Bank’s strategy calls out the need for investment in new skills and capabilities and the importance of ensuring its employees have the tools to use data effectively. The Central Bank’s data strategy aims to increase the data competency of the organisation, including investing in broadening and deepening the Central Bank’s data capabilities. The data strategy also seeks to strengthen data and analytical capabilities and capacity through increased collaboration across the Central Bank and alignment on data initiatives.

The responsibility to implement the Central Bank’s supervisory mandate falls under the Supervisory Risk Committee (SRC). The objectives of the SRC are to develop and maintain the Central Bank’s supervisory strategy, approach and risk-based framework, to oversee the implementation of the supervisory strategy, to monitor and analyse supervisory risks and determine the Central Bank’s response, to lead the Central Bank’s supervision, including deciding on supervisory policies, practices and activities and ensure a “One Bank” approach to supervision. The SRC is also responsible for overseeing international peer reviews of the performance of Central Bank’s regulatory functions.

The Central Bank applies a risk-based supervisory approach and allocates resources and makes interventions based on an assessment of the level of risk posed by individual institutions or sectors within the financial system. To assess and address retail conduct risks, the Central Bank adopts a Retail Conduct Supervisory Framework (RCSF), which includes a Sectoral Supervision Model and a Firm-Specific Model, each conducted over a multi-year supervisory cycle. The next paragraphs provide details on both models.

The Sectoral Supervision Model identifies the key retail conduct risks in each sector. The key stages of the Sectoral Supervision Model are:

• an annual Sectoral Risk Assessment (SRA), which identifies the current and emerging retail conduct risks and sources of potential consumer harm. This process draws on supervisory, policy and behavioural economics expertise within the Central Bank; on knowledge gained from ongoing supervisory interactions with firms and through stakeholder engagement activities (described in section 2.2.11); on risk identification activities (described in section 2.2.6), trigger-based reporting (described in section 2.2.9) and consumer research (described in sections 2.7.3 and 2.8.3); and on Central Bank macro-economic reports, international European Supervisory Authorities (ESAs) reports, and reports on topical issues such as frauds and scams, climate change and cyber-crime. Risks identified during workshops are scored and ranked based on impact and probability.

• risk treatments are developed for each identified retail conduct risk. The particular risk treatment will depend on what is most appropriate to either further assess or address the particular retail conduct risk. Treatments can range from a specific supervisory intervention, such as carrying out a thematic review; an industry communication; a policy intervention; undertaking further research; or issuing a consumer warning.

• the development of a multi-year Sectoral Strategy, which sets out sectoral priorities, desired outcomes and high-level activities to address sectoral risks. There are a number of inputs into Sectoral Strategies including the risks identified through the SRA process and their associated risk treatments; the cross-sectoral risks; the Central Bank’s strategic priorities; the EU and European Supervisory Authorities priorities; the advice from the Central Bank’s Consumer Advisory Group; and the domestic priorities.

• the development and implementation of a Supervisory Engagement Plan to set out an operational plan of work aligned with the Sectoral Strategy.

• a review of the Sectoral Strategy by a Sector Strategy Governance Panel (SSGP), at least once every three years. The SSGP incorporates perspectives from various areas of the Central Bank’s remit (supervisory, policy and research).

• the publication of the Regulatory and Supervisory Outlook Report including the outputs of the SRA (Central Bank of Ireland, 2024[1]).

The Firm-Specific Model applies to a very small number of the most impactful firms, with impact being assessed based on size (i.e. number of customers) and product score (which reflects the relative importance of the product to consumers).

The Central Bank assesses retail conduct risks under the Firm-Specific Model across six key drivers: Business Model and Strategy, Governance and Controls, Product Development, Sales/Transactions Process, Post-sales Handling and People and Culture. To assess the firm-specific risks relating to Business Model and Strategy, the Central Bank seeks to understand:

• the business environment in which the firm operates,

• risks to consumers posed by the firm’s business model and strategy,

• whether the business environment may result in commercial (or other) pressures to make decisions that could ultimately be detrimental for customers.

To assess the firm-specific risks relating to the remaining five risk drivers, the Central Bank uses the Consumer Protection Risk Assessment (CPRA) model. For each of the five drivers, the Guide to CPRA provides examples of positive practices to manage risks to consumers (Central Bank of Ireland, 2017[21]). The outcome of the risk assessments is considered by a Risk Governance Panel (RGP), which comprises supervisors and senior management from different areas of the Central Bank. The RGP has the objective to ensure that a holistic approach has been used and that views from across the Central Bank have been taken into account.

The RCSF also acknowledges that trigger events will occur outside of planned supervisory engagements, which the Central Bank may become aware of through trigger-based reporting from firms (as described in section 2.2.9) or through protected disclosures (as described in section 2.2.10), public contacts, social media monitoring or media queries. Where the risk is more immediate, the RCSF allows the Central Bank to re-focus supervisory resources on the risk that has materialised. Where the event triggers a less urgent risk, action may be built into the supervisory strategy for the following cycle.

The Central Bank has published an explanation of how the Central Bank’s risk prioritisation process is used to identify the risks set out in the Central Bank Outlook reports (Central Bank of Ireland, 2022[22]).

The Central Bank also deploys a risk-based approach in authorising and supervising investment funds and fund management companies. In the case of investment funds which may be marketed to retail investors, such as UCITS, the Central Bank reviews each application for authorisation focusing on the areas of higher risk such as investment objective, policies and strategy, fees and expenses, examining compliance with applicable legislative requirements and considering the appropriateness of an asset class for the end consumer. From a supervisory perspective, the Central Bank may probe to ensure that the investment structure is fully understood by the fund management company and is subject to robust oversight. The Central Bank may also seek to determine whether a particular structure is appropriate for retail investors by considering, for example, investor types that are targeted by the distribution strategy.

The Central Bank’s Retail Conduct Supervisory Framework does not operate in isolation. The Central Bank supervises firms from a i) prudential; ii) retail conduct; iii) wholesale conduct; and iv) anti-money laundering and counter terrorist financing perspective. As such, the Central Bank applies a number of supervisory frameworks to assess the risks that might arise under any and all of these four lenses. Regarding prudential risk, the Central Bank uses a prudential risk framework that categorises firms into different risk categories based on the probability and potential impact of the risk: High impact, Medium-High impact, Medium-Low impact, and Low impact. In discharging its prudential supervisory functions, the Central Bank considers a firm’s business model, governance, risk management and operational capabilities and resilience, which can implicitly protect consumers from harm that can be caused by failure in any of these areas.

In line with its Strategy, the Central Bank is transforming its approach to regulation and supervision. While continuing to be a risk-based framework, the Central Bank’s supervisory framework will evolve to deliver a more integrated approach to supervision, across its overall mandate. This aims to position the Central Bank to continue to meet its objectives and ensure consumers of financial services are protected in a changing and increasingly complex and interconnected financial landscape. The integrated, risk-based supervisory approach incorporates the key aspects of the Retail Conduct Supervisory Framework outlined above. The new supervisory approach will be applied in an integrated way, including for example holistic risk identification for sectors and firms.

The Central Bank regularly uses data in the exercise of its financial consumer protection supervisory functions. The Central Bank’s data policies, procedures and capabilities include data collection, analysis, sharing data across the organisation as well as publication of financial statistics. The next paragraphs describe each of these elements. Policies relating to the protection of personal data and information security policy are described in section 2.11.

The Central Bank regularly collects data from firms via regulatory returns that vary depending on the characteristics of the sector. Regular data returns are submitted via a Portal. The Central Bank has several mechanisms to engage with firms in respect of the submitted returns and analytical tools with which to make use of the data. For example, Central Bank employees can engage with firms in respect to the submitted returns using Unity, the internal interface of the Portal that can analyse the returns using an off-the-shelf data visualisation tool, and OMNI, an analytics application which the Central Bank uses for prudential data. In relation to the funds sector, the Central Bank uses tools to conduct analysis on structured and unstructured data (such as text mining or topic modelling). The Central Bank also collects data from firms on an ad-hoc basis for various purposes, such as thematic supervisory activity or firm-specific work following, for example, a breach or error report, a protected disclosure, or a public contact which, on review, indicates a potential systemic issue.

As the main compiler of Irish financial statistics, the Central Bank also regularly publishes data and commentary on credit and deposit developments, interest rates, investment funds and securities. Statistical data collections also inform the work on consumer protection conducted by the Central Bank and support market analysis. Examples of such collections include mortgage arrears data which provides quarterly updates on volumes and values of mortgages in arrears, restructured mortgages and repossessed properties for both residential and buy-to-let properties. This dataset is used to monitor delinquency and restructuring trends in the market and informs the Central Bank’s consumer protection supervision, for example in the context of its work on mortgage arrears described in section 2.3.3 below.

The Central Bank operates the Central Credit Register (CCR) under the Credit Reporting Act 2013. The CCR is a mandatory, comprehensive database that stores personal and credit information on loans and credit applications and provides credit reports to borrowers and lenders. The CCR started collecting data in July 2017, and began issuing credit reports in March 2018. The Central Bank has begun to use the data contained in the CCR to support its assessment of the risks facing consumers in the credit and lending sectors (see, for example, (Gaffney and Lyons, 2024[23])), as well as to inform its statistical publications.

A third-party review of the Central Bank’s consumer protection sectoral risk assessment process in 2019, and an internal gap analysis of the consumer protection framework, both identified the need to further increase the Central Bank’s use of structured data and further develop a more structured approach to data and analytics. This is an area of financial supervision where the development of quantitative metrics can be more challenging, and innovation is required on how to best monitor consumer and market developments.

This objective is aligned with the Central Bank’s overall strategy which aims to change how it uses data and analytics to drive effectiveness. The strategy identified that key changes were required in how the Central Bank works with data including cross-Bank collaboration, analytical skills, capacity and technology. The Central Bank has undertaken a number of activities to address this. This includes establishing new specialist competency areas (e.g. data science) which operate in a decentralised way across the organisation. The Central Bank has also put in place a new cross-Bank Data Board to provide overall strategic direction on data for the Central Bank, and improve overall data maturity across the organisation. The Central Bank is also working on a new cloud based advanced analytics platform which supports enhanced use of data analytics. A research exchange has also been set up to move beyond conventional analytical techniques and datasets to help answer new questions or approach existing research topics in a new way (Central Bank of Ireland, 2024[24]).

Given the speed of development in the data landscape, the Central Bank continues to develop the appropriate skills and capability to take advantage of new emerging opportunities and tools to use data to support effective consumer protection. Some of the current and future intended focus of this enhanced work to support the Central Bank’s financial consumer protection objectives includes:

• additions and enhancements to the data it currently receives (for example via social media monitoring or via returns received from firms); and

• enhanced use of existing data including through:

  • a robust data governance framework to ensure data is accessible and usable across relevant aspects of its mandate;

  • new tools/platforms to enable the use of advanced analytics including empowering greater use of data to support decision making and overall effectiveness; and

  • ensuring that relevant supervisory teams have the capabilities to use the data and tools available to them. For example, the Central Bank is developing a connected internal system that provides supervisors with access to required supervisory data via a single tool.

The intended outcome is that the Central Bank will move towards a more structured, data driven and data informed approach to retail conduct risk identification.

The Central Bank regulates and supervises over 12 500 entities across financial markets. Table 2.1 provides information on the firms for which Ireland is the home Member State or that have a branch in Ireland, as of 31 December 2023. It does not include the firms that are passporting into Ireland on a Freedom of Services basis.

To monitor these markets and the activities of these firms, the Central Bank conducts a number of activities. These include monitoring complaints data, carrying out on-site inspections, analysing business returns from firms, engaging with stakeholders, surveying consumers, monitoring social media and conducting mystery shopping exercises. This section describes each of these activities. The Central Bank:

• uses consumer complaints data to monitor markets as an input to the annual SRA, to identify potential issues with specific firms and as an input into the selection of firms for the Central Bank’s thematic supervisory activity. Section 2.2.7 provides more information on thematic supervision and section 2.12.4 for more information on use of complaints data.

• conducts on-site inspections as part of its thematic supervision work (see section 2.2.7).

• analyses returns submitted by firms (see section 2.2.5).

• engages with industry, consumer representatives, other public stakeholders and other authorities including at domestic, EU and international levels (see section 2.2.11).

• takes account of information contained in protected disclosures (as described in section 2.2.10) and in queries from the public (as described in section 2.2.11).

• uses a third-party supplier to monitor publicly available social media and online platforms. This information is used by the Central Bank to identify trends on issues and complaints regarding financial services and products. This primarily informs the Central Bank’s SRA process and thematic supervision work and inspections. The Central Bank is currently revising its social media monitoring strategy to encompass more sophisticated, wide-ranging and automated functionality.

• monitors regulated firms’ advertising through thematic supervisory activities to scrutinise content, claims and disclosures to assess compliance with regulatory requirements. For example, in 2023, the Central Bank participated in ESMA’s common supervisory action on the application of MiFID II disclosure rules with regard to marketing and advertising across the European Union. The Central Bank communicated the results of this work in October 2024 (Central Bank of Ireland, 2023[25]). As part of its revised social media monitoring strategy, the Central Bank intends to also include a broader focus on advertising monitoring.

• conducts a market monitoring exercise within the Central Bank twice a year to collate and share information across the Central Bank’s mandate. This includes a survey to various Central Bank teams collecting information on emerging products and related risks to consumers, risks to market integrity and risks to financial stability.

• from a market abuse perspective, conducts re-active work to monitor market prices and suspicious transactions based on the “suspicious transaction order reports” received from trading venues and professionals arranging or executing transactions. From 2024, the Central Bank will also conduct pro-active work to scrutinise order books and executions to detect market abuse.

Finally, the Central Bank has recently resumed the use of mystery shopping, publishing a Consumer Research Bulletin in October 2024 to explain how mystery shopping has provided an enhanced understanding of how investors engage with advertising and marketing materials of investment firms, informing the Central Bank’s supervisory work (Central Bank of Ireland, 2024[26]).

The Central Bank regularly undertakes thematic supervision activities as part of its Supervisory Engagement Plans to mitigate the risks identified in the SRA. Thematic supervision activities involve conducting in-depth assessments of specific risks or themes across a group of regulated entities within an industry sector or across sectors and may focus on a particular product, practice, delivery channel or activity. The objective is typically to assess whether firms are complying with the relevant regulations, implementing guidance or addressing a particular risk. Thematic supervisory activity can also sometimes identify an industry-wide issue which may require introduction or amendment of legislation or regulation to secure appropriate change.

The following list is a sample of the thematic supervisory work (including, but not limited to thematic reviews) undertaken by the Central Bank and published in 2023. This report will refer to these and other activities of the Central Bank as appropriate:

• expectations for payment and e-money institutions in relation to safeguarding, business model and strategic risk, and governance, risk management, conduct and culture following thematic supervisory engagements on these topics (January 2023) (Central Bank of Ireland, 2023[27]);

• review of the costs and fees charged by UCITS (investment funds) (March 2023) (Central Bank of Ireland, 2023[28]);

• targeted reviews on control frameworks and risk appetite statements in MiFID investment firms (March 2023) (Central Bank of Ireland, 2023[29]);

• update on the Central Bank’s work to protect consumers in a changing economic landscape (April 2023) (Central Bank of Ireland, 2023[30]);

• thematic inspection of product oversight and governance in non-life insurance undertakings (June 2023) (Central Bank of Ireland, 2023[31]);

• thematic review on the ongoing suitability of long-term life assurance products (August 2023) (Central Bank of Ireland, 2023[32]);

• review of differential pricing regulations in the private car and home insurance markets (December 2023) (Central Bank of Ireland, 2021[33]);

• thematic review of MiFID investment firms’ application of the costs and charges disclosure requirements in MiFID (December 2023) (Central Bank of Ireland, 2023[25]);

• review of asset valuation in the investment fund sector (December 2023) (Central Bank of Ireland, 2023[34]).

The key steps of thematic reviews include:

• Scoping. The scoping of the thematic review sets out the objectives, methodology, project planning, the analysis related to risks, assumptions, issues and dependencies (RAID) and the internal and external stakeholder engagement plan.

• Firm selection. The decision about which firms to include in the review can be based on a variety of factors including market share (e.g. number of (retail) consumers), impact score, information from business returns including complaints data, compliance history of the firm, market intelligence from supervisors, consumers, members of the public or media reports and the search for appropriate geographic representation.

• Conducting the review. The Central Bank notifies selected firms at the beginning of the review, setting out the documentation to be provided in advance of the inspection and during the on-site inspection, which may include a sample of customer files as well as the firm’s written processes and procedures. In addition to reviewing this documentation, members of the supervisory team typically carry out on-site inspections at the firms’ premises, holding meetings and having walkthroughs with relevant firm personnel. Following on-site inspections, key findings are included in a ‘Firm Specific Report’ that sets out the proposed supervisory findings and proposed actions.

• Thematic Risk Governance Panel (RGP). The outcome of thematic reviews are typically reviewed by a thematic Risk Governance Panel (RGP), which is composed of senior management from the supervising Divisions and other Directorates and subject matter experts. The objective of the RGP is to gather views and expertise from different areas of the Central Bank and to help calibrate the judgements of the supervisory team. Narrowly focused thematic reviews may not have an RGP but rather are subject to governance arrangements within the relevant Directorate.

• Conclusions of the review. The Central Bank notifies firms included in the review of the outcomes, which may include good and bad practices identified across the industry as well as any proposed Risk Mitigation Programme or enforcement actions regarding the particular firm. The Central Bank also publishes a “Dear CEO” letter as appropriate, which sets out the outcomes that are relevant to the industry as a whole.

• Follow up actions. The Central Bank follows up to ensure that Risk Mitigation Programmes are addressed and may also use subsequent thematic reviews to assess whether their desired outcome has been achieved.

The Central Bank regularly communicates its thematic supervision priorities to external stakeholders. For example, the Central Bank’s Regulatory and Supervisory Outlook includes the key drivers of consumer risk identified during the SRA process as well as the expected work of the Central Bank to address those drivers.

The Central Bank also communicates the outcomes of its thematic supervision activities. They are communicated to the firms within the scope of the review using “post-inspection” letters, and publicly using “Dear CEO” letters published on the website of the Central Bank, setting out key findings and expectations for regulated firms. The Central Bank also uses other established channels of communication, such as newsletters, to emphasise and reiterate findings and expectations for the industry.

The Central Bank has a number of supervisory tools and enforcement powers available to require firms to undertake certain activities (such as, for example, audits, remediation programmes, payment of compensation and/or restitution, issue of public notices or provision of information to the Central Bank). Following a statutory investigation, the Central Bank may impose administrative fines and/ or alternative sanctions (such as caution or reprimand, a direction to refund or withhold all or part of an amount of money charged or paid, prohibiting individuals from performing controlled functions), revoke or suspend a firm’s license, authorisation or registration, issue warnings and public notices about unauthorised firms, and apply for criminal prosecution.

The Central Bank takes a targeted and proportionate approach to the use of its enforcement powers. The Central Bank considers how its regulatory objectives are best achieved, following supervisory engagements and guidance and the use of supervisory tools. This means that the Central Bank takes enforcement action only in cases where it believes that such significant action is merited, following a consideration of all the facts of the case, including the seriousness of the suspected breach, the harm or potential harm involved to consumers or investors or financial stability together with its other supervisory priorities, and the particular context of the specific financial services sector.

In terms of supervisory tools, the Central Bank often imposes Risk Mitigation Programmes (RMPs) to require firms to undertake certain activities. RMPs set out the risks identified, the actions required to be undertaken by the firm, a timeframe and the desired outcomes.

For example, in 2020 the Central Bank carried out an exercise to consider any risks arising to consumers of financial products at the beginning of the COVID-19 pandemic. The Central Bank identified business interruption as a potential risk to consumers. While not all business interruption insurance policies provided cover in the circumstances, others did. The Central Bank issued an RMP to firms providing business interruption insurance with policy wordings that were determined to be responsive to the outbreak of COVID-19 in Ireland and where firms had not proactively accepted valid claims early in the process. RMPs included an expectation that these firms identify and contact potentially affected policyholders, assist policyholders in making a claim, were operationally ready to deal with claims and had adequate governance and oversight of the process (Central Bank of Ireland, 2020[35]).

If a firm does not respond to supervisory intervention within a reasonable period of time, the Central Bank may use statutory powers to direct it to take specific action to bring its conduct into compliance with the required regulatory standards. Should the firm fail to comply with a statutory direction or other supervisory measure, or if a firm is identified as an outlier following a thematic review, then enforcement action may be considered.

The Central Bank’s power to ban financial products or services, or specific features of such products or services is limited to insurance-based investment products and investment products (MiFIR and the PRIIPs Regulation are the source of these powers, and they also allow for the prohibition of types of financial activities or practices). In terms of exercising these powers, the Central Bank has used its powers under MiFIR to ban the sale of binary options to retail investors and has restricted the sale of contracts for difference. In some instances, the Central Bank has observed in follow-up reviews to its supervisory activities changes in firms’ product offerings without the exercise of the power to prohibit a product. For example, in 2023 the Central Bank conducted analysis subsequent to its Structured Retail Products Review (Central Bank of Ireland, 2022[36]) and observed that the firms in the sample had removed a particularly complex feature from their product offerings.

The Central Bank can also make regulations for the proper and effective regulation of regulated financial services providers which could include restrictions or prohibitions on certain financial activities or practices. For example, it has banned price walking in the home and motor insurance markets. Price walking in this context refers to a practice where a customer is charged a higher premium the longer they remain with an insurance provider and for no reason other than staying with the same provider. As a result of the ban on price walking, insurance providers cannot charge retail consumers who are on their second or subsequent renewal a premium higher than they would have charged them if they were a year one renewal consumer at that point in time (Central Bank of Ireland, 2021[33]).

In 2022, the Central Bank concluded 8 Administrative Sanction Procedures (ASP), imposed 1 individual sanction under the securities markets assessor regime, published 112 warning notices in respect to unauthorised firms (which represents a 24% increase compared to 2021), refused the pre-approval of 3 individuals on Fitness and Probity grounds, issued 2 prohibition notices and imposed over EUR 213 million in fines, which was the highest amount imposed in a single year (Central Bank of Ireland, 2023[37]).

Table 2.2 shows the number of outcomes under the administrative sanction procedures, the securities markets assessor regime, prohibitions under the Fitness and Probity Regime (F&P Regime), involuntary revocations of authorisation and the warning notices issued regarding unauthorised firms in 2021, 2022 and 2023.

The Central Bank typically publishes the outcome of its enforcement actions to external stakeholders where permitted in accordance with its statutory powers (Central Bank of Ireland, 2024[38]). This is done by publishing public notices on the Central Bank website (including ASP, prohibition notices and revocations notices) as well as publishing aggregate statistics on the number of actions and the total fines in the Central Bank’s annual report. While enforcement priorities are not published, supervisory priorities set on an annual basis may inform enforcement priorities.

As described in section 2.12, the Financial Services and Pensions Ombudsman (FSPO) has the statutory function of resolving complaints about the conduct of regulated financial service providers and pension providers. However, the Central Bank also has powers to require firms to compensate customers in the form of:

• Redress. Since 2013 the Central Bank has the power to direct a regulated firm to make redress to customers in those circumstances where the Central Bank considers that defaults by the regulated firm (such as charging a customer an amount that the firm is not entitled to charge, or providing a service that the customer did not agree to receive, or providing the customer with inaccurate information which influences the customer in making a decision about any financial service, or providing a customer with a financial service which was not suitable for the customer at the time it was provided, or a failure of the firm’s systems and controls) have been widespread and that, as a result of those defaults, the customers have been harmed; and

• Restitution. Where a regulated firm has been convicted of an offense or has been subject of an administrative sanction, and the regulated firm was unjustly enriched or more than one other person suffered a loss, the Central Bank can apply to the High Court for an order requiring the regulated firm to pay amounts to the Central Bank for distribution to persons indicated in the court order.

There are a number of different triggers requiring regulated entities or key individuals within a regulated entity to make a report to the Central Bank.

Section 38 (2) of the Central Bank (Supervision and Enforcement) Act 2013 requires that, subject to certain exceptions, individuals in key positions within a regulated firm, referred to in the legislation as pre-approval-controlled functions (PCFs), must disclose information relating to breaches of financial services legislation to the Central Bank, where that individual believes the disclosure will be of material assistance to the Central Bank.

In addition to specific regulatory requirements placed on firms in some sectors to report breaches to the Central Bank, the Central Bank expects firms to notify it of significant breaches of legislation and corrective measures that firms propose to take, particularly when remediating consumers.

The Code provides that where an error affecting consumers has not been fully resolved within 40 business days of its discovery, the firm must inform the Central Bank within five business days of that deadline. The term “error” is not defined in the Code but would include any error or oversight that would need to be resolved to ensure that consumers receive the full, proper and expected service under their engagement with the firm. The Code requires firms to resolve all errors speedily and no later than six months after the date the error was first discovered. The current timescales for reporting to the Central Bank allow firms the opportunity to resolve errors within 40 business days while errors that take longer to address, and that may be more complex in nature, must be reported to the Central Bank. The Central Bank recently consulted on enhancing firms’ governance obligations in respect of errors, while also modifying the requirement to report them to focus on the most significant ones.

Some reporting requirements are more tailored to specific sectors. For example,

• investment firms holding client assets are required to inform the Central Bank of all breaches of the Central Bank’s Client Asset Requirements

• payment services providers (including credit institutions, payment and e-money institutions) must report major operational or security incidents to the Central Bank without undue delay

• investment firms and fund management companies must notify the Central Bank when they become aware of breaches of relevant legislation.

All breach and error reports received are reviewed and, if necessary, investigated by the Central Bank. The objectives of investigations into breach and error reports are to ensure that steps are taken to mitigate risks to consumers and to identify and prioritise cases that may cause harm to consumers or where firms have breached their regulatory obligations. For each report, an initial assessment is carried out with a view to determining the complexity, severity, consumer detriment and likelihood of the issue being widespread, which determines priority and the supervisory engagement. For issues considered to be medium or lower priority, the Central Bank may request additional information from the reporting firm. The report might be closed without any further supervisory action depending on the information provided and changes proposed by the firm. In other cases, the Central Bank may carry out further investigations and/or issue an RMP. Errors and breaches impacting consumers can enter the public domain and attract media attention, which may drive the extent of supervisory engagement, resulting in medium or low priority issues attracting substantial supervisory engagement.

While the Central Bank does not publish statistics about breach and error reporting, the information contained in breach and error reports feeds into the Central Bank’s annual sectoral risk assessment process, the results of which are reflected in the Central Bank’s Regulatory and Supervisory Outlook Report, including in the description of the key drivers of risks to consumers.

The Central Bank expects firms to be aware of their reporting obligations under applicable regulatory regimes, but also reminds them of their obligations as regards breach and error reporting on its website and via “Dear CEO” letters, and provides guidance and template notification forms so that it is clear to firms what information must be provided.

The Central Bank is a prescribed person for the purpose of receiving protected disclosures under the Protected Disclosures Act 2014. In addition, the Central Bank is designated to receive protected disclosures under Part 5 of the Central Bank (Supervision and Enforcement) Act 2013. This means that a protected disclosure may be made to the Central Bank where i) a worker makes a disclosure which they believe is substantially true and which they have obtained in a work-related context, or ii) any person in good faith makes a disclosure, and they have reasonable grounds for believing that the disclosure will show that there has been, is being or is likely to be a breach of, or an offence under, financial services legislation or the concealment or destruction of evidence relating to such an offence or breach.

The Central Bank’s Protected Disclosures Desk, a dedicated team within the Central Bank, received 224 protected disclosures in 2023, 245 in 2022, and 231 in 2021 (Central Bank of Ireland, 2023[37]). All protected disclosures are investigated.

In line with legislative requirements, the Central Bank reports yearly on the protected disclosures it has received (Central Bank of Ireland, 2024[20]). While the publication does not include detailed information on, for example, the breakdown of the protected disclosures by sector or issue, the Central Bank has communicated the top three overarching themes of investigations into protected disclosures completed in 2023. The top three overarching themes were:

• fraud and other criminal offences

• governance

• fitness and probity

Not every investigation leads to a supervisory outcome. There are a variety of reasons for this but most often this is because the information in the protected disclosure was inaccurate or there was a lack of evidence to support the issues raised, or the issues raised did not fall within the remit of the Central Bank.

The Central Bank regularly engages with stakeholders. In 2021 the Central Bank undertook a consultation to seek views on its stakeholder engagement activity (Central Bank of Ireland, 2021[39]). The key deliverables of the consultation paper include the establishment of several initiatives to enhance engagement with a wide range of stakeholders. These initiatives include the Financial Industry Forum, the Civil Society Roundtables and the Financial System Conference (see below for a description of these initiatives), and the creation of the Stakeholder Engagement Team within the Central Bank.

Following the consultation, the Central Bank published its 2022-24 Strategy (Strategy) (Central Bank of Ireland, 2021[40]). One of the four key themes of the Strategy is “Open and Engaged” and it highlights the importance of listening to stakeholders, building dialogue, and fostering a wider understanding of the role of the Central Bank to build trust in the financial system.

Consistent with its Strategy, the Central Bank engages with a number of stakeholders both on a regular and an ad-hoc basis. Central Bank’s stakeholders can be grouped into several categories: members of the public and consumers of financial services, including consumer representatives; the government and public representatives including other Irish authorities that play a role in financial consumer protection; regulated entities and industry bodies; other EU and international policy institutions and peers; and media and public commentators. The next paragraphs provide details on the engagement of the Central Bank with each of these groups separately. The introduction of the Financial System Conference in 2022 provided an opportunity to bring together all the Central Bank’s stakeholders to discuss issues shaping the financial system. In 2023, more than 800 people joined the event in-person and online.

The Central Bank conducts regular engagement activities with a range of consumer representatives. Activities include regular meetings with the Consumer Advisory Group, roundtables with civil society organisations, an annual stakeholder engagement plan and regular engagement about risk drivers identified in the Central Bank’s Outlook Reports and engagement on public consultations. The next paragraphs describe these activities.

The Consumer Advisory Group (CAG) is a Central Bank appointed group of individuals with expertise on matters including financial regulation, consumer finance, consumer advocacy and behavioural economics. Established by the Central Bank Reform Act 2010, the role of the CAG is to advise the Central Bank on the performance of its functions and the exercise of its powers in relation to consumers of financial services, including on the effects of the Central Bank's Strategic Plans on consumers of financial services, and on the initiatives aimed at further enhancing the protection of consumers of financial services. The CAG also advises, at the request of the Central Bank, on consultation papers or other materials prepared by the Central Bank. Members of the CAG are appointed by the Central Bank Commission, their appointment lasts three years, and they are eligible for re-appointment.

Following its consultation paper on enhancing engagement with stakeholders, the Central Bank increased the membership of CAG, with a view to enhancing capacity and maintaining its strong insights and experience on consumer needs and consumer risks.

Civil Society Roundtables are meetings between the Central Bank’s senior officers and a range of charitable and civil society organisations that provide support to different consumer groups.5 Civil Society Roundtables are organised two to three times a year and agendas are based on topical areas and developed in consultation with members of the groups (Central Bank of Ireland, 2024[41]). In addition, targeted roundtables are held with representatives from civil society where necessary to inform key policy areas such as the Review of the Code.

Following its consultation paper on enhancing engagement with stakeholders, the Central Bank undertook an analysis of the membership of the Civil Society Roundtable and has sought to address any gaps in civil society representation by inviting additional representatives, with a particular focus on ensuring that the breadth of society is represented. This process continues and potential new members are, where possible, identified and then invited to engage in the group.

In addition, the Central Bank also develops an annual stakeholder engagement plan focussed on consumer protection risk and priorities. As part of this plan, in 2023 the financial consumer protection supervisory team participated in over 30 stakeholder engagement events. The Central Bank also seeks views of stakeholders including from consumer representatives and members of the public on the key risk drivers for consumers identified in the Central Bank’s Outlook reports. Views and insights are used to inform the development of the following year’s risk assessment and Outlook report. The Central Bank also conducts ad-hoc engagement with consumer representatives, for example when developing outreach activities.

The Central Bank regularly engages with consumer representatives and members of the public during public consultations on proposed changes to the legislative framework. On selected consultations, the Central Bank uses a third-party online tool and develops a simplified questionnaire directed to members of the public. Recently this online tool has been used on the Review of the Mortgage Measures Framework (Central Bank of Ireland, 2022[42]) and during engagement on the Discussion Paper on the Review of the Code (Central Bank of Ireland, 2022[5]). The Central Bank received 4 107 and 1 228 responses, respectively. The Central Bank has also used paid promotions on social media to publicise key consultations and raise awareness with members of the public.

While the Central Bank does not have a role in receiving, mediating or adjudicating on individual consumer complaints, the Central Bank reflects information received from consumers in its supervisory work. For example:

• the Central Bank launched the Tracker Mortgage Examination (described in Box 2.4) in 2015 after it became clear, through combined supervisory and enforcement work and from information supplied by consumer advocates, members of the public and public representatives, that tracker related issues could potentially be industrywide.

• the Central Bank engaged with a number of representative bodies and business owners in order to understand the importance of business interruption insurance in the context of Covid-19 and the impact of insurance firms’ approaches on policy holders.

The Central Bank engages with small and medium-sized enterprises (SMEs) where material risks arise in relation to this cohort of consumers. For example, in the context of the consolidation in the retail banking market (see Box 2.3) the Central Bank proactively engaged directly with the Small Firms Association and the Irish Farmers Association on issues that directly impacted that sector, including their experiences on account migration, business lending and direct debits.

More broadly, the Small Firms Association is invited to attend any significant engagement event relevant to its members and the Central Bank also accepts invitations from the Small Firms Association and similar bodies to participate in their own engagement events. Additionally, in its regional outreach events, the Central Bank routinely meets with local Chambers of Commerce and small business representatives to exchange views and hear about relevant developments across the country to further inform its work. This structured approach allows the Central Bank to meet with a range of companies and not just those providing financial services.

The Financial Industry Forum is a cross-sectoral, strategic forum for dialogue between the financial sector and the Central Bank. It is chaired by the Governor of the Central Bank, comprises 14 representative bodies across financial services; and meets twice per year. Three subgroups focus on domestic issues, international issues and innovation (including in each case consumer protection) and also meet twice per year.

As part of the engagement plan on consumer protection issues, the Central Bank regularly seeks views from the industry at a sectoral level including through regular bilateral engagements with industry bodies. The Central Bank also organises events with industry body members. For example, the Retail Intermediaries Roadshow (Central Bank of Ireland, 2023[43]) is a way to communicate key messages to the retail intermediary sector, identify issues and respond to questions. The roadshow is held in two locations across Ireland and around 450-500 people participate each year, including authorised retail intermediaries and representatives from industry bodies.

Finally, the Central Bank engages with small businesses and their representatives through regional visits, roundtables and other engagements on issues relevant to them, including consumer protection.

The Central Bank engages regularly with other national oversight bodies, and there are information sharing and co-operation arrangements in place.

• The Central Bank and the Financial Services and Pensions Ombudsman (FSPO) entered into a new Memorandum of Understanding (MoU) at the end of 2023, replacing the existing one, to increase mutual co-operation and information sharing. The MoU is an official framework that formalises reciprocal information exchange so that both parties co-operate and communicate constructively. This supports both parties in carrying out their respective but complementary functions effectively through regular engagements and information sharing, both formal and informal. It includes (amongst others) a process for the Central Bank to receive referrals from the FSPO (see more information on this in section 2.12).

• In 2021 the Central Bank and the Competition and Consumer Protection Commission (CCPC) renewed their existing co-operation agreement establishing a framework for co-operation, including regular meetings, and arrangements to share information (such as trends or serious cases of firms’ behaviour harming consumers, market intelligence and research). In practice, the Central Bank and the CCPC engage frequently at senior and operational levels across a range of issues, for example in relation to account migration following the departure of two of the five main retail banks from the Irish market, financial education initiatives, and merger and acquisitions that impact the competitiveness of the Irish financial system.

The Central Bank regularly engages with international counterparts. The Central Bank has entered into over 100 bilateral and multilateral MoUs with other national competent authorities and international bodies. Moreover, the Central Bank participates in several international fora that address financial consumer protection, including the International Financial Consumer Protection Organisation (FinCoNet).

The Central Bank is also part of the European System of Financial Supervision, which aims to ensure consistent and coherent financial supervision in the EU. The Central Bank participates in various groups and committees of the three European Supervisory Authorities (EBA, ESMA and EIOPA) and sits on the Board of Supervisors (the main decision-making body) of each.

In July 2024, the Central Bank published an “Open and Engaged” Charter setting out its approach to stakeholder engagement (Central Bank of Ireland, 2024[44]). The Charter acknowledges that in a changing world, it is essential that the Central Bank is engaged with those who affect and are affected by its work, transparent in its decisions and policy-making, and open to new insights and diverse perspectives.

The Central Bank has several mechanisms to facilitate innovation. In 2018 the Central Bank established the Innovation Hub to provide a platform to engage informally with innovators and for the Central Bank to learn about innovation. Since 2018, the Innovation Hub met with 375 innovators, fintech companies, innovation facilitators, regulated entities, and thought leaders (Central Bank of Ireland, 2022[45]). A diverse range of firms engage with the Innovation Hub, ranging from very small early-stage start-ups to large global firms. Although innovative firms of all sizes can engage with the Innovation Hub, most interactions are with start-up companies seeking to discuss regulations, to help them determine if, and where, they might fit in the regulatory landscape. The Innovation Hub is complemented by fintech and innovation events and an outreach programme where the Central Bank brings together individuals and companies involved in fintech and innovation with Central Bank staff.

In 2021 the Central Bank launched a review of its Innovation Hub. The review consisted of desk research on related initiatives of peer authorities and was informed by discussion in the innovation subgroup of the Financial Industry Forum, and broad engagement with stakeholders. As a result of this review, the Central Bank published a Consultation Paper seeking views on its approach to innovation engagement in financial services which closed in February 2024. This consultation set out proposals to evolve the approach through which the Central Bank engages with the innovation ecosystem and to promote better outcomes for society and the financial system, by:

• enhancing the Central Bank Innovation Hub to deliver deeper, clearer and more informed engagement with the innovation ecosystem.

• establishing an Innovation Sandbox Programme, which will involve informing the early-stage development of selected innovative initiatives (which are consistent with public policy objectives) by providing regulatory advice and support by within the programme.

Enhancements of the Central Bank Innovation Hub have already begun with the launch of the updated structured engagement process with the Innovation Hub and a refreshed Innovation Hub website page also now live. In July 2024, the Central Bank announced the theme of the first Innovation Sandbox Programme as “Combatting Financial Crime”. The Sandbox will commence in December 2024 and focus on the use of innovative technology to foster and develop solutions that minimise fraud, enhance KYC/AML/CFT frameworks, and improve day-to-day transaction security for consumers.

The Central Bank has standards relating to the professionalism of its staff. These include the Central Bank’s Code of Ethics defining the standards, key principles and obligations for its employees, which include: i) act with integrity and prudence, ii) treat others with dignity and respect, iii) manage conflicts of interest, iv) protect confidentiality, v) represent the Central Bank appropriately and vi) report wrongdoing (Central Bank of Ireland, 2023[46]). The Central Bank has also developed a policy on managing conflicts of interest, a policy on staff trading of financial assets and a policy on receipt of business hospitality and gifts.

Principle 3 supports consumers’ access and use of financial products and services to promote an inclusive financial system. This involves addressing barriers preventing consumers from accessing formal, regulated financial services while also protecting consumers during financial hardship or other circumstances leading to financial exclusion. Policy makers and oversight bodies are encouraged to incorporate financial inclusion and consumer protection objectives into strategies and policies relating to innovation, recognising that consumers may have varying digital skills and preferences and thus protecting access to cash and traditional financial services for some individuals.

While the Central Bank does not have an explicit statutory role in respect of ensuring consumers’ access to financial services, financial inclusion can be supported with regulation that encourages firms to place the best interests of consumers at the heart of their commercial decision making, which is within the Central Bank’s remit. Some sectoral regulations also impose requirements on regulated entities relating to access and inclusion where the Central Bank is the competent authority for the supervision and enforcement of compliance with those regulations.

In addition to supervision and enforcement of relevant regulations, the Central Bank can also advocate for measures to address consumers’ challenges relating to access and inclusion. The Central Bank can also develop codes of conduct and regulations setting out requirements and expectations on regulated entities that they do not prevent access to basic financial services. For example, Box 2.2 provides a description of recent work done by the Central Bank to support consumers in a changing economic environment.

Ireland has a number of regulatory requirements relating to access and inclusion. The European Union (Payment Accounts) Regulations 2016 set out the rules relating to the transparency and comparability of fees charged to consumers on their payment accounts, the right to access a payment account with basic features, the switching of payment accounts and the opening of cross-border payment accounts.

The Code provides that firms must ensure that, in all dealings with customers and within the context of their authorisation, they do not prevent access to basic financial services (without prejudice to the pursuit of legitimate commercial aims) through policies, procedures, or working practices. The Code also imposes obligations on regulated firms to ensure that vulnerable customers are provided with reasonable arrangements and assistance to facilitate dealings with firms. For example, the Code sets out requirements for banks when planning to close, merge or move a branch. These include the requirement to notify the Central Bank of any plans, to give at least two months’ notice to affected consumers, and to notify the wider community. Moreover, as part of the ongoing review of the Code, the Central Bank has sought feedback on two areas relating to access and inclusion, namely “Availability and Choice” and “Firms Acting in Consumers’ Best Interest”.

The CCMA sets out the requirements for regulated entities on the treatment of consumers experiencing or expecting to experience difficulties in repaying their mortgage loans on primary residence, and the Code sets out requirements for firms on the handling of arrears in relation to non-mortgage lending and mortgage loans on non-primary residences.

The Central Bank undertakes activity to ensure that regulated firms’ commercial decisions take into account the impact on access to basic financial services. While decisions relating to the business model of regulated firms are commercial matters for the boards of firms, the Central Bank expects firms to take a consumer-focused approach concerning any decision that affects their customers. An examples of these activities includes the Central Bank’s work in relation to branch closures. When banks decide to close branches, the Central Bank ensures that they comply with the requirements in the Code (as described above). The Central Bank requires banks to carry out and share with the Central Bank a Customer Impact Assessment (CIA) assessing risks to consumers arising from the closure of the branch and setting out mitigating measures. The CIA may include an analysis of customers’ behaviours and their engagement across distribution channels, an analysis of alternative options available to consumers, considerations for vulnerable customers and a stakeholder engagement plan. Where gaps in the mitigation strategy are identified, the Central Bank can require banks to put additional measures in place to mitigate risks to consumers. The Central Bank also communicated to retail banks its expectations when they plan to close, merge and move branches, including conducting ex-post assessments 9 to 15 months after the change and rectifying any material issues.

Regarding access to cash and branch closures, the Central Bank also responded to the public consultation launched by the Department of Finance as a result of the Retail Banking Review (Department of Finance, 2022[53]). In its response, the Central Bank discussed recent trends and structural developments relating to access to cash in Ireland and argued for the need to discuss social policy objectives of issues arising (Central Bank of Ireland, 2022[18]). In July 2024 the Department of Finance published the Finance (Provision of Access to Cash Infrastructure) Bill 2024 which aims to ensure that sufficient and effective access to cash is available in Ireland, and that any further evolution of the cash infrastructure will be managed in a fair, orderly, transparent and equitable manner for all stakeholders (Department of Finance, 2024[54]).]

In 2022 the Central Bank continued its work to ensure that consumers are given appropriate support when switching providers. This included ongoing supervisory engagement with the five main retail banks to ensure that they had plans in place to manage the impact on consumers of the departure of Ulster Bank and KBC Bank, two of Ireland’s five main retail banks at that time, which were exiting the retail banking sector (see Box 2.3). As a co-ordinated approach across the sector was essential to ensure good customer experience and continuity of services, in 2022 the Central Bank arranged a series of meetings with the CEOs of the five main retail banks and the Banking & Payments Federation Ireland (BPFI), an industry association. The Central Bank also discussed arrangements with the largest direct debit originators that are regulated by the Central Bank (e.g. insurance companies) to ensure continuity of service in case of issues relating to the payments of direct debits. The Central Bank regularly published statistics to monitor the migration. The final statistics on account migration were published in July 2023. At the end of June 2023, 96% of the 1.2m accounts that were open with Ulster Bank and KBC Bank at the beginning of 2022 were either closed or inactive (Central Bank of Ireland, 2023[55]).

Finally, another example of the activity of the Central Bank relating to access and inclusion is its work since 2020 concerning mortgage arrears (Central Bank of Ireland, 2022[58]). Going back to the 2008 financial crisis, the Central Bank put a consumer protection framework in place dedicated to dealing with accounts in or facing mortgage arrears, with the CCMA providing the framework for mortgage arrears on primary residences. However, despite a gradual decrease, the level of mortgage accounts in long-term (i.e. over a year) mortgage arrears (LTMA) remained elevated (around 30,000 principal dwelling house (PDH) mortgage accounts in LTMA at the end of 2020). Moreover, research conducted over a sample of borrowers in LTMA highlights significant levels of financial distress, as these individuals had an average ratio of debt service burdens to net income around 61% (with a median of 43%), higher levels of negative equity compared to the wider population and their levels of spending were below the recommended levels for reasonable living standards (Kelly et al., 2021[59]).

Since 2020, the Central Bank has undertaken extensive supervisory engagement and data analysis to improve the resolution of LTMA focussing on non-lending credit firms (NLFs) that hold the largest proportion of LTMA accounts. The Central Bank scrutinised the activities of firms in relation to different borrower categories based on repayments patterns. Special focus was placed on firms’ steps to resolve LTMA for borrowers classified by the firm as co-operating and paying towards their mortgage, while also requiring firms to continue to work on engagement strategies with remaining borrowers. The Central Bank required firms to submit data on a regular basis including the financial hardship arrangements employed. As of December 2023, there were around 20 000 PDH mortgage accounts in LTMA. The Central Bank continues to monitor NLFs’ progress in this area and hold them to account on their progress.

The Central Bank also highlighted in the Consumer Protection Outlook Report published in 2023 its concerns and expectations for firms where consumers lack digital literacy or access to digital tools which may create barriers for consumers (Central Bank of Ireland, 2023[60]).

Principle 4 promotes financial literacy and awareness as part of a broader strategy for financial inclusion. It suggests that stakeholders should develop mechanisms to help consumers acquire the knowledge, skills and attitudes necessary to understand financial risks and opportunities, make informed decisions, seek assistance when needed and take effective actions to support their financial well-being. These mechanisms may include enhancing digital financial literacy skills and raising awareness of digital security risks. Financial literacy programmes should be easily accessible through various channels, including digital platforms, and should cater to all age groups. Additionally, it is encouraged to conduct national and international data collection exercises and stakeholders should implement the principles, guidelines and methodologies on financial literacy developed by the OECD International Network on Financial Education (INFE).

As a result of the recommendations included in the Retail Banking Review (Department of Finance, 2022[53]), the Department of Finance is developing a national strategy for financial literacy (National Strategy) in co-ordination with key stakeholders (see below). The Department of Finance launched a public consultation in August 2023 (Department of Finance, 2023[61]), published a Mapping Report in April 2024 and plans to publish the National Strategy in early 2025 (Department of Finance, 2024[62]).

The key stakeholder in financial education is the Competition and Consumer Protection Commission (CCPC). The CCPC has a statutory responsibility to provide information about personal finance products to consumers and to promote financial education and capability. The CCPC adopts the principles, guidelines and methodologies developed by the INFE and regularly conducts or commissions research to inform public awareness campaigns and design financial education programmes. Examples include the annual CCPC Pension Research (Competition and Consumer Protection Commission, 2022[63]), the behavioural research on savings products conducted in collaboration with the Behavioural Research Unit of the Economic and Social Research Institute (ESRI) (Timmons, Robertson and Lunn, 2022[64]), the research into influencer marketing (Competition and Consumer Protection Commission, 2023[65]), and the report on financial wellbeing in Ireland (Competition and Consumer Protection Commission, 2023[66])

The Central Bank does not have a statutory function relating to financial literacy and awareness. However, the Central Bank regularly conducts consumer awareness and educational initiatives in line with its mandate to ensure the proper and effective regulation of financial services providers and markets, while ensuring that the best interests of consumers of financial services are protected. Among these, the Central Bank established the Consumer Hub as a dedicated section of its website which serves as a resource for consumers to access information and support on financial matters with the objective of offering clear and impartial information to consumers to help them make informed decisions. The Consumer Hub provides guidance on various topics including banking, insurance, mortgages and investment via different means, such as videos, text and frequently asked questions (Central Bank of Ireland, 2024[67]). This content is promoted across digital channels and through paid digital media to reach a broad consumer audience.

The Central Bank also publishes warnings about developments in financial services, including scams and frauds, such as warnings relating to the purchase of crypto-assets (Central Bank of Ireland, 2022[68]) and warnings about an “advance fee fraud” scam targeting consumers applying for loans by offering a loan in exchange for an upfront or administration fee (Central Bank of Ireland, 2023[69]). The Central Bank also publishes educational resources targeted to younger people and conducts public awareness campaigns such as the campaign across national broadcast and digital channels called “How can I protect myself from financial scams?” to inform the public on how to recognise a potential scam. The Central Bank also developed a SAFE test (Stop, Assess, Fact-check, and Expose and report) designed to help consumers to protect themselves from scams (Central Bank of Ireland, 2023[70]).

Other campaigns launched by the Central Bank include campaigns to inform consumers about saving money, mortgage arrears and financial difficulty (Central Bank of Ireland, 2022[71]), and the risks of buying goods and services using short-term credit. The short term credit campaign was launched in November 2022, at the same time as the introduction of new legislation requiring the authorisation of providers of hire-purchase, personal contract plans, consumer hire and credit-like agreements (such as Buy Now Pay Later or BNPL services) (Central Bank of Ireland, 2022[50]). In November 2023, the Central Bank also launched a campaign targeting consumers considering using BNPL to make purchases ahead of the Christmas shopping period (Central Bank of Ireland, 2023[72]).

The Central Bank co-ordinates with the CCPC on matters related to financial literacy and awareness as part of the co-operation agreement existing between the two authorities (see section 2.2.11 for more details on the co-operation agreement between the Central Bank and the CCPC).

Principle 5 promotes fair, efficient, and competitive retail financial markets and stipulates that consumers should have the ability to easily search for, compare and switch between products and providers. For competition to work well, consumers need to be able to access, assess and act on the information about the products and services they purchase. When consumers can make informed decisions, they are able to select the products offering the best value for them. In turn, active and informed consumers create the incentives for firms to offer better value products.

The Central Bank does not have a role in promoting competition in financial services markets. However, when performing and exercising its powers, the Central Bank is required to do so in a way that is consistent with the orderly and proper functioning of financial markets as explained in its Annual Report and Annual Performance Statement. In addition, the Central Bank is the competent authority to supervise and ultimately enforce certain provisions relating to competition, namely supporting consumers when switching financial products and services. The following paragraphs provide details on such provisions. The CCPC is responsible for enforcing competition law in Ireland. The CCPC has powers to investigate and impose sanctions for infringements of competition law, to administer Ireland’s merger control regime and to advocate for consideration of competition issues in public policy. The co-operation agreement between the Central Bank and the CCPC provides a framework within which the two authorities may exchange information, including in relation to the CCPC’s competition functions.

Ireland’s financial consumer protection framework includes several mechanisms relating to switching between financial products and services. Some of these are supervised and enforced by the CCPC, others by the Central Bank. Mechanisms to facilitate consumers’ ability to search and compare between financial products and services fall under the responsibility of the CCPC. Moreover, the European Union (Payment Accounts) Regulations 2016 requires the CCPC to operate a price comparison website allowing consumers to compare fees charged by payment services providers for at least a selected list of services charged by payment services providers.

The Central Bank is the competent authority to supervise and enforce the provisions included in the European Union (Payment Accounts) Regulations 2016 relating to switching of payment accounts and opening of cross-border payment accounts. The Central Bank has set out further obligations in the Code of Conduct on the Switching of Payment Accounts with Payment Service Providers.

In June 2018, the Central Bank made specific changes to the Code to introduce provisions that would make it easier for consumers to switch between financial service providers by ensuring that consumers were provided with certain information in relation to their outstanding mortgage (Central Bank of Ireland, 2018[73]). These changes to the Code place obligations on firms to make mortgage switching easier for consumers, for example by requiring firms to tell consumers about cheaper mortgage options 60 days before coming out of a fixed rate period or on an annual basis for variable rate mortgage holders, to explain benefits and risks of any mortgage incentives such as cashback offers, to give consumers (at their request) a comparison of the monetary costs of their mortgage compared to other options and to give consumers a decision on their application within ten business days of receiving a completed mortgage application.

In recent years, the Central Bank has undertaken consumer research to understand how to make it easier for customers to compare mortgages and identify potential cost savings (Byrne, Devine and Mccarthy, 2022[74]). Building on this, the Central Bank is currently proposing new requirements on the provision of information to enhance internal switching (i.e. switching to another mortgage product of the current provider) in the ongoing review of the Code. Lenders will have to include within the annual mortgage notifications a personalised euro savings estimate alongside each alternative mortgage refinancing option presented. Additionally, lenders will be required to provide a specific reminder to customers concerning mortgage refinancing options, issued between four and eight weeks from the first notification.

Other initiatives to promote a better switching environment include proposals to require insurance companies to give two pre-renewal notifications to customers, and that certain types of insurance (i.e. gadget insurance, travel insurance, dental insurance, and pet insurance) can only be renewed automatically when customers have expressly agreed to.

The Central Bank is also engaging with mortgage providers via the Banking & Payments Federation Ireland (BPFI) to examine how certain barriers to mortgage switching can be overcome (Central Bank of Ireland, 2024[6]). This would involve identifying any common process enhancements amongst lenders that could be reflected in an industry protocol or charter. Examples of the activity of the Central Bank relating to competition include the work to protect consumers in a changing economic environment (see Box 2.2). As part of this work, the Central Bank required firms to have sufficient operational capacity in place to manage applications by borrowers to switch their mortgage or mortgage provider and, when borrowers look to switch, firms must ensure there is no discrimination based on where they have their current loan.

Principle 6 stipulates the importance of treating all consumers fairly, honestly and equitably throughout their interactions with financial services providers and intermediaries. Fair treatment should be ingrained in the governance and culture of firms, with the increasing use of digital technology ensuring that such advancements do not result in discriminatory outcomes for consumers. Particular attention should be given to consumers experiencing vulnerability, which can arise from various personal, economic and market circumstances. Approaches to address vulnerability vary and could involve providing impartial debt advice to those facing financial hardship due to excessive debt burdens.

The Central Bank is the competent authority for the supervision and enforcement of regulations related to the equitable and fair treatment of consumers. Other stakeholders playing an important role relating to Principle 6 include:

• the Money Advice and Budgeting Service (MABS). MABS is a free, confidential service that provides advice and support to individuals experiencing financial difficulties. MABS offers personalised guidance on managing money, budgeting effectively, dealing with debts, and accessing financial assistance programmes. The service is available to anyone in Ireland facing financial challenges, regardless of their income level or background. Additionally, MABS conducts outreach programmes and educational initiatives to promote financial literacy and awareness within communities.

• the Free Legal Advice Centres (FLAC). FLAC is an independent not-for-profit non-governmental organisation dedicated to the realisation of equal justice for all. FLAC provides free legal information to members and conducts legal analysis and law reform campaigning, across a range of areas including debt, credit and financial services.

• the Insolvency Service of Ireland (ISI). The ISI is a government agency established to help individuals and businesses in Ireland manage unsustainable debt situations. Its primary goal is to restore insolvent persons to solvency, supporting people struggling with debt and facilitating fair and orderly arrangements between debtors and creditors. The ISI oversees several debt relief mechanisms, including i) the Personal Insolvency Arrangement (PIA), which is a formal agreement between a debtor and their creditors to restructure or settle debts, typically lasting 6-7 years; ii) the Debt Settlement Arrangement (DSA), which is similar to a PIA but for unsecured debts, allowing for a negotiated settlement over 5 years; and iii) the Debt Relief Notice (DRN), which provides relief from qualifying unsecured debts for individuals with low income and assets, subject to certain criteria.

  Moreover, the Equal Status Acts 2010-2018 prohibit discrimination on certain grounds (gender, marital status, family status, age, disability, sexual orientation, race, religion and membership in the traveller community). Concerning disability, discrimination can include a refusal or failure by the firm to do all that is reasonable to accommodate the needs of a person with a disability by providing special treatment or facilities, if without such special treatment or facilities, it would be impossible or unduly difficult for the consumer to access the service or product. The Acts apply across the provision of goods and services in Ireland, including the provision of financial services. The Irish Human Rights and Equality Commission (IHREC) is an independent body set up under the Equal Status Acts to promote and protect human rights and equality in Ireland.

Financial regulation imposes obligations on financial services providers regarding equitable and fair treatment of consumers and the Central Bank is the competent authority for the supervision and enforcement of compliance with these requirements. They include, for example, provisions in the IDR and in MiFID II Regulations requiring insurance distributors and MiFID investment firms to act honestly, fairly and professionally in the best interest of their customers.

In addition, as described in section 2.1.2, the General Principles of the Code state that regulated firms must i) act in the best interest of customers and in the integrity of the market, ii) act honestly, fairly and professionally, and iii) act with due skills, care and diligence. The Code also requires firms to provide vulnerable consumers with reasonable and necessary arrangements and/or assistance to facilitate consumers’ dealings with firms.

The Code requires regulated firms to ensure that advertising is clear, fair, accurate and not misleading. Moreover, Central Bank Codes may also impose specific obligations relevant to firms in particular sectors. For example:

• in the context of insurance, the Code includes provisions requiring firms to offer fair settlement to claimants, taking into account all relevant factors and representing the firm’s best estimate of the claimant’s reasonable entitlement.

• as set out in section 2.1.2, the CCMA imposes obligations on firms when dealing with borrowers in arrears, or who are likely to go into arrears.

As part of the review of the Code, the Central Bank is preparing guidance for firms in relation to how to approach the obligation to act in the best interests of customers by securing their customers’ interests, and guidance on how to secure the interests of consumers in vulnerable circumstances. The latter guidance includes a definition of vulnerability and sets out an approach for firms in approaching the issue of vulnerability and providing assistance to consumers in vulnerable circumstances. In addition, the Central Bank’s Guide on Consumer Protection Risk Assessment sets out guidance as regards firms’ risk management frameworks, including firm monitoring to ensure that fair outcomes are being achieved. Finally, the Central Bank’s Regulatory and Supervisory Outlook sets expectations that regulated firms should act to identify, mitigate and manage drivers of risks to consumers. For example, where errors or operational incidents have occurred, the Central Bank expects regulated firms to treat consumers fairly and restore them to the position they would have been in had the error or incident not occurred.

The supervisory frameworks described in section 2.2.4 provide the structure for the Central Bank’s supervisory approach with respect to equitable and fair treatment of consumers. Risks to the equitable and fair treatment of consumers in particular sectors are identified through the sectoral risk assessment process and the approach to addressing these risks is set out in multi-year strategies for each sector.

An example of the supervisory activity of the Central Bank relating to equitable and fair treatment of consumers is the work on price walking in home and motor insurance markets. Having identified the risk that insurers might be unfairly taking advantage of consumers’ behaviours and habits, in 2021, the Central Bank undertook a review to understand how differential pricing was used in the private car and home insurance markets in Ireland. This included an extensive analysis of documents submitted by firms, a large consumer insights survey, and statistical analysis of policy records across a three-year period. Based on this review the Central Bank concluded that certain practices could result in unfair outcomes for some consumers. The Central Bank therefore banned price walking in these markets on the basis that such pricing practices lacked transparency and exploited consumer inertia and ultimately undermine consumer trust and harm their financial well-being (Central Bank of Ireland, 2021[33]). In December 2023 the Central Bank published a report on the impact of the ban, which found that consumers who remain with their current provider are no longer paying a loyalty penalty (Central Bank of Ireland, 2023[75]).

Principle 7 stipulates that financial services firms should provide consumers with essential information regarding the benefits, risks and terms of financial products and services, irrespective of the distribution channel. Disclosure of information should cover material aspects of the product or service as well as the potential conflicts of interest associated with the intermediaries selling the product or service. Information disclosed should be accurate, honest, transparent and non-misleading. Standardised pre-contractual disclosure should be adopted to facilitate comparison between products and tailored disclosure mechanism should appropriately take into account product complexity and risks. Consumer research and behavioural insights should inform the design of disclosure requirements and help consumers to make informed decisions.

The Central Bank is responsible for the supervision and enforcement of provisions imposing requirements on firms relating to disclosure and transparency. Such requirements are included in sectoral and cross-section legislation and in various codes of conducts.

Disclosure and transparency requirements for financial services and products are set out in sectoral legislation including the European Union (Insurance Distribution) Regulations 2018, the Consumer Insurance Contracts Act 2019, the Non-Life Insurance (Provision of Information) Regulations 2007, the Life Assurance (Provision of Information) Regulations 2001 for insurance products, the European Union (Payment Services) Regulations 2018 (PSR) for payment services, the European Union (Markets in Financial Instruments) Regulations 2017 and Regulation (EU) on Key Information Documents for Packaged Retail and Insurance-Based Investment Products for retail investment products, the European Union (Consumer Mortgage Credit Agreements) Regulations 2016 and the European Communities (Consumer Credit Agreements) Regulations 2010. The last two introduce mandatory provision of standardised pre-contractual information to consumers using the European Standardised Information Sheet (ESIS) and the Standard European Consumer Credit Information form (SECCI), respectively.

Disclosure requirements concerning prospectuses for UCITS and RIAIFs (investment funds that may be marketed to retail investors) are set out in the European Communities (Undertakings for Collective Investment in Transferable Securities) Regulations 2011; Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Undertakings for Collective Investment in Transferable Securities) Regulations 2019; and the AIF Rulebook. Fund disclosure is reviewed by the Central Bank prior to authorisation as described in section 2.1.4.

Regarding the codes of conduct, the Code requires regulated firms to provide information to consumers on a durable medium “about the main features and restrictions of the product to assist the consumer in understanding the product”. Regulated firms are also required to provide consumers with the terms and conditions of the product before they enter into a contract for that product. In addition, the Code also sets out the information that an insurance company or intermediary must provide when quoting a product including, but not limited to, the value of the quotation, the time validity, and any discounts applied. Regarding sectoral codes, the CCMA sets out requirements regarding the provision of information to borrowers in arrears.

In addition, the European Banking Authority (EBA), the European Securities and Market Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA) have issued guidelines requiring regulated firms to conduct testing of their products before distribution to ensure that consumers can understand terms and conditions.

The Central Bank provides guidance to firms relating to disclosure and transparency in several ways, including in the Outlook publications that set out expectations to firms and examples of good practices and “Dear CEO” letters. In addition, the Central Bank’s Guide to Consumer Protection Risk Assessment sets out examples of good practices for firms on explaining key product features and ensuring that consumers understand key product information as part of an effective consumer risk management framework.

The Central Bank conducts consumer testing and research and collects data to understand consumers’ decision-making and choices. The findings of the research are used for diagnostic work, to develop and test the efficacy of potential regulatory interventions or to support the Central Bank’s supervisory activity. Examples of consumer research include the work on attitude and behaviours of consumers of Buy Now Pay Later (BNPL) products (Central Bank of Ireland, 2023[76]), which identified a lack of understanding amongst consumers that BNPL is a form of credit rather than a payment arrangement. Section 2.8.3 provides more information on this work.

The Central Bank also conducts consumer research on many other topics. These include research on pension decumulation products to explore consumers’ attitudes and behaviours towards pension funding and their understanding of decumulation options (Central Bank of Ireland, 2024[77]), on motor and home insurances as part of the work on differential pricing (Central Bank of Ireland, 2021[33]), on key information documents for packaged retail and insurance-based investment products (PRIIPs) and on inaction in the mortgage market (Byrne, Devine and Mccarthy, 2022[74]), where the Central Bank tested different versions of reminders sent to mortgage holders to encourage them to refinance their loans.

Finally, the Central Bank also conducted consumer research as part of its work related to the withdrawal of Ulster Bank and KBC Bank Ireland from Ireland’s retail banking market. The research discussed approaches that financial institutions can use to increase consumer engagement in retail banking (Beere et al., 2022[78]).

The consultation paper on the Review of the Code includes a proposal to introduce a new requirement for regulated firms to monitor and review communications to their customers to ensure they are effective, meaningful and well understood, and that they facilitate customers’ decision-making (Central Bank of Ireland, 2024[6]).

The supervisory frameworks described in section 2.2.4 provide the structure for the Central Bank’s supervisory approach with respect to transparency and disclosure. Risks related to transparency and disclosure in particular sectors are identified through the sectoral risk assessment process and the approach to addressing these risks is set out in multi-year supervisory strategies for each sector. An example of the supervisory activity of the Central Bank with respect to transparency and disclosure is thematic work on under-insurance in home insurance markets (Central Bank of Ireland, 2022[79]). An increase in construction costs led to an increase in levels of under-insurance which grew from 6.5% in 2017 to 16.5% in 2022. The Central Bank found that the way in which insurance firms presented and provided key information to consumers varied across firms, and some firms did not adequately communicate with their customers on a timely basis to ensure that they understood the risks of not having sufficient home insurance. The Central Bank issued a “Dear CEO” letter outlining its expectations that firms should clearly communicate to their customers about the risks of under-insurance.

Another example is an enforcement case involving a retail intermediary that did not communicate in a clear manner to its customers regarding fee structures and also overcharged certain customers. The Central Bank found that the intermediary overcharged 62 customers over a period of five years, and provided unclear communication on applicable fees to 190 customers. As a result, the Central Bank issued an RMP requiring the intermediary to refund all 62 customers that were overcharged and to amend its communications to customers as regards fees to make them clearer. In addition, the Central Bank reprimanded and fined the retail intermediary EUR 41 385 for breaches of its obligations under the Code. The decision is published on the Central Bank’s website to send a wider message to firms and individuals in order to improve compliance, behaviour and culture across the financial system.

Principle 8 relates to the design and distribution of financial products that align with the interests and objectives of consumers and improve their financial well-being. Adequate oversight and governance by financial services providers and intermediaries should include the implementation of systems to design, approve, manage and monitor financial products throughout their life cycle, ensuring compliance with regulatory requirements and meeting consumer needs. To promote quality and value for money for consumers, providers and intermediaries need to define target markets, conduct research, use behavioural insights and conduct testing before launching products considering complexity and risks.

The Central Bank is the competent authority for the supervision and enforcement of compliance with regulations imposing obligations relating to product governance. These include i) the EBA Guidelines on product oversight and governance arrangements for retail banking products, which set out the standards relating to the design of retail banking products to ensure they meet the interests and objectives of the target consumers, ii) the Insurance Distribution Directive product oversight and governance requirements, imposing obligations on firms to consider the best interest of consumers during product design and throughout the lifecycle of the product, including distribution complemented by EIOPA’s approach to the supervision of product oversight and governance, and iii) MiFID II Regulations and ESMA’s guidelines on MiFID II product governance requirements imposing obligations for firms to ensure that investment products and their distribution are designed to meet the needs of a target market.

The three European Supervisory Authorities have issued guidelines in their respective spheres that put in place obligations on manufacturers of products to ensure that effective product testing is carried out before financial products are distributed to the intended markets.

The Central Bank provides guidance to firms relating to the quality of financial products in several ways, including setting out expectations to firms and examples of good practices in its Outlook publications and “Dear CEO” letters, for example following supervisory work. Moreover, as described in section 2.1.3, the Central Bank sets out examples of good product development practices within an effective consumer risk management framework in its Guide to CPRA (Central Bank of Ireland, 2017[21])

The Central Bank regularly uses behavioural insights to inform its financial consumer protection supervisory functions relating to the quality of financial products. Relevant work includes the consumer research conducted on consumer understanding of BNPL products and on drivers of consumer behaviour in the motor and home insurance markets. In addition to the findings described in section 2.7.3, the consumer research on BNPL products found that Irish consumers appear to have limited experience of these products (15% of adults reported using or having used BNPL products). BNPL consumers tend to be younger and more likely to be female. BNPL products are typically used when shopping both in store and online. The research also showed that BNPL products appear to be associated with impulsive shopping or unplanned spending, and that 38% of BNPL users agree that BNPL has made them “more likely to purchase things they don’t need” and 43% agree that they “often spend significantly more money than planned when they use BNPL”.

The Central Bank conducts supervision and enforcement activities related to the quality of financial products. The supervisory frameworks described in section 2.2.4 provide the structure for the Central Bank’s supervisory approach in this regard. Risks related to product governance in particular sectors are identified through the sectoral risk assessment process and the approach to addressing these risks is set out in multi-year strategies for each sector.

An example of the Central Bank’s supervisory activity in this area is the review of structured retail products, which was launched as risks from these products were identified as a concern as part of the Central Bank’s internal sectoral risk assessment process, informed by a number of complaints received. The Central Bank conducted a series of reviews of structured retail products offered and distributed by MiFID investment firms and found failures by firms to consider potential difficulties consumers may have understanding some of the features of these products, and to present past performance information in a fair manner. To address these poor practices, the Central Bank issued a “Dear CEO” letter setting out its expectations relating to identifying the target market and use of complex features and disclosure (Central Bank of Ireland, 2022[36]), which was supplemented with further supervisory guidance in 2023 to ensure that expectations of firms were fully clear (Central Bank of Ireland, 2023[80]). Relevant firms were required to review their governance arrangements against these expectations and address any deficiencies identified.

In order to raise awareness amongst consumers of the complexity of and risks associated with these products, the Central Bank published an Explainer on its Consumer Hub. The Central Bank also communicated the findings of its review to the CCPC and supported the CCPC in enhancing the information on structured retail products on the CCPC’s website.

Principle 9 outlines how financial services providers and intermediaries should ensure they act in the best interest of consumers. To do this, providers should be accountable for the actions of their intermediaries, promoting fair treatment and financial well-being. When providing products or services, providers should assess consumers’ capabilities, situations and needs, recommend suitable options and contribute to their well-being. Providers and intermediaries should be properly qualified and trained, avoid conflicts of interest, and ensure appropriate management when they arise. Financial advice should be objective, based on the consumer’s profile and consider the complexity and risks associated with the product, as well as the consumer’s financial objectives, knowledge, capabilities, and experience. Finally, remuneration structures should be transparently disclosed to consumers and designed to encourage responsible conduct and fair treatment.

The Central Bank is the competent authority for the supervision and enforcement of compliance with requirements for firms relating to the design and sale of suitable financial products. Legislation includes provisions relating to the assessment of suitability of a product for a specific customer or target market, the management of conflicts of interest, ensuring that people in key functions in regulated firms are fit and proper and ensuring that employees of regulated firms have the necessary skills, knowledge and qualification to carry out their function. The next paragraphs describe such legislation.

Regulated firms are required to be responsible for the actions of their intermediaries when the intermediary acts as an agent and it has been appointed by the regulated firm. However, intermediaries in Ireland are typically authorised and supervised by the Central Bank and they do not act under the responsibility of another entity, unless they are “tied agents”. Moreover, the Central Bank published guidance on outsourcing, setting out the Central Bank’s expectations and good practices to manage outsourcing risk (Central Bank of Ireland, 2021[81]).

Relating to the effective management of conflicts of interest, the MiFID II Regulations and the IDR require MiFID investment firms and insurance distributors to have mechanisms in place to identify, prevent and mitigate conflicts of interest. The MiFID II Regulations and the IDR also contain provisions related to the remuneration structures and to the monitoring of how the behaviour of employees may be affected by incentives. Finally, the F&P Regime requires that individuals in key and customer-facing roles are competent, capable, honest, ethical and of integrity.

Moreover, the Code contains a number of provisions relating to responsible business conduct, including provisions requiring firms to manage of conflicts of interest, to ensure that the remuneration structure i) does not undermine compliance with the firm’s duty to act honestly, fairly and professionally and ii) is not linked to targets in contradiction with consumers’ best interest (e.g., targets related to volume or bonus payments linked to business retention).

Relating to the provision of financial advice, the Code defines an intermediary as independent when the activities provided by the intermediary are based on a fair analysis of the market and when the intermediary does not accept any fees or commissions or other remuneration, other than a fee paid by the consumer (or a minor non-monetary benefit from a third party). The Code also requires that financial advice is suitable to the customer, i.e., it takes into account facts and circumstances disclosed by the customer.

More broadly, as set out in section 2.1.1, an Individual Accountability Framework has recently been introduced which will set out expected standards of conduct for individuals working within firms, complemented by Standards for Business which will apply to the firms themselves. The introduction of the Individual Accountability Framework follows recommendations from the Central Bank in its 2018 report on Behaviour and Culture of the Irish Retail Banks aimed at improving governance, enhancing the culture of accountability in firms and achieving better outcomes for consumers (Central Bank of Ireland, 2018[82]).

The Central Bank provides guidance to firms relating to responsible business conduct and culture in several ways. The Central Bank’s Guide to Consumer Protection Risk Assessment sets out that one of the five modules of an appropriate consumer protection risk management framework is “people and culture”. Positive practices identified by the Guide include for example that the firm can demonstrate, with clear examples, how leadership actions and communications are encouraging a culture of consumer protection throughout the firm.

In addition, the Central Bank’s Outlook publications and “Dear CEO” letters set out expectations to firms and examples of good practices. Moreover, the Central Bank has issued guidance on its F&P Regime, which was last updated in December 2023 (Central Bank of Ireland, 2023[83]).

The supervisory frameworks described in section 2.2.4 provide the structure for the Central Bank’s supervisory approach with respect to responsible business conduct and culture. An example of the activity of the Central Bank relating to responsible business conduct and culture is the thematic work on ongoing suitability of long-term life insurance products conducted in 2023. The Central Bank identified the risk that insurance products designed to be held by policyholders for the medium-to-long term may become less suitable or unsuitable over time. To conduct this thematic work, the Central Bank gathered qualitative and quantitative information from a large sample of insurance providers and intermediaries. The Central Bank identified evidence of good and poor practices and processes in its assessment of the ongoing suitability of long-term insurance products. To communicate the results of its review, the Central Bank issued a “Dear CEO” letter to the life insurance sector and to the insurance intermediary sector (Central Bank of Ireland, 2023[84]). Another example of the activity of the Central Bank is the Tracker Mortgage Examination (see Box 2.4 for details on this work).

More broadly, many of the risks identified by the Central Bank are linked to firm culture. For example, as a result of the work on under-insurance in the home insurance market described in section 2.7.4, the Central Bank issued a “Dear CEO” letter noting that firms had different levels of maturity of their Consumer Protection Risk Management Frameworks and that firms were not sufficiently proactive in identifying risks for consumers and related mitigation strategies, raising concerns of a lack of consumer-focussed culture in firms.

Moreover, the “Dear CEO” letter issued by the Central Bank as part of its work on account migration described in Box 2.3 called out the importance of a consumer-focused culture in seeking to ensure that potential consumer risks arising from the departure of two retail banks did not materialise.

Principle 10 stipulates that oversight bodies and financial services providers should develop appropriate control and protection mechanisms for consumers’ deposits, savings and other financial assets against fraud, scams, misappropriation and other misuses. These mechanisms should be adapted to new technologies and include clear and transparent liability arrangements between financial services providers and consumers in the event of financial loss. Oversight bodies should work together with relevant stakeholders to raise public awareness of digital security risks and promote safe online and digital transactions.

An Garda Síochána (Ireland’s National Police and Security Service) investigates crimes of a fraudulent nature. The Central Bank is the competent authority for the supervision and enforcement of compliance with sectoral legislation requiring certain financial services firms to adopt strong customer authentication processes and to have measures in place to protect clients’ assets and funds. The Central Bank also has a dedicated Unauthorised Providers Unit that investigates instances of alleged unauthorised activities. Members of the public can report such instances through the Central Bank’s website.

The next paragraphs describe the provisions, the main trends and the activities of the Central Bank relating to Principle 10.

The PSR requires payment services firms to apply strong customer authentication when a consumer accesses payment accounts online, initiates an electronic payment or carries out any action remotely, and to refund customers in the event of unauthorised transactions on their account.

Moreover, payment and e-money institutions are required to have measures in place to safeguards clients’ funds. The MiFID II Regulations require retail investment firms (and credit institutions providing MiFID investment services) to safeguard clients’ financial instruments and assets. Finally, insurance and ancillary insurance intermediaries are required to protect their customers against the inability of the insurance intermediary to transfer the premium to the insurance undertaking or the amount of claim payable to the customer.

The Code currently requires firms to act honestly and professionally in their dealings with customers, and with due skill, care and diligence, and the proposals in the review of the Code include imposing a general Standard for Business on firms to control and manage their affairs and systems to counter the risks to customers of financial abuse, which is defined to cover all forms of frauds and scams as well as misappropriation and other misuses.

Ireland has several schemes in place to protect consumers’ financial assets in the event of winding up or liquidation. Retail banks and insurance companies are required to hold capital against their risks that can be used when unexpected losses occur. Where losses exceed the capital, the firm’s resources are distributed to creditors and investors according to a hierarchy.

For retail banks, deposits covered by the Deposit Guarantee Scheme (DGS) rank in preference to unsecured creditors and equally with rates, taxes, wages and pension contributions. Uninsured deposits of natural persons and SMEs rank equally with unsecured creditors. The DGS protects deposits up to EUR 100 000 per person per institution. Where the funds in the DGS (which is approximately 0.8% of the covered deposits) are not sufficient to compensate eligible depositors, the DGS can raise additional contributions from credit institutions who are part of the scheme or can obtain urgent short-term funding from the Central Bank which is reclaimed from the Central Fund of the Exchequer.

For insurance companies, insurance claims have precedence over assets backing the technical provisions reserved for claims. Where the resources of the firm are not sufficient, the Insurance Compensation Fund (ICF) will pay compensation for claims on non-life insurance policies, up to the smaller of 65% of the claim or EUR 825 000, except for motor liability where 100% of the claim will be paid. In the case of motor liability, the ICF will recoup the amounts in excess of its normal limits from the Motor Insurance Insolvency Compensation Fund (MIICF), which was set up for the specific purpose of ensuring victims of motor accidents receive full compensation if a motor insurer becomes insolvent. The MIICF is maintained by the Motor Insurance Bureau of Ireland (MIBI).

The Central Bank’s Client Asset Requirements oblige MiFID investment firms and credit institutions providing MiFID investment services to have measures in place to protect the assets belonging to the clients in case of the firm’s insolvency (including, for example, holding clients’ assets in a segregated account). In the event of the inability of a MiFID firm or a credit institution providing MiFID investment services to return the client’s assets, compensation can be requested from the Investor Compensation Company DAC (ICCL) up to 90% of the amount lost subject to a maximum of EUR 20 000.

The Central Bank is required to report to relevant bodies (such as An Garda Síochána) instances where the Central Bank suspects that a criminal offence may have been committed by a supervised entity. Moreover, the Central Bank participates in the Advisory Council against Economic Crime and Corruption and the Economic Crime and Corruption Forum together with a number of law enforcement agencies. These two bodies were recently established to enhance co-operation to combat corporate, economic and regulatory crime. The Central Bank will also support the work of the Anti-Fraud Forum, which was established under the Department of Finance's National Payments Strategy. The mandate of this forum relates specifically to payment fraud. A key focus of the forum is to improve co-ordination efforts between cross-sectoral stakeholders including financial institutions, telecommunication companies and social media companies.

The top three categories of payment fraud in 2022 were related to card fraud, unauthorised electronic transfer fraud and unauthorised push payment fraud (Banking & Payments Federation Ireland, 2022[86]). The top three categories of scams reported to the Central Bank in relation to the unauthorised provision of financial services related to clone investment firms, where a fake website is created claiming to be a legitimate firm, to fraudulent firms contacting prospective clients about investment opportunities and using fake prospectus documents, and to unauthorised retail credit firms requesting advance fees.

The supervisory frameworks described in section 2.2.4 provide the structure for the Central Bank’s supervisory approach with respect to protection of consumer assets against fraud, scams and misuse. An example of activities of the Central Bank relating to Principle 10 is its remediation work relating to one Irish bank’s obligations under the PSR to implement strong customer authentication. Given the delay of one bank to implement the strong customer authentication standards outlined above, and following extensive engagement, the Central Bank took action against the bank and required that it could not charge a full fee to customers for a service that was not in full compliance with the relevant regulatory requirements. The bank was required to contact the affected customers and provide an explanation and apologise for the delay. As a result of this intervention the bank refunded around EUR 3 million to its customers. The Central Bank also publishes warning notices and guidance to consumers to avoid scams (Central Bank of Ireland, 2023[87]).

Principle 11 promotes the safeguarding of consumer financial and personal information through effective control and protection measures. These measures should clearly outline the reasons for collecting, processing, storing, using and sharing data, particularly with third parties. Consumers’ rights regarding consent for data sharing, access to their data, notification of data breaches, and avenues for redress, including timely correction or deletion of inaccuracy or unlawfully obtained data, should be recognised. Collaboration among oversight bodies responsible for consumer data protection and privacy is essential to ensure comprehensive protection.

The Data Protection Commission (DPC) is an independent body established under the Data Protection Act 2018. The DPC is responsible for upholding the right of individuals in Ireland to have their personal data protected and it supervises and enforces compliance with the Data Protection Legislation, which includes the General Data Protection Regulation (GDPR), the Data Protection Acts 1988 to 2018 and the Regulation on Privacy and Electronic Communications.

The Central Bank does not have a role in supervising compliance with the Data Protection Legislation. As a data controller, however, the Central Bank is subject to compliance with the Data Protection Legislation and the Central Bank has adopted policies, procedures and controls for this purpose.

When processing data, the Central Bank follows the GDPR principles of i) lawfulness, fairness and transparency, ii) purpose limitation, iii) data minimisation, iv) accuracy and v) integrity and confidentiality.

More broadly, the Central Bank’s Information Security Policy (ISP) sets out information security requirements and guidance and it describes how records should be managed throughout their lifecycle, to support business and regulatory requirements and the historical legacy of the Central Bank.

Separate to Data Protection Legislation, the Central Bank is subject to a duty of confidentiality for information it holds on regulated firms and the exercise of its power/functions. The Central Bank Act 1942 sets out a number of gateways which may require or permit the Central Bank to disclose information in certain circumstances, including the requirement to report to other Irish authorities or to authorities carrying out a similar function (e.g. other European authorities or the European Central Bank) any information that leads the Central Bank to believe that a criminal offence may have been committed by a regulated firm, or that the regulated firm has breached a provision of certain legislation.

As a data controller, the Central Bank is subject to the supervision of the DPC. There is no MOU or co-operation agreement in place between the DPC and the Central Bank. The Data Protection Legislation requires the Central Bank to consult with the DPC when the Central Bank is proposing to issue regulations which impact on the personal data of consumers.6 In October 2022 the DPC responded to the discussion paper on the review of the Code to comment on the importance of avoiding conflicts between the Code and data protection legal requirements and fundamental rights of individuals (Data Protection Commission, 2022[88]). As part of the review of the Code, the Central Bank will consult with the DPC to ensure that such conflicts do not arise, and that any provisions requiring firms to process personal data is done in a way that reflects the principles of the Data Protection Legislation. The Central Bank may also engage with the DPC when it plans a material project impacting the collection of personal data from consumers.

Principle 12 stipulates that consumers, especially those in vulnerable circumstances, should have access to adequate complaints handling and redress mechanisms that are affordable, fair, independent, accountable, timely and efficient. Consistent with this, financial services providers and intermediaries should have mechanisms in place for consumer complaints handling and redress. Consumers should also have access to an independent redress process to handle complaints that are not resolved via firms’ internal procedures. Aggregate information about consumer complaints should be made public.

The Central Bank is responsible for supervising and enforcing compliance with provisions requiring regulated firms to have complaints handling procedures in place. The Central Bank does not have a role in receiving, mediating or adjudicating on individual consumer complaints. However, the Central Bank conducts analysis of complaints data received from firms and the Financial Services and Pensions Ombudsman (see next paragraph) to inform its financial consumer protection supervisory function. The Central Bank has a Public Contact Unit (PCU) that responds to queries and information received from members of the public. Analysis of these queries informs the Central Bank’s supervisory work.

The Financial Services and Pensions Ombudsman (FSPO) is an independent statutory body established in 2018 by the Financial Services and Pensions Ombudsman Act 2017 (“FSPO Act”). If a consumer, whether an individual, a small business or an organisation (with an annual turnover of less than €3 000 000) is unable to resolve a complaint or dispute with a financial service provider or a pension provider, they can refer their complaint to the FSPO. The FSPO provides an independent, impartial, fair and confidential service, which is free to consumers, to resolve complaints through either informal mediation, leading to a potential mediated settlement agreed between the parties, or formal investigation and adjudication, leading to a legally binding decision. Section 2.12.3 describes the FSPO’s informal mediation and formal investigation processes in greater detail.

The Code as well as sectoral legislation requires regulated firms to have complaints handling and redress procedures in place to handle consumer complaints. In addition, firms are required to clearly communicate information to consumers about their right to complain, to handle complaints speedily, efficiently and fairly, to report complaints data to the Central Bank and to ensure that the needs of consumers, including those experiencing vulnerability, are considered when designing and publicising complaints handling and redress procedures.

The Code also sets out specific timelines within which firms must attempt to resolve complaints, and timelines within which a firm must update consumers on the progress of the investigation until the complaint is resolved. Firms must also analyse patterns of complaints received from consumers on a regular basis, including investigating whether complaints indicate a more widespread issue for consumers. As part of the Central Bank’s consultation on its review of the Code, the Central Bank is proposing to strengthen firms’ governance obligations regarding complaints and to require firms to have systems in place to track and manage complaints. Firms will be obliged to analyse complaints on a regular basis and at least once every six months, in order to identify and address trends or other potential issues in a timely manner.

Firms are required to periodically submit to the Central Bank data on volumes of complaints that they have received from consumers and that have been referred to the FSPO. Insurance firms, credit institutions, retail credit firms, credit servicing firms and investment firms are also required to report information on the categories of complaints received. There are no requirements to make aggregated complaints data submitted by regulated firms to the Central Bank publicly available.

In 2023, based on data submitted by regulated firms to the Central Bank, the most frequent consumer complaints received by banks, retail credit firms and credit servicing firms relate to account administration and processing, customer service and provider policy, for example opening hours and daily limits,. For insurance firms, the most frequent consumer complaints relate to customer service, pricing and issues with the policy such as voiding or other terms and conditions. These two financial sectors were also those with the largest numbers of consumer complaints, and those that include the firms with the greatest number of customers and that provide the most important products and services. Finally, concerning MiFID investment firms the most frequent consumer complaints relate to customer service, problems with fees in managing investments and quality of, or lack of, information provided.

The FSPO can resolve complaints through either informal mediation or formal investigation.

The Dispute Resolution Service (DRS) is a voluntary and confidential process through which the FSPO aims to help the complainant and their provider to themselves design and agree to a solution that satisfies both parties. The dispute resolution process typically takes 9 - 12 weeks. A mediation can have three potential outcomes: i) the complainant and the provider agree on a settlement, ii) the complainant receives clarification from the provider and closes the complaint and iii) no settlement is agreed, and the complaint proceeds to a formal investigation. In 2022 and 2023, 66% and 62% of complaints that were mediated reached a settlement, respectively.

When a complaint is not resolved by mediation, the formal investigation is carried out by the FSPO which gathers and examines all relevant evidence. In 2022, formal investigations typically took between 9 and 18 months, though more recently this timeline has increased, owing to the volume of complaints requiring formal investigation. At the start of the formal investigation, the FSPO issues a Summary of Complaint to the financial service provider or pension provider to request information and evidence, which may include documents and audio evidence. The Complainant is given the opportunity to comment on the response received from the provider, and information received from one party is shared with the other party, in accordance with the requirements of fair procedures. The sharing of observations and evidence continues until both parties have no further comments to make. The complaint will then proceed for adjudication.

In a small number of complaint investigations, the FSPO will decide that it is appropriate to hold an Oral Hearing, for the taking of testimony, and the cross examination of witnesses. This arises when there is a material conflict of fact in the evidence that cannot be resolved by reference to the documentary or audio evidence available. When the complaint has been fully investigated, the FSPO issues a preliminary decision to the parties. If both parties accept the preliminary decision, the FSPO issues a legally binding decision in the same terms, after 15 working days. Alternatively, during the 15 working days made available to the parties to consider the preliminary decision, either or both parties may indicate that they believe that the preliminary decision contains an error of fact or an error of law, or that they wish to offer additional evidence relevant to the contents of the preliminary decision. Upon receipt of such details, the parties’ respective comments are shared with the other party, and the FSPO will reconsider the matter for adjudication in due course, taking into consideration the submissions made, and will then issue a legally binding decision.

A consumer can also issue legal proceedings against a financial service provider or pension provider. However, the FSPO is prohibited by statute from investigating a complaint where the issues arising are, or have been, the subject of court proceedings, except when the Court makes an Order pursuant to Section 49 of the FSPO Act, permitting the FSPO to proceed.

Table 2.3 shows the number of consumer complaints received by the FSPO in 2021, 2022 and 2023, broken down by sector. The total number of complaints received by the FSPO increased by 29% from 4 781 in 2022 to 6 182 in 2023. The sector with the largest number of complaints received by the FSPO is banking, which in 2023 represented 62% of complaints received. Insurance is the second largest sector (23% of complaints in 2023), with complaints about investments (7%) and pensions schemes (5%) much lower.

In 2023, the FSPO received 3 850 banking complaints, which represented an increase of 46% compared to the 2 640 banking complaints received in 2022. Banking complaints accounted for 62% of all complaints received by the FSPO. In 2023, the majority of banking complaints received by the FSPO concerned bank accounts, mortgages and consumer credit. The primary conduct driving these complaints was customer service. Customer service covers a range of issues such as communications, complaint handling, account access issues and the failure or delay in providing information. Disputed transactions and maladministration were the second and third most common categories of concern, respectively.

Insurance complaints accounted for 23% of all complaints received in 2023. The largest number of insurance complaints received related to motor insurance and private health insurance, and specifically with respect to claim handling and the rejection of a claim. The number of investment related complaints increased by 26% between 2022 and 2023, and the complaints received related mostly to maladministration, customer service and mis-selling (Financial Services and Pensions Ombudsman of Ireland, 2024[89]).

With respect to the conduct of pension providers, regulated by the Pensions Authority, the majority of complaints in 2023 related to occupational pension schemes, in particular suggested maladministration or dissatisfaction regarding the calculation of pension benefit.

In accordance with the Memorandum of Understanding between the FSPO and the Central Bank, statistical information about complaints-handling data is furnished by the FSPO to the Central Bank on an annual basis. It includes key complaint trends and details on complaints received by product and complaint type. The Central Bank and the FSPO meet regularly as part of ongoing engagement and information sharing arrangements. The FSPO is also required to make aggregate complaints data publicly available.

The FSPO publishes an annual Overview of Complaints during the first quarter of each year. It includes a summary of all complaints made to the FSPO during the previous year, a review of the trends and patterns in the making of complaints to the FSPO, a breakdown of the method by which the complaints made to the FSPO were dealt with; and information about the outcomes of all complaints concluded or terminated (Financial Services and Pensions Ombudsman, 2024[90]). This annual publication also lists any legally binding decisions that have been formally referred by the FSPO to the Central Bank, the CCPC, or the Pensions Authority (the “regulatory authorities”) with a view to promoting the consumer protection framework. Referrals take place for a variety of reasons including in circumstances where a complaint raises the possibility of a potentially systemic issue, which may warrant consideration by the regulatory authorities.

Finally, the FSPO is required to report to the Central Bank when it identifies a persistent pattern of complaints or facts or any other matter of concern for the Central Bank. The FSPO and the Central Bank can also share information with each other on a pro-active basis. The MoU between the Central Bank and the FSPO sets out the scope, level and various types of pro-active and continuous information exchange expected between both parties. Section 4 of the MoU covers meetings between the Central Bank and the FSPO at appropriate levels of seniority and the appointment of designated liaisons to ensure regular engagement, and section 5 of the MoU sets out the different types of information that the parties may exchange (Financial Services and Pensions Ombudsman, 2024[91]).

Analysis of data on complaints received by firms informs the Central Bank’s financial consumer protection supervisory functions in several ways. For example, analysis of complaints data is used as an input in the annual SRAs as well as to inform firm-specific work, as unusually high levels of complaints related to a specific firm may be driven by certain practices. Therefore, complaints data is relevant to the Central Bank’s supervisory activity in respect of many of the FCP Principles. The Central Bank also uses data on complaints received from the FSPO. As explained above, the FSPO may make a referral to the Central Bank when it observes a persistent pattern or matters that would concern the Central Bank. The Central Bank reviews each FSPO referral and takes action, as appropriate, in line with its mandate.

The Central Bank conducts supervisory activities related to complaints handling and redress. For example, where the Central Bank has identified that a particular firm’s poor complaints handling processes is a risk, it has undertaken a targeted review of the firm’s complaints handling processes and issued an RMP setting out actions the firm must take to address the issue. This type of risk could be identified by the Central Bank through consideration of a number of factors, such as very low or very high complaints numbers reported versus peers, discrepancies in numbers of complaints reported to the Central Bank compared to the firm’s internal governance fora, or indications that the firm’s complaint handling procedures may not be in compliance with the provisions set out in the Code.

[86] Banking & Payments Federation Ireland (2022), Payment Fraud Report, https://bpfi.ie/wp-content/uploads/2023/07/BPFI-Fraud-Report-H2-2022.pdf (accessed on 14 March 2024).

[78] Beere, B. et al. (2022), The Great Account Migration: Lessons from Behavioural Economics (Beere, Byrne, Kelly and Pratap Singh).

[74] Byrne, S., K. Devine and Y. Mccarthy (2022), Interrupting inertia, evidence from a mortgage refinancing field trial (Byrne, Devine and McCarthy).

[20] Central Bank of Ireland (2024), Annual Report 2023 and Annual Performance Statement 2023-2024.

[15] Central Bank of Ireland (2024), Authorisation, https://www.centralbank.ie/regulation/how-we-regulate/authorisation (accessed on 1 May 2024).

[17] Central Bank of Ireland (2024), Authorisations and Gatekeeping Report Edition1.

[19] Central Bank of Ireland (2024), Central Bank of Ireland - The Commission, https://www.centralbank.ie/about/who-we-are/the-commission (accessed on 11 March 2024).

[41] Central Bank of Ireland (2024), Civil Society Roundtable, https://www.centralbank.ie/events/event-detail/2023/12/06/default-calendar/civil-society-roundtable (accessed on 12 March 2024).

[67] Central Bank of Ireland (2024), Consumer Hub.

[6] Central Bank of Ireland (2024), Consumer Protection Code Review - Consultation Paper.

[26] Central Bank of Ireland (2024), Consumer Research Bulletin - Marketing and Advertising of Investment Products, https://www.centralbank.ie/docs/default-source/publications/consumer-protection-research/consumer-research-bulletin-marketing-and-advertising-investment-products.pdf?sfvrsn=44b1661a_5 (accessed on 6 November 2024).

[77] Central Bank of Ireland (2024), Consumer Research Report - Pension and retirement income, key challenges for consumers.

[51] Central Bank of Ireland (2024), Dear CEO Letter - Thematic Review on Early Mortgage Arrears.

[38] Central Bank of Ireland (2024), Enforcement Actions, https://www.centralbank.ie/news-media/legal-notices/enforcement-actions (accessed on 7 October 2024).

[10] Central Bank of Ireland (2024), How We Make Policy, https://www.centralbank.ie/regulation/how-we-regulate/policy/how-we-make-policy (accessed on 7 October 2024).

[52] Central Bank of Ireland (2024), Mortgages and Financial Difficulty, https://www.centralbank.ie/consumer-hub/mortgages-and-financial-difficulty (accessed on 8 October 2024).

[44] Central Bank of Ireland (2024), Open & Engaged Charter, https://www.centralbank.ie/about/open-engaged-charter (accessed on 4 September 2024).

[1] Central Bank of Ireland (2024), Regulatory & Supervisory Outlook, https://www.centralbank.ie/docs/default-source/publications/regulatory-and-supervisory-outlook-reports/regulatory-supervisory-outlook-report-2024.pdf?sfvrsn=e6b1621a_10 (accessed on 1 May 2024).

[16] Central Bank of Ireland (2024), “Regulatory Service Standards Performance Report: 2023”.

[24] Central Bank of Ireland (2024), Research Exchange, https://www.centralbank.ie/research-exchange (accessed on 7 October 2024).

[37] Central Bank of Ireland (2023), Annual report 2022 and Annual Performance Statement 2022-2023.

[87] Central Bank of Ireland (2023), Avoiding Scams and Unauthorised Activity, https://www.centralbank.ie/regulation/how-we-regulate/authorisation/unauthorised-firms/avoiding-scams-and-unauthorised-activity (accessed on 14 March 2024).

[72] Central Bank of Ireland (2023), Buy Now, Pay Later – do you know you are taking out a loan?.

[69] Central Bank of Ireland (2023), Central Bank warns on scam targeting consumers seeking cash loans.

[46] Central Bank of Ireland (2023), Code of Ethics, http://www.centralbank.ie (accessed on 13 March 2024).

[60] Central Bank of Ireland (2023), Consumer Protection Outlook Report 2023.

[76] Central Bank of Ireland (2023), Consumer Research Bulletin Buy Now Pay Later Consumer Insights Update.

[14] Central Bank of Ireland (2023), Credit Union News.

[80] Central Bank of Ireland (2023), Dear CEO Letter - MiFID Structured Retail Product Review – Supervisory Guidance, http://www.centralbank.ie (accessed on 5 May 2024).

[28] Central Bank of Ireland (2023), Dear CEO Letter - Re: 2021 Common Supervisory Action on the supervision of Costs and Fees of UCITS, http://www.centralbank.ie (accessed on 2 May 2024).

[34] Central Bank of Ireland (2023), Dear CEO letter - Re: 2022 ESMA Common Supervisory Action on Asset Valuation, http://www.centralbank.ie (accessed on 3 May 2024).

[25] Central Bank of Ireland (2023), Dear CEO Letter - Re: Common Supervisory Action on MiFID II Costs and Charges Requirements, http://www.centralbank.ie (accessed on 3 May 2024).

[27] Central Bank of Ireland (2023), Dear CEO Letter - Re: Supervisory Findings and Expectations for Payment and Electronic Money (E-Money) Firms, http://www.centralbank.ie (accessed on 2 May 2024).

[32] Central Bank of Ireland (2023), Dear CEO Letter - Re: Thematic Review on the Ongoing Suitability of Long-Term Life Assurance Products, http://www.centralbank.ie (accessed on 3 May 2024).

[29] Central Bank of Ireland (2023), Dear CEO Letter - Targeted Reviews on Control Frameworks and Risk Appetite Statements in MiFID 1 Investment, http://www.centralbank.ie (accessed on 3 May 2024).

[70] Central Bank of Ireland (2023), Explainer – How can I protect myself from financial scams?.

[83] Central Bank of Ireland (2023), Guidance on Fitness and Probity Standards.

[31] Central Bank of Ireland (2023), Insurance Newsletter.

[13] Central Bank of Ireland (2023), Insurance Quarterly News.

[12] Central Bank of Ireland (2023), Intermediary Times Newsletters, https://www.centralbank.ie/regulation/industry-market-sectors/brokers-retail-intermediaries/newsletters (accessed on 1 May 2024).

[55] Central Bank of Ireland (2023), Overview of Account Migration Activity & Final Statistics 1. Overview.

[30] Central Bank of Ireland (2023), Protecting consumers in a changing economic landscape.

[48] Central Bank of Ireland (2023), Quarterly Bulletin - September 2023, https://www.centralbank.ie/docs/default-source/publications/quarterly-bulletins/qb-archive/2023/quarterly-bulletin-q3-2023.pdf?sfvrsn=2dc49c1d_5 (accessed on 5 May 2024).

[43] Central Bank of Ireland (2023), Retail Intermediary Roadshow, https://www.centralbank.ie/regulation/industry-market-sectors/brokers-retail-intermediaries/retail-intermediary-roadshow (accessed on 13 March 2024).

[75] Central Bank of Ireland (2023), Review of Differential Pricing Regulations in the Private Car and Home Insurance Markets.

[84] Central Bank of Ireland (2023), Thematic Review on the Ongoing Suitability of Long-Term Life Assurance Products, http://www.centralbank.ie (accessed on 15 March 2024).

[50] Central Bank of Ireland (2022), Campaign on short-term credit.

[79] Central Bank of Ireland (2022), Central Bank review identifies evidence of increasing levels of under-insurance in the home insurance market, https://www.centralbank.ie/news-media/press-releases/central-bank-review-identifies-evidence-of-increasing-levels-of-under-insurance-in-the-home-insurance-market (accessed on 13 March 2024).

[68] Central Bank of Ireland (2022), Central Bank warning on investing in crypto-assets.

[5] Central Bank of Ireland (2022), Consumer Protection Code Review - Discussion Paper, https://www.centralbank.ie/docs/default-source/regulation/consumer-protection/other-codes-of-conduct/consumer-protection-code-review/consumer-protection-code-review-discussion-paper.pdf (accessed on 10 March 2024).

[57] Central Bank of Ireland (2022), Dear CEO - Withdrawal of retail banks from the Irish market, http://www.centralbank.ie (accessed on 1 May 2024).

[49] Central Bank of Ireland (2022), Dear CEO Letter - e: Protecting consumers in a Changing Economic Landscape, http://www.centralbank.ie (accessed on 5 May 2024).

[36] Central Bank of Ireland (2022), Dear CEO letter - MiFID Structured Retail Product Review, http://www.centralbank.ie (accessed on 8 March 2024).

[71] Central Bank of Ireland (2022), How can I make my savings work harder?, https://www.centralbank.ie/consumer-hub/saving-your-money (accessed on 5 May 2024).

[45] Central Bank of Ireland (2022), Innovation Hub - 2022 Update, http://www.centralbank.ie/regulation/innovation-hub (accessed on 13 March 2024).

[18] Central Bank of Ireland (2022), Perspectives on the Evolution of Retail Banking in Ireland Central Bank Response to the Retail Banking Review Public Consultation Contents.

[47] Central Bank of Ireland (2022), Quarterly Bulletin - October 2022, https://www.centralbank.ie/docs/default-source/publications/quarterly-bulletins/qb-archive/2022/quarterly-bulletin-q4-2022.pdf?sfvrsn=1666951d_6 (accessed on 5 May 2024).

[22] Central Bank of Ireland (2022), Remarks by Director of Consumer Protection Colm Kincaid at Compliance Institute Annual Conference, https://www.centralbank.ie/news/article/remarks-by-director-of-consumer-protection-colm-kincaid-at-compliance-institute-annual-conference (accessed on 2 May 2024).

[42] Central Bank of Ireland (2022), The Central Bank’s framework for the macroprudential mortgage measures.

[58] Central Bank of Ireland (2022), Understanding Repayment Amounts of Long-Term Mortgage Arrears Borrowers.

[39] Central Bank of Ireland (2021), Consultation Paper 136 - Enhancing our Engagement with Stakeholders.

[11] Central Bank of Ireland (2021), Consumer Protection Code 2012 - Guidance.

[4] Central Bank of Ireland (2021), Consumer Protection Code 2021 - updated May 2021.

[56] Central Bank of Ireland (2021), Consumer protection expectations in a changing retail banking landscape 2021, http://www.centralbank.ie (accessed on 9 March 2024).

[81] Central Bank of Ireland (2021), Cross-Industry Guidance on Outsourcing, http://www.centralbank.ie (accessed on 15 March 2024).

[40] Central Bank of Ireland (2021), Our Strategy.

[2] Central Bank of Ireland (2021), Regulatory Requirements and Guidance for High Cost Credit Providers, https://www.centralbank.ie/regulation/industry-market-sectors/high-cost-credit-providers/regulatory-requirements-and-guidance (accessed on 15 March 2024).

[33] Central Bank of Ireland (2021), Review of Differential Pricing in the Private Car and Home Insurance Markets.

[35] Central Bank of Ireland (2020), COVID-19 and Business Interruption Insurance Supervisory Framework.

[85] Central Bank of Ireland (2019), The Tracker Mortgage Examination Final Report, http://www.centralbank.ie (accessed on 10 March 2024).

[73] Central Bank of Ireland (2018), Addendum to the Consumer Protection 2012 - June 2018.

[82] Central Bank of Ireland (2018), Behaviour and Culture of the Irish Retail Banks.

[21] Central Bank of Ireland (2017), A Guide to Consumer Protection Risk Assessment.

[9] Central Bank of Ireland (2017), Minimum Competency Code.

[8] Central Bank of Ireland (2016), Code of Conduct on the Switching of Payment Accounts with Payment Service Providers.

[7] Central Bank of Ireland (2013), Code of Conduct on Mortgage Arrears.

[3] Central Bank of Ireland (2013), Unofficial Consolidation of the Consumer Protection Code 2012.

[66] Competition and Consumer Protection Commission (2023), Financial Wellbeing in Ireland: Financial literacy and inclusion in 2023, https://www.indecon.ie/assets/files/pdf/financial_wellbeing_in_ireland_-_report_on_financial_literacy_and_inclusion_2023.pdf (accessed on 9 March 2024).

[65] Competition and Consumer Protection Commission (2023), Online Behaviour - Influencer Marketing, https://www.ccpc.ie/business/wp-content/uploads/sites/3/2022/12/2022.12.12-172837-CCPC-Influencer-marketing-report.pdf (accessed on 9 March 2024).

[63] Competition and Consumer Protection Commission (2022), Pensions Research, https://www.ccpc.ie/business/wp-content/uploads/sites/3/2022/09/CCPC-Pensions-Research-2022.pdf (accessed on 9 March 2024).

[88] Data Protection Commission (2022), Response of the DPC to the discussion paper on the review of the Central Bank Consumer Protection Code, https://www.centralbank.ie/docs/default-source/publications/discussion-papers/discussion-paper-10/data-protection-commission---response-to-dp10.pdf?sfvrsn=be339f1d_2 (accessed on 13 March 2024).

[62] Department of Finance (2024), Financial Literacy in Ireland: Evidence Base for a National Strategy, https://www.gov.ie/pdf/?file=https://assets.gov.ie/290810/16ca8875-42db-468e-9c80-efc4c45382e8.pdf#page=null (accessed on 27 June 2024).

[54] Department of Finance (2024), Minister McGrath secures Government approval for Access to Cash legislation, https://www.gov.ie/en/press-release/43af7-minister-mcgrath-secures-government-approval-for-access-to-cash-legislation/ (accessed on 17 February 2024).

[61] Department of Finance (2023), National Financial Literacy Strategy.

[53] Department of Finance (2022), Retail Banking Review, https://www.gov.ie/pdf/?file=https://assets.gov.ie/240770/d8b98fef-fe6a-4df8-b7d6-2f63e9f224b8.pdf#page=null (accessed on 17 February 2024).

[91] Financial Services and Pensions Ombudsman (2024), Memorandum of Understanding (MOU), https://www.fspo.ie/governance/mou.asp.

[90] Financial Services and Pensions Ombudsman (2024), Overview of Complaints, http://www.fspo.ie/decisions (accessed on 14 March 2024).

[89] Financial Services and Pensions Ombudsman of Ireland (2024), Overview of Complaints 2023.

[23] Gaffney, E. and P. Lyons (2024), An overview of the consumer credit market in Ireland.

[59] Kelly, J. et al. (2021), Long-term mortgage arrears: Analytical evidence for policy considerations, https://www.centralbank.ie/docs/default- (accessed on 9 March 2024).

[64] Timmons, S., D. Robertson and P. Lunn (2022), “Combining nudges and boosts to increase precautionary saving: A large-scale field experiment”.