Banking business in Ireland is regulated under both domestic legislation and the legislation of the EU, which either is directly applicable in Ireland or has been transposed into Irish law by domestic provisions. New laws and regulations applicable to Irish banks are primarily driven by developments at the EU level.
The primary domestic legislation establishing the framework for the regulation of banking activities in Ireland is the Central Bank Acts 1942-2018 (Central Bank Acts). The Central Bank Act 1942 originally established the Central Bank of Ireland (CBI) as a central bank and since then its competence has expanded. Following the introduction of the Central Bank Reform Act 2010 (2010 Act), the CBI is the primary Irish financial regulatory body.
The Central Bank Act 1971 (1971 Act) establishes the requirement for persons carrying on "banking business" to hold a banking licence, and sets out certain requirements applicable to banks.
The CBI is empowered under the Central Bank Acts to issue codes of practice and regulations to be observed by banks. The CBI has issued several such codes in areas such as corporate governance, related party lending, mortgage arrears and consumer protection.
Irish banks are also subject to extensive regulatory requirements driven by EU initiatives regulating the activities of "credit institutions" (the terms "credit institution" and "bank" are used interchangeably in this document). These include the Fourth Capital Requirements Directive (2013/36/EU) (as amended by Directive (EU) 2019/878 (CRD V)) (CRD), the Capital Requirements Regulation ((EU) 575/2013) (as amended by Regulation (EU) 2019/876 (CRR II)) (CRR) and the Bank Recovery and Resolution Directive (2014/59/EU) (as amended by Directive (EU) 2019/879 (BRRD II)) (BRRD). CRD is transposed into Irish law by the European Union (Capital Requirements) Regulations 2014 (as amended) (CRD Regulations), while the CRR, as an EU regulation, is directly applicable. BRRD is implemented in Ireland by the European Union (Bank Recovery and Resolution) Regulations 2015 (as amended) (BRRD Regulations).
Regulation (EU) 1024/2013 (SSM Regulation) establishes the Single Supervisory Mechanism (SSM), which is responsible for banking supervision in the participating Member States, such as Ireland. Under the SSM, the European Central Bank (the ECB) has exclusive competence in respect of certain aspects of the prudential regulation of Irish banks, including the granting and withdrawal of banking licences and the assessment of notifications of the acquisition and disposal of qualifying holdings in banks (except in the case of a bank resolution). The ECB also directly supervises "significant" banks (SIs), while the CBI directly supervises "less significant" banks (LSIs), subject to ECB oversight. The SSM sets out criteria for determining SIs and LSIs.
Other Regulatory Bodies
Other regulatory bodies that are also relevant to Irish banks include the following:
Section 7(1) of the 1971 Act prohibits the carrying on of "banking business" or accepting deposits or other repayable funds from the public without a banking licence. "Banking business" is defined as any business that consists of or includes receiving money on the person's own account from members of the public either on deposit or as repayable funds, and the granting of credits on own account (subject to certain exceptions).
While the 1971 Act does not define "repayable funds", section 2(2) of the Central Bank Act 1997 defines "deposit" for the purposes of the Central Bank Acts as "a sum of money accepted on terms under which it is repayable with or without interest whether on demand or on notice or at a fixed or determinable future date."
A person may apply for a banking licence to be granted under Section 9 of the 1971 Act. Since the introduction of the SSM, the ECB is the competent authority for the granting of the licence.
It is also possible to apply for authorisation under Section 9A of the 1971 Act for an Irish branch of a bank that is authorised in a third country (ie, a non-EEA country).
Holding oneself out as a banker
Section 7(1) of the 1971 Act also restricts persons from holding themselves out or representing themselves as a banker, or from carrying on banking business unless appropriately authorised.
The 1971 Act provides that, where a person carries out business under a name that includes the words "bank", "banker" or "banking", or any word which is a variant, derivative or translation of or is analogous to those words, or uses any advertisement, circular, business card or other document that includes such words, they hold themselves out or represent themselves as conducting or being willing to conduct banking business.
A banking licence permits the holder to engage in a broad range of business, including deposit taking, lending, issuing e-money, payment services and investment services and activities regulated by the Markets in Financial Instruments Directive (2014/65/EU) (MiFID II).
In practice, the application process for a bank licence typically begins with a preliminary engagement phase, whereby the applicant will often have meetings or calls with the CBI and submit a detailed proposal for their application.
Following this, the applicant will prepare its formal application. The application pack requires extensive detail regarding all material areas of the applicant's proposed business, as set out in the CBI's "Checklist for completing and submitting Bank Licence Applications under Section 9 of the Central Bank Act 1971", which is available on the CBI's website.
The information required includes:
Following the receipt of the application, the CBI will assess the application, in conjunction with the ECB. The process is iterative and typically involves multiple rounds of extensive comments and queries from the regulators.
Following the completion of the iterative query stage, the ECB will determine whether or not to grant a licence. This entire process generally takes between 12 and 18 months. Where a licence is granted, it may be subject to specific conditions.
There is no fee for submitting a bank application, but banks are subject to a number of ongoing levies.
CRD also includes requirements for certain financial holding companies and mixed financial holding companies to be authorised and, in certain cases, non-EEA groups may be required to establish an intermediate EU parent undertaking.
Under the CRD mutual recognition provisions, Irish banks can both provide services on a freedom of services basis and establish a branch on a freedom of establishment basis across the EEA, subject to completing the necessary passporting processes.
Requirements Governing Change in Control
The requirements in relation to the acquisition and disposal of interests in banks are set out in Chapter 2 of Part 3 of the CRD Regulations. The CRD Regulations provide that the prior approval of the ECB is required in advance of any proposed acquisition of a qualifying holding in a bank.
A "qualifying holding" is defined as a direct or indirect holding in an undertaking that represents 10% or more of the capital or of the voting rights, or which makes it possible to exercise a significant influence over the management of that undertaking. Notification is also required in respect of direct or indirect holding increases above a prescribed percentage of 20%, 33% or 50%.
There are no restrictions on private ownership nor geographical restrictions on foreign ownership of Irish banks. However, the CBI has expressed preferences in the past that banks not be owned or controlled by single private individuals or that ownership of banks should not be "stacked" under insurance undertakings. Prior ownership experience of banks or other financial institutions will be an advantage in applying for the approval of an acquisition of a qualifying holding.
The CRD Regulations provide that an application to the Irish High Court may be made to remedy a situation where a qualifying holding was inadvertently acquired without the prior approval of the ECB.
The Nature of the Regulatory Filings
Notification of the proposed acquisition of a qualifying holding is made to the CBI via the ECB's IMAS Portal. The CBI will liaise with the ECB, which is the competent authority under the SSM for the approval of acquisitions of or increases in qualifying holdings in respect of Irish authorised banks.
The maximum total period for assessment of an acquiring transaction notification is 90 working days from the receipt of a complete application. Notifications can be rejected as not complete at the outset of the process, and so in practice this process can take longer. The CBI advises that pre-application engagement and the submission of notification and supporting documentation in draft form can help minimise the risk of a notification being deemed "incomplete", thereby delaying the approval process.
The CBI also requires any proposed acquirers to take note of the content of the May 2017 Joint Committee of the European Supervisory Authorities, which includes the European Banking Authority's (EBA) "Joint Guidelines on the prudential assessment of acquisitions and increases of qualifying holdings in the banking, insurance and securities sectors".
The content required to complete a notification includes details of:
A business plan for the target entity may also be required with the notification, detailing the proposed acquirers' expected activities/performance and financial projections over three years.
The CBI may also seek comfort from a proposed acquirer of a majority stake in an Irish bank that the proposed acquirer will provide such financial support as is necessary for the Irish bank to continue to meet its regulatory obligations.
The corporate governance requirements applicable to Irish banks include those set out in the CBI Corporate Governance Requirements for Credit Institutions 2015 (CBI Requirements) and the CRD provisions in respect of corporate governance.
The CBI Requirements provide that all Irish banks must have robust governance arrangements, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks to which they are or might be exposed, and adequate internal control mechanisms. The governance structure put in place must be sufficiently sophisticated to ensure that there is effective oversight of the activities of the institution, taking into consideration the nature, scale and complexity of the business being conducted.
The CBI Requirements are prescriptive, imposing minimum standards in relation to corporate governance, including the composition, role and conduct of the board of directors and the establishment of certain board committees, and also setting out requirements in relation to risk management.
An Irish bank is required to have at least five directors, or seven if it is designated as having a High Impact under the CBI's Probability Risk and Impact System (PRISM). The board is required to have a majority of independent non-executive directors (INED), although where a bank is part of a group, the majority of the board may also be composed of group directors, provided that the bank has at least two INEDs (or three INEDs where the bank is designated as High Impact).
The CRD Regulations set out a number of high-level rules in relation to the governance of banks. The EBA has built upon these requirements in its updated Guidelines on internal governance (EBA/GL/2021/05), which replace Guidelines (EBA/GL/2017/11) from 31 December 2021(EBA IG Guidelines). The EBA IG Guidelines specify the internal governance arrangements, processes and mechanisms that banks and certain investment firms must implement in accordance with Article 74(1) of CRD to ensure effective and prudent management of the institution.
The EBA IG Guidelines apply in relation to governance arrangements such as organisational structure, lines of responsibility, risk identification and management and the internal control framework. Guidance is given in relation to the role of the management body and its responsibilities, as well as the role of board committees and internal control functions. Arrangements in relation to risk management, outsourcing and business continuity are also addressed.
Corporate governance continues to be an area of focus for the CBI. This has been evident in recent publications and supervisory focuses on areas including behaviour and culture, conduct risk, outsourcing and individual accountability. Proposed legislation to introduce a new individual accountability framework (see 10.1 Regulatory Developments) will include conduct standards for all firms and for individuals working within them.
The Irish Bank Culture Board was also established in 2019 by the five retail banks operating in Ireland, with the aim of rebuilding trust in the sector by demonstrating a change in behaviour and overall culture.
Fitness and Probity Regime
The CBI's Fitness and Probity Regime (F&P Regime), which was established under the 2010 Act, applies to persons in certain senior positions in Irish regulated financial service providers (RFSPs), including banks.
The F&P Regime applies to persons performing certain prescribed "controlled functions" (CFs) and "pre-approval controlled functions" (PCFs). PCFs are a sub-set of CFs and include directors, chairs of the board and committees, the chief executive and heads of certain internal control functions, amongst other functions.
An RFSP must not permit a person to perform a CF or PCF unless it is satisfied on reasonable grounds that the person complies with the CBI's Standards of Fitness and Probity (Standards) and the person has agreed to comply with the Standards. The Standards require a person to be:
In order to be satisfied the person complies with the Standards, due diligence must be undertaken by the RFSP.
Irish banks are also subject to the Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders (Suitability Guidelines), as well as CRD requirements.
Pre-approval for PCFs
A person cannot be appointed to a PCF position unless such appointment has been approved by the CBI. For SIs, the approval of the ECB is required for members of the management body. This is also the case for members of the management body of any new bank.
PCF applicants are required to submit an individual questionnaire to the CBI, setting out details of their professional qualifications and employment history, and including various confirmations from both the applicant individual and the RFSP. The CBI/ECB may interview candidates for certain PCF roles, and this is increasingly becoming the norm for bank board members and certain other senior PCFs. From 31 December 2021, SIs must submit PCF applications via the IMAS Portal, along with the corresponding declarations.
The ECB has published a Guide to Fit and Proper Assessments for its fitness and probity assessments, which are conducted in accordance with the Suitability Guidelines.
CF and PCF holders may be the subject of an investigation or required to comply with an evidentiary notice, or may be the subject of a suspension notice or a prohibition under the 2010 Act. Applicants for PCF roles are also not guaranteed to receive approval.
The CBI operates an administrative sanctions regime in order to take enforcement actions in relation to RFSPs. Persons involved in the management of an RFSP may be subject to sanctions in certain circumstances.
The CBI has proposed reforms that would strengthen its toolkit in relation to individual accountability (see 10.1 Regulatory Developments).
Irish banks are subject to remuneration rules under both the CBI Requirements and the CRD Regulations, and must comply with certain principles in a manner and to the extent that is appropriate to their size and internal organisation and to the nature, scope and complexity of their activities.
The EBA "Guidelines on sound remuneration policies under Directive 2013/36/EU" (EBA Remuneration Guidelines) replace Guidelines (EBA/GL/2015/22) from 31 December 2021 and apply to banks, covering issues including the governance process for remuneration policies and the application of remuneration requirements in a group context. The CBI issued a policy statement on 31 January 2017 on the CBI's approach to proportionality relating to the payout process applicable to variable remuneration, confirming its intention to comply with the EBA Remuneration Guidelines and future European developments.
Banks that are classified as SIs are required to have a remuneration committee that complies with the requirements of the CRD Regulations. Banks with a High Impact PRISM rating are required to have a remuneration committee that complies with the CBI Requirements.
The CRD Regulations require banks to have a remuneration policy that is in line with its business strategy, objectives and long-term interests, incorporates measures to avoid conflicts of interest, is consistent with and promotes sound and effective risk management, does not encourage risk-taking that exceeds the level of tolerated risk of the institution, and is gender neutral. The board is responsible for overseeing the implementation of the remuneration policy and should periodically review its general principles. Banks should review their remuneration policies at least annually. The CRD Regulations also impose disclosure requirements relating to remuneration policies and practices.
Banks should also ensure that the remuneration of "control function" employees (note this is distinct from CF as defined in 4.2 Registration and Oversight of Senior Management) is not linked to the performance of any business areas they control, and that the remuneration of senior risk and compliance employees is suitably overseen. In respect of certain employees whose professional activities have a material impact on the risk profile of the institution, including senior management, risk takers and heads of control functions, banks are subject to extensive rules regarding variable remuneration. These rules include a "bonus cap", which limits variable remuneration to 100% of fixed remuneration (or 200% with shareholder approval).
Breach of the CBI Requirements and/or the CRD Regulations is an offence and may be grounds for an enforcement action by the CBI under its administrative sanctions regime, which can result in fines being imposed.
The primary anti-money laundering (AML) and counter-terrorist financing (CTF) legislation applicable to Irish banks is the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010), as amended, which transposed the Fourth EU Anti-Money Laundering Directive ((EU) 2015/849) (as amended by the Fifth EU Anti-Money Laundering Directive (2018/843/EU)) into Irish law.
The CJA 2010 imposes a range of obligations on banks, including obligations to:
The CBI published its AML/CTF Guidelines for the Financial Sector (AML Guidelines) in September 2019 to assist firms in understanding their obligations under the CJA 2010. The AML Guidelines, which were updated in June 2021, set out the expectations of the CBI regarding AML/CTF governance and the factors that firms should take into account when identifying, assessing and managing ML and TF risks, and also emphasise the importance of firms having regard to AML/CTF guidance published by the Financial Action Task Force and European supervisory authorities.
In addition to the CJA 2010, Irish banks are also required to comply with the various international financial sanctions that emanate from the EU and the United Nations, and with Regulation (EU) 2015/847, which deals with information requirements regarding wire transfers.
Regulatory Supervision and Enforcement
Under the CJA 2010, the CBI is the relevant competent authority in Ireland for the monitoring and supervision of banks' compliance with AML/CTF obligations. The CBI implements a risk-based approach to AML/CTF supervision such that the extent of supervision of a given firm is commensurate with the CBI's assessment of ML/TF risk within the firm. The retail banking sector is considered by the CBI to be a high-risk sector, with the non-retail banking sector considered to be a medium-high or medium-low risk sector, depending on the specific activities engaged in. An individual firm's ML/TF risk rating will be informed by the CBI's risk rating of the sector and its supervisory engagements with the firm, such as inspections.
The CBI is empowered to take measures that are reasonably necessary to ensure that firms comply with the provisions of the CJA 2010. This may include the CBI issuing a risk mitigation programme to a firm to address identified shortcomings in the firm's AML/CTF framework. The CBI also has the power to administer sanctions against banks for breaches of the CJA 2010 under its administrative sanctions regime, which can result in fines being imposed.
Ireland has transposed the Deposit Guarantee Schemes Directive (2014/49/EU) (DGS Directive) into domestic law through the European Union (Deposit Guarantee Schemes) Regulations 2015 (DGS Regulations), which govern the operation of a deposit guarantee scheme (DGS) for "eligible deposits" at Irish banks. Irish banks are not allowed to accept deposits without being members of the DGS.
The CBI is the designated authority for the purposes of the DGS Directive, and is responsible for the maintenance and ongoing supervision of the DGS and for ensuring that it has sound and transparent governance practices in place. The CBI is required to produce an annual report on the activities of the DGS.
The DGS provides protection to eligible deposits, which includes deposits belonging to individuals, companies, partnerships, clubs and associations. The eligible deposits that may be protected by the DGS include current accounts, savings accounts, demand notices, fixed-term deposit accounts and share accounts. The deposit element of structured deposits/tracker bonds may also be eligible if the deposit element is repayable at par.
Certain specified categories are not eligible deposits. These include deposits of "financial institutions" as defined under the CRR – and including insurance undertakings, collective investment schemes, MiFID II investment firms and other banks (subject to certain conditions). Deposits of public authorities, debt securities issued by banks and liabilities arising out of their own acceptances and promissory notes are also not eligible deposits; a bank's "own funds" for the purposes of the CRR are also not covered.
The coverage level for aggregate eligible deposits for each depositor is EUR100,000. In certain specified circumstances, a depositor may be covered for aggregate deposits up to a level of EUR1 million as a "temporary high balance". The DGS Regulations set out detailed provisions as to how a depositor's aggregate deposits are to be calculated.
Examples of circumstances that give rise to increased "temporary high balance" cover include the following:
Subject to certain exceptions, this higher level of cover will be available to depositors for a period of six months after the relevant amount has been credited or from the moment when such deposits become legally transferable.
The DGS Regulations provide that the DGS is funded by participating banks. As the designated authority, the CBI is responsible for ensuring that it has adequate systems in place to determine the potential liabilities of this fund. The CBI identifies a target level for the fund and requires all banks that hold eligible deposits to pay contributions to the fund. The fund must hold at least 0.8% of the amount of eligible deposits of all banks authorised in the State.
A bank's required contribution to the DGS is calculated primarily by reference to the proportion of eligible deposits it holds, and the DGS Regulations set out prescriptive provisions regarding how these obligations are to be calculated and levied.
The Irish DGS protects eligible deposits held at EEA branches of Irish banks. Deposits held with other EEA banks should be protected under the relevant other EEA bank's home country deposit protection scheme.
In November 2015, the European Commission proposed a European Deposit Insurance Scheme, which, if established, would form part of the third pillar of the EU's Banking Union. However, this proposal is subject to ongoing political debate.
Irish banks owe a duty of confidentiality to their customers. The duty of confidentiality has its origins in the common law and is an implied term in all contracts between banks and their customers. For the purpose of this duty, the term "customers" includes both natural and legal persons. There has also been limited judicial commentary to the effect that the Irish constitutional right to privacy may encompass a right to confidentiality in relation to banking affairs.
The duty of confidentiality is a broad one and provides that, once a contractual relationship exists between a bank and a customer, the bank must not divulge to third parties any information acquired by the bank during, or by reason of, its relationship with the customer, without the express or implied consent of the customer. Banks must also ensure that their employees and agents do not breach this duty.
In practice, the duty of confidentiality applies to the following:
The duty of confidentiality continues to apply when the account is closed or ceases to be active.
Given the wide and increasing range of services offered by banks and RFSPs, where any business of a kind normally carried on by a bank is carried out, it is prudent to presume the imposition of this duty of confidentiality.
The duty of confidentiality is not absolute and the Irish courts have confirmed the existence of a number of qualifications and exemptions to the duty of confidentiality, including where:
Irish statutes contain a number of express statutory exceptions to the duty of confidentiality. These exemptions are included in the Companies Act 2014, the CJA 2010, criminal justice legislation and credit reporting legislation, as well as the law of evidence, including court rules providing for discovery orders.
A court or judge may authorise a member of the Irish police force to inspect bank records to investigate an indictable offence, where the court or judge is satisfied that there are reasonable grounds for believing that such an offence has been committed and the relevant material is likely to be of substantial value to the investigation.
In addition, by virtue of their statutory powers, the CBI and the Revenue Commissioners have the ability to inspect customer accounts in certain circumstances.
Where the customer consents to disclosure, the duty may be dis-applied; this is relatively common where a third party seeks a reference or statement from a bank with the customer's consent. It is best practice to obtain the customer's prior written authorisation in these circumstances.
Where the duty of confidentiality is breached, the customer is entitled to seek damages, which may include aggravated damages.
The prudential requirements applicable to Irish banks, including in relation to capital and liquidity, emanate from EU legislation that is itself heavily influenced by international standards.
The current prudential requirements applicable to Irish and other EEA banks are set out in CRD and the CRR, as well as secondary EU legislation. This framework seeks to address the requirements of certain international standards of the Basel Committee on Banking Supervision and the Financial Stability Board (FSB). The EU rules also contain bespoke requirements to address particular concerns of the EU Member States.
Under the 1971 Act, Irish banks must hold initial capital of at least EUR5 million before the CBI will propose to the ECB that a banking licence should be granted.
Capital Requirements – Pillar I
The CRR sets out the requirement for banks to maintain a minimum quantity of regulatory capital and rules governing the quality of that capital. The quality of regulatory capital is considered by reference to two categories:
CET1 includes ordinary shares and reserves, and is the highest quality capital. There are eligibility criteria and deductions that must be followed to calculate the instruments that qualify for each tier.
The minimum capital requirement is a percentage of a bank's risk weighted assets (RWAs). The calculation of a bank's RWAs involves allocating a weighting to the value of an asset relative to the risk of incurring losses. Banks can use the Standardised Approach (with standardised weightings) or the Internal Ratings Based approach (where the bank calculates its own risk weights, subject to approval) in assessing credit risk and calculating risk weights.
The CRR requires maintenance of the following minimum capital ratios:
An additional leverage ratio buffer for G-SIIs will be introduced in January 2023 under CRR II.
The following four buffers are provided for under CRD:
Institutions are restricted from using CET1 that is maintained to meet the combined buffer requirement (ie, the CET1 required to meet the buffers above) to meet Pillar I requirements or Pillar II capital.
Pillar II Capital
The CBI has the power to apply additional capital requirements to Irish banks on a case-by-case basis. Any additional requirements will be based on the CBI's assessment under its supervisory review and evaluation process, which looks at the specific risks of the firm. Non-binding guidance may also be issued to a bank in respect of further capital it is expected to hold.
The CRD/CRR framework provides for two liquidity ratios. The liquidity coverage ratio requires banks to hold high-quality unencumbered liquid assets, which must be sufficient to meet net cash outflows under a 30-day stress scenario.
A separate net stable funding ratio has been introduced under the CRR to address liquidity mismatches. This aims to ensure that the level of stable funding available to a bank is aligned with the level of funding it requires over the longer term, based on the liquidity risk profiles of assets and off-balance sheet exposures. The minimum level of available stable funding must be at least 100% of the required amount of stable funding.
Under BRRD and the Single Resolution Mechanism (SRM) Regulation (806/2014) (SRM Regulation), banks must comply with a minimum requirement for own funds and eligible liabilities (MREL). The MREL should assist the bank in absorbing losses and restore its capital so that the bail-in resolution tool can be applied effectively. Under BRRD II and Regulation (EU) 2019/877 (SRM Regulation II), a number of changes will be introduced to align MREL with the FSB's standard relating to total loss-absorbing capacity (TLAC). In addition, the CRR II will amend the CRR to implement the TLAC standard and apply it directly to G-SIIs.
The CBI published its "Approach to Minimum Requirement for Own Funds and Eligible Liabilities (MREL)" in October 2021, which provides further information on the regime and CBI discretions.
The CRD Regulations and the CRR provide other measures to address risks applicable to banks. These include measures in relation to credit valuation adjustment, disclosure requirements, reporting requirements, governance and remuneration requirements, credit risk adjustment and the ability of regulatory authorities to impose stricter macro-prudential measures.
The CBI has also issued a Policy on Management of Country Risk, August 2013, and a regulatory document entitled "Impairment Provisions for Credit Exposures – 26 October 2005", with which banks are required to comply.
COVID-19 Flexibility Measures
The CBI and the ECB have made a number of announcements in relation to the application of capital and liquidity requirements in light of the COVID-19 pandemic.
The legal and regulatory framework governing the insolvency, recovery and resolution of banks in Ireland has undergone significant development since the global financial crisis of 2007/8, when Ireland hastily implemented emergency legislation to address issues affecting domestic institutions. Since then, the EU has adopted BRRD and the SRM Regulation, which provide an EU framework for the recovery and, where necessary, resolution of EU banks.
One of the ways in which a failing bank can be addressed is through a liquidation process. The CBI has issued a document entitled "Central Bank of Ireland’s Approach to Resolution for Banks and Investment Firms (Second Edition) October 2021" (Approach Paper), which addresses credit institutions within the scope of the BRRD Regulations that are LSIs and are not part of a "cross-border group" as defined in the SRM Regulation, certain investment firms, holding companies and others. In the Approach Paper, the CBI comments that, in fact, the most likely method for the majority of failing institutions is through a CBI-involved winding-up (liquidation) procedure. Under the BRRD Regulations, where resolution conditions are met but the resolution authority considers a resolution action would not be in the public interest, it must be wound-up.
The Central Bank and Credit Institutions (Resolution) Act 2011 (Resolution Act) provides that the Irish Companies Acts will apply to the winding-up of an Irish bank. However, the CBI has an important role under the Resolution Act. No person other than the CBI can present a petition to the High Court to wind up a bank, unless they have given the CBI notice and the CBI has confirmed that it does not object. In the latter case, the CBI will be a notice party to court applications and may make representations in court.
The Resolution Act sets out a number of specific grounds under which the CBI may present a petition for a winding-up order, such as where:
Under the Resolution Act, only a liquidator approved by the CBI may be appointed. Objectives for the appointed liquidators are set out in the legislation, with the protection of eligible depositors under the DGS being a priority.
Recovery and Resolution
BRRD and the SRM Regulation set out an alternative mechanism to resolve failing banks in a more orderly way, and seek to implement the original "Key Attributes of Effective Resolution Regimes for Financial Institutions" published by the FSB. BRRD provides authorities with tools to intervene at an early stage and in a swift manner in relation to a failing institution, to ensure the continuity of critical functions and minimise the impact of the institution's failure on the economy and financial system. In its Approach Paper, the CBI states that burden-sharing is a driving principle of the resolution framework in order to mitigate moral hazard by ensuring that shareholders and investors bear losses from an institution’s failure.
As Ireland is part of the SSM, the SRM is applicable to Irish banks, and the SRM Regulation is directly applicable in Ireland.
The CBI is designated as the national resolution authority under the SRM and the national competent authority under the SSM. Broadly speaking, the Single Resolution Board (SRB) has responsibility in relation to the resolution of SIs or institutions that are subject to direct ECB oversight, and the CBI will have responsibility for the key resolution processes for LSIs that are subject to SRB oversight.
Resolution Tools and Powers
The framework includes the following elements:
Resolution authorities are also afforded write-down and conversion powers in respect of certain capital instruments. These can be implemented as part of a resolution action or separately, where certain conditions are met. BRRD II introduced a moratorium power that allows a resolution authority to suspend any payment or delivery obligations pursuant to any contract to which an institution is a party, where certain conditions are met.
BRRD provides requirements for institutions to include contractual provisions in certain contracts governed by non-EEA law in respect of powers under BRRD.
In its Approach Paper, the CBI has commented that resolution tools are generally used where, for example, a bank's failure could cause financial instability or disrupt critical functions. Resolution tools would be used by the CBI where certain conditions for resolution are met, including, for example, where the CBI considers resolution to be in the public interest.
Resolution funds have been established in Ireland and at the EU level, in order to provide funding for the cost of resolution.
Protection for Depositors
The DGS protects eligible depositors in the event of a bank authorised by the CBI being unable to repay deposits. Objectives related to the protection of deposits eligible under the DGS are also built into both the liquidation and resolution frameworks.
DGS eligible deposits up to an amount of EUR100,000 are exempted from bearing losses in a bail-in process. Eligible deposits of natural persons and small and medium enterprises exceeding EUR100,000 receive a preferred status over certain other unsecured liabilities in a resolution process. Amendments have also been made to the Irish Companies Act 2014 to provide for preference to certain depositors in a liquidation of a BRRD institution so as to implement the Bank Creditor Hierarchy Directive ((EU) 2017/2399).
Senior Executive Accountability Regime
The culture within the Irish financial services industry has been a key issue for the CBI and RFSPs in the wake of a number of instances of banks and firms engaging in practices and activities that did not meet the standards expected of the sector, including in relation to the treatment of customers with tracker mortgages following the Global Financial Crisis. In 2018, the CBI published a report entitled "Behaviour and Culture of the Irish Retail Banks", which identified that consumer-focused cultures in banks remained underdeveloped. The report also recommended the introduction of an enhanced framework for individual accountability.
In July 2021, the General Scheme of the Central Bank (Individual Accountability Framework) Bill was published, which sets out detailed proposals for legislation to introduce an Individual Accountability Framework (IAF). The IAF proposes to overhaul the allocation of accountability in Irish financial services legislation and empower the CBI to hold those in management roles at RFSPs accountable for contraventions that occur under their supervision.
The General Scheme's proposals are consistent with previous CBI statements regarding the IAF, and comprise:
SEAR will initially apply to a limited range of RFSPs, including banks, and will impose obligations on both in-scope institutions and their senior executives.
Under SEAR, in-scope RFSPs will be required to assign specific responsibilities internally to relevant senior executives, and produce a management responsibility map documenting key management and governance arrangements. RFSPs will also be required to provide a statement of responsibilities to the CBI for senior executives, which clearly sets out their role and areas of responsibility.
The IAF also seeks to implement enforceable prescribed Standards for Business, which apply to all RFSPS; Common Conduct Standards, which apply to individuals performing CF and PCF roles; and Additional Conduct Standards, which apply to individuals performing CF and PCF roles and other persons who exercise significant influence on the conduct of an RFSP's affairs.
European Commission AML Legislative Package
On 20 July 2021, the European Commission presented a package of legislative proposals to strengthen the EU’s AML/CFT framework, elements of which will impact banks. A new EU AML Authority (AMLA) is to be established, which will directly supervise certain high-risk cross-border institutions and will act as the central authority co-ordinating national supervisory authorities.
The legislative package also included a new regulation that will contain directly applicable rules, including in the areas of customer due diligence and beneficial ownership, and a revised regulation on transfer of funds, which will make it possible to trace transfers of crypto-assets.
Departures from the Irish Banking Market
In 2021, both Ulster Bank Ireland DAC and KBC Bank Ireland plc announced strategic plans to wind down Irish operations and exit the Irish market over the coming years. This will further reduce the already small and concentrated retail banking sector in Ireland.
Amendments to Client Asset Requirements to Credit Institutions
In July 2021, the CBI published feedback to CP133, its Consultation Paper on enhancements to the CBI Client Asset Requirements. In its feedback, the CBI confirmed its intention to effectively extend the Client Asset Requirements – which it currently applies to investment firms – to banks that perform MiFID II investment business.
The COVID-19 pandemic continues to impact Irish banks. In 2020, the CBI issued Dear CEO Letters to banks on the CBI's expectations re payment breaks and on its expectations for lenders in supporting borrowers affected by the COVID-19 pandemic. The CBI maintains a COVID-19 FAQ for regulated firms on its website, where it periodically updates banks and other RFSPs on its expectations throughout the development of the pandemic, including regarding the handling of payment breaks, capital and the distribution of dividends to shareholders. This area and the specific measures continue to evolve.
Environmental, social and governance considerations are becoming an increasing area of regulatory focus. In November 2021, the CBI published a Dear CEO Letter addressed to RFSPs setting out the CBI's expectations in relation to climate and broader ESG issues. The CBI also announced the establishment of its Climate Risk and Sustainable Finance Forum, which seeks to bring together stakeholders to share knowledge and understanding of the implications of climate change for the Irish financial system. Significant ESG developments continue to impact the financial services regulatory framework at European level also.
EU Banking Package 2021
On 27 October 2021, the European Commission adopted its Banking Package 2021 (the Package), which consists of legislative proposals to amend the CRD and the CRR – including a separate legislative proposal to amend the CRR in the area of resolution.
The Package aims to implement the Basel III agreement, including by ensuring that internal models used by banks to calculate their capital requirements do not underestimate risks, and thus ensuring that banks hold sufficient capital. The Package also aims to strengthen resilience without resulting in significant increases in capital requirements, and to lower compliance costs, particularly for smaller banks, without loosening prudential standards.
The Package seeks to increase the focus on sustainability in banking supervision, including proposals for regular climate stress testing by both supervisors and banks, consideration of ESG risks as part of regular supervisory reviews, and requirements on banks to disclose the degree of ESG risk exposure.
Another objective of the Package is to strengthen supervision powers, including establishing a set of clear, robust and balanced “fit-and-proper” rules, for supervisors to assess whether senior bank staff have the requisite skills and knowledge. As a response to the WireCard scandal, the Package proposes to equip supervisors with better tools to oversee fintech groups, including bank subsidiaries.
The Package also seeks to harmonise EU rules on the establishment of EU branches of third-country banks, which is at present largely subject to national legislation with limited harmonisation across the EU.
The next step in the legislative process is for the Package to be considered by the European Parliament and Council.
In many ways, 2021 has been one of the most significant years of change in the Irish banking sector since the banking crisis in 2008. Both the retail and commercial sectors have seen significant structural shifts as banks exit the market and fintechs rapidly increase their customer bases and variety of offerings, and Brexit continues to see an augmentation in personnel and expertise moving to Dublin from London.
The retail banking sector has seen a significant shift in the last year, with a number of long-established banks leaving the Irish market. Meanwhile, the remaining banks continue to pivot their business models towards "online-first", to compete with rising competition from fintechs.
In February 2021, Natwest-owned Ulster Bank confirmed that it would exit the Irish market after more than 160 years. Only a short number of weeks later, in April 2021, KBC announced that it also planned to exit the market.
The decisions of Ulster Bank and KBC appear to be motivated by difficulties in achieving profitability at the same level as banks in other jurisdictions. On average, Irish banks are required to hold about three times the amount of capital as their European counterparts, according to a study by the Banking Payments Federation Ireland. These high capital requirements combined with a prolonged period of low interest rates appear to have made achieving a targeted return on investment more challenging for Irish banks.
AIB, Bank of Ireland and Permanent TSB remain as the domestically licensed retail banks in the Irish market. The loan books of Ulster Bank and KBC look set to be absorbed by the two largest remaining banks, AIB and Bank of Ireland, effecting a somewhat inevitable consolidation in the market.
Each of the remaining banks is still partially owned by the Irish State, a hangover from the 2008 banking crisis. However, in 2021, the Irish government made its first moves to gradually divest from Bank of Ireland, with the State reportedly reducing its stake from 13.9% to 11.87% between June and October 2021. The government appears to be taking a more cautious approach to divesting its respective 71% and 75% stakes in AIB and Permanent TSB.
2021 also saw an unprecedented number of bank branch closures in Ireland: Bank of Ireland closed 88 of its 257 branches in 2021, and AIB announced that it would close 15 of its branches, leaving it with a total of 170 branches across the country. Bank of Ireland stated that its decision was due to a "tipping point" being reached between online and offline business. AIB gave similar reasons for the closures and also noted that negative interest rates and competition from non-traditional lenders played a role in the decision. The closures are emblematic of the increased moves towards the provision of financial services by means of digital platforms, but they have proven somewhat politically unpopular, particularly in rural areas. Given that the two banks are operating in the same environment, the difference in scales of the closures is notable.
In contrast to the consolidation occurring in the traditional retail banking sector, there is considerable growth and competition coming from fintechs entering the market. Revolut now boasts more than 1.5 million Irish customers and N26, another digital-first bank, almost doubled its Irish customer base in just 18 months, adding roughly 100,000 new Irish customers between 2020 and mid-2021. UK-based Starling Bank raised GBP272 million in funding in 2021, and is reportedly seeking a banking licence from the Central Bank of Ireland (CBI). Such an authorisation would bring, inter alia, the ability to utilise the EU passport for the provision of financial services under CRD/CRR. Klarna, Flexifi, Avantcard and Finance Ireland are also amongst this growing suite of firms operating in areas that were previously dominated by the traditional banks.
In addition, new models for lending and raising capital are gaining traction. Peer-to-peer lending firm Linked Finance surpassed EUR150 million in loans provided to Irish small and medium-sized businesses in 2021 and became the first non-bank lender to offer loans through the government's COVID-19 Credit Guarantee Scheme. Crowdfunding platform Spark Crowdfunding saw the number of investors on the platform grow by more than 140% in the first six months of the year.
Regulation in this area is continuing to progress through the legislative process through to implementation and application. For example, crowdfunding, which was previously unregulated, will now be subject to the Regulation on European Crowdfunding Service Providers. Crowdfunding service providers provide an online platform that connects potential investors with businesses in search of funding. The introduction of this EU legislation brings the benefit of allowing crowdfunding service providers to "passport" their authorisation to provide their services into other EU countries on a cross-border basis. This should be a simpler process than trying to navigate the fragmented domestic legislation that previously applied to crowdfunding activities in the EU.
It has been 13 years since a person (or persons) using the name Satoshi Nakamoto invented Bitcoin and sowed the seeds of the cryptocurrency boom of the last decade. The original goal of cryptocurrency was to create a peer-to-peer payment system that disposed of the need for regulated "trusted third parties" to act as intermediaries for payments. The reality has transpired to be somewhat different.
Cryptocurrency exchanges have performed strongly, acting as intermediaries for cryptocurrency payments. Furthermore, on the theme of new and enhanced regulation, cryptocurrency service providers and issuers will be closely watching the development of the proposed new EU regulatory and supervisory regime for markets in crypto-assets ("MiCA"). The core objective of MiCA is to establish a new legal framework for crypto-assets that are not already covered by existing EU regulations. In particular, specific rules will be introduced for stablecoins. As part of the ordinary legislative procedure, the European Parliament's Economic and Monetary Affairs Committee published its draft report on MiCA in 2021, detailing some suggested amendments to the draft legislation, as proposed by the European Commission. The European Central Bank (ECB) also published an opinion on the proposal, which also proposed that certain adjustments should be made.
Banking clients have noted that the pandemic has accelerated the move by businesses away from cash, creating an increased focus on the ability to process payments as efficiently as possible.
On the wholesale banking side, Brexit caused significant changes to the structure of the domestic market. Although no new banking authorisations have been sought from the CBI as a direct result of Brexit, there has been an expansion in the amount of assets held and products offered by banks in Ireland. Barclays Bank has dramatically increased its presence and is now the largest bank in Ireland by balance sheet. Citibank and Wells Fargo have also notably increased their Irish footprint.
Expansions into Ireland were made by many banks under the considerable pressure and uncertainty of Brexit. Now that Brexit is more settled, banks are beginning to look past the immediate regulatory necessities to maintain their presence in the EU and towards a more long-term EU strategy. While there may be an impression that Brexit is now over in the banking sector, clients report that the impact is still very much being felt. Firms continue to reassess their Brexit models and operating structure in a very dynamic environment.
A noted trend is the expansion of product offerings in Dublin. Historically, the range of products offered out of Dublin was much narrower than in London. That dynamic appears to be changing as banks add more specialised product expertise in Dublin. The CBI appears to have anticipated this growth in the wholesale market, having established a dedicated Wholesale Market Conduct Team in 2018.
The shift of further staff and business from London to Dublin, and the rest of the EU, seems inevitable. The ECB has reportedly been pushing UK banks to significantly increase their staff numbers and the level of capital in their EU operations. While UK-based banks may have availed of a reasonable level of substance required in the EU as an initial consideration of authorisation of post-Brexit EU operations, it appears that this situation will be short-lived. Clients confirm that they have received representations to move more resources to the EU. In particular, senior management (known as pre-approval controlled functions or "PCFs") are usually expected to be located in the EU. The ECB has been highlighting shortcomings in "desk-mapping" reviews of EU offices and, with the end of temporary pandemic-related reprieves, it is likely that pressure will only increase until EU bank offices are capable of carrying on EU business with little assistance from London.
International clients have noted an increase in the sophistication of the CBI's market capability in recent years. This is undoubtedly linked to the increasing amount of diversity of the types of products offered in the Irish banking sector and a massive increase in headcount at the CBI over the past ten years. The CBI was previously seen as following the lead of UK regulators on new developments, but has more recently been seen as taking the lead on certain issues.
The EU's Investment Firms Directive (IFD) and Investment Firms Regulation (IFR) are primarily aimed at creating a new prudential framework for investment firms authorised in the European Union. However, the legislation may lead to an increase in the number of authorised credit institutions in Ireland.
The legislation divides investment firms into a number of different classifications and applies proportional regulation based on the firm's business activity, risk profile and structure. Investment firms that fall into the "Class 1" category will be subject to the same prudential requirements that are applied to banks. "Class 1" firms are defined as being systemically important firms that deal on own account and/or underwrite or place financial instruments on a firm commitment basis. They also must have average monthly total assets of above EUR30 billion or be part of a group in which the total value of the consolidated assets of all undertakings in the group exceeds EUR30 billion.
In the lead-up to the entry into application date of 26 June 2021, most investment firms across all IFR/IFD designations committed time and resources in order to best prepare for the changes proposed by the prudential regime dedicated to investment firms.
In order to achieve its objective of ensuring the safe functioning of investment firms and the proper management of customer and market risk, IFR/IFD have instigated a number of changes, enhancements and augmentations to the prudential regulation of investment firms.
Key changes effected by IFR/IFD include an amended consolidation regime and revised prudential requirements applied on a differentiated classification scale to investment firms based on the nature, scale and complexity of their business and their regulatory permissions.
There are also considerable remuneration and governance changes that firms will have to effect across 2022, according to the recently finalised EBA Guidelines on Remuneration Policy and Internal Governance.
By the time of entry into application, most investment firms had identified which of the prudential classifications was most pertinent to them. However, in a number of instances, particularly for investment firms of third-country groups, some ambiguity remained as to whether such firms would need to seek authorisation as credit institutions.
As the relevant delegated legislation that will determine the methodology for the calculation of the relevant thresholds set out in Article 8a(1) had not been adopted at the time of the entry into application of IFR/IFD, the EBA issued an Opinion providing direction to firms on navigating their way through the application of Article 8a of Directive 2013/36/EU, and guiding that competent authorities should not prioritise any supervisory or enforcement action in relation to the requirements in said Article until six months after the final methodology is in place.
Depending on the outcome of the consultations and deliberations with respect to the regulatory technical standards on the threshold calculation methodology, a number of MiFID firms that may have originally determined that re-authorisation as a credit institution did not apply on the application of the prudential classifications may now find that such an application for authorisation is needed on the basis of their membership of a global group whose assets will surpass the threshold delineated for Class 1 firms. In practical terms, this could see a number of significant investment firms seeking authorisation as credit institutions across 2022.
The CBI has long planned the introduction of a Senior Executive Accountability Regime (SEAR), which it is expected will share similarities with the UK’s Senior Managers and Certification Regime. Following a number of delays, the General Scheme of the Central Bank (Individual Accountability Framework) Bill (IAF), which introduces SEAR, was published in July 2021.
The Bill is currently going through pre-legislative scrutiny and, at the Oireachtas Parliamentary Committee hearing on 10 November, the Minister for Finance Paschal Donohue expressed the hope that the IAF would be operational in the early part of 2023. While this indicative commencement date takes cognisance of the legislative timeline, many financial services firms are currently considering the potential impacts of the provisions in the IAF.
The General Scheme proposes amendments in relation to conduct standards, changes to the Fitness and Probity (F&P) regime, detailed governance requirements and changes to enforcement. Under the General Scheme, the CBI will be able to directly enforce against senior individuals for prescribed contraventions without needing to first prove a prescribed contravention against the firm itself.
Broadly speaking, the General Scheme reflects what was broadly expected by the sector on the basis of the Banking Culture Report and various other CBI publications and speeches on IAF and accountability more generally.
The proposed IAF will be founded on four main pillars:
Combined, the SEAR, the F&P regime and the conduct standards are intended to support the Central Bank’s objective of individual accountability – which it has stated as being necessary "to embed a culture of ethical compliance in regulated firms".
The conduct standards will apply to all regulated financial services providers. In summary, this aspect of the IAF will delineate:
As noted above, enhancements are also proposed to the existing F&P regime, including the introduction of a certification regime and the enhancement of the CBI’s regulation-making powers, such that it will be empowered under the IAF to specify what policies and procedures firms need, what sort of due diligence they must carry out and what reporting to the CBI is required.
The scope of the F&P regime will also be extended, with the result that financial holding companies and insurance holding companies established in Ireland will be captured for the first time. In addition to this extension, another commonly raised question was whether or not the SEAR pillar will be applicable to all regulated financial service providers.
The General Scheme has been consistent with expectations from previous publications in providing that the SEAR will apply to those in management roles within the following entities:
The General Scheme of the IAF also outlines that the new "Senior Executives Functions" (SEFs) will align with the existing pre-approval controlled functions (PCFs). This was expected. However, it also seems that the definition of a SEF will include non-executive directors (NEDs) where they are performing PCF roles.
That NEDs would be captured within the scope of the SEF definition was not clear from the Culture Report, and this is something that is likely to be clarified further during the future consultation process.
Furthermore, while there is no express carve-out in the General Scheme for the role of Head of Legal, as they are not PCF they will not automatically constitute a SEF. Again, further clarification on this position is expected in due course.
The extension of the CBI’s regulation-making powers is not the only facet of the CBI’s powers that the IAF is seeking to address: enforcement powers are also being enhanced and augmented.
The key proposal is the removal of what has become known as the "participation link" in the CBI’s administrative sanctions regime. The current situation is that the Central Bank has to prove a prescribed contravention against a firm before it can impose an administrative sanction on an individual who participated in the management of such firm. The CBI sees this as a significant gap in its toolbox; accordingly, the published General Scheme has removed the proof requirement related to the participation link.
The second key enforcement change proposes the direct enforceability by the CBI of the aforementioned conduct standards against individuals. Furthermore, evidence obtained in the course of investigating a failure to meet a particular conduct standard may be used as potential evidence of an F&P failing.