Ireland has a common-law legal system. The law in relation to insurance contracts is primarily governed by common-law principles – the origins of which can be found in case law.
Following the enactment of the Consumer Insurance Contracts Act 2019 (CICA), the Marine Insurance Act 1906 (MIA) only applies to non-consumer contracts. There are some forms of insurance that are compulsory under statute in Ireland (eg, third-party motor insurance and professional indemnity cover for certain professionals).
There is no Irish equivalent of the UK Insurance Act 2015. CICA was signed into law in 2019 and reformed consumer insurance law. It commenced in two stages (on 1 September 2020 and 1 September 2021), following industry pressure to allow sufficient time for the insurance industry to account for the far-reaching changes imposed. For consumer insurance contracts, CICA has replaced the duty of utmost good faith and the consumer’s duty of disclosure with a duty to provide responses to questions asked by the insurer honestly and with reasonable care.
Consumers
There are some restrictions on insurers’ freedom of contract (largely for the protection of consumers), as they are subject to the enactment of Irish legislation to comply with EU law. Consumer protection law has undergone a number of changes as a result of the Unfair Terms in Consumer Contracts Directive 1993/13/EC and the Distance Marketing of Financial Services Directive 2002/65/EC.
When dealing with a “consumer”, the insurer must also comply with the Central Bank of Ireland (CBI)’s Consumer Protection Code 2012 (CPC), the Consumer Protection Act 2007, and the Consumer Rights Act 2022 (CRA). Under the CPC, “consumer” is broadly defined and includes individuals and small businesses with a turnover of less than EUR3 million. The same definition is applied for CICA purposes. “Consumer” under the CRA is defined as “an individual acting for purposes that are wholly or mainly outside that individual’s trade, business, craft or profession”.
Insurance contracts, and the marketing and selling of insurance products to consumers, must also be compliant with the terms of the Sale of Goods and Supply of Services Act 1980 (as amended by the CRA).
Ireland has a strong and efficient risk-based prudential regulatory framework, focusing on the application of the proportionality principle.
Central Bank of Ireland
The CBI has primary responsibility for the prudential supervision and regulation of (re)insurance undertakings in Ireland. It carries out this role through monitoring and ongoing supervision and issues standards, policies and guidance, with which (re)insurance undertakings must comply.
The CBI oversees the corporate governance functions, risk management and internal control systems of (re)insurance undertakings without placing burdensome administrative requirements on their operators. Such undertakings are required to submit annual and quarterly returns on solvency margins and technical reserves for supervisory purposes. The CBI also conducts regular themed inspections across the (re)insurance sector.
The CBI operates a rigorous authorisation process and conducts fitness and probity (F&P) assessments of individuals who are to hold certain designated management functions and positions within authorised firms. It also has responsibility for consumer protection issues.
Risks and risk ratings
An administrative sanctions regime provides the CBI with a credible enforcement tool and acts as an effective deterrent against breaches of financial services law. The CBI’s supervisory framework, Probability Risk and Impact SysteM (PRISM), is a risk-based framework that categorises regulated firms by the potential impact of their failure on the economy and the consumer. Under PRISM, (re)insurance undertakings are allocated a risk rating on a scale of high (including ultra-high), medium-high, medium-low or low. PRISM recognises that the CBI does not have infinite resources and, as such, selectively deploys supervisors according to a firm’s risk rating.
High-impact firms are recognised as the most important for ensuring financial and economic stability and are therefore subject to a higher level of supervision.
Consumer protection risk assessments
The CBI’s Consumer Protection Risk Assessment (CPRA) model aims to enhance the manner in which regulated entities manage “the risks they pose to consumers and ensure they have appropriate risk management frameworks to deliver for their customers”. (Re)insurance companies must implement a consumer protection risk management framework that is tailored to the nature, scale and complexity of their business. The CBI assesses the effectiveness of these internal management frameworks through targeted CPRAs, in addition to PRISM and regular thematic inspections.
II Code and the 2015 Regulations
The Insurance Institute’s Code of Ethics and Conduct (the “II Code”) is also relevant to the regulation of (re)insurance undertakings. The II Code is a voluntary code of conduct aimed at protecting policyholders resident in Ireland. It has been adopted by members of Insurance Ireland, which is the representative body for (re)insurance undertakings in Ireland.
EU Directive 2009/138/EC (“Solvency II”) introduced a common regulatory framework for EEA (re)insurance undertakings and was transposed into Irish law by the European Union (Insurance and Reinsurance) Regulations 2015 (the “2015 Regulations”). The 2015 Regulations impose harmonised capital and solvency requirements, valuation techniques, and governance and reporting standards. They also impose certain restrictions on shareholders of (re)insurance undertakings, as the CBI will not grant an authorisation to an undertaking if it isn’t satisfied as to the suitability and F&P of “qualifying” shareholders.
For the purposes of the 2015 Regulations, a qualifying shareholding means a direct or indirect holding in an undertaking that:
Insurance Distribution Regulations
The European Union (Insurance Distribution) Regulations 2018 (IDR) transposed the Insurance Distribution Directive (EU) 2016/97 (IDD) into Irish law. The IDD harmonises the distribution of (re)insurance products within the EU, with the aim of facilitating market integration and enhancing consumer protection. The IDR were designed to:
See 2.1 Insurance and Reinsurance Regulatory Bodies and Legislative Guidance.
Insurance undertakings and intermediaries authorised by the CBI or in another EU/EEA member state carrying on business in Ireland must comply with certain Irish general good requirements, such as the CPC. The CPC contains general and specific provisions concerning insurance, including requirements relating to premium handling and contact with consumers (eg, information that must be provided to consumers before entering into a contract for a product or service, as well as records, errors, rebates and claims processing).
Persons carrying out a “controlled function” on behalf of financial service providers are expected to satisfy the minimum professional knowledge and competency requirements set out in the Minimum Competency Code and Regulations 2017 (MCC).
A range of taxes, levies and duties are applied to insurance policies, as follows.
Licensing of (Re)insurance Companies
Undertakings wishing to carry on (re)insurance business in Ireland must obtain authorisation from the CBI or another EU regulator through the “single passport” regime. The CBI has published a checklist for completing and submitting applications for authorisation under the 2015 Regulations (“the Checklist”), along with a guidance paper to assist applicants. The application comprises the completed Checklist and a detailed business plan plus supporting documents (the “Business Plan”) that is submitted after a preliminary meeting with the CBI.
The principal areas considered by the CBI in evaluating applications include:
A high-level overview of the application for authorisation process is as follows:
The application process is iterative, involving consultation with the CBI after an application is formally submitted. During the review process, the CBI will typically request additional information and documentation, and may have comments on certain features of the proposal. The CBI may seek additional meetings with the applicant in order to discuss aspects of the proposal in further detail.
The CBI will issue a formal authorisation once satisfied that the capital requirements and pre-licensing requirements have been met. Throughout this process there will be multiple meetings and the CBI may request additional information. The process can take between four to six months. The CBI does not currently charge a fee for licence applications.
Position of UK-Based Insurers After 31 December 2020
The Brexit Deal agreed in December 2020 between the UK and the EU was largely silent on financial services. Consequently, at the end of the transition period on 31 December 2020, the UK became a third country and UK-authorised insurers can no longer rely on the EU passporting regime to access the Irish and EU market.
In anticipation of this, the Irish government introduced a Temporary Run-Off Regime (TRR) through Part 10 of the Withdrawal of the United Kingdom from the European Union (Consequential Provisions) Act 2020 (the “Brexit Omnibus 2020 Act”). This has become crucially important for those UK/Gibraltar insurers and insurance intermediaries that have Irish customers and decided against establishing an EU-authorised entity to access Ireland post-Brexit.
Part 10 of the Brexit Omnibus 2020 Act addresses the issue of insurance contract continuity and inserts provisions into the 2015 Regulations and the IDR, permitting a UK firm to administer its run-off business in Ireland for 15 years from 31 December 2020 “in order to terminate its activity” in Ireland. Crucially, no new business is permitted but compliance with the general good requirements remains a requirement.
The Insurance (Miscellaneous Provisions) Act 2022 amends the 2015 Regulations to provide for technical changes in order to ensure that UK and Gibraltar-based insurance firms providing reinsurance to Irish based insurers through the third-country exemption, along with firms in liquidation, can rely on the TRR to run-off their existing Irish insurance contracts.
Third-Country Reinsurers
Third-country reinsurers are excluded from the application of the 2015 Regulations where the reinsurer:
The effect is that a third-country reinsurer is not required to be authorised in accordance with the 2015 Regulations in order to carry on reinsurance business in Ireland.
Freedom of Establishment or Freedom of Services Basis
(Re)insurance undertakings authorised in an EU/EEA member state may carry on business in Ireland on a Freedom of Establishment basis through a local branch or operate in Ireland on a Freedom of Services basis, provided that their home state regulators notify the CBI. Passporting undertakings must comply with the Irish general good requirements.
Special-Purpose Reinsurance Vehicle
A reinsurance provider can establish a special-purpose reinsurance vehicle, thus providing a quicker, simpler route to authorisation and reducing supervision compared with fully regulated reinsurers.
Establishing a Third-Country Insurance Branch in Ireland
The 2015 Regulations facilitate a non-EEA insurer establishing a branch in Ireland (a “third-country branch”), subject to the fulfilment of specific regulatory requirements. The 2015 Regulations impose standalone capital requirements on third-country branches and require the third-country branches to:
The local substance requirements for a third-country branch will depend on the nature, scale and complexity of its operations. The CBI will expect an appropriate number of senior management in Ireland so as to demonstrate a sufficient level of local oversight and control. As a minimum, a branch manager and a branch management committee in Ireland ‒ with day-to-day responsibility for corporate governance of the branch ‒ will be required. To date, no third-county branches have been authorised in Ireland.
Significantly, a Third-Country Branch does not have the right to passport into other EU/EEA jurisdictions and is only permitted to write business in the jurisdiction in which it is established. Therefore, a third-country branch is not suitable for third-country insurers seeking to write business across the EU/EEA. Post-Brexit, establishing a third-country branch may not represent a comprehensive solution for UK insurers seeking to maintain access to the single market; therefore, establishing an EEA-authorised subsidiary has been the preferred option.
The CBI does not currently permit 100% reinsurance arrangements.
The M&A environment fell sharply in H1 2023, with 177 deals (down 2% from H1 2022). Significantly, the transaction value was EUR5.2 billion (down 58% from H1 2022). Rising interest rates, high inflation and recession fears have affected confidence in the market, increasing the cost of acquisitions.
While there has been a cooling in the market since 2022, M&A has returned to pre-pandemic levels of activity – with the 2022 figures representing an increase from pre-pandemic activity levels. Certain sectors in Ireland continue to demonstrate marked resilience – for example, the pharmaceuticals, medical and biotech sector increased from 2% of Irish M&A activity by value in H1 2022 to 28% in H1 2023. The industrials and chemical sectors increased from 1% in H1 2022 to 18% in H1 2023. As of Q4 2023, there were 393 deals in the financial services sector in Ireland, which will likely surpass the 2022 figure of 400 financial services deals – thereby demonstrating the resilience of the Irish financial services market.
A positive level of activity overall in the market is anticipated. Irish M&A is highly resilient and, while activity levels are anticipated to remain healthy for the rest of the year, it is not anticipated that levels will return to those seen in the aftermath of the pandemic.
Insurance Distribution Regulations
The IDR govern the distribution or sale of insurance products and apply to persons engaged in insurance distribution business in the Irish market, such as agents, brokers and bancassurance operators. However, insurers can also distribute insurance products directly to customers.
Definition of insurance distribution
Under the IDR, insurance distribution is defined as “any activity involved in advising on, proposing, or carrying out other work preparatory to the conclusion of contracts of insurance, of concluding such contracts, or of assisting in the administration and performance of such contracts ‒ in particular, in the event of a claim, the provision of information concerning one or more insurance contracts in accordance with criteria selected by customers through a website or other media and the compilation of an insurance product ranking list, including price and product comparison, or a discount on the price of an insurance contract, when the customer is able to directly or indirectly conclude an insurance contract using a website or other media”.
The following activities are specifically excluded:
The IDR clarifies that “introducing” is not considered a regulated activity under Irish law.
Impact of the IDR
The IDR introduces enhanced information and conduct of business requirements for insurance distributors. “Ancillary insurance intermediaries” are exempt from the IDR where certain conditions are satisfied.
The IDR prescribes certain requirements relating to product oversight and governance (POG), which aim to:
Insurance undertakings (and relevant intermediaries) are required to implement POG procedures prior to distributing or marketing an insurance product to customers.
The IDR requires distributors to have Product Distribution Arrangements (PDAs) in place containing appropriate procedures to obtain all pertinent information on the products they intend to offer to their customers from the manufacturer. The PDA should be a written document made available to their staff, aiming to:
Investment Intermediaries Act 1995
Previously, two pieces of legislation governed intermediaries operating in Ireland. The European Union (Insurance Mediation) Regulations 2005, which have been fully repealed, and the Investment Intermediaries Act 1995 (IIA). The IDR brought welcome clarification regarding the application of IIA to insurance intermediaries by revoking all references to insurance.
Authorisation
(Re)insurance brokers/intermediaries require CBI authorisation to:
(Re)insurance brokers/intermediaries are subject to ongoing CBI supervision of their compliance with the registration requirements, including completing an annual return and holding an adequate professional indemnity insurance policy. The CBI maintains a register of authorised (re)insurance intermediaries in Ireland. (Re)insurance undertakings involved in the distribution of insurance products must also comply with the national general good provisions that regulate how undertakings may sell and market insurance products to consumers in Ireland.
Position of UK-Based Insurance Intermediaries After 31 December 2020
See 3.1 Overseas-Based Insurers or Reinsurers.
Parties to a non-consumer insurance contract are subject to the duty of utmost good faith (Section 17 of the MIA). The proposer or insured has a duty to disclose all material facts. A material fact is one that would influence the judgment of a prudent underwriter in deciding whether to underwrite the contracts and, if so, on what terms. The duty goes beyond answering questions on a proposal form correctly; every material representation made by the insured or proposer, or their agent, to the insurer must be true.
CICA replaces the duty of good faith for consumer insurance contracts and the MIA no longer applies to these contracts. Since 1 September 2021, the consumer proposer’s duty is limited to a duty to provide responses to specific questions asked by the insurer honestly and with reasonable care.
The majority of provisions of CICA took effect from 1 September 2020. The remaining sections commenced on 1 September 2021 – with the exception of Section 18(4), which was clarified and amended by the Insurance (Miscellaneous Provisions) Act 2022 but has not yet been commenced.
Prior to CICA, the remedy for breach of the duty of utmost good faith was avoidance of the policy. CICA introduced new proportionate remedies (proportionate to the effects of the misrepresentation, depending on whether it was innocent, negligent or fraudulent) for a breach of the new duty of disclosure. Section 8(6) requires an insurer to establish inducement to avail of the remedies under the act for a breach of the duty of disclosure.
Typically, an insurance intermediary is deemed to be acting on behalf of the customer at all times during the negotiation of an insurance contract ‒ except when collecting premiums on behalf of the insurer. However, certain intermediaries act for and on behalf of an insurer as a tied insurance intermediary.
Under the IDR, insurance distributors are required to act honestly, fairly and professionally in accordance with the best interest of their customers, irrespective of whether the intermediary is negotiating an insurance contract as an individual broker or acting as a tied insurance intermediary. The information and transparency requirements set out in the IDR require an intermediary to promptly disclose whether it is representing the customer, or acting for and on behalf of the insurer, before the contract concludes. Any remuneration received by an intermediary in relation to a contract must be disclosed to the customer. Ongoing requirements include:
There are no specific rules for the formation of an insurance contract under Irish law, beyond the general principles of contract law, common law and the duty of good faith. There is no statutory definition of an insurance contract and legislation does not specify its essential legal elements. International Commercial Bank plc v Insurance Corporation of Ireland set out the main characteristics of an insurance contract, which are:
CICA defines an insurance contract as “a contract of life insurance or non-life insurance made between an insurer and a consumer” and reforms the law relating to insurable interests.
No information is available for this jurisdiction.
Consumer contracts are now governed by CICA. The legal requirements of insurance and reinsurance are the same.
ART transactions are recognised as reinsurance transactions under the 2015 Regulations and are characterised by the CBI in a manner consistent with the Solvency II regime.
There has been a slowdown in recent years in the number of ART deals in Ireland. The CBI has concerns relating to the viability of ART transactions and the potential risks for insurance carriers, particularly in relation to basis risks. Further, it is not clear if ART transactions entered into by life insurers comply with the requirements to be “fully funded”. Significant growth is not expected in the coming years.
No information is available for this jurisdiction.
Insurance contracts are subject to the same general principles of interpretation as other contracts. The Supreme Court has confirmed in two judgments (Analog Devices v Zurich Insurance and Emo Oil v Sun Alliance and London Insurance Company) that the principles of construction set out by Lord Hoffman in ICS v West Bromwich Building Society should be applied to the interpretation of insurance contracts.
The Irish courts consider the ascertainment of the meaning that the document would convey to a reasonable person, having all the background knowledge that would reasonably have been available to the parties in the situation in which they were at the time of the contract (“matrix of fact”). Certain things are excluded from the admissible background, including previous negotiations and declarations of subjective intent. The meaning of the document is not the same as the particular meaning of the words; it is what the parties using those words against the relevant background would reasonably have understood them to mean.
The courts apply the words’ ordinary and natural meaning. It is assumed that people ordinarily do not make linguistic mistakes in formal documents. However, if it is clear from the matrix of fact and background that something is wrong with the language, judges can attribute to the parties the intention they clearly had.
The court takes an objective approach to determining the intention of reasonable persons in the position of the parties. Where a contractual term is genuinely ambiguous, the contra proferentem rule will apply and the interpretation less favourable to the drafter is adopted. The rule also applies to consumer contracts.
In non-consumer contracts, no specific wording is required to create a warranty. The word “warranty” is not required but may be considered as evidence of the intention to create a warranty. Further, a warranty may be express or implied (Section 33 of the MIA).
A warranty is treated differently to a contractual term in that it must be exactly complied with, whether it is material to the risk or not. The insurer is discharged from liability from the date of breach of the warranty – although without any prejudice to any liability incurred before that date.
The Irish courts construe warranties strictly, as a breach entitles the insurer to repudiate liability even if the breach is not material to the loss. CICA replaces warranties in consumer contracts with suspensive conditions and abolishes basis of contract clauses.
The effect of a breach of a condition depends on whether the condition is a condition precedent to liability. Conditions precedent to liability relate to matters arising after a loss has occurred – most commonly in relation to notification. The Irish courts will generally not construe an insurance condition as a condition precedent unless it is expressed as such or the policy contains a general condition precedent provision. Breach of a condition precedent means that an insurer can repudiate liability for the claim without any requirement to demonstrate prejudice. There is no requirement for a link between the breach and the damage.
The consequences for breach of a bare condition are in damages.
In consumer contracts, conditions precedent could now be considered “continuing restrictive conditions” following commencement of CICA.
Insurance contracts typically contain a dispute resolution clause. An insurance contract may contain an arbitration clause or may stipulate another form of ADR. In a consumer contract, a consumer may make a complaint to the Financial Services and Pensions Ombudsman (FSPO).
Choice of forum, venue and applicable law clauses in (re)insurance contracts is generally recognised and enforced. Where an insured is domiciled in an EU member state, regard should be had to the following regulations that may limit these provisions:
In Ireland, the district court deals with claims up to a monetary value of EUR15,000, the circuit court deals with claims up to EUR75,000 (EUR60,000 for personal injury cases), and the High Court has unlimited monetary jurisdiction. Insurance disputes are heard by a single judge with no jury.
The Commercial Court is a specialist division of the High Court dealing exclusively with commercial disputes. Where the monetary value of a (counter)claim exceeds EUR1 million and the dispute is commercial in nature, either party may apply to have the dispute heard in the Commercial Court. There is no automatic right of entry; it is at the judge’s discretion and can be refused if there has been any delay.
Commercial Court proceedings progress much quicker. Generally, the time from entry into the Commercial Court to the allocation of a trial date ranges from a matter of weeks to between four and six months, depending on complexity and the number of parties.
Appeals from the High Court are dealt with by the court of appeal, except when the Supreme Court believes a case is of such public importance that it should go directly to the State’s highest court.
Evidence
Evidence is given orally, except in very limited circumstances. Where a party intends to rely upon the (factual or expert) oral evidence of a witness, a witness statement or expert report must be filed – unless a judge orders otherwise.
Costs
Typically, costs follow the event, whereby the loser pays. However, where litigation is “complex”, the Commercial Court often analyses whether the winning party has succeeded on all grounds.
Limitation
The general position under the Statute of Limitations Act 1957 is that claims for breach of contract must be brought within six years of the date of breach.
Where a complaint is made to the FSPO, there is an extended limitation period applicable to complaints relating to “long-term financial services” (ie, those for which the maturity or term extends beyond five years and one month, or life assurance policies not subject to annual renewal) – otherwise a six-year rule applies.
For non-EU, non-Lugano Convention and non-Hague Convention judgments, an originating High Court summons is required to recognise and enforce a foreign judgment and the High Court must grant leave to issue and serve the proceedings. To succeed, a foreign judgment must be for a definite sum, be final and conclusive, and be handed down from a court of competent jurisdiction. The High Court may refuse to recognise and enforce a judgment on a number of grounds (eg, fraud, lack of jurisdiction) that are contrary to Irish law or the principles of natural justice.
See 9.7 Alternative Dispute Resolution.
See 9.7 Alternative Dispute Resolution.
Insurance disputes may also be dealt with by ADR mechanisms such as mediation and arbitration.
Arbitration
Where an insurance contract contains an arbitration clause, a dispute must be referred for arbitration. However, consumers are not bound by an arbitration clause where the claim is less than EUR5,000 and the relevant policy has not been individually negotiated.
The Arbitration Act 2010 (the “2010 Act”) incorporates the UNCITRAL Model Law on International Commercial Arbitration. Under the 2010 Act, the decision of an arbitrator is binding on the parties and there is no means of appeal. Where parties have entered into valid arbitration agreements, the courts are obliged to stay proceedings.
Although arbitration may result in additional costs, there is the benefit of confidentiality.
Ireland is party to the Convention on the Recognition and Enforcement of Foreign Arbitral Awards 1958 (the “New York Convention”), allowing Irish arbitral awards to be enforced in any of the 157 countries party to the New York Convention.
The courts can set aside an arbitral award under Article 34 of the 2010 Act, albeit on very limited grounds. The party seeking to have the arbitral award set aside must prove that either:
The recent High Court decision in Charwin Limited t/a Charlie’s Bar v Zavarovalnica Sava Insurance Company DD demonstrates that the bar is high when seeking to resist a referral to arbitration on grounds of public policy.
Mediation
The Mediation Act 2017 (the “Mediation Act”) came into force on 1 January 2018. Under the Mediation Act, solicitors in Ireland must advise their clients of the merits of mediation as an ADR mechanism before proceedings are issued.
The Mediation Act provides for any court to adjourn legal proceedings to allow the parties to engage in mediation. The court can make such an order on its own initiative or on application by either party to the proceedings. There may be cost implications where either party fails to engage in ADR following such a direction from the court.
Financial Services and Pensions Ombudsman
The FSPO is the amalgamation of the Financial Services Ombudsman and the Pensions Ombudsman, pursuant to the FSPO Act 2017. It is an independent body, established to resolve disputes between consumers and insurance providers either through informal means or by formal investigation. The FSPO’s decision is legally binding, with a right of appeal to the High Court.
There is no cause of action in damages for the late payment of claims in Ireland. However, under Section 26 of CICA, where an insurer is in breach of any duty under the Act, the court has the discretion to order that a sum payable in a claim under a contract of insurance be increased in proportion to the breach involved.
Insurers have subrogation rights at common law and subrogation provisions in insurance policies are common. Generally, an indemnity must have been provided before the insurer is entitled to subrogate. CICA has introduced certain restrictions on subrogation rights in the context of family and personal relationships and in employment scenarios.
Irish government bodies, such as Enterprise Ireland and the Industrial Development Authority Ireland, work in tandem to attract and support foreign direct investment in Ireland and promote Ireland as a destination for insurtech companies.
In July 2021, 12 stakeholders in the Irish insurance sector joined together to create InsTech.ie, with the aim of promoting Ireland as an EU insurtech hub. Under the Department of Finance’s Finance Action Plan IFS 2025, InsTech.ie is tasked with building an Insurtech hub in Ireland. A study commissioned by InsTech.ie and conducted by Deloitte, Driving Insurtech Growth in Ireland, was published in April 2021. It found that Ireland is “one of the most developed insurance markets” in Europe and is “well positioned to take advantage of the innovation and technological enhancements being developed within the sector as part of the growth of global insurtech”. An updated report, published in September 2023, found 86% of insurers believe that “partnering with insurtech organisations can support their technological development and help plug gaps in key technology-related capability areas”.
One significant Irish insurtech firm is Blink, which was founded in 2016 to build data-driven travel disruption insurance solutions. In 2020, the firm launched Blink Parametric, offering a full suite of parametric insurance solutions. Blink made it onto The InsurTech100 in 2019, 2020 and 2022. In July 2023, Blink announced its intention to create 30 new jobs in Cork, which will effectively double its workforce by the end of 2025.
In 2021, 2022 and 2023, Companjon – an innovative insurtech start-up headquartered in Dublin – was named in the InsurTech100. Companjon is Europe’s leading specialist in unique add-on insurance that is 100% digital. Companjon has been recognised by Forbes as “a tech-driven disruptor that is changing the way people think about insurance”.
The CBI is responsive to the challenges posed by the regulatory treatment of financial innovations. It is a robust regulator, acknowledging the need to strike the appropriate balance between encouraging innovation-related entry to the market and ensuring new entrants are sufficiently ready to fulfil all their regulatory obligations in relation to financial stability and consumer protection. The CBI is cognisant of the requirement to keep abreast of the changing technological environment and has committed significant resources to improving its data architectures and establishing quantitative analytical teams in its banking, insurance and markets directorates.
The CBI has taken a range of measures in relation to fintech, including:
In November 2023, the CBI launched a consultation paper on innovation engagement (CP156), which considers possible enhancements to how the Innovation Hub operates and a new proposal to establish an Innovation Sandbox Programme. The sandbox will provide firms and new entrants with access to regulatory advice and support in order to develop innovations that promote better outcomes for society and the financial system. The governor of the CBI indicated that the sandbox will be open to applications from all sectors of the financial system via a transparent application process. The CBI will share outcomes of all sandbox activity with stakeholders annually.
“Emerging risks” are new, evolving risks that are difficult for insurers to assess and which carry a high degree of uncertainty with regard to their impact, probability, and the amount of losses expected. The CBI expects Irish insurance undertakings to give appropriate consideration to assessing emerging risks and to adopt a longer-term perspective than is typical in business planning and strategy-setting processes. The CBI expects to see evidence of robust analysis and timely, effective action relating to emerging risks.
Cyber-risk and digitalisation risks are the most formidable emerging risks in Ireland. In March 2023, the CBI’s Final Guidance on (Re)Insurance Undertakings on Climate Change Risk stated that climate change risk has now moved from an emerging risk to a key risk, given the impact that climate change is already having on the insurance sector. The CBI expects (re)insurers to manage climate risks in the same manner that they manage other key risks within their risk management framework.
Cyber-Risk
Digital innovation and growing sophistication in digital technology have led to increased cybersecurity threats and data breach risks. In July 2023, the European Insurance and Occupational Pensions Authority (EIOPA) noted that cyber-risk is one of the most important risks for the European insurance sector and has been identified by the International Monetary Fund (IMF) as a key threat to financial stability.
The CBI published cross-industry guidance in respect of IT and cybersecurity risks in 2016, highlighting a variety of emerging threats. This guidance noted that IT and cybersecurity and associated risks are a key concern for the CBI. In October 2020, EIOPA published its Guidelines on ICT Security and Governance. The CBI confirmed that these guidelines supersede the CBI’s 2016 guidance but do not contradict anything in that guidance.
In December 2021, the CBI published its final Cross-Industry Guidance on Operational Resilience in order to assist financial firms to prepare, respond, recover and learn from an operational disruption affecting delivery of critical or important business services. Anticipating the Digital Operational Resilience Act (DORA), the CBI noted that these guidelines were compatible with and complementary to DORA and that there were no contradictions between the two.
DORA introduces a comprehensive framework on digital operational resilience for EU financial firms, including (re)insurance undertakings, intermediaries and ancillary intermediaries, as well as critical third parties providing ICT-related services to these firms. DORA came into force on 16 January 2023 and will apply 24 months after this date.
The CBI also has a dedicated IT risk inspection team, operational since April 2015.
In late 2023, the CBI launched a thematic review of insurance companies’ cybersecurity safeguards. It aimed to assemble a range of cybersecurity controls, based on responses to a recent cybersecurity questionnaire. The CBI will continue with this thematic review in early 2024 and actions arising out of the review will likely be communicated more broadly.
Longevity Risk
Longevity risk is the potential risk of an individual living longer than expected. The financial implications of exponentially increasing lifespans are colossal. An average life expectancy increase of three years would cause the cost of supporting the ageing population to increase by 50%. As the mortality risk continues to decrease, it is clear that understanding the associated risk is of crucial importance to insurers.
Considering how quickly life expectancy is increasing, projecting future liabilities based solely on data extrapolated from the past is imprecise. Consequently, certain companies have created insurance subsidiaries to run their pensions schemes, who then reinsure its longevity risk with a reinsurer. From a reinsurance perspective, buying this longevity risk may be an attractive financial transaction – given that it lowers mortality risk and thereby helps balance life insurance risks. However, the IMF stated that longevity risk should be shared between insurers and governments, as insurers and reinsurers alone may be constrained by capital.
Warranty and Indemnity Insurance
Warranty and indemnity insurance is being used more frequently in commercial transactions, as are other bespoke transactional products such as litigation buyout policies.
Addressing the Emerging Risks
Cyber-insurance is a relatively new product on the Irish market but has grown in popularity, with a number of insurers offering new cyber-products in Ireland. However, Domhnall Cullinan, the director of insurance supervision at the CBI, recently voiced concern about the Irish market’s positioning to take advantage of this growth area, stating: “The Irish insurance industry doesn’t find itself as a large provider of capacity in the international market… without appropriate pricing and adequate reserving and the right expertise to underwrite the risk.”
EIOPA noted that almost 70% of SMEs are not covered for cyber-attack risks. In September 2023, EIOPA launched a survey on access to cyber-insurance by SMEs in order to better understand the difficulties small businesses face in protecting themselves from cyber-risks and to assess the level of access to cyber-insurance. The results will help to identify the potential barriers, which may lead to complete exclusion, and address them more appropriately.
Health Insurance (Amendment) Act 2023
On 14 December 2023, the Health Insurance (Amendment) Act 2023 was signed into law by the President. The Act will:
Courts and Civil Law (Miscellaneous Provisions) Act 2023
Within the Courts and Civil Law (Miscellaneous Provisions) Act 2023, of key note for insurers are the amendments to the Occupiers’ Liability Act 1995 reforming the duty of care. These amendments are a key action in the Government’s Action Plan on Insurance Reform and include:
The Health Insurance (Amendment) Act 2023 was signed into law on 5 July 2023.
Road Traffic and Roads Act 2023
On 4 August 2023, the Road Traffic and Roads Act 2023 (Commencement) (No 2) Order 2023 (SI No 392 of 2023) (the “Road Traffic and Roads Act 2023”) was published in Iris Oifigiúil, bringing the majority of the Act into effect. The Road Traffic and Roads Act 2023 addresses the use of e-scooters and e-bikes by introducing a new vehicle class – namely, “Personal Powered Transporters”.
Regulations on what criteria an e-scooter must meet to be used legally on public roads may now be commenced. E-bikes that go faster than 25 kilometres per hour and have more than 250 watts of power output will be classed as e-mopeds and require a licence, registration, tax and insurance in order to be used on public roads. Such rules are expected to come into force in early 2024.
Heightened Regulatory Scrutiny
Review of the CPC
In October 2022, the CBI launched its review of the CPC. The review has three phases. Phase 1 is a discussion paper on the review and the feedback received. This will inform Phase 2, which is a public consultation on the CBI’s proposed updates and improvements to the CPC, and the necessary draft regulations. In Phase 3, the CBI will publish the updated CPC, supporting regulations, and a feedback statement clarifying the CBI’s approach to the updated CPC.
In July 2023, the CBI released an Engagement Update following its discussion paper. The CBI confirmed that effective implementation of the CPC can be best achieved through the introduction of a revised CPC in 2024, with further enhancements in 2025. Phase 2 is expected to commence in January 2024. Once concluded, the revised CPC will be published.
New Material Business Line PCF
A new Material Business Line Pre-Approval Control Function (PCF) has been introduced for insurance undertakings pursuant to the Central Bank (Individual Accountability Framework) Act 2023 (the “IAF Act”). It is applicable to an individual with significant influence over the performance of a material business line that:
POG thematic inspection
In H2 2022, the CBI carried out a thematic inspection of POG arrangements in a selection of non-life insurance undertakings to assess the current level of controls, processes and systems in place in relation to POG arrangements. The CBI identified a number of key themes – namely, board oversight, risk management, policy wording, and protection gaps.
In June 2023 the CBI published its findings and highlighted its expectation that (re)insurance undertakings:
In June 2023, EIOPA published a peer review on POG that focused on how national competent authorities (NCAs) are supervising the application of POG requirements by insurance manufacturers. Ireland fell into the “NCAs broadly meeting expectations” category, with only one recommended action. EIOPA recommended that Ireland take action within the area of “setting and communicating supervisory expectations”. It recommended that the CBI formulate and communicate a comprehensive set of supervisory expectations covering all the elements of POG requirements in a formal manner or via supervisory dialogues. They also recommended that the CBI follow up on these expectations by challenging the effectiveness of POG arrangements by supervised entities based on these expectations.
CBI publishes report on data ethics within insurance
In August 2023, the CBI published a report on its “Data Ethics Within Insurance” research project, as part of the CBI’s research into how the advancements in digitalisation creates both opportunities and risks for the insurance industry. The report was based on the use of Big Data and Related Technologies (BD&RT) and aimed to improve understanding of how BD&RT is used, the extent of its use within the industry, and the ethical considerations that it raises.
The report outlined a number of benefits and risks both for consumers and firms. The benefits actioned were:
The potential risks included:
The report also considered how data ethics specifically was being incorporated into firms’ governance and risk management system. The CBI stressed that ethical matters must be more explicitly considered and that engagement at board and senior management level is essential and more transparent BD&RT responsibilities are required.
Regulation and supervision priorities for 2023
In February 2023, the CBI issued a “Dear CEO” letter outlining its key regulation and supervision priorities for 2023. The CBI reiterated that it will maintain a risk-based approach to regulation and supervision. Domhnall Cullinan outlined the following insurance-specific supervisory priorities in the CBI’s March 2023 newsletter.
Individual accountability
The IAF Act was enacted on 9 March 2023 and aims to support the advancement of an improved culture in the Irish financial system through greater accountability in the regulated sector.
The four key pillars of the IAF are:
Key dates
From 29 December 2023, Conduct Standards and amendments to the F&P regime will apply. SEAR will apply from 1 July 2024 but will only be applicable to (independent) non-executive directors from 1 July 2025. From 1 January 2025, confirmation of compliance of the certification process in respect of PCFs and controlled functions will apply. The Business Standards are being considered as part of the CBI’s above-mentioned CPC review.
For more details on the implementation of the IAF, please see the CBI’s feedback statements and final guidance in respect of the IAF and the Administrative Sanctions Procedure, issued on 15 November and 13 December respectively.
CBI publishes guidance for (re)insurance undertakings on climate change risk
In March 2023, the CBI published its final Guidance for (Re)Insurance Undertakings on Climate Change Risk. It aims to clarify the CBI’s expectations on how (re)insurers address climate change risks in their business and to assist them in developing their governance and risk management frameworks to do this. The guidance was accompanied by a feedback statement setting out the CBI’s views on the submissions received in respect of a consultation paper (CP151) on the draft guidance.
The guidance applies to authorised (re)insurers, including captive (re)insurers and third-country branches. The guidance confirms that it does not introduce new requirements for (re)insurers in relation to climate change risk. Rather, the CBI is clarifying its expectations on compliance with the existing Solvency II prudential requirements that are relevant to climate change risk.
CBI publishes guidance for (re)insurance undertakings on IGTs and exposures
In January 2023, the CBI published its final Guidance on (Re)Insurance Undertakings on Intragroup Transactions and Exposures. The guidance was accompanied by a feedback statement setting out the CBI’s views on the submissions received in respect of consultation paper (CP150) on the draft guidance.
The guidance sets out the CBI’s expectations of (re)insurance undertakings regarding intragroup transactions (IGTs) and exposures. The CBI introduced this guidance for the following reasons: “Many (re)insurers established in Ireland are part of large international (re)insurance groups and benefit from synergies and cost efficiencies that arise from being part of a group. However, material IGTs may expose a (re)insurer to high levels of concentration and other risks. Therefore, the CBI believes that the management and supervision of material IGTs merits special attention”.
The feedback statement noted that the guidance “does not introduce new requirements on (re)insurers; rather, it clarifies the CBI’s expectations in relation to a (re)insurer’s compliance with existing legislation and domestic requirements”.
The guidance focuses on the most significant exposures observed by the CBI – ie, intragroup assets, intragroup reinsurance and cash pooling/treasury function arrangements. It applied from 30 January 2023.
CBI updates General Good Rules for insurance distributors operating in Ireland on a cross-border basis
The CBI’s “General Good Rules” document sets out the general good rules that (re)insurance distributors must adhere to when operating in Ireland on a cross-border basis, in accordance with Article 11 of the IDD. The list is indicative and without prejudice to other general good rules (codified or not) that are applicable to regulated entities in Ireland. In April 2023, the CBI published its updated General Good Rules, which introduced a number of changes to the list – most of which reflected requirements arising under CICA.
70 Sir John Rogerson’s Quay
Dublin 2
Ireland
+353 1 232 2000
+353 1 232 3333
dublin@matheson.com www.matheson.comA Guide to Ireland’s Individual Accountability Framework Regime
The international trend towards regulating individual accountability and consumer-centric cultures in financial services has been gaining momentum for many years now, with Ireland playing its own role in that developing trend. This piece considers the recent adoption of the Central Bank (Individual Accountability Framework) Act 2023 (the “IAF Act”), related regulations and the Central Bank of Ireland (CBI)’s Guidance on the Individual Accountability Framework (IAF) ‒ collectively referred to as the “IAF Regime”.
Background to the IAF
The context and primary catalyst for the IAF Act was the Great Financial Crisis of 2008, its aftermath, and the significant failings in the domestic banking sector ‒ in particular, the treatment of tracker mortgages by the Irish retail banks. This resulted in the Minister for Finance and Public Expenditure and Reform mandating the CBI to consider and report on the behaviour and culture of the Irish retail banks, providing the CBI with the platform to set out a proposal for the introduction of the IAF. In its report, the CBI made it clear that, without the adoption and implementation of the IAF, “the likelihood of profound cultural change in the regulated financial services sector [would be] reduced”.
The CBI, in crafting the IAF, has confirmed that it was influenced by the experience of other global regulators that had adopted similar regimes. The individual accountability regime in the UK was considered to be of particular relevance to the design of the new Irish regime. The Senior Managers and Certification Regime (SMCR), as it is called, is considered to be a very successful regulatory regime by all impacted stakeholders ‒ with a clearly organised set of requirements focused on conduct, good governance and individual accountability. Like other jurisdictions, Ireland has taken a number of the aspects of the SMCR and appropriately adapted them for application in the Irish financial services market.
Following many years of negotiation and pre-legislative scrutiny, the IAF Bill was published by the Department of Finance in the summer of 2022. In addition to the historical context and rationale provided by the aftermath of the financial crisis, it is important to note that both the Department of Finance and the CBI framed the discussion and debate in a future-focused manner in order to ensure a customer-focused approach to the provision of financial services and products, robust governance in financial services firms and clear organisational structures designed to promote accountability, transparency and allocation of responsibilities to individuals and across relevant firms.
The progress of stakeholder engagement (including with the Attorney General’s Office) to ensure the constitutional robustness of the proposed legislation ‒ combined with legislative debate and consideration in both Houses of the Oireachtas ‒ resulted in the enactment of the IAF Act on 9 March 2023. Contemporaneously, the CBI launched a three-month consultation on the implementation of the IAF (including the publication of draft regulations and guidance and a feedback statement on same) and the final regulations and guidance were published on 16 November 2023.
Implementation of the IAF Regime commenced with compliance of the Conduct Standards and the enhancements to its Fitness and Probity (F&P) Regime on 29 December 2023. Senior Executive Accountability Regime (SEAR) compliance for in-scope firms will follow on 1 July 2024 (save for independent non-executive directors and non-executive directors whose compliance has been deferred until 1 July 2025).
IAF pillars
The IAF Regime, as delineated in the IAF Act, CBI Regulations and CBI Guidance, is designed “to improve governance, performance, and accountability in firms by establishing a framework of enhanced clarity as to who is responsible for what within firms”, according to Derville Rowland, Deputy Governor of the CBI. He states that “it also clarifies the standards to be met by individuals holding these responsibilities, with a particular focus on senior executives”.
The pillars of the IAF Regime are as follows.
These firms must also create statements of responsibilities and responsibility maps pertaining to the firm, describing their governance arrangements and demonstrating clearly that there are no gaps.
Finally, the Conduct Standards also include Business Conduct Standards, the development and detailed articulation of which will accompany the outcome of the ongoing Consumer Protection Code review currently being undertaken by the CBI.
Taken singularly and together, these components of the IAF Regime seek to:
Additionally, the CBI has articulated the view that should individuals and firms own the IAF Regime and their obligations thereunder ‒ in a true spirit of adherence and compliance, noting the importance of proportionality and reasonableness embedded within the framework ‒ then fewer infringement and contravention issues will arise in the conduct or individual responsibility sphere. This will also mean fewer enforcement actions will need to be taken by the CBI and, if firms and individuals can demonstrate compliance, arguably less intrusive supervision in this sphere.
Important factors in the implementation of the IAF Regime
As the IAF Regime moves into the implementation phase, it is worth reflecting on some of the key considerations and issues. The following observations will be of importance when it comes to implementing the IAF Regime.
Principles-based
The IAF is a principles-based regime, designed to deliver the policy design and direction outlined earlier. It has been acknowledged by the CBI that a one-size-fits-all regime will not be effective. As such, firms have the flexibility to adapt the IAF Regime to their organisation, governance, culture and operations that are in place today, with the duty to ensure the expected Conduct Standards and levels of responsibility meet the requirements of the IAF Regime.
Proportionality
Proportionality is a much-referred-to concept within the IAF Regime. This is welcome and reflects the fact that the regime is not intended to be a theoretical standard with which all firms (regardless of nature, scale and complexity) would have to comply. However, it is important that ‒ where proportionality is asserted ‒ time is taken to document this, in order for the regulator to understand how individuals and firms are seeking to comply with the IAF Regime so as not to give a false impression of non-compliance or avoidance.
Definitive compliance
Definitive compliance will not be achieved by the deadlines of 29 December 2023 or 1 July 2024, as this regime is intended to be lived by individuals and remain adaptive to the evolving nature, scale and complexity of circumstances and issues that the financial services sector presents. While the CBI has acknowledged that there will be an effort and financial outlay involved in achieving compliance with the IAF Regime, they have also reduced reporting burdens ‒ for example, the reporting requirement at the conclusion of a disciplinary procedure in respect of the Conduct Standards. This exemplifies that changes should be expected as implementation progresses to embeddedness and that this will occur both with firms and in respect of the supervisory expectations of the regulator.
Conduct Standards
The introduction of Conduct Standards in the codified form of the IAF Regime means that they take the form of positive, enforceable legal obligations on individuals to act in accordance with a single set of standards of expected behaviour. This is a material change, particularly for non-PCFs. It will also continue to be a key consideration for firms across 2024, as providing training, awareness and guidance will be central to CFs understanding their responsibilities and complying with the requirements of the IAF Regime. In addition, although “Statements of Responsibilities” are initially thought of as a requirement of the SEAR pillar of the IAF Regime, a version of these will likely be required for the Conduct Standards to address both regulatory and employment law requirements. Given the consequences of non-compliance for an individual, firms will need to ensure that roles, responsibilities and expectations are made clear under the Conduct Standards as well as under SEAR.
Broad application of Conduct Standards
Additionally, the scope of the Conduct Standards is such that individuals who are CFs in Irish firms ‒ but who are not directly employed by those entities ‒ are captured. This is particularly complex when an Irish firm is part of a large multinational group. Consequently, firms will have to consider the IAF Regime in the context of its outsourcing, shared services and operational resilience arrangements. In this regard, it is arguable that IAF artefacts required under SEAR (such as the Statements of Responsibilities and Management Responsibility Maps) might also be useful artefacts when seeking to illustrate or explain the oversight and control of outsourcing and shared services arrangements.
Reasonableness
The concept of reasonableness is embedded in the IAF Regime. The CBI has acknowledged that human error can occur and that perfection is not the required standard. Rather, the standard will reflect an assessment of the steps that an individual took. The CBI will consider what steps an individual in that position could reasonably have been expected to take at that point in time. The reasonable steps taken should align with the day-to-day management of the CF holders’ respective area. Although perfection is not required, it is important that the individual can demonstrate the reasoning and approach to decision-making, so that they can demonstrate how the relevant judgment may have been reasonable at that time.
Further, the CBI also recognises the role of judgement exercised by those in senior roles in discharging their responsibilities and that ‒ with the benefit of hindsight ‒ even though that judgement may have turned out to be wrong in a given circumstance, it is clearly possible for that individual to demonstrate how that judgement may have been reasonable at the time. Accordingly, and in tandem with the consideration of what shape a reasonable steps regime will take both for individuals and firms, documentation of reasonable steps is also a key issue that should be considered in detail.
Collective decision-making
The expected standard of PCF/CF-1 role holders is to understand their role in the effective running of the business more broadly, including their obligations in relation to effective collective decision-making. As well as the importance of ensuring appropriate controls and processes are in place, the CBI also expects an individual to think more broadly and seek to create and/or contribute to an overall environment where the risk of a contravention is minimised. This expectation is crystallised in the question of individual versus collective responsibility and decision-making. This will be a very particular and detailed consideration for individuals and firms in order to ensure that the capacity in which a person is making a decision or contributing to a decision is specified. Although complex, it is important that the practice of collaboration and collective decision-making should not be limited by the IAF Regime. Nevertheless, individuals can be considered guilty of a prescribed contravention under the CBI Acts should a breach of the conduct standards occur.
Employment law
The IAF Regime will likely impact every inflection point of the employment life cycle and, as a result, will constitute a live consideration for both the HR function as well as compliance ‒ particularly in the first annual cycle of application. It would be prudent to proactively consider the challenges that the IAF Regime may pose to existing employment, reward and disciplinary proceedings.
In addition, where the CF nexus of connection to the firm is not by contract of employment but by the provision of services, the complexities of monitoring and maintaining outsourcing relationships will need to be reviewed to ensure that the relevant key performance indicators for such arrangements contemplate compliance with the IAF Regime (as appropriate).
F&P certification regime
One of the lessons garnered from the implementation of the SMCR was that the certification regime required significant effort as there was a material amount of work necessary to build a formalised certification regime. In its feedback statement to CP153, the CBI clarified its expectations with regard to ongoing due diligence. It has retained certain clarifications of its expectations, specifically:
Importantly, the initial proposal to extend enhanced due diligence checks to CF-3 to CF-11 roles has been removed. The majority of due diligence in relation to the certification process for PCF, CF-1 and CF-2 roles must be assessed by the firm/holding company itself. Self-certification is permitted by CF-3 to CF-11 roles in respect of minimum competency code, regulatory and bankruptcy/judgment searches. This is a welcome clarification and will reduce some of the effort initially estimated as being required to ensure compliance. That being said, the annual mechanics of the certification process is likely to take some time to design and implement in each firm.
Conclusion
The application and implementation of the IAF Act marks the conclusion of a detailed and involved consultation, legislative and drafting period in which the government, the CBI and the financial services sector considered the key pillars of individual accountability across financial services in Ireland. The implementation and embedding of the IAF Regime has now begun and will, no doubt, present questions and challenges for firms, individuals and the CBI alike. With this in mind, the authors hope that all parties will, in the words of CBI Deputy Governor Gerry Cross, “work in the right spirit to deliver over the coming periods”.
Additionally, the CBI has committed to a review of the IAF Regime three years after its implementation. This should provide sufficient time to gauge the effectiveness of the core elements of the IAF Regime and to allow the CBI to then act to take any necessary steps to amend/update the regime in light of its findings. In the meantime, it is hoped that the IAF Regime will effectively contribute to improving the public trust in financial institutions, producing better outcomes for consumers and enhancing Ireland’s reputation as a global financial services centre.
70 Sir John Rogerson’s Quay
Dublin 2
Ireland
+353 1 232 2000
+353 1 232 3333
dublin@matheson.com www.matheson.com