Insurance & Reinsurance 2024

Last Updated January 23, 2024


Law and Practice


Matheson LLP was established in 1825 in Dublin and has offices in Cork, London, New York, Palo Alto and San Francisco. The firm employs more than 800 people across its six offices, including 120 partners and tax principals as well as 540 legal, tax and digital services professionals. Matheson services the legal needs of internationally focused companies and financial institutions doing business in and from Ireland. The firm counts more than half of the world’s top 50 banks, seven of the world’s ten largest asset managers and nine of the top ten most innovative companies in the world among its clients and has advised the majority of Fortune 100 companies. The team’s expertise is spread across more than 30 practice groups, including finance and capital markets, insolvency and corporate restructuring, asset management and investment funds, commercial real estate, litigation and dispute resolution, insurance and tax.

Ireland has a common-law legal system. The law in relation to insurance contracts is primarily governed by common-law principles – the origins of which can be found in case law.

Following the enactment of the Consumer Insurance Contracts Act 2019 (CICA), the Marine Insurance Act 1906 (MIA) only applies to non-consumer contracts. There are some forms of insurance that are compulsory under statute in Ireland (eg, third-party motor insurance and professional indemnity cover for certain professionals).

There is no Irish equivalent of the UK Insurance Act 2015. CICA was signed into law in 2019 and reformed consumer insurance law. It commenced in two stages (on 1 September 2020 and 1 September 2021), following industry pressure to allow sufficient time for the insurance industry to account for the far-reaching changes imposed. For consumer insurance contracts, CICA has replaced the duty of utmost good faith and the consumer’s duty of disclosure with a duty to provide responses to questions asked by the insurer honestly and with reasonable care.


There are some restrictions on insurers’ freedom of contract (largely for the protection of consumers), as they are subject to the enactment of Irish legislation to comply with EU law. Consumer protection law has undergone a number of changes as a result of the Unfair Terms in Consumer Contracts Directive 1993/13/EC and the Distance Marketing of Financial Services Directive 2002/65/EC.

When dealing with a “consumer”, the insurer must also comply with the Central Bank of Ireland (CBI)’s Consumer Protection Code 2012 (CPC), the Consumer Protection Act 2007, and the Consumer Rights Act 2022 (CRA). Under the CPC, “consumer” is broadly defined and includes individuals and small businesses with a turnover of less than EUR3 million. The same definition is applied for CICA purposes. “Consumer” under the CRA is defined as “an individual acting for purposes that are wholly or mainly outside that individual’s trade, business, craft or profession”.

Insurance contracts, and the marketing and selling of insurance products to consumers, must also be compliant with the terms of the Sale of Goods and Supply of Services Act 1980 (as amended by the CRA).

Ireland has a strong and efficient risk-based prudential regulatory framework, focusing on the application of the proportionality principle.

Central Bank of Ireland

The CBI has primary responsibility for the prudential supervision and regulation of (re)insurance undertakings in Ireland. It carries out this role through monitoring and ongoing supervision and issues standards, policies and guidance, with which (re)insurance undertakings must comply.

The CBI oversees the corporate governance functions, risk management and internal control systems of (re)insurance undertakings without placing burdensome administrative requirements on their operators. Such undertakings are required to submit annual and quarterly returns on solvency margins and technical reserves for supervisory purposes. The CBI also conducts regular themed inspections across the (re)insurance sector.

The CBI operates a rigorous authorisation process and conducts fitness and probity (F&P) assessments of individuals who are to hold certain designated management functions and positions within authorised firms. It also has responsibility for consumer protection issues.

Risks and risk ratings

An administrative sanctions regime provides the CBI with a credible enforcement tool and acts as an effective deterrent against breaches of financial services law. The CBI’s supervisory framework, Probability Risk and Impact SysteM (PRISM), is a risk-based framework that categorises regulated firms by the potential impact of their failure on the economy and the consumer. Under PRISM, (re)insurance undertakings are allocated a risk rating on a scale of high (including ultra-high), medium-high, medium-low or low. PRISM recognises that the CBI does not have infinite resources and, as such, selectively deploys supervisors according to a firm’s risk rating.

High-impact firms are recognised as the most important for ensuring financial and economic stability and are therefore subject to a higher level of supervision.

Consumer protection risk assessments

The CBI’s Consumer Protection Risk Assessment (CPRA) model aims to enhance the manner in which regulated entities manage “the risks they pose to consumers and ensure they have appropriate risk management frameworks to deliver for their customers”. (Re)insurance companies must implement a consumer protection risk management framework that is tailored to the nature, scale and complexity of their business. The CBI assesses the effectiveness of these internal management frameworks through targeted CPRAs, in addition to PRISM and regular thematic inspections.

II Code and the 2015 Regulations

The Insurance Institute’s Code of Ethics and Conduct (the “II Code”) is also relevant to the regulation of (re)insurance undertakings. The II Code is a voluntary code of conduct aimed at protecting policyholders resident in Ireland. It has been adopted by members of Insurance Ireland, which is the representative body for (re)insurance undertakings in Ireland.

EU Directive 2009/138/EC (“Solvency II”) introduced a common regulatory framework for EEA (re)insurance undertakings and was transposed into Irish law by the European Union (Insurance and Reinsurance) Regulations 2015 (the “2015 Regulations”). The 2015 Regulations impose harmonised capital and solvency requirements, valuation techniques, and governance and reporting standards. They also impose certain restrictions on shareholders of (re)insurance undertakings, as the CBI will not grant an authorisation to an undertaking if it isn’t satisfied as to the suitability and F&P of “qualifying” shareholders.

For the purposes of the 2015 Regulations, a qualifying shareholding means a direct or indirect holding in an undertaking that:

  • represents 10% or more of the capital or voting rights of the undertaking; or
  • makes it possible to exercise a significant influence over the management of the undertaking.

Insurance Distribution Regulations

The European Union (Insurance Distribution) Regulations 2018 (IDR) transposed the Insurance Distribution Directive (EU) 2016/97 (IDD) into Irish law. The IDD harmonises the distribution of (re)insurance products within the EU, with the aim of facilitating market integration and enhancing consumer protection. The IDR were designed to:

  • enhance consumer protection and ensure a level playing field across the sector by extending the scope of application to include all participants in the distribution of insurance products;
  • identify and mitigate conflicts of interest, particularly regarding remuneration; and
  • introduce increased transparency and conduct of business requirements.

See 2.1 Insurance and Reinsurance Regulatory Bodies and Legislative Guidance.

Insurance undertakings and intermediaries authorised by the CBI or in another EU/EEA member state carrying on business in Ireland must comply with certain Irish general good requirements, such as the CPC. The CPC contains general and specific provisions concerning insurance, including requirements relating to premium handling and contact with consumers (eg, information that must be provided to consumers before entering into a contract for a product or service, as well as records, errors, rebates and claims processing).

Persons carrying out a “controlled function” on behalf of financial service providers are expected to satisfy the minimum professional knowledge and competency requirements set out in the Minimum Competency Code and Regulations 2017 (MCC).

A range of taxes, levies and duties are applied to insurance policies, as follows.

  • Non-life insurance policies attract a quarterly levy of EUR1 stamp duty on insurance policies where the risk is located in Ireland and the premium or premiums payable over a period of 12 months is EUR20 or greater.
  • Non-life insurance policies also attract a levy of 3% on the gross amount received by an insurer in respect of certain non-life insurance premiums. An additional 2% contribution to the Insurance Compensation Fund applies to premiums received in relation to non-life insurance policies.
  • Life assurance premiums attract a levy of 1% of gross premiums.
  • Health insurance attracts levies that, depending on the cover, range from EUR109–EUR438 in respect of relevant contracts renewed or entered into on or after 1 April 2023.

Licensing of (Re)insurance Companies

Undertakings wishing to carry on (re)insurance business in Ireland must obtain authorisation from the CBI or another EU regulator through the “single passport” regime. The CBI has published a checklist for completing and submitting applications for authorisation under the 2015 Regulations (“the Checklist”), along with a guidance paper to assist applicants. The application comprises the completed Checklist and a detailed business plan plus supporting documents (the “Business Plan”) that is submitted after a preliminary meeting with the CBI.

The principal areas considered by the CBI in evaluating applications include:

  • legal structure;
  • ownership structure;
  • overview of the group to which the applicant belongs (if relevant);
  • scheme of operations;
  • system of governance, including the F&P of key personnel;
  • risk management system;
  • Own Risk and Solvency Assessment;
  • financial information and projections;
  • capital requirements and solvency projections; and
  • consumer issues (such as the MCC and the CPC).

A high-level overview of the application for authorisation process is as follows:

  • arrange a preliminary meeting with the CBI to outline the proposals, at which the CBI will provide feedback in relation to the proposal and identify any areas of concern that should be addressed before the application is submitted;
  • prepare and submit the completed Checklist and Business Plan;
  • dialogue with the CBI;
  • the authorisation committee of the CBI considers the application;
  • once the CBI is satisfied with the application, it will issue an “authorisation in principle”, meaning it is minded to grant its approval as soon as certain conditions have been satisfied; and
  • once all conditions are satisfied, the CBI will issue the final authorisation and the (re)insurer can commence writing business in Ireland.

The application process is iterative, involving consultation with the CBI after an application is formally submitted. During the review process, the CBI will typically request additional information and documentation, and may have comments on certain features of the proposal. The CBI may seek additional meetings with the applicant in order to discuss aspects of the proposal in further detail.

The CBI will issue a formal authorisation once satisfied that the capital requirements and pre-licensing requirements have been met. Throughout this process there will be multiple meetings and the CBI may request additional information. The process can take between four to six months. The CBI does not currently charge a fee for licence applications.

Position of UK-Based Insurers After 31 December 2020

The Brexit Deal agreed in December 2020 between the UK and the EU was largely silent on financial services. Consequently, at the end of the transition period on 31 December 2020, the UK became a third country and UK-authorised insurers can no longer rely on the EU passporting regime to access the Irish and EU market.

In anticipation of this, the Irish government introduced a Temporary Run-Off Regime (TRR) through Part 10 of the Withdrawal of the United Kingdom from the European Union (Consequential Provisions) Act 2020 (the “Brexit Omnibus 2020 Act”). This has become crucially important for those UK/Gibraltar insurers and insurance intermediaries that have Irish customers and decided against establishing an EU-authorised entity to access Ireland post-Brexit.

Part 10 of the Brexit Omnibus 2020 Act addresses the issue of insurance contract continuity and inserts provisions into the 2015 Regulations and the IDR, permitting a UK firm to administer its run-off business in Ireland for 15 years from 31 December 2020 “in order to terminate its activity” in Ireland. Crucially, no new business is permitted but compliance with the general good requirements remains a requirement.

The Insurance (Miscellaneous Provisions) Act 2022 amends the 2015 Regulations to provide for technical changes in order to ensure that UK and Gibraltar-based insurance firms providing reinsurance to Irish based insurers through the third-country exemption, along with firms in liquidation, can rely on the TRR to run-off their existing Irish insurance contracts.

Third-Country Reinsurers

Third-country reinsurers are excluded from the application of the 2015 Regulations where the reinsurer:

  • has its head office in a third country;
  • is lawfully carrying on reinsurance in that third country; and
  • is carrying on reinsurance (but no other activity) in Ireland.

The effect is that a third-country reinsurer is not required to be authorised in accordance with the 2015 Regulations in order to carry on reinsurance business in Ireland.

Freedom of Establishment or Freedom of Services Basis

(Re)insurance undertakings authorised in an EU/EEA member state may carry on business in Ireland on a Freedom of Establishment basis through a local branch or operate in Ireland on a Freedom of Services basis, provided that their home state regulators notify the CBI. Passporting undertakings must comply with the Irish general good requirements.

Special-Purpose Reinsurance Vehicle

A reinsurance provider can establish a special-purpose reinsurance vehicle, thus providing a quicker, simpler route to authorisation and reducing supervision compared with fully regulated reinsurers.

Establishing a Third-Country Insurance Branch in Ireland

The 2015 Regulations facilitate a non-EEA insurer establishing a branch in Ireland (a “third-country branch”), subject to the fulfilment of specific regulatory requirements. The 2015 Regulations impose standalone capital requirements on third-country branches and require the third-country branches to:

  • hold assets in Ireland of at least 50% of the absolute floor prescribed in the 2015 Regulations in respect of the minimum capital requirement (EUR3.7 million); and
  • deposit 25% of that amount with the Irish High Court as security.

The local substance requirements for a third-country branch will depend on the nature, scale and complexity of its operations. The CBI will expect an appropriate number of senior management in Ireland so as to demonstrate a sufficient level of local oversight and control. As a minimum, a branch manager and a branch management committee in Ireland ‒ with day-to-day responsibility for corporate governance of the branch ‒ will be required. To date, no third-county branches have been authorised in Ireland.

Significantly, a Third-Country Branch does not have the right to passport into other EU/EEA jurisdictions and is only permitted to write business in the jurisdiction in which it is established. Therefore, a third-country branch is not suitable for third-country insurers seeking to write business across the EU/EEA. Post-Brexit, establishing a third-country branch may not represent a comprehensive solution for UK insurers seeking to maintain access to the single market; therefore, establishing an EEA-authorised subsidiary has been the preferred option.

The CBI does not currently permit 100% reinsurance arrangements.

The M&A environment fell sharply in H1 2023, with 177 deals (down 2% from H1 2022). Significantly, the transaction value was EUR5.2 billion (down 58% from H1 2022). Rising interest rates, high inflation and recession fears have affected confidence in the market, increasing the cost of acquisitions.

While there has been a cooling in the market since 2022, M&A has returned to pre-pandemic levels of activity – with the 2022 figures representing an increase from pre-pandemic activity levels. Certain sectors in Ireland continue to demonstrate marked resilience – for example, the pharmaceuticals, medical and biotech sector increased from 2% of Irish M&A activity by value in H1 2022 to 28% in H1 2023. The industrials and chemical sectors increased from 1% in H1 2022 to 18% in H1 2023. As of Q4 2023, there were 393 deals in the financial services sector in Ireland, which will likely surpass the 2022 figure of 400 financial services deals – thereby demonstrating the resilience of the Irish financial services market.

A positive level of activity overall in the market is anticipated. Irish M&A is highly resilient and, while activity levels are anticipated to remain healthy for the rest of the year, it is not anticipated that levels will return to those seen in the aftermath of the pandemic.

Insurance Distribution Regulations

The IDR govern the distribution or sale of insurance products and apply to persons engaged in insurance distribution business in the Irish market, such as agents, brokers and bancassurance operators. However, insurers can also distribute insurance products directly to customers.

Definition of insurance distribution

Under the IDR, insurance distribution is defined as “any activity involved in advising on, proposing, or carrying out other work preparatory to the conclusion of contracts of insurance, of concluding such contracts, or of assisting in the administration and performance of such contracts ‒ in particular, in the event of a claim, the provision of information concerning one or more insurance contracts in accordance with criteria selected by customers through a website or other media and the compilation of an insurance product ranking list, including price and product comparison, or a discount on the price of an insurance contract, when the customer is able to directly or indirectly conclude an insurance contract using a website or other media”.

The following activities are specifically excluded:

  • claim management on a professional basis;
  • loss adjusting;
  • expert claim appraisal; and
  • mere provision of information if no additional steps are taken by the provider to assist in concluding an insurance or reinsurance contract.

The IDR clarifies that “introducing” is not considered a regulated activity under Irish law.

Impact of the IDR

The IDR introduces enhanced information and conduct of business requirements for insurance distributors. “Ancillary insurance intermediaries” are exempt from the IDR where certain conditions are satisfied.

The IDR prescribes certain requirements relating to product oversight and governance (POG), which aim to:

  • enhance consumer protection by ensuring insurance products meet the target market’s needs; and
  • mitigate the risk of mis-selling by insurance distributors.

Insurance undertakings (and relevant intermediaries) are required to implement POG procedures prior to distributing or marketing an insurance product to customers.

The IDR requires distributors to have Product Distribution Arrangements (PDAs) in place containing appropriate procedures to obtain all pertinent information on the products they intend to offer to their customers from the manufacturer. The PDA should be a written document made available to their staff, aiming to:

  • prevent customer detriment;
  • manage conflicts of interest; and
  • ensure the objectives, interests and characteristics of customers are taken into account.

Investment Intermediaries Act 1995

Previously, two pieces of legislation governed intermediaries operating in Ireland. The European Union (Insurance Mediation) Regulations 2005, which have been fully repealed, and the Investment Intermediaries Act 1995 (IIA). The IDR brought welcome clarification regarding the application of IIA to insurance intermediaries by revoking all references to insurance.


(Re)insurance brokers/intermediaries require CBI authorisation to:

  • carry out (re)insurance distribution or advise consumers in relation to general insurance products, life assurance, health and medical insurance products; or
  • act as an insurance intermediary for an insurance company with which they have an agreement or carry out certain activities (such as loss assessing or assisting consumers in dealing with claims under insurance contracts).

(Re)insurance brokers/intermediaries are subject to ongoing CBI supervision of their compliance with the registration requirements, including completing an annual return and holding an adequate professional indemnity insurance policy. The CBI maintains a register of authorised (re)insurance intermediaries in Ireland. (Re)insurance undertakings involved in the distribution of insurance products must also comply with the national general good provisions that regulate how undertakings may sell and market insurance products to consumers in Ireland.

Position of UK-Based Insurance Intermediaries After 31 December 2020

See 3.1 Overseas-Based Insurers or Reinsurers.

Parties to a non-consumer insurance contract are subject to the duty of utmost good faith (Section 17 of the MIA). The proposer or insured has a duty to disclose all material facts. A material fact is one that would influence the judgment of a prudent underwriter in deciding whether to underwrite the contracts and, if so, on what terms. The duty goes beyond answering questions on a proposal form correctly; every material representation made by the insured or proposer, or their agent, to the insurer must be true.

CICA replaces the duty of good faith for consumer insurance contracts and the MIA no longer applies to these contracts. Since 1 September 2021, the consumer proposer’s duty is limited to a duty to provide responses to specific questions asked by the insurer honestly and with reasonable care.

The majority of provisions of CICA took effect from 1 September 2020. The remaining sections commenced on 1 September 2021 – with the exception of Section 18(4), which was clarified and amended by the Insurance (Miscellaneous Provisions) Act 2022 but has not yet been commenced.

Prior to CICA, the remedy for breach of the duty of utmost good faith was avoidance of the policy. CICA introduced new proportionate remedies (proportionate to the effects of the misrepresentation, depending on whether it was innocent, negligent or fraudulent) for a breach of the new duty of disclosure. Section 8(6) requires an insurer to establish inducement to avail of the remedies under the act for a breach of the duty of disclosure.

Typically, an insurance intermediary is deemed to be acting on behalf of the customer at all times during the negotiation of an insurance contract ‒ except when collecting premiums on behalf of the insurer. However, certain intermediaries act for and on behalf of an insurer as a tied insurance intermediary.

Under the IDR, insurance distributors are required to act honestly, fairly and professionally in accordance with the best interest of their customers, irrespective of whether the intermediary is negotiating an insurance contract as an individual broker or acting as a tied insurance intermediary. The information and transparency requirements set out in the IDR require an intermediary to promptly disclose whether it is representing the customer, or acting for and on behalf of the insurer, before the contract concludes. Any remuneration received by an intermediary in relation to a contract must be disclosed to the customer. Ongoing requirements include:

  • good reputation of directors;
  • knowledge and ability of senior management and key personnel;
  • holding of minimum levels of professional indemnity insurance; and
  • maintenance and operation of client premium accounts.

There are no specific rules for the formation of an insurance contract under Irish law, beyond the general principles of contract law, common law and the duty of good faith. There is no statutory definition of an insurance contract and legislation does not specify its essential legal elements. International Commercial Bank plc v Insurance Corporation of Ireland set out the main characteristics of an insurance contract, which are:

  • an insurable interest;
  • payment of a premium;
  • the insurer undertakes to pay the insured on the happening of an insured risk;
  • the risk must be clearly specified;
  • indemnification; and
  • the principle of subrogation is applied where appropriate.

CICA defines an insurance contract as “a contract of life insurance or non-life insurance made between an insurer and a consumer” and reforms the law relating to insurable interests.

No information is available for this jurisdiction.

Consumer contracts are now governed by CICA. The legal requirements of insurance and reinsurance are the same.

ART transactions are recognised as reinsurance transactions under the 2015 Regulations and are characterised by the CBI in a manner consistent with the Solvency II regime.

There has been a slowdown in recent years in the number of ART deals in Ireland. The CBI has concerns relating to the viability of ART transactions and the potential risks for insurance carriers, particularly in relation to basis risks. Further, it is not clear if ART transactions entered into by life insurers comply with the requirements to be “fully funded”. Significant growth is not expected in the coming years.

No information is available for this jurisdiction.

Insurance contracts are subject to the same general principles of interpretation as other contracts. The Supreme Court has confirmed in two judgments (Analog Devices v Zurich Insurance and Emo Oil v Sun Alliance and London Insurance Company) that the principles of construction set out by Lord Hoffman in ICS v West Bromwich Building Society should be applied to the interpretation of insurance contracts.

The Irish courts consider the ascertainment of the meaning that the document would convey to a reasonable person, having all the background knowledge that would reasonably have been available to the parties in the situation in which they were at the time of the contract (“matrix of fact”). Certain things are excluded from the admissible background, including previous negotiations and declarations of subjective intent. The meaning of the document is not the same as the particular meaning of the words; it is what the parties using those words against the relevant background would reasonably have understood them to mean.

The courts apply the words’ ordinary and natural meaning. It is assumed that people ordinarily do not make linguistic mistakes in formal documents. However, if it is clear from the matrix of fact and background that something is wrong with the language, judges can attribute to the parties the intention they clearly had.

The court takes an objective approach to determining the intention of reasonable persons in the position of the parties. Where a contractual term is genuinely ambiguous, the contra proferentem rule will apply and the interpretation less favourable to the drafter is adopted. The rule also applies to consumer contracts.

In non-consumer contracts, no specific wording is required to create a warranty. The word “warranty” is not required but may be considered as evidence of the intention to create a warranty. Further, a warranty may be express or implied (Section 33 of the MIA).

A warranty is treated differently to a contractual term in that it must be exactly complied with, whether it is material to the risk or not. The insurer is discharged from liability from the date of breach of the warranty – although without any prejudice to any liability incurred before that date.

The Irish courts construe warranties strictly, as a breach entitles the insurer to repudiate liability even if the breach is not material to the loss. CICA replaces warranties in consumer contracts with suspensive conditions and abolishes basis of contract clauses.

The effect of a breach of a condition depends on whether the condition is a condition precedent to liability. Conditions precedent to liability relate to matters arising after a loss has occurred – most commonly in relation to notification. The Irish courts will generally not construe an insurance condition as a condition precedent unless it is expressed as such or the policy contains a general condition precedent provision. Breach of a condition precedent means that an insurer can repudiate liability for the claim without any requirement to demonstrate prejudice. There is no requirement for a link between the breach and the damage.

The consequences for breach of a bare condition are in damages.

In consumer contracts, conditions precedent could now be considered “continuing restrictive conditions” following commencement of CICA.

Insurance contracts typically contain a dispute resolution clause. An insurance contract may contain an arbitration clause or may stipulate another form of ADR. In a consumer contract, a consumer may make a complaint to the Financial Services and Pensions Ombudsman (FSPO).

Choice of forum, venue and applicable law clauses in (re)insurance contracts is generally recognised and enforced. Where an insured is domiciled in an EU member state, regard should be had to the following regulations that may limit these provisions:

  • Regulation (EC) 44/2001 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (Brussels I Regulation);
  • Regulation (EU) 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (the “Recast Brussels Regulation”), which replaces the Brussels I Regulation in respect of proceedings and judgments commenced after 10 January 2015;
  • Regulation (EC) 593/2008 on the law applicable to contractual obligations (the “Rome I Regulation”);
  • Lugano Convention (L339, 21 December 2007) on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters; and
  • the Hague Choice of Court Agreements Convention 2005.

In Ireland, the district court deals with claims up to a monetary value of EUR15,000, the circuit court deals with claims up to EUR75,000 (EUR60,000 for personal injury cases), and the High Court has unlimited monetary jurisdiction. Insurance disputes are heard by a single judge with no jury.

The Commercial Court is a specialist division of the High Court dealing exclusively with commercial disputes. Where the monetary value of a (counter)claim exceeds EUR1 million and the dispute is commercial in nature, either party may apply to have the dispute heard in the Commercial Court. There is no automatic right of entry; it is at the judge’s discretion and can be refused if there has been any delay.

Commercial Court proceedings progress much quicker. Generally, the time from entry into the Commercial Court to the allocation of a trial date ranges from a matter of weeks to between four and six months, depending on complexity and the number of parties.

Appeals from the High Court are dealt with by the court of appeal, except when the Supreme Court believes a case is of such public importance that it should go directly to the State’s highest court.


Evidence is given orally, except in very limited circumstances. Where a party intends to rely upon the (factual or expert) oral evidence of a witness, a witness statement or expert report must be filed – unless a judge orders otherwise.


Typically, costs follow the event, whereby the loser pays. However, where litigation is “complex”, the Commercial Court often analyses whether the winning party has succeeded on all grounds.


The general position under the Statute of Limitations Act 1957 is that claims for breach of contract must be brought within six years of the date of breach.

Where a complaint is made to the FSPO, there is an extended limitation period applicable to complaints relating to “long-term financial services” (ie, those for which the maturity or term extends beyond five years and one month, or life assurance policies not subject to annual renewal) – otherwise a six-year rule applies.

For non-EU, non-Lugano Convention and non-Hague Convention judgments, an originating High Court summons is required to recognise and enforce a foreign judgment and the High Court must grant leave to issue and serve the proceedings. To succeed, a foreign judgment must be for a definite sum, be final and conclusive, and be handed down from a court of competent jurisdiction. The High Court may refuse to recognise and enforce a judgment on a number of grounds (eg, fraud, lack of jurisdiction) that are contrary to Irish law or the principles of natural justice.

See 9.7 Alternative Dispute Resolution.

See 9.7 Alternative Dispute Resolution.

Insurance disputes may also be dealt with by ADR mechanisms such as mediation and arbitration.


Where an insurance contract contains an arbitration clause, a dispute must be referred for arbitration. However, consumers are not bound by an arbitration clause where the claim is less than EUR5,000 and the relevant policy has not been individually negotiated.

The Arbitration Act 2010 (the “2010 Act”) incorporates the UNCITRAL Model Law on International Commercial Arbitration. Under the 2010 Act, the decision of an arbitrator is binding on the parties and there is no means of appeal. Where parties have entered into valid arbitration agreements, the courts are obliged to stay proceedings.

Although arbitration may result in additional costs, there is the benefit of confidentiality.

Ireland is party to the Convention on the Recognition and Enforcement of Foreign Arbitral Awards 1958 (the “New York Convention”), allowing Irish arbitral awards to be enforced in any of the 157 countries party to the New York Convention.

The courts can set aside an arbitral award under Article 34 of the 2010 Act, albeit on very limited grounds. The party seeking to have the arbitral award set aside must prove that either:

  • a party to the arbitration agreement was under some incapacity or the agreement itself was invalid;
  • the party making the application was not given proper notice of the arbitrator’s appointment or the arbitral proceedings (or was otherwise unable to present their case);
  • the award deals with a dispute outside the ambit of the arbitration agreement;
  • the arbitral tribunal was not properly constituted; or
  • the award is in conflict with the public policy of the state.

The recent High Court decision in Charwin Limited t/a Charlie’s Bar v Zavarovalnica Sava Insurance Company DD demonstrates that the bar is high when seeking to resist a referral to arbitration on grounds of public policy.


The Mediation Act 2017 (the “Mediation Act”) came into force on 1 January 2018. Under the Mediation Act, solicitors in Ireland must advise their clients of the merits of mediation as an ADR mechanism before proceedings are issued.

The Mediation Act provides for any court to adjourn legal proceedings to allow the parties to engage in mediation. The court can make such an order on its own initiative or on application by either party to the proceedings. There may be cost implications where either party fails to engage in ADR following such a direction from the court.

Financial Services and Pensions Ombudsman

The FSPO is the amalgamation of the Financial Services Ombudsman and the Pensions Ombudsman, pursuant to the FSPO Act 2017. It is an independent body, established to resolve disputes between consumers and insurance providers either through informal means or by formal investigation. The FSPO’s decision is legally binding, with a right of appeal to the High Court.

There is no cause of action in damages for the late payment of claims in Ireland. However, under Section 26 of CICA, where an insurer is in breach of any duty under the Act, the court has the discretion to order that a sum payable in a claim under a contract of insurance be increased in proportion to the breach involved.

Insurers have subrogation rights at common law and subrogation provisions in insurance policies are common. Generally, an indemnity must have been provided before the insurer is entitled to subrogate. CICA has introduced certain restrictions on subrogation rights in the context of family and personal relationships and in employment scenarios.

Irish government bodies, such as Enterprise Ireland and the Industrial Development Authority Ireland, work in tandem to attract and support foreign direct investment in Ireland and promote Ireland as a destination for insurtech companies.

In July 2021, 12 stakeholders in the Irish insurance sector joined together to create, with the aim of promoting Ireland as an EU insurtech hub. Under the Department of Finance’s Finance Action Plan IFS 2025, is tasked with building an Insurtech hub in Ireland. A study commissioned by and conducted by Deloitte, Driving Insurtech Growth in Ireland, was published in April 2021. It found that Ireland is “one of the most developed insurance markets” in Europe and is “well positioned to take advantage of the innovation and technological enhancements being developed within the sector as part of the growth of global insurtech”. An updated report, published in September 2023, found 86% of insurers believe that “partnering with insurtech organisations can support their technological development and help plug gaps in key technology-related capability areas”.

One significant Irish insurtech firm is Blink, which was founded in 2016 to build data-driven travel disruption insurance solutions. In 2020, the firm launched Blink Parametric, offering a full suite of parametric insurance solutions. Blink made it onto The InsurTech100 in 2019, 2020 and 2022. In July 2023, Blink announced its intention to create 30 new jobs in Cork, which will effectively double its workforce by the end of 2025.

In 2021, 2022 and 2023, Companjon – an innovative insurtech start-up headquartered in Dublin – was named in the InsurTech100. Companjon is Europe’s leading specialist in unique add-on insurance that is 100% digital. Companjon has been recognised by Forbes as “a tech-driven disruptor that is changing the way people think about insurance”.

The CBI is responsive to the challenges posed by the regulatory treatment of financial innovations. It is a robust regulator, acknowledging the need to strike the appropriate balance between encouraging innovation-related entry to the market and ensuring new entrants are sufficiently ready to fulfil all their regulatory obligations in relation to financial stability and consumer protection. The CBI is cognisant of the requirement to keep abreast of the changing technological environment and has committed significant resources to improving its data architectures and establishing quantitative analytical teams in its banking, insurance and markets directorates.

The CBI has taken a range of measures in relation to fintech, including:

  • establishing an Innovation Hub in 2018 for engagement with fintech companies;
  • creating an Innovation Steering Group and a fintech network within the CBI; and
  • engaging with the European supervisory authorities and the Single Supervisory Mechanism on the EC’s Fintech Action Plan.

In November 2023, the CBI launched a consultation paper on innovation engagement (CP156), which considers possible enhancements to how the Innovation Hub operates and a new proposal to establish an Innovation Sandbox Programme. The sandbox will provide firms and new entrants with access to regulatory advice and support in order to develop innovations that promote better outcomes for society and the financial system. The governor of the CBI indicated that the sandbox will be open to applications from all sectors of the financial system via a transparent application process. The CBI will share outcomes of all sandbox activity with stakeholders annually.

“Emerging risks” are new, evolving risks that are difficult for insurers to assess and which carry a high degree of uncertainty with regard to their impact, probability, and the amount of losses expected. The CBI expects Irish insurance undertakings to give appropriate consideration to assessing emerging risks and to adopt a longer-term perspective than is typical in business planning and strategy-setting processes. The CBI expects to see evidence of robust analysis and timely, effective action relating to emerging risks.

Cyber-risk and digitalisation risks are the most formidable emerging risks in Ireland. In March 2023, the CBI’s Final Guidance on (Re)Insurance Undertakings on Climate Change Risk stated that climate change risk has now moved from an emerging risk to a key risk, given the impact that climate change is already having on the insurance sector. The CBI expects (re)insurers to manage climate risks in the same manner that they manage other key risks within their risk management framework.


Digital innovation and growing sophistication in digital technology have led to increased cybersecurity threats and data breach risks. In July 2023, the European Insurance and Occupational Pensions Authority (EIOPA) noted that cyber-risk is one of the most important risks for the European insurance sector and has been identified by the International Monetary Fund (IMF) as a key threat to financial stability.

The CBI published cross-industry guidance in respect of IT and cybersecurity risks in 2016, highlighting a variety of emerging threats. This guidance noted that IT and cybersecurity and associated risks are a key concern for the CBI. In October 2020, EIOPA published its Guidelines on ICT Security and Governance. The CBI confirmed that these guidelines supersede the CBI’s 2016 guidance but do not contradict anything in that guidance.

In December 2021, the CBI published its final Cross-Industry Guidance on Operational Resilience in order to assist financial firms to prepare, respond, recover and learn from an operational disruption affecting delivery of critical or important business services. Anticipating the Digital Operational Resilience Act (DORA), the CBI noted that these guidelines were compatible with and complementary to DORA and that there were no contradictions between the two.

DORA introduces a comprehensive framework on digital operational resilience for EU financial firms, including (re)insurance undertakings, intermediaries and ancillary intermediaries, as well as critical third parties providing ICT-related services to these firms. DORA came into force on 16 January 2023 and will apply 24 months after this date.

The CBI also has a dedicated IT risk inspection team, operational since April 2015.

In late 2023, the CBI launched a thematic review of insurance companies’ cybersecurity safeguards. It aimed to assemble a range of cybersecurity controls, based on responses to a recent cybersecurity questionnaire. The CBI will continue with this thematic review in early 2024 and actions arising out of the review will likely be communicated more broadly.

Longevity Risk

Longevity risk is the potential risk of an individual living longer than expected. The financial implications of exponentially increasing lifespans are colossal. An average life expectancy increase of three years would cause the cost of supporting the ageing population to increase by 50%. As the mortality risk continues to decrease, it is clear that understanding the associated risk is of crucial importance to insurers.

Considering how quickly life expectancy is increasing, projecting future liabilities based solely on data extrapolated from the past is imprecise. Consequently, certain companies have created insurance subsidiaries to run their pensions schemes, who then reinsure its longevity risk with a reinsurer. From a reinsurance perspective, buying this longevity risk may be an attractive financial transaction – given that it lowers mortality risk and thereby helps balance life insurance risks. However, the IMF stated that longevity risk should be shared between insurers and governments, as insurers and reinsurers alone may be constrained by capital.

Warranty and Indemnity Insurance

Warranty and indemnity insurance is being used more frequently in commercial transactions, as are other bespoke transactional products such as litigation buyout policies.

Addressing the Emerging Risks

Cyber-insurance is a relatively new product on the Irish market but has grown in popularity, with a number of insurers offering new cyber-products in Ireland. However, Domhnall Cullinan, the director of insurance supervision at the CBI, recently voiced concern about the Irish market’s positioning to take advantage of this growth area, stating: “The Irish insurance industry doesn’t find itself as a large provider of capacity in the international market… without appropriate pricing and adequate reserving and the right expertise to underwrite the risk.”

EIOPA noted that almost 70% of SMEs are not covered for cyber-attack risks. In September 2023, EIOPA launched a survey on access to cyber-insurance by SMEs in order to better understand the difficulties small businesses face in protecting themselves from cyber-risks and to assess the level of access to cyber-insurance. The results will help to identify the potential barriers, which may lead to complete exclusion, and address them more appropriately.

Health Insurance (Amendment) Act 2023

On 14 December 2023, the Health Insurance (Amendment) Act 2023 was signed into law by the President. The Act will:

  • amend the Health Insurance Act 1994 (the “1994 Act”) to specify the amount of premium to be paid from the Risk Equalisation Fund in respect of certain classes of insured persons from 1 April 2024;
  • amend the 1994 Act to specify the amount of the hospital utilisation credit applicable from 1 April 2024;
  • specify the amount and percentage for the purpose of definitions relating to high-cost claims;
  • make a consequential amendment to the Stamp Duties Consolidation Act 1999; and
  • provide for related matters.

Courts and Civil Law (Miscellaneous Provisions) Act 2023

Within the Courts and Civil Law (Miscellaneous Provisions) Act 2023, of key note for insurers are the amendments to the Occupiers’ Liability Act 1995 reforming the duty of care. These amendments are a key action in the Government’s Action Plan on Insurance Reform and include:

  • inserting into primary law a number of recent court decisions that rebalance the duty of care owed by occupiers to visitors and recreational users;
  • changing the standard to clarify that, when the occupier of a property has acted with reckless disregard for a visitor or customer, it is the standard of reckless disregard rather than reasonable grounds that should apply in relation to any consideration of liability;
  • limiting the circumstances in which a court can impose liability on the occupier of a premises where a person has entered into premises for the purpose of committing an offence; and
  • allowing for a broader range of scenarios where it can be shown that a visitor or customer has voluntarily assumed a risk resulting in harm.

The Health Insurance (Amendment) Act 2023 was signed into law on 5 July 2023.

Road Traffic and Roads Act 2023

On 4 August 2023, the Road Traffic and Roads Act 2023 (Commencement) (No 2) Order 2023 (SI No 392 of 2023) (the “Road Traffic and Roads Act 2023”) was published in Iris Oifigiúil, bringing the majority of the Act into effect. The Road Traffic and Roads Act 2023 addresses the use of e-scooters and e-bikes by introducing a new vehicle class – namely, “Personal Powered Transporters”.

Regulations on what criteria an e-scooter must meet to be used legally on public roads may now be commenced. E-bikes that go faster than 25 kilometres per hour and have more than 250 watts of power output will be classed as e-mopeds and require a licence, registration, tax and insurance in order to be used on public roads. Such rules are expected to come into force in early 2024.

Heightened Regulatory Scrutiny

Review of the CPC

In October 2022, the CBI launched its review of the CPC. The review has three phases. Phase 1 is a discussion paper on the review and the feedback received. This will inform Phase 2, which is a public consultation on the CBI’s proposed updates and improvements to the CPC, and the necessary draft regulations. In Phase 3, the CBI will publish the updated CPC, supporting regulations, and a feedback statement clarifying the CBI’s approach to the updated CPC.

In July 2023, the CBI released an Engagement Update following its discussion paper. The CBI confirmed that effective implementation of the CPC can be best achieved through the introduction of a revised CPC in 2024, with further enhancements in 2025. Phase 2 is expected to commence in January 2024. Once concluded, the revised CPC will be published.

New Material Business Line PCF

A new Material Business Line Pre-Approval Control Function (PCF) has been introduced for insurance undertakings pursuant to the Central Bank (Individual Accountability Framework) Act 2023 (the “IAF Act”). It is applicable to an individual with significant influence over the performance of a material business line that:

  • has gross total technical provisions (positive or negative) equal to or in excess of EUR10 billion; or
  • accounts for 25% or more of the insurance undertaking’s gross earned premium, if that gross earned premium is above EUR1 billion per annum.

POG thematic inspection

In H2 2022, the CBI carried out a thematic inspection of POG arrangements in a selection of non-life insurance undertakings to assess the current level of controls, processes and systems in place in relation to POG arrangements. The CBI identified a number of key themes – namely, board oversight, risk management, policy wording, and protection gaps.

In June 2023 the CBI published its findings and highlighted its expectation that (re)insurance undertakings:

  • have robust processes in place to ensure they are continuously aware of the cover they provide and have a full understanding of their exposures; and
  • continuously assess exposures that could arise as a result of new and emerging risks such as silent cyber-exposures, climate change risks, and other systemic risks).

In June 2023, EIOPA published a peer review on POG that focused on how national competent authorities (NCAs) are supervising the application of POG requirements by insurance manufacturers. Ireland fell into the “NCAs broadly meeting expectations” category, with only one recommended action. EIOPA recommended that Ireland take action within the area of “setting and communicating supervisory expectations”. It recommended that the CBI formulate and communicate a comprehensive set of supervisory expectations covering all the elements of POG requirements in a formal manner or via supervisory dialogues. They also recommended that the CBI follow up on these expectations by challenging the effectiveness of POG arrangements by supervised entities based on these expectations.

CBI publishes report on data ethics within insurance

In August 2023, the CBI published a report on its “Data Ethics Within Insurance” research project, as part of the CBI’s research into how the advancements in digitalisation creates both opportunities and risks for the insurance industry. The report was based on the use of Big Data and Related Technologies (BD&RT) and aimed to improve understanding of how BD&RT is used, the extent of its use within the industry, and the ethical considerations that it raises.

The report outlined a number of benefits and risks both for consumers and firms. The benefits actioned were:

  • enhanced claims processing and resolution;
  • enhanced consumer engagement;
  • more personalised products, services and pricing; and
  • lower administration and operational costs.

The potential risks included:

  • issues with the use and management of data;
  • issues with design and use of technology;
  • accountability issues;
  • outsourcing; and
  • cyber and security issues.

The report also considered how data ethics specifically was being incorporated into firms’ governance and risk management system. The CBI stressed that ethical matters must be more explicitly considered and that engagement at board and senior management level is essential and more transparent BD&RT responsibilities are required.

Regulation and supervision priorities for 2023

In February 2023, the CBI issued a “Dear CEO” letter outlining its key regulation and supervision priorities for 2023. The CBI reiterated that it will maintain a risk-based approach to regulation and supervision. Domhnall Cullinan outlined the following insurance-specific supervisory priorities in the CBI’s March 2023 newsletter.

  • Individual accountability – Domhnall Cullinan noted it will “have serious implications for insurers”.
  • Climate change – the CBI will utilise the heat map for climate risk within insurers to focus its efforts on the firms that the CBI views as having the highest climate exposure. The CBI’s natural catastrophe (“NatCat”) project focuses on whether NatCat modelling is adequate, whether it is properly modelled for Irish-specific risks, and whether NatCat modelling takes climate risk into account.
  • Consumer interest – the CBI will build on the work undertaken in 2022 on value for money in unit-linked products to see if there are any outliers in terms of charging. A thematic review will be undertaken on the EIOPA Supervisory Warning on Credit Protection Insurance.
  • Operational resilience – Domhnall Cullinan noted the importance of the CBI’s Cross-Industry Guidance on Operational Resilience and of DORA.
  • Inflation – insurers need to be mindful of “the impact of inflation on costs, claims, operating expenses and allowances made for reserving in existing business”.
  • Cyber-risk – see 11.2 New Products or Alternative Solutions.

Individual accountability

The IAF Act was enacted on 9 March 2023 and aims to support the advancement of an improved culture in the Irish financial system through greater accountability in the regulated sector.

The four key pillars of the IAF are:

  • conduct standards that set out the behaviour the CBI expects of firms and the individuals working within them;
  • a Senior Executive Accountability Regime (SEAR) (akin to the Senior Managers Regime in the UK), which places obligations on certain firms and senior individuals to set out where responsibility for decision-making lies in their business to ensure clearer accountability;
  • enhancements to the current F&P regime; and
  • a unified enforcement process, enabling the CBI to pursue individuals directly for their own misconduct rather than having to link the misconduct to their participation in a regulatory breach by their firm.

Key dates

From 29 December 2023, Conduct Standards and amendments to the F&P regime will apply. SEAR will apply from 1 July 2024 but will only be applicable to (independent) non-executive directors from 1 July 2025. From 1 January 2025, confirmation of compliance of the certification process in respect of PCFs and controlled functions will apply. The Business Standards are being considered as part of the CBI’s above-mentioned CPC review.

For more details on the implementation of the IAF, please see the CBI’s feedback statements and final guidance in respect of the IAF and the Administrative Sanctions Procedure, issued on 15 November and 13 December respectively.

CBI publishes guidance for (re)insurance undertakings on climate change risk

In March 2023, the CBI published its final Guidance for (Re)Insurance Undertakings on Climate Change Risk. It aims to clarify the CBI’s expectations on how (re)insurers address climate change risks in their business and to assist them in developing their governance and risk management frameworks to do this. The guidance was accompanied by a feedback statement setting out the CBI’s views on the submissions received in respect of a consultation paper (CP151) on the draft guidance.

The guidance applies to authorised (re)insurers, including captive (re)insurers and third-country branches. The guidance confirms that it does not introduce new requirements for (re)insurers in relation to climate change risk. Rather, the CBI is clarifying its expectations on compliance with the existing Solvency II prudential requirements that are relevant to climate change risk.

CBI publishes guidance for (re)insurance undertakings on IGTs and exposures

In January 2023, the CBI published its final Guidance on (Re)Insurance Undertakings on Intragroup Transactions and Exposures. The guidance was accompanied by a feedback statement setting out the CBI’s views on the submissions received in respect of consultation paper (CP150) on the draft guidance.

The guidance sets out the CBI’s expectations of (re)insurance undertakings regarding intragroup transactions (IGTs) and exposures. The CBI introduced this guidance for the following reasons: “Many (re)insurers established in Ireland are part of large international (re)insurance groups and benefit from synergies and cost efficiencies that arise from being part of a group. However, material IGTs may expose a (re)insurer to high levels of concentration and other risks. Therefore, the CBI believes that the management and supervision of material IGTs merits special attention”.

The feedback statement noted that the guidance “does not introduce new requirements on (re)insurers; rather, it clarifies the CBI’s expectations in relation to a (re)insurer’s compliance with existing legislation and domestic requirements”.

The guidance focuses on the most significant exposures observed by the CBI – ie, intragroup assets, intragroup reinsurance and cash pooling/treasury function arrangements. It applied from 30 January 2023.

CBI updates General Good Rules for insurance distributors operating in Ireland on a cross-border basis

The CBI’s “General Good Rules” document sets out the general good rules that (re)insurance distributors must adhere to when operating in Ireland on a cross-border basis, in accordance with Article 11 of the IDD. The list is indicative and without prejudice to other general good rules (codified or not) that are applicable to regulated entities in Ireland. In April 2023, the CBI published its updated General Good Rules, which introduced a number of changes to the list – most of which reflected requirements arising under CICA.

Matheson LLP

70 Sir John Rogerson’s Quay
Dublin 2

+353 1 232 2000

+353 1 232 3333
Author Business Card

Trends and Developments


Matheson LLP was established in 1825 in Dublin and has offices in Cork, London, New York, Palo Alto and San Francisco. The firm employs more than 800 people across its six offices, including 120 partners and tax principals as well as 540 legal, tax and digital services professionals. Matheson services the legal needs of internationally focused companies and financial institutions doing business in and from Ireland. The firm counts more than half of the world’s top 50 banks, seven of the world’s ten largest asset managers and nine of the top ten most innovative companies in the world among its clients and has advised the majority of Fortune 100 companies. The team’s expertise is spread across more than 30 practice groups, including finance and capital markets, insolvency and corporate restructuring, asset management and investment funds, commercial real estate, litigation and dispute resolution, insurance and tax.

A Guide to Ireland’s Individual Accountability Framework Regime

The international trend towards regulating individual accountability and consumer-centric cultures in financial services has been gaining momentum for many years now, with Ireland playing its own role in that developing trend. This piece considers the recent adoption of the Central Bank (Individual Accountability Framework) Act 2023 (the “IAF Act”), related regulations and the Central Bank of Ireland (CBI)’s Guidance on the Individual Accountability Framework (IAF) ‒ collectively referred to as the “IAF Regime”.

Background to the IAF

The context and primary catalyst for the IAF Act was the Great Financial Crisis of 2008, its aftermath, and the significant failings in the domestic banking sector ‒ in particular, the treatment of tracker mortgages by the Irish retail banks. This resulted in the Minister for Finance and Public Expenditure and Reform mandating the CBI to consider and report on the behaviour and culture of the Irish retail banks, providing the CBI with the platform to set out a proposal for the introduction of the IAF. In its report, the CBI made it clear that, without the adoption and implementation of the IAF, “the likelihood of profound cultural change in the regulated financial services sector [would be] reduced”.

The CBI, in crafting the IAF, has confirmed that it was influenced by the experience of other global regulators that had adopted similar regimes. The individual accountability regime in the UK was considered to be of particular relevance to the design of the new Irish regime. The Senior Managers and Certification Regime (SMCR), as it is called, is considered to be a very successful regulatory regime by all impacted stakeholders ‒ with a clearly organised set of requirements focused on conduct, good governance and individual accountability. Like other jurisdictions, Ireland has taken a number of the aspects of the SMCR and appropriately adapted them for application in the Irish financial services market.

Following many years of negotiation and pre-legislative scrutiny, the IAF Bill was published by the Department of Finance in the summer of 2022. In addition to the historical context and rationale provided by the aftermath of the financial crisis, it is important to note that both the Department of Finance and the CBI framed the discussion and debate in a future-focused manner in order to ensure a customer-focused approach to the provision of financial services and products, robust governance in financial services firms and clear organisational structures designed to promote accountability, transparency and allocation of responsibilities to individuals and across relevant firms.

The progress of stakeholder engagement (including with the Attorney General’s Office) to ensure the constitutional robustness of the proposed legislation ‒ combined with legislative debate and consideration in both Houses of the Oireachtas ‒ resulted in the enactment of the IAF Act on 9 March 2023. Contemporaneously, the CBI launched a three-month consultation on the implementation of the IAF (including the publication of draft regulations and guidance and a feedback statement on same) and the final regulations and guidance were published on 16 November 2023.

Implementation of the IAF Regime commenced with compliance of the Conduct Standards and the enhancements to its Fitness and Probity (F&P) Regime on 29 December 2023. Senior Executive Accountability Regime (SEAR) compliance for in-scope firms will follow on 1 July 2024 (save for independent non-executive directors and non-executive directors whose compliance has been deferred until 1 July 2025).

IAF pillars

The IAF Regime, as delineated in the IAF Act, CBI Regulations and CBI Guidance, is designed “to improve governance, performance, and accountability in firms by establishing a framework of enhanced clarity as to who is responsible for what within firms”, according to Derville Rowland, Deputy Governor of the CBI. He states that “it also clarifies the standards to be met by individuals holding these responsibilities, with a particular focus on senior executives”.

The pillars of the IAF Regime are as follows.

  • SEAR ‒ the aim of SEAR is to overcome the difficulties the CBI has noted that it often encounters in identifying precisely who is in charge of which decisions within firms. In-scope firms (initially credit institutions, insurance undertakings, significant investment firms and incoming third-country branches) must identify and allocate to each Pre-Approval Controlled Function (PCF), in the first instance, inherent responsibilities pertaining to the PCF role itself ‒ as well as, secondly, allocated responsibilities pertaining to the business of the firm. Firms must also map out the roles, responsibilities and decision-making powers of these individuals. Aligned with this is a statutory duty of responsibility on these PCF role holders that requires them to take any steps that are reasonable in the circumstances to avoid a contravention by the firm of its obligations under financial services legislation in relation to an aspect of the firm’s affairs for which the PCF role holder is responsible under SEAR.

These firms must also create statements of responsibilities and responsibility maps pertaining to the firm, describing their governance arrangements and demonstrating clearly that there are no gaps.

  • Conduct Standards ‒ Common Conduct Standards are basic standards such as acting with honesty and integrity, with due skill, care and diligence, and in the best interest of customers. They apply to individuals in all regulated firms. Senior executives also have Additional Conduct Standards related to running the part of the business for which they are responsible.

Finally, the Conduct Standards also include Business Conduct Standards, the development and detailed articulation of which will accompany the outcome of the ongoing Consumer Protection Code review currently being undertaken by the CBI.

  • Enhancements to the current F&P regime ‒ this will include clarifying firms’ obligations to proactively certify that individuals carrying out certain specified functions are fit and proper. The F&P regime has also been expanded to include certain categories of holding companies established in Ireland.
  • Breaking of the “Participation Link” ‒ this removes the previous requirement for the CBI to prove an infringement or contravention against a firm before pursuing an individual who participated in the decision-making that led to the infringement or contravention.
  • Amendments to the Administrative Sanctions Procedure (ASP) ‒ in addition to the changes necessitated in order to give effect to the breaking of the “Participation Link”, changes were also required to the ASP in order to reflect the Supreme Court decision in Zalewski v WRC & the AG (2021) IESC. This included placing the ASP on a statutory footing, the provision of a High Court confirmation of a settlement agreement entered into between the CBI and a person by consent, the requirement to have a statutory list of relevant considerations that inform the CBI’s determination of a sanction on an individual, as well as ensuring that there is independence between the investigative and inquiry stages of an ASP.

Taken singularly and together, these components of the IAF Regime seek to:

  • act as a driver for recognition of responsibilities by individuals in order to mitigate the risk of misconduct by firms and deliver better outcomes for consumers;
  • introduce Conduct Standards for Controlled Function (CF) roles in all firms, which will provide a sense of shared values and will empower staff within firms to question or challenge how firms go about their business;
  • clarify the lines of responsibility and decision-making processes within relevant firms;
  • build on the CBI’s existing powers and enhance the CBI’s ability to hold senior executives and other individuals to account;
  • bring efficiencies to the supervisory and enforcement work of the CBI by ensuring greater transparency in terms of who is responsible for what and how roles and responsibilities work together; and
  • improve governance and culture across the financial sector.

Additionally, the CBI has articulated the view that should individuals and firms own the IAF Regime and their obligations thereunder ‒ in a true spirit of adherence and compliance, noting the importance of proportionality and reasonableness embedded within the framework ‒ then fewer infringement and contravention issues will arise in the conduct or individual responsibility sphere. This will also mean fewer enforcement actions will need to be taken by the CBI and, if firms and individuals can demonstrate compliance, arguably less intrusive supervision in this sphere.

Important factors in the implementation of the IAF Regime

As the IAF Regime moves into the implementation phase, it is worth reflecting on some of the key considerations and issues. The following observations will be of importance when it comes to implementing the IAF Regime.


The IAF is a principles-based regime, designed to deliver the policy design and direction outlined earlier. It has been acknowledged by the CBI that a one-size-fits-all regime will not be effective. As such, firms have the flexibility to adapt the IAF Regime to their organisation, governance, culture and operations that are in place today, with the duty to ensure the expected Conduct Standards and levels of responsibility meet the requirements of the IAF Regime.


Proportionality is a much-referred-to concept within the IAF Regime. This is welcome and reflects the fact that the regime is not intended to be a theoretical standard with which all firms (regardless of nature, scale and complexity) would have to comply. However, it is important that ‒ where proportionality is asserted ‒ time is taken to document this, in order for the regulator to understand how individuals and firms are seeking to comply with the IAF Regime so as not to give a false impression of non-compliance or avoidance.

Definitive compliance

Definitive compliance will not be achieved by the deadlines of 29 December 2023 or 1 July 2024, as this regime is intended to be lived by individuals and remain adaptive to the evolving nature, scale and complexity of circumstances and issues that the financial services sector presents. While the CBI has acknowledged that there will be an effort and financial outlay involved in achieving compliance with the IAF Regime, they have also reduced reporting burdens ‒ for example, the reporting requirement at the conclusion of a disciplinary procedure in respect of the Conduct Standards. This exemplifies that changes should be expected as implementation progresses to embeddedness and that this will occur both with firms and in respect of the supervisory expectations of the regulator.

Conduct Standards

The introduction of Conduct Standards in the codified form of the IAF Regime means that they take the form of positive, enforceable legal obligations on individuals to act in accordance with a single set of standards of expected behaviour. This is a material change, particularly for non-PCFs. It will also continue to be a key consideration for firms across 2024, as providing training, awareness and guidance will be central to CFs understanding their responsibilities and complying with the requirements of the IAF Regime. In addition, although “Statements of Responsibilities” are initially thought of as a requirement of the SEAR pillar of the IAF Regime, a version of these will likely be required for the Conduct Standards to address both regulatory and employment law requirements. Given the consequences of non-compliance for an individual, firms will need to ensure that roles, responsibilities and expectations are made clear under the Conduct Standards as well as under SEAR.

Broad application of Conduct Standards

Additionally, the scope of the Conduct Standards is such that individuals who are CFs in Irish firms ‒ but who are not directly employed by those entities ‒ are captured. This is particularly complex when an Irish firm is part of a large multinational group. Consequently, firms will have to consider the IAF Regime in the context of its outsourcing, shared services and operational resilience arrangements. In this regard, it is arguable that IAF artefacts required under SEAR (such as the Statements of Responsibilities and Management Responsibility Maps) might also be useful artefacts when seeking to illustrate or explain the oversight and control of outsourcing and shared services arrangements.


The concept of reasonableness is embedded in the IAF Regime. The CBI has acknowledged that human error can occur and that perfection is not the required standard. Rather, the standard will reflect an assessment of the steps that an individual took. The CBI will consider what steps an individual in that position could reasonably have been expected to take at that point in time. The reasonable steps taken should align with the day-to-day management of the CF holders’ respective area. Although perfection is not required, it is important that the individual can demonstrate the reasoning and approach to decision-making, so that they can demonstrate how the relevant judgment may have been reasonable at that time.

Further, the CBI also recognises the role of judgement exercised by those in senior roles in discharging their responsibilities and that ‒ with the benefit of hindsight ‒ even though that judgement may have turned out to be wrong in a given circumstance, it is clearly possible for that individual to demonstrate how that judgement may have been reasonable at the time. Accordingly, and in tandem with the consideration of what shape a reasonable steps regime will take both for individuals and firms, documentation of reasonable steps is also a key issue that should be considered in detail.

Collective decision-making

The expected standard of PCF/CF-1 role holders is to understand their role in the effective running of the business more broadly, including their obligations in relation to effective collective decision-making. As well as the importance of ensuring appropriate controls and processes are in place, the CBI also expects an individual to think more broadly and seek to create and/or contribute to an overall environment where the risk of a contravention is minimised. This expectation is crystallised in the question of individual versus collective responsibility and decision-making. This will be a very particular and detailed consideration for individuals and firms in order to ensure that the capacity in which a person is making a decision or contributing to a decision is specified. Although complex, it is important that the practice of collaboration and collective decision-making should not be limited by the IAF Regime. Nevertheless, individuals can be considered guilty of a prescribed contravention under the CBI Acts should a breach of the conduct standards occur.

Employment law

The IAF Regime will likely impact every inflection point of the employment life cycle and, as a result, will constitute a live consideration for both the HR function as well as compliance ‒ particularly in the first annual cycle of application. It would be prudent to proactively consider the challenges that the IAF Regime may pose to existing employment, reward and disciplinary proceedings.

In addition, where the CF nexus of connection to the firm is not by contract of employment but by the provision of services, the complexities of monitoring and maintaining outsourcing relationships will need to be reviewed to ensure that the relevant key performance indicators for such arrangements contemplate compliance with the IAF Regime (as appropriate).

F&P certification regime

One of the lessons garnered from the implementation of the SMCR was that the certification regime required significant effort as there was a material amount of work necessary to build a formalised certification regime. In its feedback statement to CP153, the CBI clarified its expectations with regard to ongoing due diligence. It has retained certain clarifications of its expectations, specifically:

  • due diligence is applicable to the entire CF population; and
  • all due diligence must be performed both on an initial and ongoing basis.

Importantly, the initial proposal to extend enhanced due diligence checks to CF-3 to CF-11 roles has been removed. The majority of due diligence in relation to the certification process for PCF, CF-1 and CF-2 roles must be assessed by the firm/holding company itself. Self-certification is permitted by CF-3 to CF-11 roles in respect of minimum competency code, regulatory and bankruptcy/judgment searches. This is a welcome clarification and will reduce some of the effort initially estimated as being required to ensure compliance. That being said, the annual mechanics of the certification process is likely to take some time to design and implement in each firm.


The application and implementation of the IAF Act marks the conclusion of a detailed and involved consultation, legislative and drafting period in which the government, the CBI and the financial services sector considered the key pillars of individual accountability across financial services in Ireland. The implementation and embedding of the IAF Regime has now begun and will, no doubt, present questions and challenges for firms, individuals and the CBI alike. With this in mind, the authors hope that all parties will, in the words of CBI Deputy Governor Gerry Cross, “work in the right spirit to deliver over the coming periods”.

Additionally, the CBI has committed to a review of the IAF Regime three years after its implementation. This should provide sufficient time to gauge the effectiveness of the core elements of the IAF Regime and to allow the CBI to then act to take any necessary steps to amend/update the regime in light of its findings. In the meantime, it is hoped that the IAF Regime will effectively contribute to improving the public trust in financial institutions, producing better outcomes for consumers and enhancing Ireland’s reputation as a global financial services centre.

Matheson LLP

70 Sir John Rogerson’s Quay
Dublin 2

+353 1 232 2000

+353 1 232 3333
Author Business Card

Law and Practice


Matheson LLP was established in 1825 in Dublin and has offices in Cork, London, New York, Palo Alto and San Francisco. The firm employs more than 800 people across its six offices, including 120 partners and tax principals as well as 540 legal, tax and digital services professionals. Matheson services the legal needs of internationally focused companies and financial institutions doing business in and from Ireland. The firm counts more than half of the world’s top 50 banks, seven of the world’s ten largest asset managers and nine of the top ten most innovative companies in the world among its clients and has advised the majority of Fortune 100 companies. The team’s expertise is spread across more than 30 practice groups, including finance and capital markets, insolvency and corporate restructuring, asset management and investment funds, commercial real estate, litigation and dispute resolution, insurance and tax.

Trends and Development


Matheson LLP was established in 1825 in Dublin and has offices in Cork, London, New York, Palo Alto and San Francisco. The firm employs more than 800 people across its six offices, including 120 partners and tax principals as well as 540 legal, tax and digital services professionals. Matheson services the legal needs of internationally focused companies and financial institutions doing business in and from Ireland. The firm counts more than half of the world’s top 50 banks, seven of the world’s ten largest asset managers and nine of the top ten most innovative companies in the world among its clients and has advised the majority of Fortune 100 companies. The team’s expertise is spread across more than 30 practice groups, including finance and capital markets, insolvency and corporate restructuring, asset management and investment funds, commercial real estate, litigation and dispute resolution, insurance and tax.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.