Domestic

Remarks by Gerry Cross at CBI’s DORA Industry Briefing

On 6 November 2024, Gerry Cross, Director of Financial Regulation, Policy and Risk at the Central Bank of Ireland (CBI), delivered a speech at the Digital Operational Resilience Act (DORA) Industry Briefing hosted by the CBI.

A very important focus for the CBI, outlined by Mr Cross, is to: “contribute to promoting continuing strong convergence in how competent authorities across the Union implement and supervise the new DORA framework”. Noting that the CBI is in “transformation” as they develop their supervisory approach, he outlined that the CBI is “moving to an integrated supervisory framework where directorates with oversight of banks, insurance companies and capital markets will be responsible for the supervision of all the aspects in their respective sectors”. This will mean that the CBI will have a “more integrated approach” to their “supervision of soundness, consumer, and financial crime aspects” and “this will be buttressed by enhanced horizontal, cross-sectoral, supervision”. He added that this will include an enhanced team dedicated to operational resilience who will work with sectoral supervisors to ensure the CBI’s “high quality approach to DORA implementation”. From January 2025, he said, the CBI’s ICT supervision will be conducted in-line with DORA.

Commenting on the new EU oversight regime for critical third-party services (CTPP), Mr Cross noted that this does not mean that such third parties are to be regulated firms. “Rather”, he said, “it means that given their increasingly important and integrated role in the financial system, financial regulators shall collectively led by the European Supervisory Authorities have oversight of such providers, including of course the right of inspection.” He added that a key aspect of this new oversight regime will be the initial designation of CTPPs.

Finally, Mr Cross also noted that for firms subject to DORA’s advanced threat-led penetration testing, the CBI will hold dedicated workshops for those entities that are identified as being in scope. He confirmed that these invites should issue in the coming weeks.

Minister for Finance gives effect to EU regulation on Markets in Crypto-Assets

On 7 November 2024, the European Union (Markets in Crypto-Assets) Regulations 2024 (the Regulations) were signed into law and came into operation on 6 November 2024. The Regulations:

• designate the CBI as the National Competent Authority
• outline the administrative penalties and measures for regulated and non-regulated financial service providers
• specify the duration of the transition period for firms that provided crypto services before 30 December 2024

Governor Makhlouf delivers keynote speech at Financial Services Ireland

On 20 November 2024, Governor Gabriel Makhlouf of the CBI addressed Financial Services Ireland in a keynote speech. Governor Makhlouf addressed the topic of 'The Role of Financial Services in the Irish Economy'. He emphasised the importance of trust and resilience in ensuring a well-functioning financial system.

Governor Makhlouf noted the role of the CBI in designing and regularly reviewing regulation and shared the view that de-regulation is not the answer to economic challenges facing the financial system. He emphasised the role of the financial system in providing benefits for consumers, businesses and the wider economy but warned of the significant social and economic harm that can come about through failures. He called on the sector and encouraged their participation in relation to the development of fintech and climate finance in cooperation with the regulatory role of the CBI.

European

Commission notice on the Disclosures Delegated Act published in the Official Journal of the EU

On 8 November 2024, the European Commission (the Commission) published in the Official Journal of the EU a Commission Notice (the notice) on the interpretation and implementation of certain legal provisions of the Disclosures Delegated Act under Article 8 of the EU Taxonomy Regulation on the reporting of taxonomy-eligible and taxonomy-aligned economic activities and assets.

The purpose of the notice is to provide further interpretative and implementation guidance to financial undertakings in the form of replies to frequently asked questions (FAQs) on the reporting of their KPIs under the Disclosures Delegated Act. The FAQs originate from the stakeholders subject to the reporting requirements, the Platform on Sustainable Finance and national and European supervisory authorities. Through this notice, the Commission intends to facilitate the compliance of stakeholders with the regulatory requirements in a cost-effective way and to ensure the usability and comparability of the reported information for scaling up sustainable finance.

The ESAs announce timeline to collect information for the designation of critical ICT third-party service providers under DORA

On 15 November 2024, the ESAs published a decision on the information that competent authorities are required to report for the designation of critical ICT third party service providers (CTPPs) under DORA (the decision). The decision provides a framework for the annual reporting to the ESAs of the information required for the designation of CTPPs.

Competent authorities are required to submit the registers of information from financial entities by 30 April 2025. Competent authorities are expected to require this information from financial entities before 30 April 2025 in order to meet to deadline for submission to the ESAs. The framework also addresses timelines and frequency of reporting, procedures for submission and confidentiality and access rules to protect sensitive information.

The ESAs publish joint guidelines on the system for the exchange of information relevant to fit and proper assessments

On 20 November 2024, the European Supervisory Authorities (the ESAs) published the final report on joint guidelines on the system established by the ESAs for the exchange of information relevant to the assessment of fitness and propriety of holders of qualifying holdings, directors and key function holders of financial institutions and financial market participants by competent authorities. The joint guidelines provide guidance on the exchange of relevant data and how to use the ESAs information system, a cross-sectoral database created to assist competent authorities to share information.

The ESAs publicly consulted on the draft joint guidelines twice. The first consultation period received two responses and the second which ended in 15 January 2024, did not receive any responses. The guidelines will apply following their publication in the official journal with the exception of certain provisions whose application will be delayed.

ECB Blog published on non-bank financial intermediation

On 28 November 2024, the Eurosystem set out its views on a macroprudential approach for non-bank financial intermediation (NBFI). This is in response to a European Commission consultation on macroprudential policies for NBFI, which was launched on 22 May 2024 and closed on 22 November 2024. The aims of the consultation were to:

1. identify the vulnerabilities and risks of NBFIs and map the existing macroprudential framework for NBFIs
2. gather feedback on the current challenges to macroprudential supervision and discuss areas for further improvement

In a blog for the European Central Bank (ECB), the authors of the response set out their priorities for developing a macroprudential approach for the NBFI sector in Europe:

1. Swiftly implement the international reforms for regulating NBFI that have recently been agreed. This includes reforms to enhance the resilience of money market funds, as well as the Financial Stability Board’s 2023 recommendations to address vulnerabilities from liquidity mismatch in open-ended funds. In addition, they say that new macroprudential tools are needed – complementing the existing toolkit for NBFI – to prevent the rise of systemic vulnerabilities in key parts of the sector.
2. System-wide stress tests in Europe to identify and quantify risks to the resilience of core markets. These tests would assess how different market participants react to adverse shocks and how their collective actions might affect system-wide risk.
3. Effective governance arrangements. They say that this can be achieved by enhancing the mechanisms for co-ordination between European and national authorities responsible for macroprudential policy and supervision. Adopting similar macroprudential policy measures across jurisdictions where needed (via reciprocation) should be a key element of this. An additional mechanism to enhance coordination across the EU, they say, would be to grant the European Securities and Markets Authority (“top up”) powers to request the implementation of macroprudential measures - in collaboration with national authorities and after consulting with the European Systemic Risk Board - if there is a need to do so.
4. Monitor and adjust the scope of NBFI regulations. This includes improving access to data and assessing risks in asset management activities beyond the traditional focus on regulated investment funds, such as family offices or the delegation of investment decisions via discretionary mandates. It also means addressing systemic risks with a comprehensive approach, incorporating both an entity and activity-based perspective.

For more information on these topics plpurport ease contact any member of A&L Goodbody's Financial Regulation Advisory team.

This publication provides an overview of certain legal and regulatory developments that may be of interest to certain entities. It does not purport to provide analysis of law or legal advice and is strictly for information purposes only.