Financial Services Regulation and Compliance – General Cross Sectoral December 2022

Domestic

Consumer Rights Act 2022 (Commencement) Order 2022 [S.I. No. 596 of 2022]

On 2 December 2022, the Consumer Rights Act 2022 (Commencement) Order 2022 [S.I. No. 596 of 2022] was published in the Iris Oifigiúil. The Act transposes into Irish law the Revised Sale of Goods Directive, the Contracts for the Supply of Digital Content and Digital Services Directive and the so-called ‘Omnibus Directive.

Central Bank (Individual Accountability Framework) Bill 2022 (stage updated 28 December 2022)

In December 2022, the IAF Bill 2022 moved through the Committee Stage of Dáil Éireann. On 28 December 2022, it was published in Bill Digest which provides a summary of the proposed legislation. In the latest development being reviewed by the Dáil Committee, there have been some amendments to the fitness and probity regime and the administrative sanctions procedure. These include the removal of the Central Bank of Ireland (CBI) from the approval process for appointments to pre-approval controlled functions (PCFs) in a significant supervised entity (SSE) where such approval falls within the competence of the ECB.

It has also been clarified that CBI may suspend an individual from performing a controlled function (CF) role by issuing a suspension notice where it has imposed a prohibition. This may be issued pending High Court confirmation of the prohibition itself. Changes to the administrative sanctions procedure (ASP) include a confidentiality provision for the purposes of an investigation and/or investigation report and prior to drafting an investigation report a responsible authorised officer shall consider any relevant information or evidence gathered or received in the course of an investigation. The IAF Bill is still expected to be enacted in early 2023.

National Risk Assessment consultation begins

On 7 December 2022, the Government of Ireland published the National Risk Assessment – Draft List of Strategic Risks 2023 for public consultation. The consultation document outlines the proposed strategic economic, geopolitical, social, environmental, and technological risks facing Ireland over the short, medium, and long term. The drafted list of strategic risks has been created through a collaborative process with Government Departments and Agencies, building on previous National Risk Assessment exercises. The public consultation will be open for submissions until Friday 17 February 2023.

European

Anti-money laundering: Council agrees its position on a strengthened rulebook (1057/22)

On 7 December 2022, the Council agreed its position on an anti-money laundering regulation and new directive (AMLD6). The new EU anti-money laundering and combating the financing of terrorism (AML/CFT) rules will be extended to the entire crypto sector, obliging all crypto-asset service providers (CASPs) to conduct due diligence on their customers. This means that they will have to verify facts and information about their customers.

In its position, the Council demands CASPs to apply customer due diligence measures when carrying out transactions amounting to €1,000 or more, and adds measures to mitigate risks in relation to transactions with self-hosted wallets. The Council also introduced specific enhanced due diligence measures for cross-border correspondent relationships for crypto-asset service providers. An EU-wide maximum limit of €10,000 is set for cash payments, with Member states retaining flexibility to impose a lower maximum limit.

Third countries that are listed by the Financial Action Task Force (FATF), the international standard setter in anti-money laundering, will also be listed by the EU. There will accordingly be two EU lists, a ‘black list’ and a ‘grey list’, reflecting the FATF listings. The Council also set out how to identify and verify the identity of beneficial owners across types of entities, including non-EU entities. The package also foresees i.e. the clarification of outsourcing provisions, the clarification of the powers of supervisors, a minimum set of information to which all financial intelligence units (national centres for the receipt and analysis of suspicious transaction reports and relevant money laundering information) should have access, as well as improved cooperation among authorities.

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance) (Digital Operational Resilience Act (DORA))

On 14 December 2022, the final act was signed to amend Regulation (EU) 2022/2554 on digital operational resilience for the financial sector will enter into force on 16 January 2023. Member States have until 17 January 2025 to transpose the Directive into national law, which is also the date from which the Regulation will apply.

Proposal for a Directive (EU) 2022/… of the European Parliament and of the Council of 14 December 2022 amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital operational resilience for the financial sector (Text with EEA relevance) (2020/0268 (COD)) (Final act signed 14 December 2022)

The Final Digital Operational Resilience Act (DORA) was signed into law on 14 December 2022 and was published in the Official Journal on 27 December 2022. DORA will make sure the financial sector in Europe is able to stay resilient through a severe operational disruption. The European Supervisory Authorities (ESAs) – namely the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) – will develop the technical standards.

Commission Delegated Regulation (EU) 2022/2360 of 3 August 2022 amending the regulatory technical standards laid down in Delegated Regulation (EU) 2018/389 as regards the 90-day exemption for account access (Text with EEA relevance)

On 5 December 2022, there was published in the Official Journal Commission Delegated Regulation (EU) 2022/ 2360 of 3 August 2022 amending the regulatory technical standards laid down in Delegated Regulation (EU) 2018/389 as regards the 90-day exemption for account access. The Regulation shall enter into force on the twentieth day following its publication in the Official Journal.

European digital identity (eID): Council makes headway towards EU digital wallet, a paradigm shift for digital identity in Europe (1009/22)

On 6 December 2022, the Council adopted its common position on the proposed legislation regarding the framework for a European digital identity. The revised regulation aims to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication by means of a personal digital wallet on a mobile phone. To align the eID regulation and the Cybersecurity Act to the extent possible, member states will designate public and private bodies accredited to certify the wallet as provided in the Cybersecurity Act. The adoption of the general approach will allow the Council to enter negotiations with the European Parliament (‘trilogues’) with a view to reaching an agreement on the proposed regulation.

Christine Lagarde: Macroprudential policy in Europe: building resilience in a challenging environment

On 8 December 2022, President of the ECB and Chair of the European Systemic Risk Board (ESRB), Christine Lagarde welcomed the sixth annual conference of the ESRB with a focus on resilience. By identifying and addressing vulnerabilities ahead of time there is the opportunity to increase resilience of the financial system to shocks. Ms Lagarde highlighted the need for swift legislative action on addressing structural vulnerabilities in MMFs to allow non-banks to help strengthen our financial system’s capacity to withstand shocks. The volatility of crypto-assets and decentralised finance was mentioned in relation to the systemic risk arising from increasing interlinkages between the crypto ecosystem and the traditional financial system.

Sanctions imposed in response to the crisis in Ukraine

Since February 2022, the EU imposed a number of sanctions in response to the crisis in Ukraine. Given that the crisis is developing and sanctions are continuing to evolve, the CBI is publishing details of new restrictive measures/sanctions that are adopted in this regard, as well as any associated EU/UN guidance, on their dedicated webpage.