Financial regulation, technological innovation and change - Gerry Cross, Director of Policy and Risk

17 January 2018 Speech

Central Bank of Ireland

Speech to Association of Compliance Officers in Ireland Event: Are you Fit for FinTech?

Good afternoon ladies and gentlemen. I would like to thank the ACOI for the invitation to speak to you today. In my comments I will focus mainly on FinTech, as you might expect given the title of the seminar. In the Q&A session however, I will be happy to take questions on other issues including some of the wider policy priorities that the Central Bank has for 2018, which include FinTech but are of course wider than that.

New European Legislation

Let me start however with a few words about developments to date during 2018. Even though we are only mid-January, these have been significant.


MiFID II and MiFIR (MiFID II) came into force two weeks ago on 3 January 2018.

This is a moment of great consequence. It marks the culmination of more than seven years intense and detailed work to develop, and put in place this new framework which will fundamentally alter how financial firms and markets operate in Europe.

With the wide array of far reaching new requirements that it imposes in respect of such matters as pre-trade transparency, transaction reporting, product governance, best execution, inducements, etc, the implementation of MiFID II is a major challenge for the financial industry – and of course for the community of compliance officers represented by ACOI – and for financial regulators such as the Central Bank.

For the Central Bank of Ireland the implementation of MiFID is, beyond its general major importance, is also particularly timely for two other reasons.

Firstly, it coincides, more or less, with the restructuring of financial regulation at the Central Bank. As you will be aware - and indeed our new Deputy Governor for Prudential Regulation, Ed Sibley, spoke to an ACOI event on the matter quite recently - from the first of September last, financial regulation within the Central Bank has been divided into two pillars: one for Prudential Regulation and one for Financial Conduct Regulation.

The establishment of two financial regulation pillars in this manner was determined in order to organise ourselves optimally to meet the ever changing demands of effective financial regulation, of which the introduction of MiFID II is just one example. Another being the increasing role of European regulation generally in financial supervision and regulation and the organisational demands to which that gives rise – for example through our Membership of the SSM, our work in the European Supervisory Authorities (ESAs) etc.

The establishment of the two Pillars also allows us to clarify and organise ourselves optimally to achieve two broad objectives of financial regulation: (i) prudential soundness of financial firms and (ii) financial firms behaving as they should and in line with the interests of consumers and the wider market. Both of which also contribute to the financial stability mandate of the Central Bank.

So the introduction of MiFID II is particularly timely because, as one of the most significant pieces of European conduct regulation it coincides with our establishment of the Central Bank’s Conduct Pillar. It will be a central component of the work of this Pillar with its strong and clear focus on the manner in which financial firms, their management and staff, behave having regard to the interests of their customers, the fair, orderly and effective functioning of financial markets, and overall trust and confidence in the financial system.

Its introduction is also timely for coming at a moment when, as a result of Brexit, the number and types of firms carrying on MiFID-relevant financial services business in Ireland appears set to expand materially.

In terms of practical implementation, the Central Bank’s MiFIR transaction reporting system went live on 3 January 2018. While there is a reasonable volume of transactions being reported, volumes are at this early stage still lower than expected. The system is also forwarding files to the ESMA TREM system for other national competent authorities in respect of transactions in instruments for which the Central Bank is not the relevant competent authority.

There has been a high number of queries to the Transaction Reporting team in Securities Markets Supervision Division, which are being addressed promptly and mainly concern content validation errors.

We have commenced analysing the transaction data received; however, our analysis is limited by the missing instrument reference data, which is sending a lot of transactions into ‘Pending’ and validation errors resulting in large numbers of reports being rejected. Transaction reporting from 3 January 2018 is the legal requirement and I would encourage you to ensure your firm is meeting its obligations in respect of complete and accurate reporting.

Assessing investment firms’ adoption of the MiFID II requirements will be a key priority for the Central Bank, it will be achieved through targeted visits, full risk assessments and thematic reviews. We will leverage off the heat-mapping exercises and MiFID II preparedness questionnaire, which issued to investment firms; and which have provided a strong base for assessing firms’ compliance with MiFID II.

When analysing the information we received for Medium-High impact firms the following key impact areas were identified, Transaction Reporting, Research and Inducements, Product Governance and Suitability and Appropriateness. Product governance and independent vs. non-independent advice were the key impact areas for Medium-Low and Low impact firms.

Payments Services Directive 2 (PSD2)

PSD2 is a second new significant regulatory framework to have come into force since the start of the year. It came into effect just last Saturday, 13 January 2018. It was introduced in Ireland through the Payment Services Regulations 2018.

The introduction of PSD2  marks the biggest single development in European payment regulation and will pave the way for access to customer and account data by payment institutions.

PSD2  aims to provide for the further development of a better-integrated internal market for electronic payments within the EU, including fostering further competition in FinTech and payments. It seeks to open up payment markets to new entrants, which it is hoped will lead to more competition, greater choice and better prices for consumers.

It puts in place a comprehensive framework for payment services, with the goal of making electronic retail payments within the EU easy, efficient and more secure. The new rules seek to:

  • Make it easier and safer to use internet payment services.   
  • Better protect consumers against fraud, abuse, and payment problems.   
  • Promote innovative mobile and internet payment services.   
  • Strengthen consumer rights.

PSD2  enhances regulatory oversight and increases consumer protections. These include more detailed reporting requirements applicable to all providers offering payment services, new authorisation requirements for payment institutions, and new security requirements that require payment service providers to apply strong customer authentication measures to remote and online payment transactions. These reforms provide a strong platform for consumer-focused innovation in payment services across the EEA, including facilitating new entrants and new types of payment service provider. It represents a very good example of the balanced interaction of regulatory protections and the facilitation of innovation and new developments.

Needless to say, the implementation of PSD2  will bring significant changes and challenges to those operating in the payments sector. The Central Bank has been working both internally—in preparing our processes, procedures and systems to reflect the changes required by PSD2  in the authorisation, supervisory and reporting areas—and externally with the Department of Finance and the relevant EU bodies to assist with the preparation of the Regulations and supporting the development of technical standards and guidelines.


Last but most certainly not least, the Packaged Retail and Insurance-based Investment Products (PRIIPS) Regulation has also came into effect at the start of 2018. The requirements of this framework have greatly improved the quality, accessibility and, importantly, comparability of information that customers across Europe receive when investing in these products. This is a significant development which we at the Central Bank very much welcome.


Turning now to the main theme of today’s event: financial technology and innovation. It is safe to say that technology is a key issue for all stakeholders in the financial services area. Looking forward, it is impossible to predict with certainty the future path of technological innovation. What is clear, however, is that new and innovative applications of technology will continue to transform financial services.

In a competitive market, innovation is central in delivering increased value for customers. That is clear. Innovation is a key factor in achieving sustainable growth and improved outcomes.

At the same time, innovation poses challenges. It can bring new risks and it can modify existing risks. As I have said before, innovation is good; however not all innovation is good, and not all good innovation is done well. And therein lies the challenge for regulators.

As a regulator, making the right judgements and striking the right balance is of critical importance and in this context requires careful and detailed thought. With that in mind, we at the Central Bank are currently engaged in an internal review of our approach to innovation and technology. During the course of the next few months, you can expect us to say more about our approach in this area.

Amongst the things we are thinking about and will wish to communicate further on are:

  • In the context of our mandate, how regulation should take account of the benefits of innovation and competition.
  • The interaction of the regulatory and tech communities.
  • How technological innovation can enhance the quality and efficiency of supervision.
  • The key areas of technological innovation that are relevant for financial services activities in Ireland.
  • Understanding the nature, benefits, and risks of different areas of innovation and developing an appropriate regulatory approach.
  • Understanding the nature, benefits, and risks of technological innovation for currently regulated firms and adapting our approach accordingly.

In carrying out this work we are very conscious that similar work has been, or is being done, in a number of regulatory authorities both in Europe and internationally. We are examining the different approaches developed by our colleagues in these authorities and will use that analysis as an important contribution to the determination of our own approach.

The European Commission and the European Supervisory Authorities will also be active in this space during 2018. I will say more about this in a moment.

Some Central Bank work to date

While FinTech and innovation will be important topics for the Central Bank to consider during 2018, we have not been inactive during the recent period. Far from it. During 2017 we have been working hard; for example in seeking to develop a clearer picture of FinTech activity in Ireland with a view to better understanding the implications for regulatory policy and supervisory activity. In particular a cross-sectoral working group within the Central Bank has been working to develop a picture of current FinTech activity in the Irish context. This work has been carried out both by drawing on our in-house knowledge but also by engaging with industry and commercial providers, including start-ups and incumbents, and support providers such as incubators and accelerators.

While this work is very much preliminary and, to an extent, partial, nonetheless it is useful in identifying the range of areas in which FinTech is happening in Ireland. These include (in no particular order):

  • Payments
  • RegTech
  • Markets and Exchanges
  • Other infrastructure
  • Deposits and Lending
  • Investment and Advice
  • Insurance
  • Analytics
  • Capital Raising

There appears to be a greater focus on some of these areas than others.

We have also identified the important support ecosystem that exists for start-ups and early stage FinTech and innovation enterprises. There is a significant presence in the jurisdiction of incubators and accelerators.

Business models of FinTech firms include both business-to-business and business-to-consumer. Moreover it appears that there is a material degree of collaboration between incumbent financial services firms and FinTechs. Finally it appears that within the FinTech sector there is a mix of firms which fall within the regulatory perimeter and entities that do not.

We will, as I have said, be building on this work in the period ahead.

Let me mention in this context our work in the area of digitalisation and consumer protection. During 2017 we published a discussion paper Consumer Protection Code and the Digitalisation of Financial Services. To inform the content of the Discussion Paper, the Central Bank issued a survey to regulated firms seeking information on the new and innovative products and services that they offered or are developing. The Discussion Paper notes the many benefits of digitalisation for consumers. It goes on to consider how these benefits can be realised while still ensuring appropriate levels of consumer protection. Across a number of headings – access, information provision, suitability, redress, etc – it looks at potential benefits and potential risks and asks for input from interested parties. For example, digitalisation can enhance the user experience and choice but may also run the risk of poorer decision-making. It can make the provision of relevant information simpler and more effective. But there is also the risk of information overload or all of us as consumers being too ready to tap on the “I Accept” icon. The comment period for the Discussion Paper closed in October and we are currently reviewing responses with the aim of assessing how the Code can best address emerging risks from digitalisation; and if the existing protections need to be enhanced or adapted in specific areas.

IT and Cyber risk: one of the key implications of the growth of FinTech is the fact that financial firms are becoming ever more reliant on information technology for their business success. This is not new of course. For quite some time IT has been at the heart of financial firms operations and critical to their success. At the Central Bank we have been bringing an increasingly intense focus on this issue in our supervision of regulated firms. I have spoken to ACOI members previously on this topic, for example, about the Guidance that we issued in September 2016. Since then we have continued to develop our supervisory and inspections capacity in this area. 2018 sees us bring together our specialist resources from the different sectoral area into one centralised IT inspections team. This reflects, in our view, high quality practices in other regulators and will allow us to leverage our specialist resources even more effectively in the future. Regulated firms should expect to continue to feel a lot of heat from us in this respect.

FinTech and compliance

Let me, given the audience today, also say something about FinTech and compliance. One of the impacts of FinTech is to the value chain in the provision of financial services. It can have the effect of complicating the interaction between the firm and its customers. It also creates challenges and risks from a safety and soundness perspective as boundaries become blurred. This gives rise to additional challenges for the compliance function in financial firms. The Central Bank expects to see compliance officers considering and seeking to ensure that their firms are addressing these challenges effectively.

FinTech and the European Union

FinTech is, of course, also a priority for the European Commission, as well as the European Supervisory Authorities (ESAs). Following its 2017 consultation, the Commission will present in early 2018 an EU Action Plan to build an integrated market for digital financial services and address related challenges. As part of this package, the Commission recently announced forthcoming legislation that will provide for a European licensing framework for crowdfunding and peer-to-peer lending. The Central Bank will, working with the Department of Finance, actively engage in this work.

The Central Bank is also actively contributing to and following closely the ESAs’ response to FinTech. The Central Bank will continue to be an active participant in the work of all of the ESAs in this area. We are adopting the same approach here as we do in other areas of our engagement with the ESAs. While we, as a regulator, operate within the policy framework that is developed at the European level, we also seek to actively influence that policy as it develops by our committed, effective, and well-prioritised engagement.

Initial Coin Offerings and Virtual Currencies

I could not conclude a speech on financial technology without saying something about initial coin offerings and virtual currencies.

Initial coin offerings are an example of technological developments that raise challenging questions for financial regulators. In December, the Central Bank issued a Consumer Alert on ICOs on foot of a similar notice issued by European Securities and Markets Authority (ESMA). ESMA highlighted that ICOs are extremely risky and highly speculative instruments. Depending on how they are structured they may fall outside the regulatory space. The Central Bank supports that position and has made this alert available through the Consumer Hub section of our website. ESMA has also issued a statement to firms involved in ICOs, reminding them that they must consider whether their activities fall within the perimeter of regulated activities and thus must comply with relevant requirements. One important question for further work is the difference between an unregulated ICO and the issuance of a financial instrument and when that difference may not be there.

Separate entirely from the question of Distributed Ledger Technology and the potential benefits it may bring in a variety of applications, is the question of virtual currencies. Since 2014, the Central Bank has published on our website a warning on virtual currencies issued by the European Banking Authority (EBA). As that warning says, it is important that users and purchasers of virtual currencies understand that they are unregulated schemes which entail many risks, including the risk of a drop in value due to (significant and unexpected) exchange rate fluctuations. Being unregulated, their users cannot avail of the protections that regulation provides in respect of financial instruments.


I will conclude here.

I hope I have given you a good sense of the current lay of the land in respect of financial regulation and technological innovation and some of the things that we will be focusing on over the coming period.

Thank you for your attention and I look forward to your questions.