A Revised Consumer Protection Code: a foundation for further success - remarks by Gerry Cross, Director Financial Regulation – Policy and Risk

11 April 2024 Speech

Gerry Cross

These remarks were delivered at the Compliance Institute, Dublin, on Thursday 11 April 2024.


Good morning. It is a great pleasure to be here at the Compliance Institute this morning. I am pleased to have the opportunity to discuss with you the Central Bank’s current consultation on our proposed review of the Consumer Protection Code (“the Code”).

This revision of the Code will play an important role in ensuring the further success of the Irish financial system as well as better outcomes for its customers. To do this it draws strongly on the story of the existing Code up to now, most of which remains in place. It builds on that story to develop the key features of the next phase in its development. Compliance leaders and professionals, with your professional corporate memory, and your commitment to the delivery of good outcomes in your firms and the wider system, have a significant role to play in this continuing story.

Our proposals reflect the extensive six month engagement on our Code Review Discussion Paper which took place from October 2022.1 This engagement was wide ranging and intensive including roundtables, bilateral meetings, an online public survey and direct engagement with members of the public. An overview of the feedback we received is set out in our Engagement Update published in July 2023.2 We are very grateful to the many organisations and individuals who took part in these discussions and for the many responses received, including the valuable contribution from the Compliance Institute.

At the Central Bank of Ireland we have a multi-faceted mandate relating to the performance of the economy. We are tasked to deliver monetary policy and price stability, the efficient and effective operation of payment and settlement systems, economic advice to the Government, and of course financial regulation. In all of these aspects we are strongly outcomes focused. Our aim is to deliver our mandate in a way that achieves to the greatest extent possible as consistently as possible the outcomes that we are mandated to deliver. And of course we do this as part of the Eurosystem and of the European System of Financial Supervision.

A key aspect of our mandate is “the proper and effective regulation of financial markets, while ensuring that the best interests of consumers of financial services are protected.”3 We seek to deliver this in support of a well functioning financial system which fulfils its role in supporting the economy and the financial wellbeing of citizens. And that does so over both the short and the long term.

A well functioning financial system has a number of important aspects:

The system must be a stable and resilient one over both the short and long term. It must continue to deliver for consumers and the economy during bad times as well as good. The harm done by major events of financial instability is, as we have seen, so pernicious to the overall wellbeing of the economy and citizens that it is a central part of financial regulation that the frequency and severity of events of financial instability be kept to a minimum.

There is a general requirement that firms are well run and managing the risks to them and their customers. This is not only so that they provide appropriate standards of service to their customers but also so that the risk of disorderly failure is sufficiently rare as not to be an influence on levels of trust and confidence.

For, thirdly, a well functioning financial system depends upon the presence of important levels of trust and confidence amongst customers and potential customers. This is the case in all markets, but it is significantly so in the market for financial services. This is because of the challenging combination of (a) information and expertise asymmetry; (b) dependence on small margin dynamics, combined with (c) the risk that potential customer benefits are eliminated by self-interest and/or short-termist agent behaviour on the part of the financial firm.

And finally, such a system should be based on robust levels of competition and innovation. This is necessary to support good levels of choice and availability of products and services to customers at a good price. Firms should vie effectively with each other to provide value for customers thus driving quality up and keeping prices down. There should be a steady flow of new entrants complemented by appropriate levels of orderly exit.

It is important to understand these components of a well-functioning financial system – durable stability, well-run firms, trust and confidence, and good levels of competition and innovation – both individually and in relation to each other.

For example, if there is too much competition, or more precisely too much competition on the wrong aspects, for example heavy and overly-impacting advertising (think crypto) or problematic pricing practices (think loyalty penalties) then this has a strong tendency to undermine trust and confidence. A bit like cholesterol, there are good and bad types of competition. Similarly, if the conditions businesses operate under to ensure that they are well run are too restrictive, then this can mean both that new firms find it more difficult to enter the market and the incentives for both new and existing firms to innovate are reduced.

On the other hand, a positive dynamic can be realised between these four components which can mean that not only is a successful financial system realised but it builds on this to become even more successful. For example, a resilient financial system where firms are well run will create higher levels of trust and confidence. Higher levels of trust and confidence will mean, other things being equal, more demand for products and services, leading to higher levels of innovation and competition. These different dynamics are important aspects for regulators to bear in mind as we do our job.

A revised code

The Consumer Protection Code plays a critical role in achieving this positive dynamic. Over the years it has delivered positive outcomes for consumers, supporting trust and confidence in the functioning of the system, while doing so in a manner that is proportionate and does not overburden firms or undermine competition. The millions of financial transactions that take place every day and the thousands of services provided are testament to a fundamentally well functioning financial system.

Our review of the Code is designed to build on this, to improve it in a number of respects and modernise it to reflect a changing environment. Our proposals for a revised code seek to do a number of things.

We are seeking to provide enhanced clarity and predictability. Over recent years, the obligation on firms to act in the best interests of their customers has been decisive in a number of key events or developments. During this period, we have seen:

  • The tracker mortgage failures involving firms’ taking advantage of power, resource, and information asymmetries with their customers;
  • The proscription of differential pricing practices by motor and home insurance firms because of the unfairness of such practices;
  • The response to business interruption insurance during COVID-19 and the requirement for firms to interpret contractual ambiguities in their customers’ favour; and
  • The management of the migration of large number of payments accounts on the departure of two retail banks and the requirement there for firms’ to focus on outcomes not just process.

These events and others show that the obligation to act in customers’ best interests has become a more significant, more salient feature in the life of financial firms and their customers. It is also a broad and multifarious concept. Both firms and their customers are keen to know more precisely what it means and what it will require in different circumstances.

Secondly, we are seeking to ensure that the revised code will be proportionate and well balanced. While placing obligations on firms, it does not remove responsibility from their customers. It is for firms to run their business in a way that secures their customers interests but it is for customers to make their choices and decide what risks they wish to take within that overall context.  Firms’ achieving sustainable profitability while delivering good outcomes for their customers is the underpinning foundation of the code. The code will continue to apply in a way that is appropriate for firms’ of all sizes, business models and levels of complexity.

We will be developing a user-friendly guide to the code along with online tools to help firms to navigate the Code and clarify the consumer protection obligations of specific relevance to their firm or sector. In this context, it is also worth mentioning that the Code will be converted into Central Bank Regulations and will consolidate a number of existing Central Bank codes and requirements, to provide a more integrated and coherent overall regulatory product.

Finally, we are modernising the code so that it is well adapted to current circumstances including rapid technological change, the digitalisation of services, products and distribution channels, better understanding of customer vulnerability, climate change and the demands for sustainable finance, amongst others. These changes are also designed in such a way that they are adapted to ongoing change and thus future-proofed.

These three features of the revised code are designed to contribute to the better achievement of the positive dynamic I mentioned a few moments ago. A positive, self-reinforcing cycle of well-run, sustainably profitable firms, supporting increased trust and confidence amongst their customers and potential customers, leading to a further growing market and increased positive competition.

Let me turn now to some of the specific features of the proposed revised code upon which we are consulting.

Securing Customers’ Interests

First of all there is the proposal for a newly articulated duty of firms to secure their customers’ interests. Firms’ statutory obligation to act in the best interests of consumers is the foundation on which the code has been built. Up until now, that has taken the form of a set of general principles - for example to act with due care and diligence and avoid conflicts of interest - and a number of detailed sets of obligations - requirements for disclosure for example, or around suitability of the service or product for the particular customer.

What we have seen, however, in the context of the events I have mentioned above - tracker mortgages, differential pricing, business interruption insurance etc. - is that there has been a broad part of the consumer protection landscape in respect of which there has not been a lot of guidance available, but where a good deal of activity takes place. It is in this terrain that the newly articulated duty to secure customers’ interests is designed to operate.

It does this in three ways:

Firstly, it articulates succinctly and clearly, and with supporting guidance and examples, the concrete obligation that firms have to develop their business models, their culture, and their decision making in a way that aligns clearly with the interests of their customers.

Secondly, it provides clarity that the “how” is as important as the “what”. The obligation to secure your customers’ interests requires firms to pay attention to outcomes as well as processes. For example, it is one thing to fulfil your formal disclosure obligations to your customers and potential customers, or to provide them with information. It is another thing to do so in a way that will be most effective in helping them really understand what it is they need to know.

And thirdly, it provides enhanced clarity around the residual obligation that is always present for regulated financial firms to act in a way which secures their customers’ interests. So when faced with new situations or complicated scenarios, the obligation to secure their customers’ interests provides a robust and helpful reference point by which firms can orient themselves.

And, to be clear, the customers and potential customers to which this duty applies are the same ones that are currently protected by the existing code - that is individuals and small firms. Though we are proposing to expand the meaning of small firm in this context to include all firms with an annual turnover of up to €5 million.

Securing customers’ interests does not limit the range of and evolution of firms’ business models. Diversity of business models is to be expected and is both desirable and important for a well-functioning market.

Different customers want different types of products, services and delivery channels. They have different means and different needs. These will be met by different levels of standardisation and automation on the one hand, and levels of individualisation, complexity and in-person engagement on the other. Put another way multiple models ranging from the most basic no frills offering to a bespoke premium service, can meet the obligation to secure customers’ interests, albeit in different ways.

Product Initiation, development and Marketing

The choices, actions and responses of a firm when designing and delivering its products and services are key to Securing Customers’ Interests.

Products should be designed with real customer needs and preferences in mind. They should be targeted only at customers with those needs and preferences, with features and risks properly explained.

Firms need to consider the knowledge and expertise of their customers and the complexity and sophistication of their proposed product or service. They should assess any gap between these two aspects and determine if and how they can effectively address such gap through the design and delivery of the product or service.

For example, investment products with complicated features may make it difficult for retail investors to fully understand the potential risks associated with the product and the probability of those risks arising. Such products may only be appropriate for a narrower target market and a particular distribution strategy or channel. Indeed, some products are not appropriate for execution only models and should only be sold with advice where it is possible for the firm to determine the suitability of the product for the particular customer and the needs and level of understanding of that person.

Firms also need to be clear and transparent on their offering to their customers, allowing customers to make informed decisions on whether a firm’s offering meets their needs, offers value for money and aligns with their expectations and risk appetite.

Customer behaviours, habits and preferences

While consumer behaviour, habits and preferences can be integrated into a firm’s approach, this should be done in a way that is designed to enhance customer outcomes and does not cause customer detriment.

Firms cannot seek to generate inappropriate gains or advantages by leveraging consumer susceptibilities created through consumer behaviours and habits such as inertia or digital dynamics which result in customer detriment.

Digitalisation is expanding the availability of financial data facilitating customer profiling and increasing the risk that firms can seek to inappropriately exploit consumer behaviours, habits, preferences or biases. However, this can also occur under traditional business models.

Firms should always challenge themselves to be sure that they are not, consciously or unconsciously, unfairly exploiting or taking advantage of customers’ behaviours, habits and preferences to their detriment.

Appropriate use of Incentives

Firms often include incentives in product offerings to create differentiation from competitor’ products and to make them more attractive for customers (or potential customers) based on customer preferences.

While such features may represent legitimate commercial practices, the rationale for the inclusion of such features should be explored to determine if a firm is indeed seeking to secure its customers’ interests.

Incentives should be designed in a way that supports customers to act in their own interests and make appropriately informed decisions in terms of product choices. They should not seek to interfere with price transparency and the ability of consumers to compare products effectively or to unfairly exploit customer behaviours, habits, preferences or biases in order to benefit the firm in a way that will result in customer detriment.

Mortgage cashbacks provide one example of the use of incentives discussed in the draft guidance. There we suggest that where a cashback incentive meets the needs of the target market and can provide a positive outcome for customers, this can represent a legitimate commercial practice. However, if the provision of such an incentive solely seeks to exploit customer behaviours and through opacity, inertia etc encourage a customer to choose a less advantageous product, this may not align with the obligation to secure customers’ interests.

Overall, firms should be able to demonstrate and evidence how the features of a product, including for example transparency, clarity, and incentives, align with the interests of their customers.

Contractual Clarity

There should always be high-quality communication and transparency in the terms on which firms do business. Under the revised Code a firm will be required to effectively inform their customers. This obligation extends to all aspects of the relationship with the customer, including how the firm ensures that the customer is clear on the contracts that they enter into.

If a firm complies with its obligation to inform effectively, this should significantly mitigate the risks arising from contractual ambiguity.

Additionally, reflecting the learnings from the business interruption insurance experience during COVID-19, where material ambiguity does arise, we expect firms to apply the understanding that most benefits the customer. Firms should seek to resolve any contractual interpretation issues as quickly as possible. While firms do of course retain the right to have meanings ultimately determined in the courts, they must ensure that they use this right appropriately. For example, they should not deploy it as an instrument of resource asymmetry seeking to put obstacles in the way of customers securing their best outcomes.

Similarly, where firms discover an error or rectify an issue in relation to a customer and the same issue or error arises in relation to other customers, then this should be addressed also for those other customers without waiting for action on their part.

Modernising the Code

The obligation to secure customers’ interests is complemented by a number of proposals to modernise and update the Code’s existing provisions. These are designed to ensure that the code remains up-to-date and relevant in a rapidly changing environment and to contribute to enhanced clarity and predictability. These proposals also reflect international developments including the OECD’s recent review of the G20/OECD Principles.

Let me mention a few examples of our proposed changes.

Unregulated activities

Recognising the significant risks associated with the so-called ‘halo effect’ where regulated firms carry on unregulated activities causing confusion to customers and potential customers, we are proposing new requirements on the provision of unregulated activities by regulated firms. These place obligations on regulated firms, to ensure that their customers can have no impression or misunderstanding that they are purchasing regulated products and services where that is not the case. This includes the use of branding and requires firms to ensure that the use of branding does not contribute to confusion or misunderstanding on the regulatory status of a product or service.


We are proposing to introduce new provisions on digitalisation. These seek to ensure that firms are able to take the opportunities provided by digitalisation in way that is consistent with their responsibilities to their customers. They are required to deploy a customer focus in the design and implementation of digital services and delivery channels. In line with securing customers’ interests, they should ensure that the use of technology is not applied in a way that would seek to exploit the behaviours or habits of customers where it has the potential to cause customer detriment. Importantly, firms transitioning to a digital-based business model must carefully consider customer impacts of the changes and identify appropriate mitigants.

Effective communication

As noted earlier, proposals are included emphasising the importance of effective communication. By this we mean communicating in a manner that focuses on effective understanding and empowering customers to make decisions that are right for them. Our proposals reflect a shift, from requiring firms to simply disclose information to customers, to requiring them to meet disclosure obligations in a way that informs them effectively. Simply put, firms should focus on the “how” as well as the “what”; they should give full consideration to the design, delivery and impact of their disclosures and information provision.


In line with international thinking, we are updating our approach to vulnerability and our expectations on firms in that regard. Our proposed approach reflects a better understanding of the dynamic nature of vulnerability, which recognises that customers can move in and out of circumstances that make them vulnerable, and is grounded in reasonable steps and proportionality. Our proposals on consumers in vulnerable circumstances have also taken account of the Assisted Decision-Making (Capacity) Act 2015 which came into force in April last year.


This brings me towards the conclusion of my remarks this morning.

I hope that you will have found them helpful in giving you additional insights into our proposals in the Consultation Paper and the thinking behind them.

As I said at the beginning we believe that this revision and update of the Code will allow it to continue to play its key role in ensuring a well functioning financial system based on resilience, well-run firms, good levels of trust and confidence, and effective competition and innovation.

And of course our work on revising the code, sits alongside other important initiatives by others working in the same direction. These include the development of the first National Financial Literacy Strategy for Ireland, and a new National Payments Strategy, as well as for example ongoing interdepartmental work on long term mortgage arrears.

Finally, can I encourage you to engage with the proposals set out in our consultation paper and to consider responding to the consultation, either separately or through bodies such as the Compliance Institute. The closing date for responses is Friday, 7th June.

I look forward to your questions.

1See Consumer Protection Code Discussion Paper, October 2022.

2See Consumer Protection Protection Code Review Discussion Paper, Engagement Update, July 2023

3Central Bank Act 1942, section 6A.