Empty Link Skip to Content

FIG Top 5 at 5

Welcome to latest edition of the FIG Top 5 at 5.

723_FigTopFive_575x375px

FIG Top 5 at 5

The Top 5 at 5 is a weekly update in which members of the Financial Institutions Group (FIG) identify five of the key legal and regulatory developments relevant to the financial services industry from the preceding week. Priority is given, in the first instance, to Irish based developments but the update will also include important developments in European law and regulation.

The topics chosen are dictated by the developments during the relevant period but priority is given to cross sectoral developments. The FIG Top 5 at 5 is not intended to represent all developments of note for the relevant period but rather a snap shot of some of the issues which we feel are of particular importance. 

Should you have any queries in respect of the contents of the update, please do not hesitate to contact your usual Matheson LLP contact or any member of our team detailed below.

1. Central Bank publishes feedback statement on proposed changes to the credit union lending regulations 

On 14 August 2025, the Central Bank of Ireland (“Central Bank”) published the feedback statement (“Statement”) on its December 2024 consultation (“Consultation”) on proposed changes to the Credit Union Lending Regulations (“Regulations”).

Following a review of credit union sector lending, and the subsequent publication of a report on credit union lending in December 2024, the Central Bank considered that targeted changes to the lending framework were required to ensure its ongoing appropriateness together with providing  flexibility for credit unions wishing to engage in business and house lending. The Consultation, which closed for submissions on 11 February 2025,  set out these matters in detail.

Proposals

In the Consultation, the Central Bank proposed the following changes:

  • decouple the concentration limits for house and business lending to prescribe new separate concentration limits;
  • remove tiering such that all credit unions regardless of asset size may avail of the same concentration limits; and
  • adjust the lending capacity available to all credit unions for house and business lending, within the new concentration limits, as follows:
    • house lending – 30% of total assets; and
    • business lending – 10% of total assets.

Final Changes to the Regulations

The final changes made by the Central Bank, having taken feedback to the Consultation into account, are as follows:

  • the existing combined concentration limits for house and business lending will be uncoupled;
  • tiering will be removed with the effect that all credit unions will be able to use the same concentration limits;
  • as regards the lending capacity available to credit unions, the following applies:
    • house lending is at 30% of total assets – within this there is an inner 2.5% of total assets limit for non-principal private residence lending. Also, the definition of “house loan” will be amended to include loans for other residences and, in light of this expansion of the definition, clarification that loans to approved housing bodies will not come within the meaning of “house loan”. Additionally, the property must be in the State; and
    • business lending limits have been increased from the proposed 10% of total assets to 15% of total assets;
  • as regards lending practices for specified categories of lending, regulation 16 of the Regulations will be removed with clear new guidance on reporting to the board of directors on the performance of loans to be developed and included in the Lending Chapter of the Credit Union Handbook;
  • the reporting requirements within the related parties lending regulations set out in Regulations 20(2) and Regulation 21(1) of the Regulations will be removed. The Central Bank will develop and include guidance on board reporting on related parties lending (including on related parties exempt exposures) in the Lending Chapter of the Credit Union Handbook; and
  • as regards the exempt exposures threshold for related parties lending, this will be increased from €2,000 to €10,000.

The draft amending regulations are set out in Appendix 1 to the Statement.

Consumer Protection

The Statement specially references consumer protection and the Central Bank expects credit unions to adopt a consumer focused culture, highlighting the following:

  • members should be treated fairly and sympathetically, with the objective of assisting the member to meet their lending obligations;
  • changes to the lending regulations must be accompanied by enhanced consumer protections for credit union members. In that regard, the Central Bank has stated that it intends to undertake further engagement with the sector on the extension of the revised Consumer Protection Code (including the Code of Conduct on Mortgage Arrears) to credit unions to ensure that credit union members are afforded the same protections as other consumers of financial services.

In a separate press release, the Minister for Finance, Paschal Donohoe TD and Minister of State with responsibility for Financial Services, Credit Unions, and Insurance, Robert Troy TD, welcomed the publication of the Statement.

Next Steps

The Statement emphasises that the Central Bank considers that the broad regulatory framework for credit unions is now stable and appropriate and encourages credit unions to focus on the prudent growth of their loan books.

Welcoming the publication of the Statement, Mary-Elizabeth McMunn, Deputy Governor, Financial Regulation at the Central Bank, stated:

“While considerable capacity remained for further lending within the previous lending limits, the updated framework aims to allow credit unions the ability to sustainably develop into the future – within the appropriate guardrails the limits provide and in the long term interests of their members…To address current and future challenges, credit unions must now take the opportunities provided to them in the regulatory framework so that they can continue to play their important role in delivering for their members, communities and the financial sector.” 

The amending regulations are expected to be commenced by the end of Q3 2025. 

2. Central Bank publishes FAQs on interplay between MiCA and PSD2 

 

On 28 July 2025, the Central Bank of Ireland (“Central Bank”) published an FAQ document (“FAQ”) on the interplay between the regulation on markets in crypto assets (“MiCA”) and the second payment services directive (“PSD2”).

The FAQ comes on foot of the publication of the European Banking Authority’s (“EBA”) “no action letter” (“Letter”) on the overlap between PSD2 and MiCA on 10 June 2025 – for more information, see FIG Top 5 at 5 dated 12 June 2025.

Amongst other matters, the EBA’s Letter provided advice to national competent authorities (“NCAs”) in respect of the intervening period of two to three years during which PSD2 still applies until the application date of the future PSR and the transposition date of the future PSD3.

The FAQ sets out that the Central Bank will implement all the recommendations in the EBA’s Letter, including the adoption of  a streamlined approach to crypto asset service providers (“CASPs”) that are seeking a payment institution authorisation. 

Some of the matter covered by the FAQ are as follows:

  • the timeframe for firms for engaging with the Central Bank, stating that this should be done as soon as a decision is made that payment institution authorisation will be sought or a partnership arrangement will be entered into;
  • the fact that the Central Bank has produced a specific shorter-form application form for CASPs seeking a payment institution authorisation in order to conduct the electronic money token (“EMT”) activities specified in the EBA’s letter;
  • the documentation to be submitted by CASPs seeking a payment institution authorisation, highlighting that the payment institution application is confined only to the EMT activities specified in the EBA’s letter;
  • whether CASPs seeking a payment institution authorisation will be required to provide additional capital / own funds in respect of the activities giving rise to the payment institution authorisation;
  • whether “dual hatting” of roles across the CASP and payment institution activities will be permitted, highlighting that the Central Bank will take a pragmatic approach on the basis that there will be a single legal entity holding both licences and that the pre-approval controlled function role holders have the expertise, knowledge, experience and capacity to undertake both the CASP and EMT activities. However, this will be assessed on as case by case basis;
  • the fact that payment institution authorisations issued in this context will include a condition which will restrict CASPs to the EMT activities specified in the EBA’s Letter which the firm intends to undertake;
  • the supervision of firms with a dual CASP and payment institution authorisation; and
  • CASPs proposing to enter into partnership arrangements rather than seeking a payment institution authorisation in order to provide the EMT activities specified in the EBA’s Letter. 
3. Single Rulebook Q&As on DORA are updated 

On 8 and 14 August 2025, the single rulebook Q&As on the digital operational resilience act (“DORA”) were updated on the European Banking Authority’s (“EBA) website.

The updated Q&As are as follows:

  • Question 2025_7388 deals with the obligation to maintain a register of information (“RoI”) for financial entities which are exempt under article 16 of DORA;
  • Question 2024_7089 addresses the identification of ICT service providers in the context of any obligation to record ICT subcontractors of non-ICT service providers in the RoI;
  • Question DORA 187-3199 deals with out of scope financial entities, for example, whether a micro or SME insurance intermediary can be considered as an ICT third party provider if they provide ICT services that are described in Annex III of the ITS on RoI, to an in scope financial entity, such as an insurer;
  • Question DORA 188-3200 addressing the definition of appropriate information security standards and highest quality information security standards referred to in article 28(5) of DORA; and
  • Question 2025_7309 explores whether article 28(3) of DORA requires a separate and specific communication, in addition to the RoI, or whether the submission of the RoI is sufficient for the purposes of article 28(3).

4. EIOPA publishes opinion on AI governance and risk management 

On 6 August 2025, the European Insurance and Occupational Pensions Authority (“EIOPA”) published an opinion (“Opinion”) on AI governance and risk management.

The Opinion highlights the application of the EU AI Act (“AI Act”), as of July 2024, and recognises the opportunities offered by AI to the insurance sector in terms of matters such as combatting fraud and the automation and efficiency as regards claims handling.

Referencing that the use of AI systems for risk assessment and pricing in relation to natural persons in the case of life and health insurance is identified as high risk by the AI Act, the Opinion clarifies that it is concerned with the remaining AI systems in insurance that are not prohibited AI practices and that are not considered to be high-risk.

Accordingly, the Opinion aims  to provide clarity on the main principles and requirements foreseen in the insurance sectoral legislation that should be considered in relation to those insurance AI systems that are not considered as prohibited AI practices or high-risk under the AI Act.

Basis and Application

The Opinion is based on the following pieces of legislation:

  • articles 17, 20 and 25 of the Insurance Distribution Directive;
  • articles 41, 46 and 82 of Solvency II; and
  • articles 4, 5, 6, 7 and 11 of DORA.

The Opinion is addressed to competent authorities and covers the activities of insurance undertakings and intermediaries regarding their use of AI systems in the insurance value chain.

Content

The Opinion provides guidance on the interpretation of the various provisions of the existing insurance sectoral legislation in the context of AI systems which were either non-existent or not widely used when that legislation was approved.

Additionally, the Opinion contains high-level supervisory expectations regarding governance and risk-management systems that undertakings should develop, following a risk based and proportionate approach, to ensure the responsible use of AI systems. In that regard, the Opinion sets out the following areas that should be considered by undertakings:

  • fairness and ethics;
  • data governance;
  • documentation and record keeping;
  • transparency and explainability;
  • human oversight; and
  • accuracy, robustness and cyber security.

The Opinion emphasises that responsible use of AI systems is achieved by combining different risk management measures, as set out in the forgoing list.

Annex

There is an annex to the Opinion, which provides practical examples of impact assessment indicators, record-keeping and fairness metrics.

Next Steps

EIOPA has stated that, based on the proposed AI governance framework in the Opinion, it will develop more detailed analysis on specific AI systems or issues stemming from the use of AI systems in insurance, providing further guidance as appropriate.

Further, EIOPA will examine supervisory practices of competent authorities, in the context of an evaluation of supervisory convergence, two years after publication of the Opinion. 

5. The EBA consults on revised Guidelines on internal governance under CRD

On 7 August 2025, the European Banking Authority (“EBA”) launched a consultation (“Consultation”)  on its revised guidelines (“Guidelines”) on internal governance under the capital requirements directive (“CRD”).

The revised Guidelines come on foot of, amongst other matters, changes brought about by CRD VI. The main proposed changes are as follows:

  • the scope of the Guidelines has been expanded to include third-country branches and to reflect the mandate in new Article 48g(9) of CRD IV on third-country branches' internal governance arrangements;
  • the Guidelines take account of the requirements under article 88(3) of CRD VI that each member of the management body, senior manager and key function holder, have a documented statement of roles and duties and that a corresponding document mapping those duties has been produced;
  • the Guidelines also ensure alignment with DORA with the scope having been expanded to cover network and information systems set up and managed under DORA; and
  • the Guidelines also take account of the results of the EBA benchmarking report of diversity practices and gender neutral remuneration policies, with the Guidelines reinforcing equality among genders, diversity and inclusion, with the aim of supporting the creation of a gender balanced pool of candidates for positions within the management body.

The Consultation includes a tracked changes version of the proposed amendments to the Guidelines. The Consultation is limited to only those proposed changes.

 Next Steps

The Consultation is open for feedback until 7 November 2025. The EBA will hold an online public hearing on 5 September 2025, interested parties can register here.  

Matheson Talks Financial Regulation Podcast

The Matheson Financial Institutions Group are delighted to share with you some useful podcasts.

Click here to listen

Meet Our Authors

Darren Maher
Darren Maher Partner
Joe Beashel
Joe Beashel Partner
Elaine Long 
Elaine Long  Partner
Caroline Kearns
Caroline Kearns Partner
Ian O'Mara
Ian O'Mara Partner