A new environment

Author: | Published: 27 Mar 2017
Email a friend

Please enter a maximum of 5 recipients. Use ; to separate more than one email address.

Anne-Marie Bohan of Matheson surveys the current legal landscape in Ireland for fintech and looks at some of the latest regulatory developments


Overview of regulated business practices

The Central Bank of Ireland is the regulatory body for all regulated financial services under Irish law. Most financial firms and services regulation in Ireland originates from EU law. The following are the main categories of financial firms and services that are regulated under Irish law - it is an offence to carry out any of these regulated services or businesses without authorisation of the Central Bank (subject to applicable EU passporting rules):

  • electronic money (e-money) issuance and services;
  • payment services under the Payment Services Directive (PSD);
  • banking services (essentially deposit taking) and credit institutions;
  • mortgage credit intermediaries under the EU (Consumer Mortgage Credit Agreements) Regulations 2016);
  • Markets in Financial Services Directive (Mifid) firms and services;
  • investment funds and management of investment funds;
  • investment business and investment intermediary services and firms or the provision of investment advice under the Investment Intermediaries Act 1995;
  • insurers (life and non-life); and
  • depositary and administration services for investment funds.

Certain financial services are also subject to domestic Irish legislation, including acting as a retail credit firm or services to a retail credit firm, as governed by part V of the Central Bank Act 1997 and the Consumer Protection (Regulation of Credit Servicing Firms) Act 2015, respectively.

The Central Bank has not made any specific provision for fintech services as a separate category of regulated service. Rather, it will assess fintech services requiring authorisation from the perspective of the above regulated activities. In the past 12 months, the Central Bank has updated and refreshed its authorisation process, with a view to speeding up the review process (see question 2 below, 'What are the recent developments in regulatory reporting and audit?'), which should assist in speedier reviews of, and time to market for, fintech services requiring authorisation.

What are the key approval processes outlining how to prepare for authorisation?

The Central Bank has recently streamlined all of the application processes for authorisations. With the exception of the credit institution (banking) licence, there are specific timeframes within which certain steps must take place from both the applicant and the Central Bank's perspective. The assessment periods range from 60 to 120 business days, depending on the type of firm that is seeking to be authorised. These headline figures do not fully reflect the time to market, as much of the work will need to be conducted in the preparatory phase, prior to the submission of the application to the Central Bank. The preparatory work that takes place in preparing for the initial submission is the most important aspect of the entire process, in our experience.

The application process will generally involve an initial meeting with the Central Bank to discuss the proposed application. Following the submission of the formal application form and related documents, an assessment period (determined by the type of authorisation sought) will follow. The process then moves in iterations as the application is progressed through the appropriate channels within the Central Bank. There can also be discreet involvement of specific Central Bank departments, such as the financial crime supervisory team who may require specific supplementary filings. Once the entirety of the queries have been addressed and submissions finalised, a formal decision making phase takes place.

At this point, a decision (which may include a proposed refusal, which can be appealed) will be issued. Applicants will at this time also be informed whether any specific restrictions and or requirements are likely to attach to the proposed authorisation.

What are the recent developments in regulatory reporting and audit?

The Central Bank provides clear guidance to authorised firms on what must be reported and what is recommended to be reported. There are certain issues that are a matter of discretion to each firm and are often driven by the relationship with the relevant supervisory team.

Obligations related to audits or specific required reports are generally set out in the underlying legislation. The Central Bank, as part of its prudential monitoring obligations, also sets out specific regulatory returns depending on the licence type. We have noted that a power to require specific information further to ad hoc requests is becoming a more standard provision in financial services legislation.

What are the regulatory pros and cons of Ireland as a European fintech hub?

While authorisation in any one of the EU member states brings the benefit of an EU- wide passport for financial services, Ireland has additional benefits as a European fintech hub.

Generally, as a jurisdiction, Ireland rates favourably across many of the key metrics for business in choosing a European hub, including availability of talent, business and legal environment, taxation structures and availability of professional support services.

Many of the world's leading technology providers and social media companies already have European hubs in Ireland, allied to which there is a strong, and growing, financial services sector, with particular strengths in payments, e-money, insurance and investment funds.

Arising from this, Ireland has demonstrated a solid ecosystem from which to develop fintech businesses, whether from early growth to scale stages, or arising from convergence between technology and financial services (which is an increasing trend), and an active and engaged fintech industry has developed and continues to grow. Commentators expect to see a doubling of jobs in the direct fintech industry by 2020, to a level of 10,000, a figure which does not take into account growth in the information, communications and technology sector ex fintech.

Ireland has demonstrated a solid ecosystem from which to develop fintech businesses

More specifically, the financial services industry was one of the areas identified by the Irish government as a key target area for growth in its position paper, IFS2020: A Strategy for Ireland's International Financial Services sector 2015-2020, which was published in March 2015. Taking into account both the strong existing information, communications and technology, and financial services sectors in Ireland, fintech was specifically identified as an important area for expansion. Therefore, there is government commitment to the sector, and an openness to understanding the key challenges and requirements for growing the fintech industry in Ireland.

In addition, the Central Bank has repeatedly affirmed its commitment to processing authorisation applications and providing an environment where new technology can be facilitated, balanced in all cases against the key Central Bank priorities of safeguarding and protecting customers.

As might be expected following the Brexit referendum result, the Central Bank has been the subject of increased focus in relation to both resourcing and indeed its appetite to authorise specific types of entities. However, in all of its public pronouncements, the Central Bank has affirmed that it has the requisite capacity and resourcing to process any application that it receives, irrespective of the nature of the authorisation sought.

It is a separate consideration, in all applications, as to whether the entity making the application is capable of being supervised. And as is the case throughout the EU, there is a general rule that brass plate operations are not permitted.

What is the impact of the Second Payment Services Directive?

At this point, the potential impact of the second Payment Services Directive (PSD2) remains to be seen, but is expected to give rise to both opportunities for and threats to the existing financial services industry across the EU. The Irish implementing regulations have not been published, although through industry outreach and public intimations by the Central Bank, it is clear that PSD2 shall require authorised entities and entities seeking to be authorised to operate in a consumer centered manner.

The narrowing of some of the exemptions provided for under PSDI is one area in particular that may require an amended approach by firms, with more firms being obliged to seek authorisations or to comply with new reporting requirements relating to amounts transacted under existing and carried over exemptions. There has also been some concern at an industry level that the data upon which some of the PSD provisions have been amended may not have been complete, and representations have been made to the European Banking Authority and other regulators to review this again. It is not clear at this point what impact if any this will have at an Irish level.

The extension of the types of entities which will be permitted (and consequently required to seek authorisation) will be interesting to observe, as will the interactions between the anticipated disrupters and the existing market participants in balancing between facilitating new services and safeguarding existing revenue streams.

How will the adoption of regtech impact the ability of banks to manage dynamic regulatory requirements?

Regulatory compliance can be onerous and time consuming due to the volume of information that banks are required to collect, evaluate, report and monitor, against the backdrop of an ever changing regulatory landscape.

Banks as a result are increasingly focusing on innovative technological solutions in order to comply with their regulatory obligations and the resulting challenges. Where suitable regtech solutions can be introduced, these should assist in increasing efficiency, reducing costs and lessening of operational risk connected with complying with regulatory requirements, and may allow for flexibility in and growth of the bank's business.

The real challenge for incumbent banks, however, will be the interplay of regtech solutions with legacy systems, and the challenges in pulling relevant data from a potentially broad range of different systems in a cohesive manner to facilitate the accurate and comprehensive compliance with a variety of reporting obligations, while trying to ensure that the regtech solutions themselves do not become static and moribund legacy systems. This is likely to require a shift in the approach of banks to technology more generally, with a need to adopt, adapt and implement more quickly and with a cross functional and more holistic, rather than function or regulation specific, approach.

About the author

Anne-Marie Bohan
Partner, Matheson

Dublin, Ireland
T: 353 1 232 2212
E: anne-marie.bohan@matheson.com
W: www.matheson.com

Anne-Marie Bohan is a partner in both the asset management and investment funds group and the fintech group at Matheson, and is head of the outsourcing group. She advises on all aspects of outsourcing, information technology law and e-commerce law, with a specific focus on the requirements of financial institutions and financial services providers in these areas.

Bohan has extensive experience in drafting and negotiating contracts for the development, sale, purchase and licensing of hardware, software and IT systems for both suppliers and users of IT within the financial services industry and across a broad range of other industries. She has also acted in some of the largest value and most complex IT and telecommunications systems and services outsourcing contracts, including advising on the largest and highest value financial services outsourcing to date, in Ireland. Bohan's practice also includes advising a broad range of clients on data protection and privacy issues, including employee data protection issues.




close Register today to read IFLR's global coverage

Get unlimited access to IFLR.com for 7 days*, including the latest regulatory developments in the global financial sector, updated daily.

  • Deal Analysis
  • Expert Opinion
  • Best Practice


*all IFLR's global coverage published in the last 3 months.

Read IFLR's global coverage whenever and wherever you want for 7 days with IFLR mobile app for iPad and iPhone

"The format of the Review has changed over the years; the high quality of its substantive content has not."
Lee C Buchheit, Cleary Gottlieb