Copyright Page
IMF Country Report No. 22/243
IRELAND
FINANCIAL SECTOR ASSESSMENT PROGRAM
TECHNICAL NOTE ON OVERSIGHT OF FINTECH
July 2022
This paper on Ireland was prepared by a staff team of the International Monetary Fund as background documentation for the periodic consultation with the member country. It is based on the information available at the time it was completed on June 28, 2022.
Copies of this report are available to the public from
International Monetary Fund • Publication Services
PO Box 92780 • Washington, D.C. 20090
Telephone: (202) 623-7430 • Fax: (202) 623-7201
E-mail: publications@imf.org Web: http://www.imf.org
Price: $18.00 per printed copy
International Monetary Fund
Washington, D.C.
© 2022 International Monetary Fund
Title page
IRELAND
FINANCIAL SECTOR ASSESSMENT PROGRAM
TECHNICAL NOTE
OVERSIGHT OF FINTECH
June 28, 2022
Prepared By
Monetary and Capital Markets Department
This Technical Note was prepared by IMF staff in the context of the Financial Sector Assessment Program (FSAP) in Ireland. It contains technical analysis and detailed information underpinning the FSAP’s findings and recommendations. Further information on the FSAP can be found at http://www.imf.org/external/np/fsap/fssa.aspx
Contents
Glossary
EXECUTIVE SUMMARY
INTRODUCTION
A. Background
FINTECH INDUSTRY OVERVIEW
REGULATORY APPROACH
A. Institutional Setting and General Approach to Fintech
AREAS OF FOCUS
A. Crypto-Assets
B. Payments
C. BigTech
D. Outsourcing and Third-Party Relationships
E. RegTech
F. Buy Now Pay Later
G. Supervisory Cooperation
H. Open Banking and Retail Bank Business Models
I. Approach to Cyber Risk
BOXES
1. Markets in Crypto-Assets Regulation
2. Digital Operation Resilience Act
3. Instant Payments
FIGURES
1. Total Non-Cash Payments Volume, by Proportion of Payment Instrument
2. Global Market Capitalization for Crypto Assets (Billions of US dollars)
TABLE
1. Main Recommendations on Fintech
Glossary
| 5AMLD | Fifth Anti-Money Laundering Directive |
| AIF | Alternative Investment Fund |
| AIFM | Alternative Investment Fund Manager |
| AISP | Account Information Service Provider |
| AML/CFT | Anti-Money Laundering/Countering the Financing of Terrorism |
| API | Application Programming Interface |
| ART | Asset-Referenced Token |
| BCBS | Basel Committee on Banking Supervision |
| BNPL | Buy Now Pay Later |
| BPFI | Banking and Payments Federation Ireland |
| CCPC | Competition and Consumer Protection Commission |
| CIISI | Cyber Information and Intelligence Sharing Initiative |
| CSP | Cloud Service Provider |
| DeFI | Decentralized Finance |
| DETE | Department of Enterprise, Trade and Employment |
| DoF | Department of Finance |
| DGS | Deposit Guarantee Scheme |
| DORA | Digital Operational Resilience Act |
| EBA | European Banking Authority |
| EC | European Commission |
| ECB | European Central Bank |
| EFIF | European Forum for Innovation Facilitators |
| EIOPA | European Insurance and Occupational Pensions Authority |
| EMD | Electronic Money Directive |
| EMI | Electronic Money Institution |
| EMT | Electronic Money Token |
| EPC | European Payments Council |
| ESA | European Supervisory Authority |
| ESMA | European Securities and Markets Authority |
| ESRB | European Systemic Risk Board |
| ETF | Exchange Traded Fund |
| EU | European Union |
| FMI | Financial Market Infrastructure |
| FOE | Freedom of Establishment |
| FOS | Freedom of Services |
| FSAP | Financial Sector Assessment Program |
| FSB | Financial Stability Board |
| FSG | Financial Stability Group |
| ICT | Information and Communications Technology |
| IMF | International Monetary Fund |
| IOSCO | International Organization of Securities Commissions |
| ITRQ | IT Risk Questionnaire |
| MAG | Mixed Activity Group |
| MiCA | Markets in Crypto-Assets Regulation |
| MiFID | Markets in Financial Instruments Directive |
| MS | Member State |
| OSP | Outsourced Service Provider |
| PI | Payment Institution |
| PIEMI | Payment Institution and E-Money Institution |
| PISP | Payment Initiation Service Provider |
| PSD | Payment Services Directive |
| RCF | Retail Credit Firm |
| RMP | Risk Mitigation Program |
| SI | Significant Institution |
| SSM | Single Supervisory Mechanism |
| TIBER | Threat Intelligence-Based Ethical Red-teaming |
| TN | Technical Note |
| UCITS | Undertaking for Collective Investment in Transferable Securities |
| VASP | Virtual Asset Service Provider |
Executive Summary
Ireland's fintech sector is growing in importance through the entry of innovative new players and digital transformation of incumbents' business models and products. The Irish Government has adopted an action plan for the development of Ireland's international financial services sector that includes several initiatives of relevance to fintech. Meanwhile, the Central Bank of Ireland (the Central Bank), the integrated financial services regulator, engages with new entrants with a view to securing consumer interests and safeguarding the resilience of the financial system, thereby harnessing the benefits of fintech while managing additional risks it may generate. The largest sub- sector is represented by payment and e-money institutions (PIEMIs). Recent data show most Irish adults are using digital payments multiple times a week, while 24 percent use their mobile phone for contactless payments. Ownership of crypto-assets is also on the rise, especially among young adults. Beyond payments and crypto-assets, fintech activities are developing on a smaller scale in areas such as insurance and investment management. Meanwhile, the importance of market support firms, including cloud service providers (CSPs), continues to grow.
The Central Bank has an Innovation Hub that provides a single point of contact for stakeholders on fintech-related issues. While not a regulatory sandbox, the Innovation Hub facilitates engagement and access by providing a direct point of contact for fintechs and incumbents, as well as providing early intelligence on innovative products and services. The Central Bank also has other means by which to conduct sectoral outreach with fintechs including engagement with industry bodies, providing published guidance on authorization processes and expectations as well as prioritizing early engagement with firms, enabling them to engage at the preliminary or speculative phase to gain information and guidance about the authorization process. In its planned upcoming review, the Central Bank should assess the experience gained with the Innovation Hub, including any relevant feedback from stakeholders, to inform reflections on the future development of the regulatory framework for fintech in Ireland.
Most crypto-assets and the services provided on them do not fall within the scope of existing EU legislation, except for AML/CFT requirements. The Central Bank has issued warnings to consumers on the risks of investing in crypto-assets and published consumer explainers. Furthermore, the authorities are working together on improving consumer education measures on crypto and fintech. As a European financial center, Ireland has actively supported the development of a harmonized regulatory framework for crypto-assets at the level of the European Union (EU) rather than put in place a bespoke regulatory framework at the national level. There continues to be a lack of comprehensive and reliable data on the sector, including on possible interconnections with regulated financial services providers. A common EU framework is due to be put in place via the Markets in Crypto-Assets Regulation (MiCA), with the rules expected to take effect in H2 2023 at the earliest. The Irish authorities should continue to contribute actively to the MiCA negotiations and advocate for the earliest possible introduction of the new rules. Given the significant and increasing interest in crypto-assets among Irish consumers, for whom access to these assets is being facilitated by some payments institutions, the authorities should prepare to introduce domestic legislation in the event of significant delay or material gaps in the MiCA framework. In addition, the Central Bank should, together with its European peers, further intensify its efforts to monitor developments in this area through systematic data collection within the scope of its powers.
There is reliance by Irish regulated entities on a limited number of CSPs. Technological resilience is particularly key for fintech providers. Taken together, the EBA/ESMA/EIOPA and Central Bank guidelines on outsourcing and operational resilience provide a strong framework for indirect supervision of CSPs. However, the CSPs themselves – some of which may be systemically important to the financial sector – are not within the regulatory perimeter. Once the EU's new Digital Operational Resilience Act (DORA) is in place, the Central Bank should continue to advocate for CSPs of systemic importance to the Irish financial services sector to be included in the Union Oversight Framework, failing which the authorities should seek additional statutory powers to review and examine the resilience of these entities (the identification of which will be facilitated by the outsourcing register currently being compiled by the Central Bank).
Under the EU's passporting framework host regulators receive limited information on the activities that passporting entities carry out in their jurisdiction. To broaden its knowledge of activities happening in Ireland, the Central Bank should engage with the ESAs on how to expand the set of information that host regulators receive systematically from home regulators.
PIEMIs represent one of the largest sub-sectors within the broader fintech universe in Ireland and the number of entities is continuing to grow. A growing number of these firms are offering services that are comparable to elements of banking-type services, through the provision of e- money wallets into which customers are encouraged to lodge monies (funds in these wallets are not covered by the Irish Deposit Guarantee Scheme). The Central Bank has proactively strengthened the governance expectations for this sector informed by best practice corporate governance requirements, such as the Corporate Governance Requirements for Credit Institutions, as well as from supervisory learnings. The Central Bank and the DoF should actively contribute to the European Commission's (EC) review of the Payment Services Directive 2 and push for the regime to be strengthened, in particular in the areas of governance and risk management, safeguarding, crisis management and corporate insolvency (equivalent changes should also be made to the Electronic Money Directive). In the absence of such changes forming part of the revised EU framework, the authorities should work together to introduce these reforms at the national level. The Central Bank could also consider accelerating the timetable for application of the full Senior Executive Accountability Regime (SEAR) to PIEMIs.
Incumbent retail banks in Ireland are dedicating significant resources to digital transformation, while fintechs are enlarging consumer choice through innovative new services. Progress on several issues, including in the regulatory sphere, could facilitate the modernization of the incumbents' business models while also allowing relatively new players to fulfil their potential. The Central Bank, working with the Competition and Consumer Protection Commission, should continue its efforts to address IBAN discrimination and, where it considers an expansion of its powers to impose remedial action necessary, actively seek legislative change. The Central Bank can also continue to play an important role in encouraging banks to adopt instant payments and helping consumers realize the full benefits of open banking.
Ireland: Main Recommendations on Fintech
Ireland: Main Recommendations on Fintech
| # | Recommendations | Authority | Time* | Priority** |
|---|---|---|---|---|
| 1. | Use the experience gained with the Innovation Hub to inform reflections on the future development of the regulatory framework for fintech in Ireland (¶12). | Central Bank | ST | M |
| 2. | Prepare to introduce domestic legislation in the event of significant delay or material gaps in the MiCA framework (¶27). | DoF, Central Bank | ST | M |
| 3. | Further intensify efforts to monitor developments on crypto-assets through systematic data collection within the scope of its powers and, where unacceptable risks remain, issue carefully targeted warnings and investor communications (¶28). | Central Bank | ST | M |
| 4. | Actively contribute to the EC's review of PSD2 and push for the regime to be strengthened through the introduction of a corporate insolvency regime, clarification of safeguarding rules and stronger obligations on governance and risk management as appropriate; in the absence of such changes, introduce corresponding reforms at national level to the extent compatible with EU legislation (¶35). | Central Bank, DoF | MT | M |
| 5. | Consider prioritizing payment and e-money institutions for the roll-out of the Senior Executive Accountability Regime (¶36). | Central Bank | MT | L |
| 6. | Continue to advocate for cloud service providers (CSPs) of systemic importance to the Irish financial services sector to be included in the Union Oversight Framework under the new Digital Operational Resilience Act; failing which, seek additional statutory powers to review and examine the resilience of systemic CSPs (¶44). | DoF, Oireachtas, Central Bank | MT | M |
| 7. | Engage with the ESAs on how to expand the set of information that host regulators receive systematically from home regulators (¶50). | Central Bank | C | M |
| 8. | Continue efforts to address IBAN discrimination, encourage adoption of instant payments and identify obstacles to the take-up of open banking (¶55). | Central Bank | MT | M |
Ireland: Main Recommendations on Fintech
| # | Recommendations | Authority | Time* | Priority** |
|---|---|---|---|---|
| 1. | Use the experience gained with the Innovation Hub to inform reflections on the future development of the regulatory framework for fintech in Ireland (¶12). | Central Bank | ST | M |
| 2. | Prepare to introduce domestic legislation in the event of significant delay or material gaps in the MiCA framework (¶27). | DoF, Central Bank | ST | M |
| 3. | Further intensify efforts to monitor developments on crypto-assets through systematic data collection within the scope of its powers and, where unacceptable risks remain, issue carefully targeted warnings and investor communications (¶28). | Central Bank | ST | M |
| 4. | Actively contribute to the EC's review of PSD2 and push for the regime to be strengthened through the introduction of a corporate insolvency regime, clarification of safeguarding rules and stronger obligations on governance and risk management as appropriate; in the absence of such changes, introduce corresponding reforms at national level to the extent compatible with EU legislation (¶35). | Central Bank, DoF | MT | M |
| 5. | Consider prioritizing payment and e-money institutions for the roll-out of the Senior Executive Accountability Regime (¶36). | Central Bank | MT | L |
| 6. | Continue to advocate for cloud service providers (CSPs) of systemic importance to the Irish financial services sector to be included in the Union Oversight Framework under the new Digital Operational Resilience Act; failing which, seek additional statutory powers to review and examine the resilience of systemic CSPs (¶44). | DoF, Oireachtas, Central Bank | MT | M |
| 7. | Engage with the ESAs on how to expand the set of information that host regulators receive systematically from home regulators (¶50). | Central Bank | C | M |
| 8. | Continue efforts to address IBAN discrimination, encourage adoption of instant payments and identify obstacles to the take-up of open banking (¶55). | Central Bank | MT | M |