Name
Global FinTech Guide
Country _ Name
Ireland
SectionTitle
RegTech and compliance management
Body
RegTech is composed of the words “regulatory” and “technology”. It is a collective term for the application of modern technologies, to get the increasing regulation in the banking- and financial sector under control both from an IT and a legal standpoint.

Introduction

Attitude of the country towards RegTech-services

In recent years, there has been massive rise in the number of banks acquiring or partnering with FinTech firms and it is expected that this trend will accelerate in the next few years with banks eager to digitalise their regulatory operations. This trend corresponds with the growing global interest in Regulatory Technology ('RegTech') solutions.

The Irish Government is strongly supportive of FinTech and RegTech, recognising the significant benefits it can bring to consumers, economic growth, and competition. The Irish Government has expressed its commitment to a strategy 'Ireland for Finance 2025' (IFS 2025) to ensure that Ireland continues to be regarded as one of the world's leading global financial centres.



Legal affairs

Obligations and requirements to provide RegTech-services

Ireland does not have a specific regulatory framework for FinTech businesses. However, FinTech businesses providing regulated activities which cannot avail of an exemption will fall within the existing body of financial regulation and so prior authorisation from the CBI to conduct business.

If authorised, firms will be subject to Irish legislation and various CBI requirements, but FinTech companies authorised by the CBI can avail of regulatory passporting across the EU.



Additional comments regarding the legal situation for RegTech-services or what RegTech’s must be aware of in this business area

A case-by-case analysis is often required when regulating the provision of RegTech services. Depending on the service provided, and the particular financial services firm receiving those services, they may fall within the legal and regulatory requirements governing outsourcing and this may have an impact on the contractual provisions required.

The CBI Outsourcing Guidance applies to all Irish regulated firms and is to be implemented alongside any specific sectoral legislative outsourcing requirements. The CBI Outsourcing Guidance imposes similar contractual requirements to the EBA Outsourcing Guidelines (which apply directly to credit institutions, certain investment firms and payments/e-money institutions).

The EBA Outsourcing Guidelines require, inter alia, that outsourcing agreements specify service levels and precise quantitative and qualitative performance targets to allow for the timely monitoring of the performance of the outsourced function. In addition, specific termination rights, provisions around business continuity, data and access and audit rights for the regulated firm and its regulators are also required.

DORA (Digital Operational Resilience Act), as discussed under Payment Services, builds upon the EBA Outsourcing Guidelines and plays an important role in RegTech.  DORA closely tracks many of the outsourcing requirements provided by the EBA. A significant contrast comes in the regulation of outsourcing as DORA will introduce penalties for non compliance. Article 50 DORA provides Competent authorities with the “powers necessary to fulfil their duties”, including the power to apply administrative penalties.

Security requirements form the bulk of the obligations imposed by DORA. Financial Entities are required to establish policies, procedures, and protocols to ensure the security, resilience, and continuity of their IT systems. DORA also requires that Financial Entities continuously monitor ICT security and put in place mechanisms to detect anomalies in relation to their IT systems to identify potential material points of failure. Financial entities are required to implement an ICT risk management framework that enables them to address ICT risk quickly, efficiently, and comprehensively and to ensure a high level of digital operational resilience.

RegTech providers may have legal and regulatory or contractual obligations to notify certain behaviour, depending on their regulatory status and contractual arrangements, the sector in which they operate and the information and material that they come into contact with.



Economic conditions

Market size for RegTech-services and biggest companies in this business area

It has recently been shown that 8 Irish firms operate within the top 100 globally, ranking Ireland above Hong Kong as a RegTech hub.

Irish RegTech firms that have achieved international successes include AQMetrics and Gecko Governance.



Additional comments regarding the economic situation for RegTech-services or what RegTech’s must be aware of in this business area

The Irish financial services industry is aware of the potential to better deploy technology to achieve more efficient and cheaper compliance solutions, but the Central bank has yet to take explicit measures with regulatory frameworks to incentivise the deployment of RegTech by Irish regulated firms. Although with the recent introduction of DORA, financial entities must be aware of potential penalties for non compliance.



Authors

Close

Choose country