Ireland - White Collar Crime, Anti-Corruption & Fraud - FIG Top 5 At 5 (2024)


15 May 2024

M Matheson


Established in 1825 in Dublin, Ireland and with offices in Cork, London, New York, Palo Alto and San Francisco, more than 700 people work across Matheson’s six offices, including 96 partners and tax principals and over 470 legal and tax professionals. Matheson services the legal needs of internationally focused companies and financial institutions doing business in and from Ireland. Our clients include over half of the world’s 50 largest banks,6 of the world’s 10 largest asset managers, 7 of the top 10 global technology brands and we have advised the majority of the Fortune 100.


On 24 April 2024, the Central Bank of Ireland ("Central Bank") published a Dear CEO Letter on its Thematic Review on Early Mortgage Arrears ("Letter").

Ireland Criminal Law

To print this article, all you need is to be registered or login on

1. Central Bank of Ireland publishes Dear CEO Letter on itsThematic Review on Early Mortgage Arrears

On 24 April 2024, the Central Bank of Ireland("Central Bank") published a Dear CEO Letter on itsThematic Review on Early Mortgage Arrears("Letter"). The Central Bank had carriedout the Thematic Review on Early Mortgage Arrears("Review") across 7 mortgage lendersincluding retail banks, retail credit firms and credit servicingfirms which represented 90% of all private dwelling house mortgagearrears accounts in H2 of 2023.

The Review took place to coincide with the expected stress ofborrowers' finances due to the rising cost of living andinterest rates. However, as evidenced in the Central Bank'srecent Statistics,while there is an upward trajectory in the level of early mortgagearrears, the increases seen to date are not yet significant.

The Review builds on the Dear CEO Letter that theCentral Bank had published in November 2022 on its expectations forprotecting consumers in the changing economic landscape and beyond,a note describing the ongoingsupervisory work on mortgages issued in April 2023 as well as theRegulatory and Supervisory Outlook Report("Report").

The Review aimed to ensure that the regulatory frameworkoperates as it is intended to in supporting borrowers in/facingearly arrears. The Letter outlines a number of findings from theReview, including:

  • firms are progressing those who are in pre- and early arrearsthrough the Mortgage Arrears Resolution Process and findingsolutions for such customers which implies that the frameworkcontained in the Code of Conduct on Mortgage Arrears("CCMA") is "well positioned tosupport borrowers in or facing financialdifficulty";
  • some practices go beyond minimum compliance with regulation,with some firms making further improvements for borrowers;
  • some of the issues identified related to: (i) provision ofinformation to borrowers; (ii) engagement with borrowers; and (iii)delays and errors, which may increase the risk that firms are notoperationally ready to respond to increases in the volume of suchcases in a timely manner, and the risk that borrowers may disengagefrom the process, resulting in a further deterioration in theirfinancial position; and
  • some firms could use the temporary alternative repaymentarrangements ("ARA"), prior to the fullassessment of the standard financial statement("SFS"), more effectively to supportborrowers and provide more information to improve consumer decisionmaking.

Feedback to Industry

  • the CCMA framework is effective in supporting and identifyingsolutions for customers;
  • firms need to take additional steps to ensure effectivecustomer service and information;
  • firms are required to consider and address the findings of theReview and do so using a consumer-centric approach, including thegood practices outlined in the appendix, particularly theimplementation of functionality which enables borrowers to completean SFS online and enable them to save progress and return later ifneeded;
  • firms must deal with the issues identified in the Review in atimely manner, addressing both the governance and oversight issues,as well as the behavioural and cultural causes includingoperational capacity and skilled staff; and
  • firms should also consider the drivers of risk outlined in theReport, as risk drivers identified in the Report were also seen inthe Review, more particularly – poor business practices andweak business processes; ineffective disclosures to consumers; andinadequate support of borrowers in the context of the changingoperational landscape.

Follow Up Actions

The Central Bank has outlined to each firm included in theReview, the issues and concerns identified and how to address them,including Risk Mitigation Programmes. It also provided feedback tofirms on aspects of the Review prior to completion of allsupervisory work so as to drive further improvements for borrowersas early as possible. The Letter also noted that the Central Bankhad seen some firms respond to and self-identify changes relatingto the Review before they were formally communicated.

2. EIOPA publishes Report on Digitalisation of the EuropeanInsurance Sector

On 30 April 2024, the European Insurance and OccupationalPensions Authority ("EIOPA") published areport on the digitalisationof the European insurance sector. In March 2023, EIOPA had launcheda survey which aimed to better understand the dynamics,opportunities, and risks associated with ongoing digitalisationprojects in the European insurance sector.

Some of the key results of the survey outlined in the Reportinclude:

  • the digitalisation of the European insurance sector is variedbut mostly still at an incipient stage;
  • for life insurers in particular, pure digital distributionchannels play a secondary role;
  • most customers purchase insurance products through physicalchannels;
  • telephone, email and face-to-face communication are the mostpopular methods of engaging with insurance undertakings todate;
  • the use of chatbots is expected to increase significantly inthe near future;
  • most insurance undertakings have a social media presence whichthey use to interact with consumers and launch marketing andeducation campaigns, with some using influencers;
  • almost 80% of respondents outsourced cloud computing datastorage to BigTech cloud services;
  • 50% of non-life insurance respondents and 24% of life insurancerespondents use AI, with an additional 30 and 39% respectivelyexpecting to use it within the next 3 years;
  • most AI use cases are developed in house, mostly used withhuman oversight;
  • only a small number of insurance undertakings use the Internetof Things, blockchain and parametric insurance products;
  • while there has been a growth in the number of cyber insurancemarkets in the past 10 years, most cyber insurance products includemarked coverage exclusions, and are aimed at corporate customers,rather than retail customers;
  • acquiring adequate talent is seen as a barrier to digitaltransformation; and
  • cyber risks are perceived as the main risk arising fromdigitalisation.

Next Steps

EIOPA will incorporate the findings from the survey in itsapproach to implementing its Digital Strategy, and will assess inparticular the use and impact of AI. EIOPA will also continue itswork on data accessibility, data standards including contributionsto the Financial Data Access Framework Regulation.

Alongside the other European Supervisory Authorities, EIOPA willwork on the implementation of DORA, and the development ofguidelines on the classification of crypto-assets. EIOPA is alsoexpected to provide technical advice to the European Commissionregarding the prudential treatment of crypto-assets.

Finally EIOPA will conduct more analyses in relation to cyberinsurance, and promote the financial inclusion of vulnerablecustomers, customer protection and the ethical use of data inrelation to AI and digitalisation.

3. EBA publishes draft opinion on new types of payment fraudand possible mitigants

On 29 April 2024, the European Banking Authority("EBA") published its Opinion on new types ofpayment fraud and possible mitigants("Opinion"). The purpose of the Opinionis to strengthen the legislative framework under the proposedPayment Services Regulation ("PSR") andproposed Third Payment Services Directive("PSD3") and enshrine anti-fraudrequirements for retail payments.

The EBA originally published an opinion in June 2022 which madea number of initial recommendations, which the European Commission("Commission") has incorporated into itsproposals for PSD3 and PSR. Since then, the EBA has carried outfurther work, in assessing new fraud trends and types of paymentfraud. This was informed by the collection of data in collaborationwith national competent authorities, on data points that are notrequested under the EBA Guidelines.

Emerging fraud trends

The Opinion highlights a number of new types of fraudincluding:

  • instant credit transfers, or instant payments: data from H1 of2022 indicated that fraud rates in value are on average 20 timehigher than conventional Credit Transfers. While it is too early toidentify the root cause of this, it may be in part due to the factthat the possibility of payment service providers("PSPs") to recover funds in the case offraudulent instant transfers is extremely limited; or the technicalconstraints associated with transaction monitoring and subsequenttreatment of suspicious transactions by PSPs;
  • fraud rates for cross-border transactions: these are muchhigher than domestic transactions with EBA data from 2022suggesting cross-border fraud rates are 9 times higher thandomestic transactions. Evidence suggests that this may be due toinsufficient cross-border cooperation between PSPs to deal withinternational criminal activities; and uneven application of StrongConsumer Authentication; and
  • distribution of liability for fraud losses: data from 2022indicated that losses from card payments were equally split betweenPSPs and payment service users ("PSUs"),while with losses from credit transfers, 79% was borne by the PSUequating to €1.2 billion. This may be due to the increasingnumbers of payment fraud manipulating the payer; a lack of cleardelineation between authorised and unauthorised transactions inPSD2; and the broad interpretation of "grossnegligence" by Member States.

Emerging Fraud Types

While significant progress has been made in preventing fraudbased on the stealing of consumers' credentials, other types offraud have emerged including:

  • manipulation of the payer;
  • mixing social engineering and technical scam; and
  • enrolment process compromise.

Specific Proposals

The EBA welcomed the Commission's new security provisionwithin PSD3 and PSR, and the Instant Payments Regulation includingmandatory IBAN/Name check; enhanced transaction monitoring;supporting sharing of fraud-related information between PSPs; andrequiring PSPs to conduct educational initiatives regarding paymentfraud. The EBA raised concerns that 9 months after the InstantPayments Regulation enters into force, all PSPs in the eurozonewill have to accept instant payments but only some of them willsupport the IBAN/ Name check, and emphasised that adequatesafeguards are needed to prevent an increase in fraud levels.

The EBA identified additional measures that it believes shouldbe considered by the co-legislators and the Commission in thenegotiation of the PSD3/PSR proposals:

  • reinforced security requirements for PSPs aimed at furtherstrengthening the procedure for authentication oftransactions;
  • fraud risk management framework to be established by PSPs, inaddition to the mandatory security requirements;
  • amended liability rules including a proper delineation betweenauthorised and unauthorised transactions, and clarification on theterm "gross negligence";
  • strengthened and harmonised supervision on fraud management;and
  • appropriate security requirements for a single EU-wide platformfor information sharing to prevent and identify potentiallyfraudulent payment transactions.

4. Commissioner McGuinness gives speech on "Aninnovative and integrated European retail paymentsmarket"

On 24 April 2024, the European Commissioner for FinancialStability, Financial Services and the Capital Markets Union,Mairead McGuinness, gave a speech entitled "Aninnovative and integrated European retail paymentsmarket" at the European Central Bank("ECB") conference. The following is asummary of the key messages delivered in the Commissioner'sspeech.


Commissioner McGuinness noted that the Regulation on InstantPayments in Euro which enters into force this month, will benefitconsumers by avoiding late payment penalties and improve cashflowfor SMEs. She noted that it also represented an opportunity totackle challenges such as fraud and to provide a level playingfield for existing and new players. From early 2025, paymentservice providers will have to offer to carry out an IBAN-nameverification service to provide additional security againstfraud.


The Payment Services Regulation improves conditions forinnovative players and strengthens non-bank providers' accessto a bank account. Commissioner McGuinness highlighted that whilethe open banking market continues to grow, payment initiationservices are yet to deliver their full benefit. In order to developopen banking, the European Commission("Commission") has clarified the rulessurrounding open banking interfaces, as well as measures to ensurethat consumers trust that they are truly in control of their owndata such as the proposed "permissiondashboards".

IBAN discrimination

Commissioner McGuinness noted that the Commission is stillworking to prevent IBAN discrimination, 9 years after the SEPAimplementation deadline. She noted that the refusal of companies orpublic administrators to make or receive euro payments involvingnon-domestic accounts affects citizens, as well as new marketentrants such as fintechs.

While national authorities are responsible for the correctimplementation and application of EU law, the Commission is alsoworking to ensure that national law "properly equips localauthorities to enforce SEPA Regulation". Complaints thatthe Commission receives enables it to assess whether there aresystemic breaches in EU law in certain member states, and to takeenforcement actions where necessary.

Payment fraud

To ensure that consumers can benefit from an integrated andinnovative payments market, payment fraud must be tackled. WhileStrong Consumer Authentication has been successful in reducingfraud, accessibility could be improved, particularly for those whodo not have smartphones. New forms of fraud are also evolving suchas spoofing, and the Commission must also ensure that their ruleson tackling fraud evolve in tandem. The introduction of theIBAN-name check, and revised rules which require payment serviceproviders to run fraud awareness campaigns for their customers andemployees will help this. In addition, social networks and searchengines will have a role to play, and the European Parliament andmember states are in discussions as to what this role will looklike.

Financial literacy will also play an important role alongsideconsumer protection. Certain groups, particularly young people,women and older age groups have low financial literacy. TheCommission, in collaboration with the OECD have developed 2financial competence framework, one aimed at adults and the otherat children and young people to improve skills such as saving,investing, recognising fraud and scams.

Digital Euro

The Commission adopted a single currency package in June 2023,which included the proposal for a digital euro and the proposal onaccessibility and acceptability of cash. Commissioner McGuinnessnoted that the digital euro could well offer an additional methodof payment across the euro area, and will complement cash andprivate payments. It may also act as a catalyst for paymentsinnovation. She cautions that the digital euro must be welldesigned and the Commission is working alongside the Parliament,member states and ECB as the process continues.

Cash still has an important role to play in terms of financialinclusion. Proposals such as facilitating retailers in offeringcash withdrawals up to €50 without the need for a purchase,and proposed safeguards for cash will help to ensure that cash iswidely available and easily accessible.

5. European Legislative Updates (AML, CRR and CRD, andESG)

AML Legislative Updates

On 24 April 2024, the European Parliament announced that it had votedin plenary to adopt 3 pieces of anti-money laundering legislation,and published the adopted texts of:

  • proposed Regulation on the prevention of the use of thefinancial system for the purpose of money laundering or terroristfinancing ("AL/TF") ("AMLRegulation");
  • proposed Regulation establishing the Anti-Money LaunderingAuthority ("AMLA"); and
  • proposed 6th Money Laundering Directive("MLD6").

The European Commission also published a factsheet, an FAQdocument, and an article which can be accessed here.

Next Steps

The Council of the European Union must now adopt the legislationformally, after which it will be published in the Official Journalof the European Union ("OJ").

  • AML: this will enter into force 20 days afterpublication in the OJ, and apply 3 years from the date it entersinto force, except in relation to Article 3(3)(n) and (o) whichwill apply 5 years after entry into force.
  • AMLA: this will enter into force 7 days afterpublication in the OJ and will apply from 1 July 2025, with theexception of Articles 1, 4, 49, 53-55, 57-66, 68-71, 100, 101 and107 which will apply from 31 December 2025.
  • MLD6: this will enter into force 20 days afterpublication in the OJ. Member States will have 36 months from thedate of entry into force to transpose MLD6, with the exception of:
    • Article 74 which will apply 12 months after;
    • Articles 11, 12, 13 and 15 which will apply 24 months after;and
    • Article 18 which will apply 60 months after.

European Parliament adopts proposed CRR III Regulationand CRD IV Directive

On 25 April 2024, the European Parliament adopted the proposedRegulation amending the Capital Requirements Regulation("CRR III") in relation to therequirements for credit risk, credit valuation adjustment risk,operational risk, market risk and the output floor. It also adopted the proposedDirective amending the Capital Requirements Directive IV("CRD IV") in relation to supervisorypowers, sanctions, third country branches and ESG risks.

For more information on the CRR and CRD, please see FIG Top 5 at 5, dated 29 June2023.

Next Steps

The European Council must now adopt the legislation, and ifadopted it will enter into force 20 days after it is published inthe Official Journal of the EU. CRR III will apply from 1 January2025, with certain elements being phased in. Member States areexpected to apply measures implementing CRD IV 18 months and oneday after it enters into force.

European Parliament approves new rules to regulate ESGratings

On 25 April 2024, the European Parliament voted plenary to adopt theproposed Regulation on the transparency and integrity ofenvironmental, social and governance("ESG") rating activities which reflectsthe provisional agreement that was reached in February 2024.

The rules will add more transparency and structure around howESG ratings are undertaken and communicated:

  • separate E, S and G ratings shall be provided rather than anaggregate rating. E ratings should include information on whetherthat rating takes into account alignment with the Paris Agreementor other international agreements; and S and G factors should alsoprovide information on what account the rating takes of relevantinternational agreements;
  • the rating agency should explicitly disclose whether thedelivered rating assesses how the rated entity affects and isaffected by E, S, and G factors, which will encourage ESG raters toaddress the materiality impact entity on the environmental andsociety – known as the double materiality approach; and
  • an ESG rating provider established in the EU as a smallundertaking or small group will only be subject to some of theprovisions for its first 3 years in existence.

Next Steps

The text has not yet undergone lawyer-linguist revision, afterwhich the Parliament will confirm the final text under thecorrigenda procedure. This will likely happen in September,following the European elections.

The Council of the European Union must then adopt the finaltext, which will enter into force 20 days after its publication inthe Official Journal of the European Union. It will apply 18 monthsafter it enters into force.

The content of this article is intended to provide a generalguide to the subject matter. Specialist advice should be soughtabout your specific circ*mstances.

Ireland - White Collar Crime, Anti-Corruption & Fraud - FIG Top 5 At 5 (2024)
Top Articles
Latest Posts
Article information

Author: Carmelo Roob

Last Updated:

Views: 5759

Rating: 4.4 / 5 (65 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Carmelo Roob

Birthday: 1995-01-09

Address: Apt. 915 481 Sipes Cliff, New Gonzalobury, CO 80176

Phone: +6773780339780

Job: Sales Executive

Hobby: Gaming, Jogging, Rugby, Video gaming, Handball, Ice skating, Web surfing

Introduction: My name is Carmelo Roob, I am a modern, handsome, delightful, comfortable, attractive, vast, good person who loves writing and wants to share my knowledge and understanding with you.