I am delighted to welcome you to the Central Bank of Ireland this morning. It is very positive to see you turning out in such numbers[1]. We have a lot of engagement with your sector through wider Central Bank fora, through your industry associations and bilaterally with you as individual firms. But this is the first of these events where we have brought so many of the firms together since myself and the team took over responsibility for the sector. I hope you find the event useful.
Our financial regulation priorities as set out by Governor Makhlouf in his January letter (PDF 1.29MB) to Minister McGrath are set in the context of the global macro-economic and risk environment, our statutory mandate, our domestic and international responsibilities, and Ireland’s large and increasingly complex financial sector. Our overarching supervisory objective is to ensure that we have a stable, resilient and trustworthy financial sector operating sustainably (and as our mission states) in the best interests of consumers and the wider economy.
Some of you may have seen that we published our new Regulatory & Supervisory Outlook report this morning. This report sets out the Central Bank’s perspective on the key trends and risks that are shaping the financial sector operating landscape and our consequent regulatory and supervisory priorities for the next two years. The report aims to complement the detailed feedback we give to firms through our sector-specific supervisory engagement, the variety of publications we issue and the various consultative forums and conferences held throughout the year.
The Payment and Electronic Money sector is of increasing importance in Ireland and Europe and we continue to see material levels of growth both in terms of the numbers of firms operating in the sector and their activity levels. Specifically, the number of Payment and Electronic Money firms regulated by the Central Bank has tripled in the last 6 years (to 51 authorised firms as at end of December 2023). We have seen a more than 10 fold increase in safeguarded funds (to approximately €8bn), and there is a strong pipeline of firms seeking to be authorised.
As the financial landscape and the wider ecosystem evolves, we acknowledge the need to evolve with it, as does regulation and supervision more generally. Technological innovation is an important focus of attention for us. While innovative firms can provide significant benefits to consumers and the wider marketplace, our objective is to ensure the regulatory environment enables the potential benefits of innovation for consumers, businesses and society to be realised, while the risks are effectively managed[2]. The development of a National Payments Strategy by the Department of Finance is a welcome initiative. The payment system is central to the Central Bank’s mission of maintaining monetary and financial stability, while ensuring that the financial system operates in the best interests of consumers and the wider economy. The Central Bank has a multi-faceted role within the payment system, and we will publish our response to the Department’s consultation shortly.
Supervisory Priorities
We work hard to ensure our supervisory approach is the right one. Supervision of innovative and fast growing firms, like those in the Payment and Electronic Money sector, is crucial to ensure governance and risk management capabilities are growing along with the size and scale of their businesses. We consistently seek to ensure our supervisory approach for the Payment and E-Money sector remains risk-based, it is led by judgement and focussed on the outcomes we are seeking to achieve. Where we identify unacceptable or unmanaged risks during the course of our supervisory work which ultimately could pose risk to the protection of consumers and their funds, firms can expect the intensity of supervisory and engagement to increase. Being risk based, also means we do not operate a no failures regime but rather work to ensure that any firms that do fail do so in an orderly way, hence our emphasis on wind up planning. We deliver our strategy in an integrated manner leveraging our entire mandate, with colleagues from across the Central Bank, many of whom are in the room today.
For the year ahead our priorities for the sector are four-fold:
- Safeguarding;
- Operational Resilience and Outsourcing;
- Governance, Risk Management, and Anti-Money Laundering and Countering the Financing of Terrorism; and
- Business Model and Financial Resilience.
The sector is diverse, and firms can grow rapidly, including through passporting their services across the EU. The cross border nature of your sector's activity means that engagement with peer regulators is also vital, We place an important emphasis on our role as part of the European System of Financial Supervision, the European Supervisory Authorities and our collaboration bilaterally with our regulatory counterparts across the EU, UK and wider. We are interconnected, and actively participate in the supervisory convergence work of the ESAs.
Supervisory Experience and Perspective
Our key messages to you as a sector are largely unchanged over recent years and bear repeating at this important forum. I have already mentioned our deep-dives on the topics of safeguarding and wind-down planning. These are top of mind for us. They go to the core of your role in society, in this instance to protect people’s money. They go to the trust that we as regulator and the public more widely can place in individuals and firms, authorised within a payments system to hold and transfer people’s money.
Of note, is that relative to other sectors my teams supervise, I see a higher level of misunderstanding of perspectives. We have published two Dear CEO letters[3][4] in recent years, responding to what we are seeing in the sector, to set out our perspective on important issues, highlight our priorities and remove any ambiguity about our approach. I see this communication as important – when we are clear with our supervisory view, our firms can engage fully with it, rather than be left trying to infer our position. We ask too that the sector engage in constructive dialogue with supervisors. If you are not clear from what we have said, seek to clarify with your supervisor. This is a team of experienced supervisors. I fully recognise that there can be divergence in the assessment or view of risk, the time horizons over which different parties view risk, and the actions that need to be taken – such supervisory conversations can be most productive when firms and supervisors are engaged in honest and open dialogue. This applies both in supervision, and when a firm seeking is to be authorised.
Based on our supervisory experience, five things come to mind which, if executed well by firms, align with our aforementioned overarching supervisory objective:
- Firstly, we recognise that many of you here today are part of larger international groups. This brings benefits of having access to global networks and intelligence, resourcing, IT infrastructure, data and funding. What’s important is that the reliance on group is not to such an extent that it compromises your substance as an Irish regulated entity. So what do we mean when we speak about substance or substantive presence as we often call it? Your firm’s Board and executive team should be able to evidence that:
- Secondly, and building on this point, firms with strong governance and risk management foundations in our experience are set up well for growth and innovation. The payments sector seeks to improve the lives of households and business – at its core it is a pro-social activity. So a functioning payments sector is one in which governance, risk and control frameworks are well-designed, embedded and overseen by suitably experienced and accountable personnel. This relates to all aspects of the operation of the business - it delivers good outcomes for customers and the wider economy. Strong controls are foundations for growth and innovation. The inherent money laundering (ML) and terrorist financing (TF) risk associated with the sector is high. The Central Bank has identified shortcomings in the understanding of ML and TF risk amongst some firms, with controls not as robust as they should be and not commensurate with the level of risk exposure. Specific weaknesses in AML and CFT controls include ineffective customer onboarding and monitoring systems, together with weak processes to identify high risk ML and TF factors associated with customers and transaction activity.
3. I would like to see resilience front of mind for boards and executives
Availability, reliability and security of payment services are key to consumers maintaining trust in them. Given your sectors reliance on technology, operational resilience is particularly pertinent. Operational resilience is based on the premise that operational disruptions will occur. So from a supervisory perspective, your resilience here is your own ability to identify and prepare for, respond and adapt to, and recover and learn from operational disruptions. It is about building the capability to do so within your firms and seeing your business operations through the business services lens. We welcome the open engagement and collaboration of firms on this topic at Operational Resilience Workshop for the Sector hosted by the Irish Retail Payments Forum and facilitated by our colleagues here at the Central Bank.
Innovative companies, including fintechs that found it easy to raise financing during a period of zero interest rates, may find their business models now under greater scrutiny. If the last number of years have taught us anything it is about the importance of consideration of the adverse scenarios that may weigh on your firm’s financial resilience.
4. Fourthly, entry and exit should involve deliberate thought and detailed planning. A significant portion of our work relates to authorisation. As my colleague Deputy Governor Sharon Donnery said when we consider gatekeeping, the phrase “regulated by the Central Bank of Ireland” has to mean something in terms of standards and reassurance to the people of Ireland and across Europe. And it is our responsibility to ensure that public trust is maintained. At point of entry, we have a gatekeeping mandate to ensure that those who are given access to the wider European market have done the necessary planning to ensure a well-governed and sustainable firm which can adequately safeguard other people’s money, protect itself against the risk of financial crime and be a constructive actor in the system. But this is also a dynamic ecosystem. Failure happens and recovery may not always be possible, despite your forward planning and credible recovery options. Hugo will talk about this more.
5. Lastly, diversity in governance will yield dividends, as will ensuring an appropriate culture. Our supervisory experience is that firms which harness diverse perspectives are well-managed, financially resilient and strategically-minded[5]. While it is for each individual organisation to own its own culture, we want the firms we regulate to be sufficiently diverse and inclusive, at all levels and particularly at senior level, to prevent group-think, guard against overconfidence, and promote internal challenge. The research shows that diversity at senior levels of regulated entities can help to improve decision-making, increase the level of challenge, and improve risk management – but more than this, our supervisory experience is that a lack of diversity is an indicator of elevated behaviour and culture risks.
To conclude, the Payment and Electronic Money sector is of increasing importance in Ireland and Europe and we have seen material levels of growth both in terms of the numbers of firms operating in the sector and their activity levels. In our supervisory experience, we have seen firms in the sector that are well run, whose regulatory maturity and risk management capabilities have grown in line with their balance sheets and whose board and executive are well versed in the local regulatory environment. This unfortunately however is not our universal experience and we see many firms taking a passive approach which does not live up to our expectations. Such an approach creates a fundamental risk to the security of customers funds, and the integrity of the system. But also has the potential to impact not just the credibility of such firms but also their profitability. The recent safeguarding audits have evidenced that some firms in the sector have not taken their responsibilities seriously enough and the sector needs to take further – and in some cases - significant action to enhance their safeguarding practices. It is your responsibility to ensure that you are keeping your customer's money safe, that your business is effectively managed to deliver the services acquired by your customers and that customers funds can be fully and timely returned in a wind down scenario. Getting it right is also good for business, so addressing these issues should been seen as an enabler for growth[6].
I will finish there. I hope for this event to be a dialogue, so I look forward to hearing your perspectives on
_
[1] With thanks to Raoul Holden, Melissa McCahey and Steven Cull for their help preparing these remarks.