European Supervisory Authority Guidelines, Recommendations & Opinions

European Banking Authority

The European Banking Authority (EBA) publishes a list of its consumer protection and financial innovation related Technical Standards, Guidelines, Recommendations, Opinions, Reports, and other publications here.

European Insurance and Occupational Pensions Authority

The European Insurance and Occupational Pensions Authority (EIOPA) publishes its consumer protection and financial innovation related Guidelines and other publications here.

European Securities and Markets Authority

The European Securities and Markets Authority (ESMA) publishes its Guidelines and Technical Standards here. Read the Central Bank's Markets Update.

Guidelines on cross-selling practices

On 11 July 2016, ESMA published Guidelines on cross-selling practices. The guidelines apply in relation to cross-selling practices within the meaning of subparagraph 42 of Article 4(1) of MiFID II. In particular, the guidelines apply to the offering of an investment service together with another service or product as part of a package or as a condition for the same agreement or package. The Central Bank of Ireland complies with these guidelines and incorporates them into its on-going supervisory practices and processes. Firms are expected to comply with these guidelines from 3 January 2018.

ESMA Guidelines for the assessment of knowledge and competence

On 3 January 2017, ESMA published the Guidelines for the assessment of knowledge and competence. The purpose of these guidelines is to specify the criteria for the assessment of knowledge and competence required under Article 25(1) of MiFID II, in accordance with Article 25(9) of the same Directive. The guidelines apply from 3 January 2018.  MiFID firms and persons acting on behalf of such firms are currently subject to the Minimum Competency Code 2011 (MCC) when carrying out certain MiFID activities.  The MCC has been amended to reflect the Guidelines.   Regulated firms and persons acting on their behalf are expected to comply with the ESMA Guidelines from 3 January 2018.

ESMA Guidelines on complex debt instruments and structured deposits

On 4 February 2016, ESMA published Guidelines on complex debt instruments and structured deposits. The purpose of these guidelines is to specify the criteria for the assessment of (I) debt instruments incorporating a structure which makes it difficult for the client to understand the risk involved and (ii) structured deposits incorporating a structure which makes it difficult for the client to understand the risk of return or the cost of exiting the product before term. ESMA expects these guidelines to strengthen investor protection and to promote greater convergence in the classification of “complex” or “non-complex” financial instruments or structured deposits for the purposes of the appropriateness test/execution-only business in accordance with Article 25(3) and 25(4) of MiFID II. The Central Bank of Ireland complies with these guidelines and incorporates them into its on-going supervisory practices and processes. Firms are expected to comply with these guidelines from 3 January 2018.

ESMA Guidelines on MiFID II product governance requirements

On 5 February 2018, ESMA published Guidelines on MiFID II product governance requirements.  The purpose of these guidelines is to provide more clarity on the product governance obligations for firms set out in MiFID II.  In particular, they concern the manufacturing or distribution of investment products.  The Central Bank of Ireland complies with these guidelines and incorporates them into its on-going supervisory practices and processes. Firms are expected to comply with these guidelines from 3 January 2018.

Joint Committee Publications

Guidelines on complaints-handling for the securities (ESMA) and banking (EBA) sectors

In June 2014, the Joint Committee Guidelines on complaints handling for the securities and banking sectors were published. These Guidelines are addressed to competent authorities and seek to:

  • Clarify expectations relating to firms’ organisation relating to complaints handling;
  • Provide guidance on the provision of information to complainants;
  • Provide guidance on procedures for responding to complaints;
  • Harmonise the arrangements of firms for the handling of all complaints they receive; and
  • Ensure that firms’ arrangements for complaints handling are subject to a minimum level of supervisory convergence across the EU

On 31 July 2018, the revised Guidelines on complaints handling for the securities and banking sectors were published. The revised Guidelines extend the scope of the Guidelines to authorities competent for supervising the new institutions under the revised Payment Services Directive (PSD2) and the Mortgage Credit Directive (MCD). These institutions are as follows:

  • Payment Initiation Service Providers (PISPs)
  • Account Information Service Providers (AISPs)
  • Retail Credit Firms
  • Mortgage Credit Intermediaries

The revised Guidelines will take effect from 1 May 2019.

European Banking Authority Publications

EBA Guidelines on operational and security risks of payment services under PSD2

10 April 2018

On 12 December 2017, the European Banking Authority (EBA) published Guidelines on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2). These Guidelines set out the requirements that payment service providers (PSPs) should implement in order to mitigate operational and security risks derived from the provision of payment services. The Guidelines cover governance, including the operational and security risk management framework, and risk management and control models, and outsourcing; risk assessment, including the identification and classification of functions, processes and assets; and the protection of the integrity and confidentiality of data and systems, physical security and access control. The Guidelines also cover the monitoring, detection and reporting of operational or security incidents; business continuity management, scenario-based continuity plans including their testing and crisis communication; the testing of security measures; situational awareness and continuous learning; and the management of the relationship with payment service users. In accordance with Article 16(3) of Regulation (EU) No 1094/2010, competent authorities and financial institutions must make every effort to comply with guidelines. The Central Bank complies with the Guidelines and has incorporated them into its ongoing supervisory practices and processes for PSPs. Firms are expected to comply with the Guidelines. The Guidelines are effective from 13 January 2018 .      

EBA Guidelines on Authorisation under PSD2

26 February 2018

On 11 July 2017, the European Banking Authority (EBA) published Guidelines on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers under Directive 2015/2366 (PSD2).  The Guidelines set out the information to be provided by applicants intending to obtain authorisation as payment institutions and electronic money institutions as well as to register as account information service providers under PSD2. In accordance with Article 16(3) of Regulation (EU) No 1094/2010, competent authorities and financial institutions must make every effort to comply with guidelines. The Central Bank complies with the Guidelines and has incorporated them into its authorisation process for payment institutions and e-money institutions and its registration process for account information service providers. The Guidelines are effective for applicant firms from 13 January 2018 .

EBA Guidelines on procedures for complaints of alleged infringements of PSD2

26 February 2018

On 13 October 2017 the European Banking Authority (EBA) published Guidelines on procedures for complaints of alleged infringements under Directive (EU) 2015/2366 (PSD2) to be followed by competent authorities (CAs) to monitor effective compliance by payment service providers (PSPs) under Directive (EU) 2015/2366 (PSD2). The Guidelines govern the process through which payment service users and other interested parties can submit complaints to CAs with regard to alleged infringements of PSD2 by PSPs. In particular, these Guidelines specify the requirements for the channels to be used by complainants to file their complaints, the information CAs should request from complainants when complaints are submitted to them, and the information CAs should include in their responses to complaints. In accordance with Article 16(3) of Regulation (EU) No 1094/2010, competent authorities must make every effort to comply with guidelines. The Central Bank complies with the Guidelines and has incorporated them into its  Protected Disclosures procedure. The Guidelines are effective from 13 January 2018.  

EBA Guidelines on major incident reporting under PSD2

26 February 2018

On 27 July 2017 the European Banking Authority (EBA) published Guidelines on major incident reporting under Directive (EU) 2015/2366 (PSD2).  The Guidelines set out the criteria, thresholds and methodology to be used by payment service providers (PSPs) to determine whether or not an operational or security incident should be considered major and, therefore, be notified to the competent authority (CA) in the home Member State.  In addition, these Guidelines establish the template that PSPs will have to use for this notification and the reports they have to send during the lifecycle of the incident, including the timeframes for submitting those reports. In accordance with Article 16(3) of Regulation (EU) No 1094/2010, competent authorities and financial institutions must make every effort to comply with guidelines. The Central Bank complies with the Guidelines and has incorporated them into its ongoing supervisory practices and processes for PSPs. Firms are expected to comply with the Guidelines from their effective date of 13 January 2018.

EBA publishes Opinion on the Transition from PSD1 to PSD2

The EBA has published an Opinion in relation to the transition from the first Payment Services Directive (PSD1) to the revised Payment Services Directive (PSD2) which became effective 13 January 2018. The EBA opinion clarifies a number of issues identified by market participants and competent authorities, including with regard to the transitional period foreseen under PSD2, including the transitional arrangements that apply to account information service providers and payment initiation service providers.

EBA Guidelines on Remuneration Policies for Sales Staff

13 February 2017

On December 13th 2016, the European Banking Authority (EBA) published Guidelines on remuneration policies and practices related to the provision and sale of retail banking products and services. In accordance with Article 16(3) of Regulation (EU) No. 1093/2010, competent authorities and financial institutions must make every effort to comply with the guidelines. The guidelines apply from 13 January 2018.

The guidelines apply to remuneration paid to staff employed by credit institutions, mortgage credit intermediaries, retail credit firms, payment institutions, electronic money institutions and credit unions when providing deposits, payment accounts, payment services, electronic money, residential mortgages, and other forms of credit to consumers.

The guidelines include detailed requirements on (1) the design and monitoring of remuneration policies and practices, which should take into account the rights and interests of consumers; (2) documentation, notification and accessibility of the remuneration policies and practices; (3) approval of and responsibility for the remuneration policies and practices; and finally (4) monitoring of compliance with the guidelines.

In addition to existing requirements on remuneration, firms are expected to comply with these guidelines by their effective date, 13 January 2018. These guidelines will be incorporated into the Central Bank’s on-going supervisory practices and processes.

EBA Guidelines on Arrears and Foreclosure

29 March 2016

On 1 June 2015, the EBA published Guidelines on Arrears and Foreclosure. The guidelines provide additional detail to the requirements in Article 28 of the Mortgage Credit Directive (Directive 2014/17/EU on credit agreements for consumers relating to residential immovable property). In accordance with Article 16(3) of the EBA Regulation (Regulation (EU) no 1093/2010), competent authorities and financial institutions must make every effort to comply with these guidelines. The guidelines are effective from 21 March 2016.

The guidelines apply to creditors in Ireland that provide credit that falls within the scope of the Mortgage Credit Directive, i.e. credit institutions, retail credit firms and credit unions.

The Central Bank of Ireland intends to comply with these guidelines, and will incorporate them into its on-going supervisory practices and processes for the firms that fall within the scope of the Mortgage Credit Directive in Ireland. Firms are expected to comply with these guidelines from 21 March 2016.

EBA Guidelines on Creditworthiness Assessment

29 March 2016

On 1 June 2015, the EBA published Guidelines on Creditworthiness Assessment. The guidelines provide additional detail to the requirements in Articles 18 and 20(1) of the Mortgage Credit Directive (Directive 2014/17/EU on credit agreements for consumers relating to residential immovable property). In accordance with Article 16(3) of the EBA Regulation (Regulation (EU) no 1093/2010), competent authorities and financial institutions must make every effort to comply with these guidelines. The guidelines are effective from 21 March 2016.

The guidelines apply to creditors in Ireland that provide credit that falls within the scope of the Mortgage Credit Directive, i.e. credit institutions, retail credit firms and credit unions.

The Central Bank of Ireland intends to comply with these guidelines, and will incorporate them into its on-going supervisory practices and processes for the firms that fall within the scope of the Mortgage Credit Directive in Ireland. Firms are expected to comply with these guidelines from 21 March 2016.

Decision of the EBA specifying the benchmark rate under Annex II to Directive 2014/17/EU (Mortgage Credit Directive)

22 March 2016

On 21 March 2016, the EBA published its decision specifying the benchmark rate under the Mortgage Credit Directive.

In certain circumstances, as set out in Schedule 2 of the European Union (Consumer Mortgage Credit Agreements) Regulations 2016 (S.I. No. 142 of 2016), creditors must use this benchmark rate to calculate the illustrative example of the Annual Percentage Rate of Charge and an illustration of a maximum instalment amount. These illustrations must be provided to the consumer in the European Standardised Information Sheet.

EBA Guidelines on Product Oversight and Governance

9 December 2015

On 15 July 2015, the EBA published guidelines on Product Oversight and Governance Arrangements for Retail Banking Products (Guidelines) which set out requirements for manufacturers and distributors when designing and bringing to the market retail banking products such as mortgages, personal loans, deposits, payment accounts, payment services and electronic money. In accordance with Article 16(3) of Regulation (EU) No 1093/2010, competent authorities and financial institutions must make every effort to comply with the guidelines.

The guidelines are divided into two parts:

  • The first part sets out requirements for manufacturers of retail banking products on their internal control functions; the identification of the target market; product testing; disclosure; product monitoring, remedial actions, and distribution channels.
  • The second part of the guidelines sets out requirements for the distributors of retail banking products on their governance arrangements, the identification and knowledge of the target market, and information requirements.

The Central Bank of Ireland will apply the guidelines to consumers as defined in the guidelines and will not extend that definition to include micro-enterprises and small and medium- sized enterprises.

The guidelines apply to all products brought to the market after the implementation date of the guidelines as well as to existing products on the market that are significantly changed after the implementation date of the guidelines. The Central Bank of Ireland will not, at this time, extend the application of the guidelines to products that are brought to the market before the implementation date of the guidelines. However, this will not preclude the Central Bank of Ireland from raising a potential product oversight and governance issue with a regulated entity regarding an existing product where there are concerns relating to actual or potential consumer detriment. The Central Bank of Ireland will keep the matter of application to some or all existing products under review.

The Central Bank of Ireland intends to comply with the guidelines and will incorporate them into its ongoing supervisory practices and processes. The Central Bank of Ireland does not, at this point, propose amendments to the legal framework.

The Guidelines will apply from 3 January 2017.

EBA Guidelines on the Security of Internet Payments

11 June 2015

On 19 December 2014, the EBA published Guidelines on the Security of Internet Payments (Guidelines) which set the minimum security requirements for Payment Service Providers (PSPs) in the European Union. These Guidelines seek to strengthen requirements for the security of internet payments across the EU and were developed in response to concerns about the increase in fraudulent activity related to internet payments. In accordance with Article 16(3) of Regulation (EU) No 1093/2010, competent authorities and financial institutions must make every effort to comply with the guidelines.

Among other things, PSPs will be required to carry out strong customer authentication in order to verify the customer identity before proceeding with an on-line payment.  PSPs will also be required to provide assistance and guidance to their customers in relation to the secure use of internet payments.  In particular, they will have to initiate customer awareness programmes so as to ensure their users understand potential risks and best practices in internet payments.

The Central Bank of Ireland intends to comply with the guidelines, and will incorporate them into its on-going supervisory practices and processes for PSPs.  All firms within the scope of these guidelines are expected to comply from 1 August 2015.

European Insurance and Occupational Pensions Authority

EIOPA Preparatory Guidelines on Product Oversight and Governance

29 July 2016

On 13 April 2016, the EIOPA published preparatory guidelines on Product Oversight and Governance Arrangements by Insurance Undertakings and Insurance Distributors (Guidelines) which set out requirements for manufacturers and distributors when designing and bringing to the market insurance products. In accordance with Article 16(3) of Regulation (EU) No 1094/2010, competent authorities and financial institutions must make every effort to comply with the guidelines.

The guidelines are divided into two parts:

  • The first part sets out requirements for manufacturers of insurance products on the establishment and review of product oversight and governance arrangements; the identification of the target market; skills, knowledge and expertise; product testing; product monitoring, remedial actions, and distribution channels.
  • The second part of the guidelines sets out requirements for the distributors of insurance products on the establishment and review of product distribution arrangements; obtaining information about the target market; distribution strategy; and the provision of sale information to the manufacturer.

The guidelines apply to all products brought to the market after the implementation date of the guidelines as well as to existing products on the market that are significantly changed after the implementation date of the guidelines. The Central Bank of Ireland will not, at this time, extend the application of these guidelines to products that are brought to the market before the implementation date of the guidelines. However, this will not preclude the Central Bank of Ireland from raising a potential product oversight and governance issue with a regulated entity regarding an existing product where there are concerns relating to actual or potential consumer detriment. The Central Bank of Ireland will keep the matter of application to some or all existing products under review.

The Central Bank of Ireland intends to comply with the guidelines and will incorporate them into its ongoing supervisory practices and processes. The Central Bank of Ireland does not, at this point, propose amendments to the legal framework.

The Guidelines will apply from 3 January 2017.