Search
Industry Updates

Central Bank Highlights Focus Areas for Payment and E-Money Firms

  • in Industry Updates
Related Services

Background

The Central Bank of Ireland (“CBI”) has published its Regulatory & Supervisory Outlook Report 2026 (the “Report”), setting out its strategic priorities and planned supervisory activities for the year ahead.

This note summarises the key issues arising from the Report that are of particular relevance to payment institutions and electronic money institutions operating in Ireland.

Overarching Supervisory Priorities for 2026

The CBI has identified five overarching priorities for 2026 that will shape its supervisory engagement with regulated firms, including those in the payment and e-money sector:

  1. Maintaining and building resilience to geopolitical risks and macro-financial uncertainties, including work on operational resilience, cyber security and financial resilience in the face of a volatile macro-environment.
  2. Securing consumer and investor interests, with a particular focus on how firms operate, digitalisation, and financial crime.
  3. Responding to technology-driven transformations, including the expanding use of artificial intelligence (“AI”), digital money and tokenisation, and the implications of these changes for firms and the financial system.
  4. Helping to address environmental and societal transitions underway, including sustainable finance and protection gaps.
  5. Enhancing how the CBI regulates and supervises, including evolving supervisory approaches, improvements to gatekeeping and delivering on simplification.

Key Supervisory Focus Areas for the Payment and E-Money Sector

The CBI’s supervisory focus for the payment and e-money sector in 2026 is organised around five key areas:

  1. Safeguarding of Customers’ Funds

    The CBI regards the protection of customer money as a fundamental priority and has made clear that it will not accept any shortcomings in firms’ safeguarding arrangements. Unlike bank deposits, funds held by payment and e-money firms do not benefit from the protection of a deposit guarantee scheme, making robust safeguarding frameworks essential.

    To underscore the importance of this area, the CBI has introduced a new Pre-Approved Control Function (“PCF”) for the Head of Safeguarding role, which took effect in February 2026.

    Key planned activities include:

    • Reviewing the steps firms have taken to remediate previously identified weaknesses in their safeguarding processes.

    • Evaluating how firms have implemented the new Head of Safeguarding PCF role.

  2. Financial Crime

    The payment and e-money sector has inherently high exposure to the risk of financial crime, including money laundering, terrorist financing and fraud. The nature of these businesses, characterised by high transaction volumes, cross-border operations and varied service offerings, creates particular vulnerabilities.

    The CBI has noted ongoing concerns about firms’ ability to accurately assess and manage their money laundering and terrorist financing exposures.

    Planned supervisory activities include:

    • Conducting Anti-Money Laundering (“AML”) inspections and targeted reviews to evaluate the robustness of firms’ AML/Countering the Financing of Terrorism (“CFT”) frameworks.

    • Completion of an enhanced Risk Evaluation Questionnaire capturing detailed quantitative and qualitative risk information on ML/TF risk and the quality of AML/CFT controls.

    • Cross-sectoral thematic review of controls on certain types of fraud as well as the fair treatment of customers who fall victim to fraud.

  3. Business Models and Financial Resilience

    The CBI has observed that many wind-down plans lack proper integration with broader risk management frameworks and do not include appropriate triggers for initiating an orderly wind-down. Separately, the European Commission’s clarification on the circumstances in which electronic money comes into existence may have implications for certain EMI product offerings and business models.

    Planned supervisory activities include:

    • A thematic review of financial resilience, including strategic planning and wind-down planning.

    • Continue engaging with electronic money institutions regarding the European Commission’s guidance on the definition of electronic money and its practical consequences.

  4. Operational and Cyber Resilience

    The CBI has noted an increase in reported major incidents involving system outages, and firms remain exposed to cyber threats given the current geopolitical climate and their reliance on third-party service providers.

    Key planned activities include:

    • Issuing feedback on the thematic review of the governance and effectiveness of IT outsourcing.

    • Targeted follow-up on remediation strategies for those firms with identified operational, cyber risk and resilience issues.

    • Assessing compliance with Digital Operational Resilience Act requirements, including the submission of Registers of Information and the reporting of major incidents.

    • Monitoring developments relating to the forthcoming Payment Services Directive (“PSD3”) and Payment Services Regulation.

    • Collaborating with industry stakeholders and government on initiatives to strengthen system-wide operational resilience for payment services.

  5. Culture, Governance and Risk Management

    The CBI expects firms to strike an appropriate balance between commercial objectives and customer welfare. A thematic review conducted in 2025 on complaint handling revealed that some firms struggle to properly recognise and classify customer grievances, with underlying issues often going unaddressed.

    Planned activities include:

    • Cross-sectoral thematic review of whether customers are being informed effectively.

    • Cross-sectoral review of how firms are carrying out root cause analysis of errors and applying learnings to their wider product and service suite.

    • Cross-sectoral thematic review of the identification and treatment of vulnerable customers.

    • Evaluation of board composition, governance structures and resourcing levels.

    • A thematic review of firms’ use of distributors and agents.

Conclusion

The Report signals a continued regulatory and supervisory focus on the fundamentals of sound governance, effective risk management and operational resilience. For payment and e-money firms, the key areas of focus remain safeguarding of customer funds, financial crime prevention, business model sustainability and wind-down planning, operational and cyber resilience, and customer-centric culture and governance.

Firms should proactively review their frameworks in these areas in anticipation of the CBI’s planned thematic reviews and supervisory engagements throughout 2026.

How we can help

Our dedicated Irish Financial Services Regulatory Group offers the full range of services to Fintech clients, including advice on M&A and capital raising, establishment, authorisation and change of control services, ongoing compliance support and assurance, error reporting and guidance through supervisory and enforcement processes with the Central Bank and advice in relation to corporate governance, conduct and culture, compliance with the regulatory regime applicable to payment and e-money firms, and assistance guidance and advice through risk mitigation programmes.

Full details of the services we provide is available on our website and in our Irish Financial Services Regulatory and FinTech brochures.

If you would like further information, please liaise with your usual Maples Group contact or the persons on this page.

Primary Contacts
Primary Contacts

You may also be interested in

Menu
Home
People

Legal Services

Fiduciary Services

Fund Services

Entity Formation & Management Services

Regulatory & Compliance

Specialty Services

All Services

Locations
Knowledge
About
News
Careers

Client Platforms

Blog

Webcasts

Podcasts

ESG

CSR