2025 – Year of the Consumer

The Central Bank of Ireland’s revised Consumer Protection Code, set for publication in Q1 2025, signals sweeping changes for firms. Draft regulations and standards emphasise digitalisation, preventing financial abuse, protecting vulnerable customers, and stricter compliance timelines. Our Financial Regulation team looks at why it is important for Irish firms to get a head start on implementation in order to ensure operational readiness.

The "new" Consumer Protection Code

The final output from the Central Bank of Ireland’s (CBI) review of the Consumer Protection Code 2012 (CPC 2012) is eagerly awaited by the industry. The CBI promised that the final revised rules would be published in Q1 2025. However, industry was given advance notice of these in the CBI’s related Consultation Paper (CP 158), which was published in March 2024. Along with CP 158, the CBI produced two sets of draft regulations which will constitute the “new” Consumer Protection Code. Even at a brief glance, firms can appreciate that the new regulations will be more complex and detailed than the existing CPC 2012. They should therefore start their implementation projects as early in 2025 as possible.

Draft regulations and mapping tools

The CBI published a helpful mapping tool along with the draft regulations, allowing firms to map the provisions of the CPC 2012 to the new rules. Mechanical use of this mapping tool could give firms a false sense of security, and firms need to be careful when using it. There are new rules with no direct predecessors where firms may have to implement brand new procedures and processes. These include firms’ responsibilities to prevent financial abuse and specific rules relating to digitalisation.

There are then subtle changes to the CPC 2012 rules in many places. Firms will therefore need to analyse the revised regulations in detail to identify all relevant changes and should not assume that important details will remain the same. For example, the draft regulations propose to reduce all timelines for handling consumer complaints from 10 days in the current CPC 2012, to 5 days under the new regulations.

From mapping to implementation

When a firm has completed its detailed mapping and gap-filling exercise, it will need to undertake a further level of analysis and implementation at a higher, cross-system level. The additional exercise will result from the draft CBI Standards for Business Regulations, or ‘SfBR’, the second and shorter of the two sets of revised draft regulations.

The SfBR will be broadly analogous to the UK FCA’s Handbook Principles for Business (PRIN) and includes nine high-level conduct standards to which all regulated firms will be expected to adhere. Each of these high-level standards is supplemented by supporting standards, giving non-exhaustive illustrations of the actions that firms will be expected to take under the relevant high-level standard.

Enforcement and accountability under the SfBR

Each conduct standard will be directly enforceable against firms and the CBI can impose administrative sanctions against firms that are found to be in breach. Breaches of the SfBR by firms are also highly likely to trigger CBI inquiries into possible accompanying breaches of its individual accountability regime (IAF/SEAR) by the responsible PCFs. The SfBR will therefore need to be treated very seriously and be engaged with conscientiously by firms.

Challenges of implementation and integration

Implementing, and evidencing the implementation of, SfBR will be challenging for firms, even with the help of expected and already published CBI guidance. This is because proper implementation will likely require end-to-end review of and integration into firms’ business and compliance processes. Firms may need to fundamentally re-evaluate existing policies and procedures in light of the new standards. There is likely to be no room for complacency or assumptions that, merely because existing policies have served firms well to date, they can simply be validated without review.

Lessons from the UK’s consumer duty

We expect the CBI to take the view that the revised regulations have significantly moved the consumer protection dial in Ireland in the direction of the UK’s consumer duty. As firms with UK affiliates will know, the consumer duty resulted in multi-year, resource-heavy and costly implementation projects for UK firms, following which many had to fundamentally restructure their business models and legacy product offerings. The impact in Ireland should be lower but the examples of good practice given in the SCI guidance demonstrate that the CBI intends the new regime to result in a significant evolution in firms’ behaviour towards consumers.

Next Steps for Irish firms

It is important for Irish firms to get a head start on implementation of the revised CBI conduct of business and standards for business rules now, rather than waiting until the final rules are published. Firms could already start a high level analysis of the most likely areas where gap-filling will be required and perform a stock-take of their current Consumer Protection Risk Assessment (CPRA) process, for example.

If you would like to discuss our views on the revised CBI consumer protection rules in more detail please contact a member of our Financial Regulation team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.