Revised Consumer Protection Code Published

The Central Bank of Ireland has published the two sets of regulations that will replace the existing Consumer Protection Code. The regulator has also published accompanying guidance documents intended to assist regulated firms in implementing the new requirements. Our Financial Regulation team reviews the scope of the new regulations and sets out next steps for firms that come within their scope.

The Central Bank of Ireland has now published its Feedback Statement to the Consultation Paper on the Consumer Protection Code (CPC), together with the new Regulations and Guidance documents. In-scope firms have a 12-month period to ensure they are in compliance with the requirements before the revised CPC comes into effect on 24 March 2026.

Why did the Central Bank propose to revise the CPC?

The Central Bank published a Consultation Paper in March 2024 setting out proposals for a modernised CPC. The Central Bank mentioned the G20/OECD High Level Principles on Financial Consumer Protection 2022 as one of the main drivers of the CPC review. Additional factors prompting the review included the evolution in the understanding of consumer protection in Ireland, resulting from issues such as the tracker mortgage debacle, COVID-19 business interruption, and differential pricing. It was also influenced by the increased digitalisation of financial services and the growing focus on climate risk. The consultation period, which allowed financial service providers the opportunity to raise any concerns they had on the Central Bank’s proposals, closed in June 2024. Taking this feedback into consideration, the Central Bank has now completed its comprehensive review of the Consumer Protection Code 2012.

Central Bank regulations

The existing CPC is a single document drafted and described as a “Code”, albeit a binding one. In contrast, the Central Bank has used its statutory powers to publish two separate sets of regulations giving effect to the revised CPC.

The first set is the Central Bank Reform Act 2010 (Section 17A) (Standards for Business) Regulations 2025, referred to as the ‘Standards for Business’. The Standards for Business set out the high-level Standards that will apply to all regulated firms. The production of these Standards formed part of the Central Bank’s original proposals regarding individual accountability. The Standards for Business set out the governance, resource and risk management requirements for firms as well as conduct standards for firms. They are complemented by the ‘Supporting Standards for Business’, which set out further detail on firms’ obligations. The Standards for Business and the Supporting Standards for Business, which address securing customers’ interests (SCI) and financial abuse, will only apply to firms when doing business with individuals and small businesses. All other Standards for Business and Supporting Standards for Business will apply to the regulated business of firms conducted with all customers.

An important point regarding the Standards for Business is that they are absolute requirements. This means that a firm which is sanctioned for failure to comply with a Standard cannot use the defence that it took “reasonable measures” to observe the Standard where a breach has been found.

The second set of new regulations is the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Consumer Protection) Regulations 2025, also referred to as the ‘Consumer Protection Regulations’. The Consumer Protection Regulations comprise cross-sectoral general rules as well as sector-specific chapters applying to the provision of consumer banking services, credit and arrears, insurance and investments. The Consumer Protection Regulations generally apply only to business done by regulated firms with customers who are consumers, and in the case of some provisions, with customers who are ‘personal’ consumers.

These Regulations are significantly longer than the old CPC, in part because they incorporate the following, which were previously all separate documents:

• The Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Insurance Requirements) Regulations 2022
• The Code of Conduct on Mortgage Arrears, and
• The Central Bank (Supervision and Enforcement) Act 2013 (Licensed Moneylenders) Regulations 2020

Central Bank guidance

To support the revised CPC, the Central Bank has also published the following guidance:

• General Guidance on the CPC: intended to assist firms with implementing the updated requirements of the revised CPC. This document consolidates the CPC Guidance 2012 and the CPC Advertising Guidance 2012, as well as integrating guidance from several of the Central Bank’s Dear CEO letters.
• Guidance on SCI: sets out what firms need to do to effectively comply with their obligation to secure the interests of their customers. The SCI Guidance includes details of how this should be incorporated into the firm’s commercial objectives and reflected in the firm’s culture, strategy, business model, decision-making and operations. It is important to note that SCI only applies to firms insofar as they are dealing with “consumers” for the purposes of the CPC, not to all dealings with customers.
• Guidance on Protecting Consumers in Vulnerable Circumstances: sets out the background to the definition and approach to vulnerability under the CPC. This is an area of major policy reform in the revised CPC, and the new requirements are far more prescriptive. A significant innovation is the ability of consumers to nominate a trusted contact person (TCP) who the firm can contact to discuss concerns about possible financial abuse, or where it experiences difficulties in dealing with the consumer. The TCP has no power to give instructions on the consumer’s behalf, but the firm can share information with them and act on information provided by them. As a result, firms will need to establish new policies and processes for dealing with TCPs and update their legal T&Cs to reflect their possible involvement.

Central Bank Feedback Statement

The Central Bank’s Feedback Statement sets out the key changes it made following the consultation process, including on the following areas:

SCI

The Central Bank provided further clarification regarding its expectations of firms, including that SCI does not mean that a firm is acting on behalf of a customer and does not remove responsibility from the customer in terms of decision-making. In response to respondents seeking assurance that the SCI obligation would be applied on a proportionate basis, the Central Bank provided clarification. It stated that the CPC will continue to apply in a way that is appropriate for firms of all sizes, business models, and levels of complexity. The Central Bank noted that the concept of reasonable steps reflected in the Central Bank (Individual Accountability Framework) 2023 (IAF) is intentionally not replicated in the Supporting Standard for Business dealing with SCI. This approach is due to the fact that the IAF standards apply to individuals performing functions, which can be distinguished from obligations imposed on firms.

MiFID firms

The Central Bank clarified that the revised CPC does not conflict or overlap with the MiFID Regulations. However, it does provide guidance on how the Central Bank expects firms to meet their obligations under the MiFID Regulations.

Digitalisation

The imposition of a new set of requirements on firms involved in digitalisation projects is another key policy change in the new CPC. These are intended to make digital processes more consumer-friendly, but will substantially impact the firm’s digital journey. The Central Bank has developed guidance to support the implementation of the digitalisation requirements in the CPC, including around filtering of information, scrolling and use of hyperlinks, as well as narrowing the scope of some requirements for online transactions.

Informing effectively

The Central Bank has developed guidance for firms to support their implementation of the requirements to inform customers effectively. It includes an overview of important considerations for firms when developing and designing customer communications, such as consideration of customer profile, content, language, display, timing, delivery channel and the use of review.

Mortgage credit and switching

The Central Bank has introduced a legal requirement for mortgage lenders to provide title deeds to a borrower within a specified timeframe, as well as amending the requirements to further enhance clarity. Other guidance provided relates to mortgage incentives, enhanced disclosure requirements for lifetime mortgages and home reversion agreements. It also covers the development of criteria and expectations on Appropriate and Sustainable Alternative Repayment Arrangements (ARAs) to support firms in implementing the existing requirements in the CPC.

Unregulated activities

The Central Bank has clarified that this applies to regulated firms when providing unregulated products and services. Regulated firms must clearly distinguish between their regulated activities and their unregulated financial activities. Accordingly, they must take all appropriate steps to mitigate the risk that a customer will understand an activity to be regulated where this is not the case, including concerning the use of their branding.

Frauds and scams

The scope of requirements relating to financial abuse has been limited to existing customers only, rather than existing and potential customers. The Supporting Standard for Business relating to financial abuse is a new requirement that does not exist in the current CPC.

Protecting consumers in vulnerable circumstances

The Central Bank has refined the definition of consumers in vulnerable circumstances to reflect that vulnerable circumstances may be permanent or temporary in nature. The Central Bank has also amended the requirements that regulate the appointment of a TCP to avoid overlap with the role of a decision-making representative under the Assisted Decision Making (Capacity) Act 2015.

Climate risk

To protect customers from the risk of ‘greenwashing’, all firms must now collate information regarding customers’ attitudes to sustainability. The Central Bank has developed guidance for firms on consideration of customers’ sustainability preferences. However, it stopped short of providing templates or questionnaires for suitability assessments, on the basis that firms should implement the requirements in a way that reflects the needs of their own customers, products, and services.

SME protections

The Central Bank also provided feedback on additional policy proposals, including those related to the definition of ‘consumer’. As expected, the definition of ‘consumer’ in the CPC will be increased to include SMEs with an annual turnover of less than €5 million, an increase from the current threshold of €3 million.

Next steps

The revised CPC will come into effect on 24 March 2026. Firms will have a lot of work to do to implement the requirements of the new CPC before then.

• Firstly, they should undertake a mapping exercise to identify all of the provisions of the new CPC that are relevant to them.
• Secondly, firms should carry out a gap analysis to identify the areas where they currently have no corresponding processes and procedures and/or areas where enhancements to existing processes and procedures are required.
• Finally, firms should carry out a high-level review of their consumer-facing and product design and delivery processes from end-to-end against the Standards for Business.

If you require advice regarding any aspect of the new CPC, please reach out to a member of our Financial Regulation team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.