Finance in transition: the Central Bank’s approach to tokenised finance – Speech by Deputy Governor Vasileios Madouros

What Changed

• - The CBI formally recognises tokenisation and shared, programmable ledgers as a likely core infrastructure of the future financial system and signals that regulation will evolve to treat tokenised activities as part of mainstream finance, not as a s
• The speech confirms that CBI’s regulatory approach will be “technology‑neutral but not technology‑blind”, indicating that existing EU and Irish rules (e.g. MiFID II, UCITS, AIFMD, PSD2/PSR, CRR/CRD, Solvency II) are expected to apply to tokenised act
• The CBI emphasises the need to keep central bank money at the core of tokenised finance, aligning its stance with Eurosystem work on wholesale and retail central bank digital currency (CBDC) and tokenised central bank money as settlement assets.
• The speech reinforces that tokenised instruments representing traditional financial assets (securities, deposits, fund units) will generally be treated as regulated financial instruments, triggering full conduct, prudential and market integrity requi
• The CBI highlights operational resilience, cyber risk, interoperability and smart‑contract governance as critical supervisory focus areas for tokenised finance infrastructure and platforms.
• The speech ties CBI’s tokenisation work to its March 2026 Discussion Paper on tokenisation and DLT in financial services, underlining that feedback to that paper will shape future Irish and EU policy, including possible changes to authorisation, outs

Suggested Considerations

• Map all current and planned tokenisation and DLT initiatives (including pilots and proofs of concept) across the group and identify which EU and Irish regulatory regimes they fall under (MiFID II, UCITS, AIFMD, CRR/CRD, PSD2/PSR, Solvency II, MiCA, DORA, etc.).
• Perform a regulatory gap analysis to confirm that tokenised products and services are fully captured within existing licensing permissions and assess whether any variation of permission, new authorisation, or recognition as a market infrastructure is required.
• Review and update governance arrangements so that boards and senior management explicitly oversee tokenisation strategies, risk appetite, and the use of DLT, including ensuring clear allocation of responsibilities under the firm’s senior manager or fitness and probity framework.
• Integrate tokenisation‑specific risks into the firm’s risk management framework, covering legal enforceability of tokens, smart‑contract risk, cyber and operational resilience, data integrity, interoperability, concentration risk in technology providers, and settlement and counterparty risk.
• Review outsourcing and third‑party risk management frameworks to ensure that DLT platform providers, smart‑contract developers, node operators and custodians are treated as critical or important outsourced service providers where appropriate, with robust contractual, oversight and exit provisions.
• Update operational resilience programmes to incorporate DLT infrastructures, including incident response for smart‑contract failures, consensus breakdowns, key compromise, chain forks and node outages, and ensure alignment with DORA and CBI operational resilience expectations.

Key Dates

Who is Affected