🇮🇪 CBI Enforcement high

Remarks by Deputy Governor Colm Kincaid to Central Bank of Ireland’s Consumer Protection Workshop – Consumer Protection at the Heart of Our Mission

Published 24 March 2026 | Ireland

AI Analysis

Executive Summary

Deputy Governor Colm Kincaid's speech on 24 March 2026 emphasizes consumer protection as central to the Central Bank of Ireland's (CBI) mission amid geopolitical, technological, and economic changes, highlighting the revised **Consumer Protection Code 2025** (CPC 2025) as a key modernization effort. This matters for compliance professionals because the CPC 2025 introduces enhanced, digitally-focused protections effective **24 March 2026**, replacing the 2012 Code after a 12-month implementation period, with firms required to proactively secure customer interests. #

What Changed

The CPC 2025 comprises Standards for Business Regulations (governance, resources, risk management, conduct standards) and Consumer Protection Regulations (cross-sectoral and sector-specific rules for consumers). Major updates include: - Core obligation: Firms must "secure customers’ interests," shifting to a proactive, customer-focused mindset. - Cross-sectoral requirements: Knowing the consumer/suitability; conflicts of interest/remuneration; vulnerable consumers (updated definition); digitalisation (customer-focused design); effective informing (beyond disclosure); charges/regulatory status info; unregulated activities distinction; advertising; bundling; errors/complaints resolution; records/compliance. - Specific enhancements: Fraud/scam protections; mortgage switching disclosures; gree

What You Need To Do

Gap analysis
Policy/system updates
Governance/risk
Testing/monitoring
Stakeholder engagement

Key Dates

24 March 2025 - CBI publishes revised CPC 2025, Standards for Business Regulations, Consumer Protection Regulations, and guidance.

24 March 2026 - CPC 2025 takes effect; existing 2012 Code ceases (12-month implementation period ends).

Until 24 March 2026 - 2012 Code (with addenda) remains in force.

Compliance Impact

Urgency: High – With effectiveness today (24 March 2026), firms face immediate non-compliance risk as the 12-month window closes; CBI supervision will intensify on digital/fraud/vulnerability protections amid heightened risks (e.g., cyber, scams). Non-adherence risks enforcement under CBI's powers, reputational damage, and fines, especially as this "gold-plates" EU rules in a volatile environment.

Who is Affected

*regulated financial service providers in Ireland dealing with consumers (natural persons, groups like clubs/charities, corporates/SMEs ≤€5m turnover). This spans banks, insurers, investment firms, credit providers, payments/e-money entities, and intermediaries; licensed moneylenders have a separate code.

References

Summary

Good afternoon and welcome to this Central Bank of Ireland workshop on the Consumer Protection Code. Today I will focus on the outlook for consumers and investors. But first let me pause to talk a little about the broader context in which we find ourselves. We are living through a period marked by extraordinary change, geopolitical instability, rapid technological transformation and shifting economic conditions. Governor Makhlouf summarised this well when he said how 2026 has already seen ext...

Sectors

Banking & Credit Insurance & Pensions Payments & E-Money Consumer Credit Mortgage & Lending

Topics

Consumer Protection / Conduct Operational Resilience / Outsourcing Technology & Cyber

Relevant Firm Types

BankInsurancePayment ProviderAll Firms

View Original on CBI Back to Feed