Welcome to the FIG Top 5 at 5

On 9 March 2026, Mary-Elizabeth McMunn, Deputy Governor, Financial Regulation at the Central Bank of Ireland (“Central Bank”), delivered a speech (“Speech”) at an “Outcomes-focused Regulation in Financial Services” conference at University College Dublin.

The Speech centred around the Deputy Governor’s views on outcomes-focused regulation and supervision and the work of the Central Bank to achieve desired outcomes. She also discussed the challenges facing the global economy and financial system in the context of the external environment.

RSO

In discussing the increasingly complex and challenging context, the Deputy Governor also highlighted the recent publication of the Central Bank’s Regulatory and Supervisory Outlook Report (“RSO”), noting that the supervisory focus and priorities of the Central Bank for the coming year are a direct response to the challenging macro environment, the risks presented by it and also the outcomes sought to be achieved by the Central Bank. Ms McMunn took the opportunity to restate the Central Bank’s five overarching priorities, as set out in the RSO, for 2026 – for more information on the RSO, see FIG Top 5 at 5 dated 5 March 2026.

What is outcomes-focused regulation and supervision?

The Deputy Director addressed the question as to what outcomes-focused regulation and supervision means for the Central Bank. Ms McMunn described the concept as a simple one, in that rules and supervisory work are designed and executed with the desired outcomes in mind. Noting that, in practice, it is not always simple, the Deputy Director stated that outcomes-focused regulation and supervision has evolved because financial regulation and supervision are always evolving, accounting for lessons learned and the changing nature of financial services and risks.

Discussing domestic legislation, such as the Individual Accountability Framework and the revised Consumer Protection Code, the Deputy Director stated that what is sought to be achieved through the imposition of such requirements is always at the forefront of considerations. She highlighted the need also for robust risk based supervision, in that outcomes cannot be achieved through rules alone.

The Deputy Director highlighted that the Central Bank’s work is focused on its four safeguarding outcomes (namely, protection of consumer and investor interests, the integrity of the financial system, the safety and soundness of firms and financial stability) and also discussed how those outcomes are delivered, noting that such delivery depends on a number of matters such as the maturity of a sector, as well as the governance, risk management and culture of firms, and the risk landscape they are operating in. She also emphasised that it is important that issues and risks are considered holistically, rather than focusing solely on one aspect.

Components for success

Ms McMunn also discussed inputs that are needed for successful outcomes-focused regulation and supervision, some of the points she raised are as follows:

• an outcomes focused rule book must be clear as to what is required and also, the regulator must have clarity on any concerns it has, what it requires and the outcome it wishes to see;
• regulators and regulations must be purposeful in ensuring delivery of desired outcomes and also clear in communicating that it is a firms responsibility to demonstrate delivery of those outcomes; and
• supervisory effectiveness and a strong supervisory culture is important and is something that the Central Bank seeks to uphold.

Supervision, simplification and open and engaged

Deputy Governor McMunn discussed the Central Bank’s move to its new supervisory approach since January 2025 – for more information, see FIG Top 5 at 5 dated 6 March 2025. She highlighted that, while supervision is still risk based, the Central Bank has moved towards placing a greater focus on outcomes, “being less process driven and being more integrated across all of our four Safeguarding Outcomes.”

The Deputy Governor also restated the five supervisory principles on which the Central Bank’s approach to supervision is based – outcomes focused / risk based / judgment led / forward looking / firm responsibilities.

She emphasised that implementation of the new approach is ongoing but that the benefits are being felt as regards effectiveness and efficiency.

As regards simplification, the Deputy Director referred to the December 2025 publication of the Central Bank’s roadmap on regulating and supervising well – for more information, see FIG Top 5 at 5 dated 11 December 2025. She stated that if simplification is done correctly and with guardrails, then it can help to better achieve the Central Bank’s outcomes but that if it is done badly then simplification could jeopardise those outcomes. Ms McMunn stated that simplification must be done “with purpose – and with outcomes firmly in mind.” Finally, on this matter she restated the Central Bank’s previously expressed position that that if circumstances require the introduction of new rules, then the Central Bank  will introduce new rules.

In the context of the Central Bank’s strategic objective to be more open and engaged, Ms McMunn highlighted the following work on the part of the Central Bank:

• the enhancement of communications and expectations in terms of authorisations and also as regards the Central Bank’s approach to fitness and probity;
• enhanced engagement with all stakeholders through initiatives such as the innovation hub and the sandbox programme. Additionally, the Deputy Director highlighted the fact that sectoral  planned supervisory activities for 2026 are set out in the RSO; and
• the publication of the annual analysis of demographics in the financial sector, discussed below.

On 10 March 2026, Gerry Cross, Director of Capital Markets and Funds at the Central Bank of Ireland (“Central Bank”), delivered a speech (“Speech”) at a crypto-asset service provider (“CASP”) industry briefing at the Central Bank.

Director Cross highlighted that the past 12 months has been very active as regards the authorisation of CASPs and the journey from the authorising of firms to what is now a supervised sector, in the context of the regulation on markets in crypto-assets (“MiCA”).

The Director’s Speech focused on three main areas:

Developments across the sector in the past 12 months

The Director emphasised that the Central Bank supports the EU’s ambitions as regards making Europe a “global digital player” , highlighting the active role played by the Central Bank in the development and implementation of both MiCA and DORA.

The Director noted that the crypto sector is coming to maturity at the same time as the technologies, products, services and service providers are continuing to embed. In this regard, he highlighted the need for the continued growth in the crypto sector to be “well governed, value oriented and positive for customers.”

AI, and the way it is transforming how many activities are carried out, was also touched on by the Director who noted that we are now seeing the interplay between AI and blockchain technology. He also pointed to the potential for AI and distributed ledger technology (“DLT”), combined, to strengthen the detection of fraud which would support better outcomes for consumers and the wider financial system.

Tokenisation was another development discussed by Director Cross, noting that the Central Bank has been engaging with industry since 2024 on the subject – in that regard, the Director pointed to the recent publication, by the Central Bank, of its discussion paper on DLT and tokenisation in financial services, discussed below.

The Director also addressed its engagement with other regulators as regards crypto-assets markets, including:

• the UK’s Financial Conduct Authority, particularly developments under its crypto roadmap; and
• its active dialogue with the European Securities and Markets Authority (“ESMA”), the European Banking Authority (“EBA”) and the International Organization of Securities Commission (“IOSCO”).

Director Cross also referenced market volatility on foot of a market crash in October 2025 and the ensuing broader sell off, with the Director stating that such volatility is a concern for regulators, with that concern being reflected in warnings issued by ESMA and the Central Bank to consumers about crypto markets.

Authorisation successes and lessons learned in 2025

Under this heading, Director Cross took the opportunity to share reflections as a result of the Central Bank’s engagement with CASPs on foot of the first authorisations across 2025. Some of  the areas addressed by the Director are as follows:

• the importance of a considered, risk-based and proportionate approach, particularly in view of the fact that many applicant CASPs are new to regulation;
• the Central Bank’s evolving approach to gatekeeping to ensure, not only its efficiency, but also to make sure it is as efficient, predictable and outcomes focused as possible. The Director highlighted that a key part of achieving this was down to stakeholder engagement, supported by a strong feedback loop;
• ensuring an outcomes focused implementation of MiCA, including the ESMA Broker Opinion;
• the importance of consumer protection, highlighting that the Central Bank places a strong focus on firms having a consumer centric approach and particularly drawing attention to the new Consumer Protection Code (“CPC”) and its overarching standard requiring firms to secure their customers’ interests;
• where the Central Bank sees  higher inherent conduct and investor protection risks in the products offered to customers and investors, it will have higher expectations of firms to address those risks;
• the importance of operational resilience, particularly in view of the fact that CASPs operate in a high risk environment with unique cybersecurity challenges. The Director emphasised the need for firms to ensure that their operational resilience frameworks are robust and commensurate with the nature and scale of their business;
• good culture and conduct risk management for CASPs is essential;
• clarity as to business model is important for CASPs seeking authorisation, citing such clarity as a key challenge for some CASPs seeking authorisation in 2025. The Director highlighted that firms who had a clear view on the alignment of their business model in the context of MiCA, and particularly, the ESMA Broker Model Opinion, experienced a smoother and quicker authorisation process;
• it is essential that an applicant CASP allocates the resources to the application process. Further, the Director also highlighted the importance of being appropriately prepared, for example, having the required documentation with the required level of detail, in place;
• the new authorisations portal for CASPs – for more information, see FIG Top 5 at 5 dated 29 January 2026.

Additional perspective on what it means to be a supervised CASP

Here, Director Cross elaborated on what the Central Bank expects of firms and what firms can expect of the Central Bank, including some detail as to supervisory plans. The Director mainly focused on consumer protection matters in this part of his Speech, particularly in the context of the Central Bank’s objective of making sure that the potential benefits of innovation are realised for the good of consumers businesses and society. Again, he stated that due to the inherently high risk nature of crypto products, consumers can be more at risk and highlighted that, as per the CPC, customers must be effectively supported.

As for the Central Bank’s approach, the Director highlighted its outcomes focused approach whereby efforts are focused on risks and vulnerabilities that pose the greatest threat to the achievement of the Central Bank’s four safeguarding outcomes.

In the context of the recently published Regulatory and Supervisory Outlook Report (“RSO”), Director Cross stated that the Central Bank recognises that, as CASPs are a new category of regulated entity and owing to their features, there are some unique supervisory priorities. With that in mind, the Director outlined some planned supervisory work and key areas of focus for 2026  for example, custody of crypto- assets / anti-money laundering / market abuse, particularly in view of the borderless nature of crypto-assets.

New quarterly CASP return

The Director stated that in Q1 2026, the Central Bank will launch  a new quarterly CASP regulatory return that will provide the Central Bank with a detailed view of the financial position of each CASP. This, in turn, will inform ongoing supervisory engagement.

1. Central Bank releases demographic analysis of PCF applications in 2025

On 6 March 2026, the Central Bank of Ireland (“Central Bank”) published its Demographics Analysis 2024 (“Analysis”) in respect of applications for pre-approval controlled function (“PCF”) roles within regulated firms.

The Analysis mainly focuses on gender diversity due to the fact that there is limited data available on other forms of diversity, other than age. It is highlighted that, although gender represents only one form of diversity, it is nonetheless an important one as it is also indicative of wider diversity trends.

The Analysis highlights that the Central Bank considers that diversity, especially at senior and board levels, is a crucial foundation for effect governance and sound decision-making.

The following is a brief overview of some of the Central Bank’s key findings:

• the rate of female applicants for some of the significant leadership roles within regulated firms has steadily increased from 16% in 2012 to 34% in 2024. However, this decreased to 31% in 2025;
• overall application numbers received in 2025 decreased by 1% compared to the previous year;
• the most significant change in application composition was in the capital markets and funds industry category, where female applicants fell to 30% in 2025 compared to 34% in 2024. However, in all industry categories there was a decrease in female representation with banking and payments and insurance industry categories both falling by 1% in 2025;
• as for the gender balance for board level applications, there was improvement in some categories but overall female applications for such positions decreased from 32% in 2024 to 29% in 2025; and
• for firms that are subject to close and continuous supervision under the Central Bank’s supervisory framework, the share of female PCF role holders increased to 38% in 2025 from 36% in 2024.

New firms seeking authorisation

In the foreword to the Analysis, Ms McMunn, Deputy Governor, Financial Regulation at the Central Bank, states that the composition of applications from new firms seeking authorisation is of particular concern for the Central Bank, with female representation at only 28%. She goes on to state that “this suggests that new entrants to the regulated financial services sector may not be embedding diversity principles from their inception. This is a missed opportunity, as new firms have the chance to shape and establish inclusive cultures from the outset.”

Monitoring

Ms McMunn highlights that the Central Bank is committed to engaging with regulated firms as to their strategies for building inclusive organisations, further highlighting that the Central Bank will continue to monitor diversity metrics as part of its supervisory framework.

Practices

Again, in the foreword to the Analysis, Ms McMunn states that the Central Bank encourages all stakeholders, from boards to industry bodies, to consider their own practices with a view to taking steps necessary to make sure that talent and capability are fully utilised across all sectors, regardless of gender.

2. Central Bank publishes discussion paper on DLT and tokenisation in financial services

On 5 March 2026, the Central Bank of Ireland (“Central Bank”) launched a discussion paper (“Paper”) on the role of distributed ledger technology (“DLT”) and tokenisation in the financial system.

The Paper highlights the potential of DLT to bring benefits for providers and users of financial services in mainstream finance, however, the Paper also acknowledges that DLT presents challenges and that these challenges need to be managed.

The Paper explores the benefits, enablers, sectoral considerations and risks associated with DLT and tokenisation in financial services. In that regard, the Paper considers how regulation, supervision and the nature of central bank money may need to change.

By issuing the Paper, the Central Bank aims to encourage informed discussion regarding the future role of DLT and tokenisation applications in the Irish and European financial services ecosystem. In the Paper, the Central Bank highlights its belief that, if DLT and tokenisation are correctly enabled and deployed, the financial system could be changed for the better, including as regards the integration and deepening of EU financial markets.

Contents

The Paper is comprised of a number of sections, some of which are considered, at a high-level, below.

Section 2 provides an explanation as to what exactly is DLT and tokenisation. Section 3 looks at the benefits of tokenisation, noting its potential to “transform the underlying infrastructure of finance and make the provision of financial services more efficient, transparent, and accessible, as well as lead to the provision of new, innovative financial services.”

Section 4 addresses the realisation of the benefits of tokenisation, considering a number of enablers and conditions, that the Central Bank believes, are important when it comes to leveraging these benefits in favour of users of financial services. The enablers are as follows:

• legal and regulatory clarity;
• interoperability and standardisation – highlighting that fragmented DLT ecosystems could end up creating the silos and frictions that the actual technology has the potential to remove;
• tokenisation of assets and money – considering the role of digital forms of money as the tokenisation of money;
• settlement in central bank money – the Paper emphasises that it is essential that central bank money remains the ultimate settlement asset across the financial system;
• operational resilience and scalability – highlighting that DORA has established a clear framework to manage and mitigate digital operational resilience risks. As regards scalability, it is stated that operational resilience is a critical precondition for scalability in that tokenised markets will only achieve critical mass if DLT platforms are capable of handling high transaction volumes with predicable latency;
• digital identity, verification and trust infrastructure – highlighting that participants must be confidently authenticated to ensure that every transaction originates from a legitimate and authorised entity; and
• transparent and accountable governance – the Paper emphasises the importance of participants having clarity over how, and by whom, the system is managed, how consensus mechanisms operate, and how changes to the protocol or rulebook are decided;

Having set out the above enablers, the Paper poses a number of questions for discussion, for example, input is sought on additional enablers that may be required to realise the potential of tokenisation. Additionally, the Paper seeks input as to elements in the current Irish or EU framework that may constrain scalable tokenisation.

Sectoral

Sections 5, 6 and 7 consider DLT and tokenisation from a sectoral viewpoint, covering markets, funds and money and payments, respectively. The Paper concludes that in these sectors, tokenisation challenges existing assumptions about intermediation, settlement finality, governance and oversight with a key consideration of the Central Bank being how best to preserve the benefits of “trusted intermediation, robust governance and systemic resilience while accommodating technological innovation and new market structures.”

As regards tokenisation in money and payments, the Paper considers: DLT and the evolving money and payments landscape / achieving the desired outcome in payments / enabling tokenisation in payments by evolving central bank money / evolution of private money and settlement assets. The Paper also considers potential use cases for money and payments

Risks

Section 8 considers the potential risks associated with DLT and tokenisation, which arise, and are discussed, under the following broad headings:

• new and structurally distinct risks;
• technology and operational risks;
• transition and integration risks; and
• risks to effective supervision and regulation.

As regards questions for discussion around risks, the Papers asks what additional risks arise from tokenised finance that may not be fully captured today. Additionally, the Paper poses the question as to what extent existing regulatory frameworks are sufficient, and where might targeted adaptations be warranted.

The Paper concludes that the risks associated with tokenisation are not uniformly higher or lower than those in “traditional” finance, but instead highlights that, the risks are redistributed across new actors, roles, technologies and interfaces.

Insights

Welcoming the publication of the Paper, Deputy Governor Vasileios Madouros stated:

“I encourage all stakeholders – market participants, technology providers, academics, and fellow policymakers—to share their insights. That engagement will help inform our approach and ensure that Ireland and the EU can leverage the benefits of tokenisation, while safeguarding a resilient financial system, that operates in the best interests of consumers and wider economy.”

Next Steps

A full list of discussion questions is available in the last section of the Paper.

Stakeholders are invited to provide written responses to the questions posed in the Paper together with any other general observations regarding the subject matter of the Paper. Submissions are to be made by 5 June 2026. The Central Bank has stated that it will consider any feedback received and intends to publish a feedback statement addressing some or all of the topics raised in the written submissions.

On 10 March 2026, the European Commission (“Commission”) published a report on crisis preparedness in the EU financial sector.

Th Report explains that the Commission is undertaking a comprehensive assessment of the level of preparedness in the financial sector, particularly assessing its ability to continue to carry out critical functions, such as making payments and funding the economy, under all circumstances.

The Report sets out how a high level of resilience has been achieved by the EU financial sector, by consolidating three pillars, as follows:

• risk-based capital for banks and financial institutions;
• governance and transparency requirements; and
• supervisory cooperation mechanisms across member states and across sectors.

The Report highlights the demonstrated resilience of the EU financial sector across a number of crises in recent years, for example, the Covid-19 pandemic / the war in Ukraine / the US regional banking crisis and Credit Suisse in 2023 /  cyber attacks / power blackouts.

Some other matters highlighted in the Report are as follows:

• preparedness in the financial sector has improved over the past few years through legislative measures and by creating governance structures at EU level that reflect the cross border nature of the EU financial sector;
• sector specific legislation, such as Solvency II and MiFID II, have put prudential requirements in place to ensure the resilience, stability and sound functioning of financial institutions, financial infrastructure and the financial system;
• several pieces of sector-specific legislation set out requirements governing operational risk management, operational resilience, ICT resilience, business continuity and crisis management, for example, the Bank Recovery and Resolution Directive and the Single Resolution Mechanism Regulation;
• it is important to ensure that cash is available under all circumstances, with the Report highlighting that, at Eurosystem level, maintaining common strategic stocks of euro banknotes is a key focus;
• the Report emphasises that DORA establishes a harmonised and robust framework for strengthening the EU financial sector’s ability to prevent, withstand, respond to and recover from ICT-related disruptions;
• in addition to legislation at EU level, member states have developed their own national preparedness schemes, which typically go beyond the financial sector and cover societal preparedness as a whole at national level; and
• stress testing is a key aspect of preparedness. The European Supervisory Authorities conduct regular tests for firms operating in the banking sector, based on adverse scenarios designed by the European Systemic Risk Board.

In terms of the outlook, the Report notes that the financial sector in the EU is underpinned by a solid and multi-dimensional preparedness framework, comprised of specific sectoral legislation, cross-cutting legislation and cooperation mechanisms across sectors and across member states.

Continuous assessment

Despite the demonstrated resilience of the EU financial sector, the Report highlights that in face of “the unprecedented threats and the more uncertain geopolitical environment that the EU faces”, continuous assessment of the level of preparedness is required. The Report states that the EU is taking this work forward and will initiate and progress any necessary adjustments to preserve the EU financial sector’s vital functions. Finally, the Report refers to the development of the SIU and the introduction of the digital euro, stating that these measures will improve the overall resilience, and increase the preparedness of, the EU financial sector.

1. EBA publishes final report and draft ITS on third-country branch supervisory reporting under CRD VI

On 5 March 2026, the European Banking Authority (“EBA”) published its final report (“Report”) and draft implementing technical standards (“ITS”) on the supervisory reporting of third-country branches (“TCBs”) under the capital requirements directive (“CRD VI”).

CRD VI introduced a new framework requiring non-EU banks to establish a TCB in the EU if they intend to provide core banking services into EU member states. Further, TCBs are required to periodically report certain regulatory and financial information to their competent authorities.  Article 48l(1) of  CRD requires the EBA to develop draft ITS to define uniform formats, definitions, and reporting frequencies for these requirements.

The draft ITS aim to harmonise reporting formats and definitions and also to enhance supervisory oversight of TCBs

The EBA consulted on the draft ITS in July 2025 – for more information, see FIG Top 5 at 5 dated 7 August 2025.

Amendments

As a result of the July 2025 consultation, a number of simplifications and enhancements were introduced to the ITS to improve clarity, proportionality, and operational feasibility. Some of the key changes include:

• postponing the initial reporting date to 31 March 2027;
• extending remittance deadlines;
• revising the head undertakings (“HU”) related provisions;
• the accompanying templates were also streamlined by reducing duplication, simplifying instructions and narrowing scope.

The Report highlights that these changes simplify the framework while also preserving supervisory integrity and comparability.

Templates

The Report also proposes two sets of templates:

• information requirements concerning the TCBs themselves (annex I); and
• information requirements regarding their HU (annex II).

The templates are accompanied by corresponding instruction documents. The template and instructions are available here.

Proportionality

The EBA has stated that a proportionate “core + supplement” approach remains a central feature with smaller and less complex branches submitting a core set of key data while larger and more complex branches will be required to report additional details.

Next Steps

The Report and ITS will be submitted to the European Commission, after which the EBA will develop the data point model, XBRL taxonomy and validation rules. It is planned to publish the technical package in Q2 2026. The reporting requirements will apply from 31 March 2027.

2. Council adopts first reading positions on CMDI proposals

On 5 March 2026, the European Council (“Council”) adopted its positions at first reading on the legislative package regarding the crisis management and deposit insurance (“CMDI”) framework.

The CMDI contains legislative proposals for amendments to:

• the Bank Recovery and Resolution Directive (“BRRD”);
• the Single Resolution Mechanism (“SRM”); and
• the Deposit Guarantee Schemes Directive (“DGSD”).

Political agreement was reached on the proposals between the Council and the European Parliament (“Parliament”) in June 2025. In November 2025, the chair of the Parliament’s Economic and Monetary Affairs Committee (“ECON”) recommended to the plenary that the Council’s position be accepted without amendments at Parliament’s second reading, subject to the Council transmitting its position, as agreed, to the Parliament and also subject to legal linguistic review. For more information, see FIG Top 5 at 5 dated 13 November 2026.

The Council has published the following:

• position of the Council at first reading with a view to the adoption of a directive of the Parliament and of the Council amending BRRD as regards early intervention measures, conditions for resolution and funding of resolution action;

 

• position of the Council at first reading with a view to the adoption of a regulation of the Parliament and of the Council amending the SRM regulation as regards early intervention measures, conditions for resolution and funding of resolution action; and

 

• position of the Council at first reading with a view to the adoption of a directive of the Parliament and of the Council amending the DGSD as regards the scope of deposit protection, the use of deposit guarantee schemes funds, cross-border cooperation, and transparency.

The European Commission has published communications to the Parliament on the Council’s position at first reading regarding the legislative acts amending the BRDD, the SRM and the DGSD.

Next Steps

Parliament is scheduled to consider the CMDI legislative proposals during its plenary session to be held on 25 and 26 March 2026.