26 Mar 2025

Central Bank Publishes Revised Consumer Protection Code

briefing

Financial Regulation

Background

On 24 March 2025, the Central Bank of Ireland (Central Bank) published a newly revised Consumer Protection Code (Revised Code) following a public consultation process.

The Revised Code will be fully operational from 24 March 2026 and will replace the existing Consumer Protection Code 2012.

Structure of the Revised Code

The Revised Code comprises:

Central Bank Reform Act 2010 (Section 17A) (Standards For Business) Regulations 2025 (Standards for Business Regulations); and
Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Consumer Protection) Regulations 2025 (Consumer Protection Regulations).

Standards for Business Regulations

The Standards for Business Regulations set out governance, resource and risk management requirements as well as the applicable conduct standards which must be complied with by in-scope firms. Additional detail on those obligations is set out in the Supporting Standards for Business as set out in Part 3 of the Standards for Business Regulations.

The Standards for Business Regulations apply to Irish financial services providers authorised, registered or licensed by the Central Bank and EEA financial services providers providing regulated services in Ireland. However, they do not apply to firms providing MiFID services[1], credit unions[2], crowdfunding service providers or any reinsurance businesses. They also do not apply to services provided to persons outside of Ireland.

Those standards relating to securing customer interests and implementing arrangements to protect customers against financial abuse only apply to the extent that the relevant firm is providing services to “consumers” within the meaning of the Revised Code which includes individuals and small businesses (Consumers).

Consumer Protection Regulations

The Consumer Protection Regulations set out cross-sectoral requirements applying across all sectors which include for example requirements relating to digitalisation, informing effectively, advertising and complaints resolution.

They also set out sector-specific requirements applying to the provision of consumer banking, credit and arrears, insurance and investments.

The Consumer Protection Regulations apply to Irish financial services providers authorised, registered or licensed by the Central Bank and EEA financial services providers when providing regulated services in Ireland on a branch or cross-border basis.

In addition, the Consumer Protection Regulations do not apply to firms providing MiFID services[3], reinsurance businesses and credit unions[4] or to services provided by regulated entities to persons outside of Ireland.

Importantly, these requirements only apply to firms in respect of business conducted with Consumers.

Supplementary Guidance

In addition, the Central Bank has published guidance to support firms in implementing the requirements contained in the Revised Code, including:

General Guidance on the Consumer Protection Code, which incorporates and updates the existing guidance and includes new guidance on the changes under the Revised Code;
Guidance on Securing Customers' Interests Guidance, which outlines the Central Bank’s expectations of firms in meeting their obligations under the Standards for Business Regulations to secure customers’ interests; and
Guidance on Protecting Consumers in Vulnerable Circumstances, which sets out the approach adopted in respect of vulnerability under the revised Code, as well as the Central Bank’s expectations of firms in this regard.

The Central Bank has advised that these documents should be considered in conjunction with its Guide to Consumer Protection Risk Assessment which sets out the requirements for in-scope firms in implementing or enhancing their frameworks for managing risks to Consumers.

What is Next

As the Revised Code will not be operational until March 2026, in-scope firms will have a 12-month period in which to prepare for the implementation of the new regime. The existing Consumer Protection Code 2012 will remain effective in the interim period.

Contact Us

For more information and how Dillon Eustace can assist your business in complying with the Revised Code, please get in touch with any of the contacts listed below or your usual contact in Dillon Eustace.

Footnotes:
[1] With the exception of those firms which are regulated by the Central Bank but which are not subject to the Irish MiFID framework on the basis that they fall within the scope of an available exemption.
[2] Save when such credit unions are acting as insurance intermediaries.
[3] With the exception of those firms which are regulated by the Central Bank but which are not subject to the Irish MiFID framework on the basis that they fall within the scope of an available exemption.
[4] Save when such credit unions are acting as insurance intermediaries.

DISCLAIMER: This document is for information purposes only and does not purport to represent legal advice. If you have any queries or would like further information relating to any of the above matters, please refer to the contacts above or your usual contact in Dillon Eustace.

Financial Regulation Banking and Capital Markets Asset Management & Investment Funds Commercial Litigation