On 10 December 2025, the Central Bank of Ireland (Central Bank) published feedback to industry regarding the key lessons learned from its thematic inspection of safeguarding of users’ funds by payment institutions (PIs) and electronic money institutions (EMIs) and Central Bank expectations regarding safeguarding practices in the first issue of its Payment and E-Money Newsletter. For further information on the first issue of the Central Bank’s Payment and E-Money Newsletter please see our article here.

Background – Thematic inspection

The Central Bank conducted a thematic inspection on safeguarding to assess the operational effectiveness of firms’ safeguarding processes and control infrastructure.

Findings from the inspection, together with the Central Bank’s safeguarding practice expectations, are outlined below. The Central Bank reminds firms that it has no tolerance for weaknesses in safeguarding arrangements.

Positive safeguarding practices identified included:

• A daily safeguarding reconciliation process with oversight and final sign off at the firm level.
• Firms conducting regular compliance testing and providing annual safeguarding training to staff.
• Users’ funds are received directly into safeguarding accounts with associated fees and interest income stripped out.
• Insurance is used by firms as a mitigation against incidents outside of the firm’s control, for example, operational risk and FX risk, which can enhance consumer protections in the event of an insolvency.
• Outsourcing risk management frameworks – Firms that outsource elements of the safeguarding process have in place outsourcing risk management frameworks, with relevant SLAs, and regular service review meetings taking place with local oversight of outsourced teams.

Deficiencies in safeguarding identified included:

• The reconciliation process – The reconciliation process not being clearly outlined in safeguarding policies and procedures. In addition, there was no clear segregation of duties between the performance and oversight of the reconciliation process. There was a blurring of the first and second lines of defence with second line teams performing operational safeguarding tasks.
• Safeguarding incident reporting – Weaknesses were found in safeguarding incident reporting, with a lack of documented thresholds for safeguarding incident escalation and insufficient and incomplete safeguarding incident logs.
• Concentration risk and poor credit risk management – Some firms have significant proportions of safeguarded funds held in individual credit institutions giving rise to concentration risk. There were also poor credit risk management practices, as firms did not have a documented credit risk appetite in place with no counterparty limits calibrated to risk appetite.
• Lack of knowledge and understanding of the safeguarding insurance policies/guarantees at the Irish entity level.
• Safeguarding insurance policies containing insufficient information in relation to how a claim would be made and the timeline for payment.
• A reliance on group entities to conduct due diligence of insurance providers with no oversight by firms.
• Insurance policies held in the name of a group entity rather than the Irish entity resulting in firms being required to seek payment from group in the event of a claim/insolvency event rather than the funds being paid directly to the Irish entity.
• Erroneously including negative customer balances in the reconciliation which undermines its accuracy leading to the underfunding of safeguarded users’ funds.

Central Bank Expectations

• Firms have a robust, Board approved, safeguarding risk framework in place, which ensures that users’ funds are appropriately identified, managed and protected on a day-to-day basis.
• Firms appoint a directly responsible individual for safeguarding with a strong understanding and oversight of the firms’ safeguarding processes. A new PCF role, PCF-56 Head of Safeguarding, is being introduced in 2026, with firms required to appoint an individual to this role. Further information will be provided by the Central Bank in 2026.
• Regular safeguarding updates go to the Board, including safeguarding key risk indicators, incidents, and counterparty reviews. An incident management framework is in place applicable to safeguarding and reconciliation incidents, with defined escalation thresholds and procedures.
• Annual compliance testing is conducted, including testing of safeguarding calculations, review of account designation letters to confirm that safeguarded users’ funds are clearly identified and identifiable by third parties and review of insurance policies to ensure the firm has adequate cover for safeguarded funds.
• Annual safeguarding training is provided to the Board and staff.
• Proactive management of credit risk is in place with concentration limits calibrated to risk appetite. There should be ongoing monitoring of counterparties, with sufficient oversight by the second line of defence at the local entity level.
• Local teams with the responsibility for the oversight of safeguarding should have a full and detailed knowledge of the coverage of the firm’s insurance policy.
• Insurance policies for safeguarding are written in trust for the benefit of the users and there should be no condition or restriction on the prompt payout of funds.
• Terms of insurance policies should clearly state how a valid claim or demand can be made and the timeline for payment. Where multiple insurers are used, firms must ensure that their full safeguarding obligation is covered in the event of insolvency.
• An appropriate wind down strategy is in place, linked to the firm’s business, that includes details of the return of users’ funds in a solvent and insolvent wind-down scenario. Wind-down plans include sufficient detail on the execution of insurance policies in a wind-down scenario.

Contact Us

William Fry’s Financial Regulation Unit acts for many authorised entities in these sectors, including one-third of the EMIs successfully granted authorisation in Ireland to date. Please contact Shane Kelleher, Louise McNabola or any member of William Fry’s Financial Regulation Unit for legal advice.

Contributed by Jane Balfe