On 26 February 2026, the Central Bank of Ireland (Central Bank) published its 2026 Regulatory and Supervisory Outlook (RSO) report, outlining its perspectives on the key trends and risks shaping the financial sector and its supervisory priorities for the year ahead.

This is the first (cross-sectoral) article in a series of RSO articles, more of which will take a sector-specific focus.

The RSO on from the Central Bank Governor’s letter to the Minister for Finance dated 29 January 2026, which also sets out its financial regulation priorities for the year ahead.

The annual RSO report is intended to assist financial firms in their own engagement with the Central Bank and in understanding the Central Bank’s expectations of them.

Financial Regulation Priorities 2026 as set out in the Governor’s letter

The Central Bank’s financial regulation priorities for the year ahead include:

• continuing its work to strengthen the financial sector’s operational resilience, including ability to manage and respond to severe operational disruptions and provide continuity of services for customers;
• a continuing focus on maintaining the financial sector’s financial resilience though a range of actions including the assessment of credit, market, liquidity and reserving/provisioning risk exposures and risk management practices (including risk transfer) across and within relevant sectors;
• ensuring firms have implemented the revised Consumer Protection Code (which comes into effect in March 2026), while also looking to apply it to all credit union regulated activities from 2027 (with a public consultation process on the proposal currently underway);
• delivering responsibilities under the Access to Cash legislation, including publishing regulations outlining ATM service standards relating to the hours of availability, cash withdrawal limits and other requirements, as well as new registration and oversight responsibilities;
• enhancing the financial sector’s safeguards against financial crime, including how firms support victims of fraud and raising consumer and investor awareness of frauds and scams while detecting and punishing unauthorised providers and those engaged in market abuse;
• continuing supervisory work related to how the sector is embedding climate and other environmental factors into risk management, business models and governance. This includes assessing firms’ responses to the increasing frequency and severity of climate-related weather events;
• continuing to focus on the use of AI in the financial sector, including further developing Central Bank understanding and expectations for firms, supporting the Government’s national transposition and implementation of those aspects of the EU AI Act that fall within the Central Bank’s remit;
• continuing work on innovation in the financial sector, including authorisation and supervision of innovative firms, delivering the second thematic Innovation Sandbox programme focussing on payments, as well as setting out views and seeking feedback on the opportunities from (and implications of) tokenisation in a forthcoming Discussion Paper.

There are also plans for a public consultation on a new Regulatory Impact Assessment Framework (to underpin the Central Bank’s approach of balancing regulatory effectiveness with efficiency and ensuring that new rules are designed to be both clear in intent and proportionate in impact).

The global and domestic risk environment

The 2026 RSO report is set against the continued backdrop of an uncertain global environment and heightened geopolitical and macro-financial risks.

Technological innovation continues to change financial services, creating efficiencies, supporting innovation and improving customer experiences. However, increasing reliance on digital infrastructure, cloud services and third-party providers also introduces new vulnerabilities, including cyber risks, operational risks and concentration risks.

The expanding use of artificial intelligence, digital money and tokenisation presents further opportunities but also requires robust governance, risk management and oversight to ensure that risks are appropriately managed and consumer interests are protected.

At the same time, longer-term structural transitions, including the transition to a more environmentally sustainable economy, adaptation to increased climate risk, demographic changes and evolving consumer needs, are reshaping the financial landscape.

This backdrop informs the risk assessment and outlook, with ten key risk areas being highlighted grouped into three broad risk driver themes:

• Risk Theme A – Drivers: Macroeconomic and geopolitical environment: Covers operational and cyber risks and financial risks including credit, liquidity, leverage and market risks.
• Risk Theme B – Drivers: How regulated entities are responding to today’s changing world: Includes consumer and investor detriment risks, data, AI and modelling risks, financial crime and risk management practices.
• Risk Theme C – Drivers: Longer-term structural forces at play: Includes climate risks and business model and strategic risks.

There is a risk assessment overview set out in Table 1 of the RSO.

Broadly, the Central Bank’s assessment is that operational risks remain at a very elevated level given the current geopolitical context, advancing digitalisation and increasingly complex operating models. Asset valuation and market risks are judged to have increased, as have the risks associated with data, models and AI. Inflation and interest rate risks have abated.

The Central Bank continues to expect firms to maintain strong governance, risk management and operational resilience and to act in the best interests of their customers.

Supervisory Priorities

The Central Bank’s supervisory priorities are grouped under five complementary and overlapping themes:

Priority 1: Maintaining and building resilience to geopolitical risks and macro-financial uncertainties involving work on operational resilience, cyber security and financial resilience in the face of a volatile macro environment. There is also a focus on how firms are embedding climate and environmental factors into risk management, business models and governance.

• Operational and cyber resilience: Deep-dives, targeted reviews and broader thematic assessments are planned to evaluate operational and cyber resilience, including security-related risks, covering the most important sectors and firms. This includes the assessment of how firms manage the risks associated with the growing use of third-party information and communications technology providers, cyber security effectiveness and the implementation of DORA requirements. In addition, there is an increasing focus on enhancing the preparedness of the system as a whole to potential operational disruptions.
• Financial resilience: There will be ongoing monitoring of credit, market, liquidity, reserving/provisioning and business model risks along with associated risk management practices (including risk transfer) across relevant sectors. There will also be a focus on addressing data-related shortcomings evident across some sectors and firms. Work on understanding and addressing risks associated with the growing scale and increased participation in financial markets of non-bank financial institutions will continue. This includes their interaction with the banking and other sectors, including in relation to private credit.
• Climate change: The Central Bank will continue to scrutinise how firms are embedding climate and other environmental factors into their risk management, business models and governance. This includes assessing their responses to the increasing frequency and severity of climate related weather events – including impacts on risk appetite, credit and market risk, underwriting and pricing, provisioning/capital and liquidity – and firms’ exposure to climate related litigation risk.

Priority 2: Securing consumer and investor interests in a rapidly changing world with a particular focus on a) how firms operate and the customer experience, b) digitalisation, including balancing the benefits of innovation with risks of harm to consumers and c) financial crime, with rising risks to consumers from frauds and scams.

• Treatment of customers: Implementing the 2025 Consumer Protection Code must be a priority for firms and supervisory work will include cross-sectoral thematic reviews focused on customer service, complaints handling and the addressing of the root causes of deficiencies, conflicts of interest, client disclosures (including the risk of misrepresentation through greenwashing) and product governance.

For further information on the revised Consumer Protection Code please see our article here.

• Digitalisation: The Central Bank will continue to focus on how firms are supporting their customers as financial services continue to digitalise and ensure that digitalisation does not outpace the needs of society including as regards access to cash. The Central Bank plans to publish regulations outlining ATM service standards relating to the hours of availability, cash withdrawal limits and other requirements, alongside fulfilling its new licencing and oversight responsibilities under the Access to Cash legislation.
• Financial crime: Protecting the integrity of the financial system and consumers from financial crime needs to be a priority for all firms and agencies. The Central Bank will raise awareness of fraud and scams, use the Trusted Flagger status to require the removal of criminal content online and detect and sanction unauthorised providers and market abuse. The Central Bank will assess fraud controls in banking and payments and firms’ incident responses and treatment of customers. It will also focus on emerging risks and themes in anti-money laundering and controlling the financing of terrorism (AML/CFT) and how firms are ensuring their risk management frameworks keep pace with the changing nature of financial services. The Central Bank will also be prioritising supporting the development of the new European AML framework working with the European Anti-Money Laundering Authority (AMLA) and preparing for AML Single Rule Book implementation.

For further information on AML/CFT and the Single Rulebook, please see our articles here and here.

Priority 3: Responding to technology-driven transformations with a focus on the expanding use of AI, digital money and tokenisation, including the Central Bank’s regulation and supervision of the use of these technologies and innovations and the implications of these changes for firms and the financial system.

• Artificial intelligence: The Central Bank will continue to develop its understanding and assessment of the expanding use of AI across the value chain (including agentic AI and multi-agent systems) and reinforcing its governance and model management expectations, while supporting the national implementation of those aspects of the EU AI Act that fall within its remit.
• Digital money and tokenisation: Planned activities range from the Central Bank’s gatekeeping role in the authorisation of Crypto Asset Service Providers (CASPs) under the Markets in Crypto Assets Regulation (MiCAR) and their ongoing supervision to its consideration of how the fundamental changes to the way financial products and services are structured and delivered – including asset tokenisation, the development of stablecoins, tokenised bank deposits and a digital euro – affect consumers and established firms. This will include a focus on the business model implications of these changes and how firms are preparing to realise the benefits of the innovations, while managing the risks. The Innovation Hub and Sandbox and the implementation of the Consumer Protection Code’s requirements for digital financial services will all play a role in supporting safe innovation.

For further information on MiCAR please see our MiCAR page here. For further information on the Innovation Hub, please see our articles here and here.

Priority 4: Helping to address the environmental and societal transitions underway. Given the impact of these longer-term structural transitions, the Central Bank will continue to work in partnership with other stakeholders to help address transitions; including work on protection gaps, retail investment participation, the evolving payments landscape and sustainable finance.

• Collaboration and research: Over 2026/27, focus areas include flood risk, insurance protection gaps (including as one of the responsible bodies under the Government’s new Action Plan for Insurance Reform 2025-2029) and low retail investment participation as part of wider EU and domestic work in this area. International engagement on sustainable finance policy will also feature as will the evolving payments landscape where the Central Bank can bring insights from the Innovation in Payments Sandbox Programme and the International Payments Data Hackathon.

Priority 5: Enhancing how the Central Bank regulates and supervises. 2026 will see a continued focus on an evolving supervisory approach to ensure its continuing effectiveness, improvements to gatekeeping and the roadmap for delivering on simplification as set out in the Central Bank’s recent “Regulating and Supervising Well” publication.

The Central Bank plans also to publish an updated version of the Our Approach to Supervision publication to support the better understanding of its approach by stakeholders.

For further information on these Central Bank publications, please see our articles here and here.

There will be a continuing focus on the effectiveness of the governance and risk management practices of firms and the culture and “tone from the top” on display. This includes assessing how firms have implemented the Individual Accountability Framework (IAF) including the Senior Executive Accountability Regime (SEAR).

Sectoral Focus

In our sector specific articles, trends, risks and vulnerabilities are considered from a sectoral perspective in line with the Central Bank’s supervisory approach.

Spotlights

Included in the RSO 2026 are some topic-specific sections (called Spotlights) which cover topics such as:

Spotlight 1 provides a supervisory perspective on artificial intelligence and reviews trends in the technology itself and its adoption. Key takeaways include:

• As AI capabilities continue their rapid evolution, financial sector deployment is growing. Ireland ranks highly in AI readiness and adoption at a national level, yet public trust is lower than average and adoption rates vary significantly across age demographics.
• AI-driven conduct and operational risks require close monitoring by firms and regulators, amid evidence that the safeguards built into providers’ AI models can be brittle. Agentic AI’s potential is significant but presents one frontier AI risk.
• Geopolitical fractures can jeopardise digital supply chains, including the security and continuity of access to AI models and the technological infrastructure used in financial services.
• Many of the risks associated with AI are not new and are already covered by existing regulations and standards, with the AI Act representing a targeted addition to the operating framework. A focus on the core principles of explainability, accountability, good governance and strong risk management is essential.

Spotlight 2 covers the importance of operational resilience in service provision, which is a key focus of the Central Bank’s work. Key take-aways include:

• The Central Bank’s aim is to see firms deliver operationally resilient services to consumers and investors. Designing resilient services means that consumer and investors can have confidence that firms are able to withstand unexpected disruptions or quickly recover to ensure uninterrupted services.
• Effective information and communication (ICT) risk management is core to the delivery of services resilience. The new EU-wide Digital Operational Resilience Act (DORA) went live in January 2025.
• DORA’s objectives can be framed around five interlocking aims that, taken together, are intended to drive a customer-oriented mindset focused on maintaining resilient financial services to society.
• There are common gaps in firms’ practices when assessed against DORA and firms need to demonstrate that they are systematically addressing those gaps. More generally, firms can significantly enhance resilient delivery of their services in three steps:
  • Identify their critical or important business services to consumers and investors.
  • Address the gaps in ICT risk management and operational resilience practices when benchmarked against the good practices outlined in DORA.
  • Reflect on significant reliance on third-parties and manage risks proactively.

Spotlight 3 describes the Central Bank’s approach to consumer and investor protection and three high level outcomes-focused themes. Key take-aways include:

• The landscape consumers and investors face is volatile and complex, increasing the importance of the consumer protection framework and the Central Bank’s work ensuring the financial system is operating in the best interests of consumers and the wider economy.
• Delivering this relies on a well-regulated and well-functioning financial sector comprised of resilient, well-run firms pursuing consumer-centric strategies.
• The Central Bank’s supervisory approach means that each aspect of its work (whether related to operational resilience, governance, risk management or digital transformation) is assessed with consumers’ and investors’ interests explicitly in mind.
• In line with its supervisory priority to secure consumer and investor interests in a rapidly changing world, the Central Bank is focused on three high level outcomes-focused themes:
• How firms operate and the customer experience
• Digitalisation
• Financial crime
• The Central Bank proactively fosters domestic and international collaboration with other bodies and stakeholders to deliver its mandate in an increasingly interconnected, digitalised and internationalised market for consumer and investor services.

Contact Us

For more information, please contact Shane Kelleher, Louise McNabola or your usual William Fry contact.

Contributed by Jane Balfe