On 26 February 2026, the Central Bank of Ireland (Central Bank) published its 2026 Regulatory and Supervisory Outlook (RSO) report, outlining its perspectives on the key trends and risks shaping the financial sector and its supervisory priorities for the year ahead.

For further information on the Financial Regulation Priorities 2026, the global and domestic risk environment, risk themes and related drivers and supervisory priorities, please see our related cross sectoral article here and for other sector specific information in the RSO (including a Funds related RSO article here and a MiFID Investment Firm related RSO article here) please refer to our knowledge page on the William Fry website.

Sectoral Focus – Markets (including Crypto and MiFID Firms)

In our sector specific articles, trends, risks and vulnerabilities are considered from a sectoral perspective in line with the Central Bank’s supervisory approach. In this article we look at the Markets sector, which includes Crypto and MiFID Firms.

In this sector, the Central Bank’s supervisory activities will focus on a mix of direct engagement and sectoral thematic reviews and, specifically for MiFID firms, proactive supervisory review and evaluation cycles.

Financial resilience was a key focus area in last year’s RSO, specifically in relation to the impact of volatility on market risks. Assessments to date conclude that firms have generally been profitable with sound capital and liquidity buffers in place. Much of the ongoing assessments will be less extensive in 2026. A more mature approach to capital risk management and this will be a focus in 2026 engagements. Recent assessments have also identified that the approach to risk management and internal capital planning across the sector requires a more mature approach to capital risk management and this will be a focus in 2026 engagements.

Work is well underway to embed an appropriate supervisory approach for the recently established Crypto Asset Service Provider (CASP) sector. For 2026, there will be a focus on reactive supervision as the newly authorised

CASPs seek to deploy their business models. In Q1, a new quarterly CASP regulatory return will launch, which will provide a detailed view of each CASP’s financial position and will inform supervisory engagement.

There is a continued focus on improved transparency around climate change and ESG disclosure.

Focus Area 1: Operational and cyber resilience

Operational resilience is the markets sector’s most pervasive risk and has increased in priority for supervisors in 2026.

Market firms have strengthened their baseline operational resilience and incident reporting but the level of maturity remains uneven across the sector.

In Central Bank deep dives during authorisation assessments, it observed that CASP business models introduce distinct technical challenges, including the security of private keys. These add a further layer of operational and consumer risk.

The core supervisory objective is that firms meet their obligations under DORA and have robust operational resilience frameworks in place.

The main planned activities relating to this supervisory focus area in 2026/2027 include:

• Operational resilience assessments contribute materially to the SREP process for MiFID firms as part of internal governance & controls risk review. Sector-wide reviews and firm-specific engagements will focus on:
  • Technology risk and resilience
  • Operational resilience maturity
  • Market outages and
  • DORA compliance.
• Targeted work will be conducted on CASPs in relation to DORA compliance, in line with authorisation conditions.
• Thematic review to be undertaken by ESMA in respect of cyber risk as part of a wider Common Supervisory Action (CSA) on the newly established CASP sector.

Focus Area 2: Treatment of customers

The volatile and inherently high-risk nature of crypto leads to a significant risk for consumers and investors. Business models and product offerings are evolving with the emergence of new services that introduce additional complexity, for example, copy trading, automated portfolio management or code free trading.

Firms are expected to have strong governance and risk management frameworks in place, including clear disclosures to their customers and the provision of suitable products and marketing to their customers in a transparent and consumer centric manner.

Firms are expected to engage with the Central Bank before making material changes to their business including new products or services.

Notification of MiCAR Title II Whitepapers are a new area of responsibility for the Central Bank with the regime being effective since January 2025.

The main planned activities relating to this supervisory focus area in 2026 include:

• Build awareness and set out the Central Bank’s expectations through ongoing industry engagement, including at its annual CASP event where supervisory priorities will be outlined.
• White papers: Given the increasing risks associated with the rapid transformation of the crypto-asset sector and the increasing numbers of whitepapers the Central Bank is receiving, it will fully engage in the ESMA work on MiCAR.

Focus Area 3: Custody of crypto-assets

The service of custody and administration of clients’ crypto-assets involves the safekeeping or controlling of clients’ crypto-assets, or the means of access to those assets which is typically in the form of private

cryptographic keys. Custody risks include the loss or theft (including the risk of hacking), or mismanagement (including poor cyber-risk management or ineffective related governance and controls).

MiCAR sets clear requirements for authorised CASPs when providing custody and administration of clients’ crypto assets. There Central Bank expects CASPs to continually reassess the appropriateness of their custodial arrangements to ensure they remain fit for purpose particularly where the nature, scale or complexity of their operations changes. Where the Central Bank applied authorisation conditions, it will be following up with the affected CASPs to ensure their implementation during 2026.

The main planned activity relating to this supervisory focus area in 2026 include:

• Follow-up work to examine CASPs’ compliance with the custody requirements outlined in MiCAR and related authorisation conditions.

Focus Area 4: Financial integrity

The pseudonymous and cross border nature of crypto flows increases the risk of money laundering and terrorist financing activities. Due to limited sector experience of evolving typologies, their fast onboarding, complex cross border flows and fragmented know you customer and transaction monitoring, AML/CFT remains a key supervisory focus.

The main planned activities relating to this supervisory focus area in 2026 include:

• Trading firms and CASPs will be required to complete an enhanced Risk Evaluation Questionnaire (REQ). The enhanced REQ will capture detailed quantitative and qualitative risk information on ML/TF risk and the quality of AML/CFT controls. This data will be used to: (a) identify firm and sector-specific issues and emerging trends; (b) guide supervisory strategy; and (c) satisfy incoming data requirements for AMLA. Following completion by Trading Firms and CASPs of the AML REQ in H1, the Central Bank will carry out work across the sector to develop the AML risk profile for the relevant entities.
• Targeted assessment of certain CASPs, which will include on-site engagement to ensure that AML controls and processes are effective.

Focus Area 5: Market abuse and market surveillance

Market integrity depends on effective surveillance by market firms and regulators across traditional and crypto trading environments. Suspicious Transaction Order Reports (STORs) and wider Market Abuse Regulation (MAR) reporting and disclosures along with the Central Bank’s own surveillance framework are fundamental to achieving market integrity and the confidence in the market that comes with it.

Through last year’s SREPs and onsite reviews, the Central Bank observed that some firms in the sector are implementing new approaches to the management of market abuse risk and surveillance, including implementing new trade surveillance systems.

Success is characterised by improvements in the timeliness of delivery of high-quality STOR submissions with effective follow up actions by firms, effective surveillance management information to pre-approval controlled function holders and boards and a demonstrable increase in detected abuse. According to the Central Bank, these would demonstrate a valuable element of self-policing by the market.

The main planned activities relating to this supervisory focus area in 2026 include:

• Review of venue and firm trade surveillance implementations and frameworks, work with industry to improve STOR submission and quality, enhance the Central Bank’s existing surveillance program in traditional asset classes and work with national competent authorities to coordinate surveillance capability improvements for crypto markets within the EU.
• Cross-sectoral thematic review of market abuse frameworks and surveillance.
• Targeted inspections on compliance with Market Abuse Regulation (MAR) requirements for persons discharging managerial responsibilities.

Focus Area 6: Conflicts of interest and controls

Poorly managed conflicts of interest have the potential to cause harm to investor and consumer interests and present a broader risk to market integrity. While some conflicts are inherent in some business models, firms are required to identify and manage conflicts.

The Central Bank expects that firms take all reasonable steps to ensure there are appropriate controls in place to give investors and consumers sufficient protection from market conduct risks. The Central Bank will continue to have direct engagement with firms in relation to their conflicts of interest framework and their management and prevention of associated risks.

The main planned activities relating to this supervisory focus area in 2026/2027 include:

• Build on the 2025 SREP work in this area and continue to examine firms’ governance structures and the controls in place to ensure conflicts of interests are prevented and managed to protect the interests of investors, consumers and market stability.
• Cross-sectoral thematic review of conflicts of interest management in wholesale firms.
• Cross-sectoral thematic review of unauthorised trading and trading controls.

Focus Area 7: Artificial intelligence

Increasingly firms in the sector are building on legacy algorithmic approaches with a focus on generative AI use in secondary markets. Use cases range from price prediction models, trade surveillance and cyber security.

Following Central Bank engagement with the sector last year on the use of AI by wholesale market participants, governance and explainability are central supervisory concerns. While there has been an increase in the use of advanced AI tools in the trading lifecycle within market firms, gaps exist in relation to technical expertise at the local level to explain the complex technologies. There appears to be significant reliance on group expertise and governance structures in the development and application of AI and in the setting of the control environment at local level.

Unchecked AI deployment can amplify market instability or introduce opaque decision making that complicates accountability. Risks cited relating to the use of AI include transparency and explainability risks and risks relating to the misappropriation of information using deepfakes. Success in managing these risks is typically evidenced through clearly reviewed and documented governance, explainable systems, accountability for decisions, oversight and appropriate human in the loop controls.

The main planned activity relating to this supervisory focus area in 2026 include:

• To build on work already completed to collect sectoral AI intelligence and conduct targeted inspections where AI materially affects trading or surveillance.
• To integrate governance reviews into SREP assessments of MiFID authorised firms.

Contact Us

For more information, please contact Shane Kelleher, Louise McNabola, John O’Connor or your usual William Fry contact.

Contributed by Jane Balfe