The Central Bank of Ireland (Central Bank) published its final quarterly Insurance Newsletter for 2024 (Newsletter).
The Newsletter contains several important updates for Irish (re)insurers, including the Central Bank’s supervisory priorities for 2025 and its revised guidance on outsourcing.
1. Supervisory Framework and Supervisory Priorities
The Central Bank’s new supervisory framework will take effect in 2025 and aims to achieve a more integrated approach to supervision. The new framework will include reorganising the Central Bank’s internal structure, including supervising (re)insurers under a single Insurance Directorate led by Seana Cunningham (former Director of Enforcement and AML). According to the Newsletter, the framework will provide greater focus on consumer protection in the Central Bank’s day-to-day supervision activities, as well as more ‘coordinated messaging‘ and ‘streamlined demands‘ in its regulatory and supervisory mandate.
The Central Bank’s 2025 supervisory priorities may be distilled into the following five main themes:
- Financial Resilience: Insurers can expect supervisory engagement centring around pricing and underwriting, reserving and capital adequacy. The Newsletter highlights that the Central Bank will pay particular attention to how both are maintained throughout the insurance cycle and in business lines demonstrating significant growth or competitive pressures. Capital optimisation strategies, the reasonableness of future management actions, and group recovery options will also be emphasised.
- Culture, Governance and Risk Management: The Central Bank expects insurers to commit to a culture of high standards involving a clear understanding of the risks faced by their consumers arising from products and services, as well as the behaviour of firms and the wider market. In addition to assessing compliance with the requirements of the Individual Accountability Framework, it will examine the treatment of customers by assessing a firm’s behaviour and culture, the adequacy of its product oversight and governance frameworks, and compliance with the Consumer Protection Code.
- Growth and Complexity of Business Models: The Central Bank plans to give greater attention to areas of significant growth or complexity in insurers’ business models and strategies. It notes that capital and operational support may be offered within groups to Irish firms but warns that such support should not undermine robust governance, adequate substantive presence, and strategic direction at the local level. Business models presenting a risk of day-to-day control operating outside of Ireland will be closely monitored.
In response to the anticipated growth of digitalisation in the insurance sector, the Central Bank will monitor supervisory risks and new ethical issues arising from the increased use of technology, including the use of AI in pricing and underwriting. Firms should deal with conflicts and risks arising from technology in a way that puts consumers’ best interests at the forefront of their decision-making and business models.
- Cyber and Operational Resilience: There will be increased focus on how insurers safeguard the continuity of critical business services and ensure that the Digital Operational Resilience Act (DORA) is being implemented.
- Sustainability: The Central Bank will continue to engage with insurers on climate change risks and encourage them to understand the implications these risks may have for strategy and business models. Supervisory engagement will focus on integrating climate change risks into insurers’ governance and risk management frameworks.
2. Revised Outsourcing Notification Guidance
The Central Bank issued a “Notification Guidance for (Re)Insurance Undertakings when Outsourcing Critical or Important Functions or Activities under Solvency II” in December 2024 (Revised Guidance). The Newsletter includes some explanatory remarks regarding the operation of the Revised Guidance.
The Revised Guidance takes precedence over the Central Bank’s Cross-Industry Guidance on Outsourcing (December 2021). Importantly, the steps to notify the Central Bank about outsourcing arrangements have not changed. Firms should continue to make notifications at least six weeks before the outsourcing arrangement becomes effective, and these should be made using the Central Bank’s standard form letter as set out in Appendix 1 of the Revised Guidance.
The Revised Guidance includes Excel spreadsheets comprising notification templates to assist insurers with the required due diligence exercise.
3. Other Topics
In addition to the above, the Newsletter also included updates on the Solvency II Review, DORA, and the AI Act.
In brief:
- The Solvency II Review will continue into 2025 with a series of further three-month consultations.
- The AI Act entered into force on 2 August 2024. Its phased implementation will commence in 2025, with the first set of requirements (including rules on prohibited activities and AI literacy of staff) applying from 2 February 2025.
- DORA will become effective on 17 January 2025. Financial Entities must submit a Register of Information to the Central Bank by 4 April 2025. The Central Bank will also engage with firms on Threat-Led Penetration Testing, where applicable.
For further reading, please click here to access a copy of the Newsletter.
If you have any questions on anything arising from the foregoing, please contact any member of the Insurance & Reinsurance team listed above or your usual William Fry contact.
Contributed by Daniel Gannon, Martha Ní Dhochartaigh.