Insights

On Wednesday 30 April 2025, fscom hosted a roundtable event at the Stephen’s Green Club in Dublin, bringing together senior professionals from across the payments and e-money sector to discuss the Central Bank of Ireland’s (CBI) 2025/2026 regulatory priorities. The session focused on three critical areas: safeguarding, financial crime, and digital operational resilience (DORA).

Held under Chatham House Rules, the discussion offered an open forum for compliance leaders to share challenges, exchange ideas, and explore practical solutions in response to the recent ‘Dear CEO’ letter from the CBI.

What we heard: three key themes

1. Safeguarding: a continued supervisory priority

Safeguarding remains firmly on the CBI’s radar, with heightened expectations around segregation practices, board oversight, and documented safeguarding frameworks.

Key issues raised included:

• Difficulties in promptly segregating client funds due to processing delays, cut-off times, and complex transaction flows;
• The increasing expectation for boards to maintain clear visibility over safeguarding risks and controls;
• The challenge of working with third-party partners, where safeguarding account transfers can be delayed; and
• The need for greater regulatory clarity on issues such as buffers and what constitutes ‘safeguarded’ funds.

Firms agreed that proactive review of safeguarding policies, internal audits, and board reporting structures is critical to maintaining compliance and building regulatory confidence.

2. Financial crime: moving beyond minimum standards

Participants acknowledged the growing complexity of financial crime risks and the challenges of maintaining effective AML/CFT frameworks.

Recurring themes included:

• The need to align transaction monitoring rules with updated risk assessments;
• Frustration around the high volume of false positives and limited effectiveness of existing alert systems;
• An increased focus on QA/QC processes and the importance of targeted training, particularly in global firms with standardised group policies; and
• Emerging use cases for AI, such as reducing low-value alerts and streamlining EDD documentation.

Firms also highlighted the importance of engaging senior management and boards through regular MI and tailored training to ensure understanding of ML/TF risks and responsibilities.

3. DORA: planning for operational resilience

With the Digital Operational Resilience Act (DORA) taking effect early this year, the conversation quickly turned to implementation challenges and practical strategies.

Among the key takeaways:

• Most firms faced challenges with reporting platforms and file formats, even small issues like formatting errors caused submission failures;
• Firms debated the best approach to policy alignment in global groups, particularly where DORA only applies to some entities;
• A lack of standardised templates and reporting guidance was noted as a pain point, and several firms had turned to external consultants for support; and
• The importance of involving IT teams in DORA planning was underlined, as opposed to making it a purely compliance-led initiative.

Participants acknowledged that while the long-term value of DORA reporting is still uncertain, early investment in systems, governance, and third-party oversight is key to building resilience.