Ireland fintech & payments: Central Bank of Ireland supervises CASPs under MiCAR and payments under PSD2
The Central Bank of Ireland (CBI) is the primary supervisor for fintech and payments, enforcing EU regulations transposed into Irish law. For crypto-assets, the CBI authorizes Crypto-Asset Service Providers (CASPs) and issuers of Asset-Referenced Tokens (ARTs) and Electronic Money Tokens (EMTs) under the EU Markets in Crypto-Assets Regulation (MiCAR). The regulator has established a rigorous two-phase authorization process, emphasizing local substance, robust governance, and strict AML/CFT frameworks.
For traditional payments, the CBI supervises Payment Institutions and Credit Institutions under the Payment Services Directive 2 (PSD2), implemented via the European Union (Payment Services) Regulations 2018. The CBI enforces strict conduct standards through the Consumer Protection Code 2012 and specific codes of conduct for account switching and business lending. The regulatory landscape is characterized by active supervision, with the CBI issuing detailed guidance on application procedures, key facts documents, and the interplay between MiCAR and PSD2.
Recent regulatory direction indicates a focus on high supervisory expectations for CASPs, including mandatory pre-application engagement and comprehensive risk evaluations. The CBI is actively managing the transition for existing financial entities providing crypto-asset services, requiring notifications under Article 60 of MiCAR. The overall stance is one of structured regulation, ensuring consumer protection and financial stability through detailed licensing and ongoing supervision.
Markets in Crypto-Assets Regulation (MiCAR) (2023/2024)
EU Regulation governing the authorization and supervision of Crypto-Asset Service Providers (CASPs) and issuers of Asset-Referenced Tokens (ARTs) and Electronic Money Tokens (EMTs). It establishes the legal framework for crypto-asset services in Ireland.
[1][2][3][6][8][9]European Union (Payment Services) Regulations 2018 (2018)
Transposes the Payment Services Directive 2 (PSD2) into Irish law, regulating Payment Institutions and Electronic Money Institutions. It defines payment account services and aligns consumer protection rules.
[11][12]Consumer Protection Code 2012 (2012)
Sets out conduct rules for regulated financial service providers, including amendments for payment accounts and credit servicing firms.
[11][13][15][16]Consumer Protection (Regulation of Credit Servicing Firms) Act 2015 (2015)
Legislation extending regulatory oversight to credit servicing firms, requiring authorization and adherence to conduct codes.
[15][16]Crypto-Asset Service Provider (CASP)
Authorization required for firms providing crypto-asset services under MiCAR. The process involves a two-phase assessment via the CBI portal, including a Pre-Application stage and formal application. Applicants must demonstrate robust local substance, governance, and AML/CFT frameworks. Timeline: Pre-application engagement required; formal applications submitted via CBI portal.
[2][3][6][8][10]ART and EMT Issuer
Authorization required for issuers of Asset-Referenced Tokens (ARTs) and Electronic Money Tokens (EMTs) under MiCAR. Requires submission of a Key Facts Document (KFD) and adherence to specific reserve and governance requirements. Timeline: Three-stage assessment process for non-crypto-asset reference tokens; KFD submission required.
[1][7]Payment Institution / EMI
Authorization required for providing payment services under PSD2. Entities must comply with the Consumer Protection Code 2012 and specific regulations on payment accounts. Timeline: Ongoing authorization under EU regulations transposed in 2018.
[11][12]Credit Servicing Firm
Authorization required for firms servicing retail credit or credit servicing under the 2015 Act. Must apply for authorization and adhere to the Code of Conduct for Business Lending. Timeline: Authorization required since July 2015.
[15][16]CASPs must engage with the CBI's CASP Authorisation Team before the 1 March 2026 deadline. Existing financial entities providing crypto-asset services must submit a notification form at least 40 working days before commencing services under Article 60 of MiCAR.
[4][9]Payment service providers must adhere to mandatory codes of conduct for switching payment accounts, including providing standardized switching packs and Account Transfer Forms.
[14][17]Credit servicing firms are classified as regulated entities and must apply for authorization, adhering to the Consumer Protection Code 2012 and Minimum Competency Code.
[15][16]The CBI is actively refining its supervisory expectations for CASPs, emphasizing robust local substance and strict control mechanisms. The regulator is streamlining processes for firms seeking dual authorization under MiCAR and PSD2, with a focus on clear interplay guidance.
[2][4]Regulatory focus remains on consumer protection and financial stability, with ongoing updates to conduct codes and authorization requirements for emerging fintech activities such as retail credit and buy now pay later agreements.
[19]Email alerts for Ireland updates
New circulars, rules and guidance — a digest in your inbox, same day.