IRELAND Law and Practice Contributed by: Niall Esler, Shane Martin, James O’Doherty and Laura Whitson, Walkers
Crowdfunding The operation of a loan or investment-based crowdfunding platform is a regulated activity under Regulation (EU) 2020/1503 (the “Crowd- funding Regulation” ). Blockchain and Crypto-Assets In relation to the application of MiCAR to CASPs, stablecoin issuers and offerors/person seeking admission to trading of crypto-assets, please see 1.1 Evolution of the Fintech Market . Anti-Money Laundering (AML) The applicability of AML rules, including cus - tomer due diligence and ongoing monitoring requirements, will depend primarily on whether a fintech company falls within the categories of “designated persons” under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended (CJA 2010). Designated per - sons include a wide range of financial services companies as well as certain other entities – eg, casinos, or persons trading or acting as an inter - mediary in the trade of works of art. The Transfer of Funds Regulation (Regulation (EU) 2023/1113) (TFR) became applicable on 30 December 2024 and extends the obligation to include information about the originator and beneficiary (the so-called “travel rule” ) to CASPs. The TFR also subjects CASPs to the same AML/ CFT requirements and AML/CFT supervision as credit and financial institutions. Security Requirements Fintech firms will also need to be aware of and comply with specific security requirements introduced under PSD2 (eg, strong customer authentication) if they provide payment services, and, more broadly, cross-industry and industry- specific guidance from the Central Bank and EU regulators in relation to ICT and cyber-risks.
DORA and the Central Bank’s Guidance on Out - sourcing and on Operational Resilience also set out specific requirements for certain financial institutions in the context of the security of net - work and information systems. Other cyberse - curity and criminal legislation or guidance may also be relevant. Furthermore, the technical, operational and organisational cybersecurity measures con - tained in Directive (EU) 2022/255 (NIS2), once transposed, will be applicable to in-scope essential and important entities, which include cloud computing service providers. Data Privacy Fintech firms will need to comply with data pri - vacy laws, including the European Union Gen - eral Data Protection Regulation (Regulation (EU) 2016/679 – GDPR), in respect of any processing of personal data. The GDPR is broad in applica - tion, such that the vast majority of companies are impacted regardless of their regulatory sta - The Central Bank’s F&P Regime was established under the Central Bank Reform Act 2010 and applies to persons performing certain roles in regulated financial service providers (RFSPs). It applies to persons performing certain prescribed “controlled functions” (CFs) and “pre-approval controlled functions” (PCFs). PCFs include directors, chairs of the board and committees, the chief executive and heads of certain internal control functions, amongst other functions. A regulated firm must not permit a person to per - form a CF or PCF unless it is satisfied on reason - able grounds that the person complies with the Central Bank’s Standards of Fitness and Probity. tus or the services being provided. Fitness and Probity (F&P) Regime
371 CHAMBERS.COM
Powered by FlippingBook