IRELAND Law and Practice Contributed by: Niall Esler, Shane Martin, James O’Doherty and Laura Whitson, Walkers
In addition, the GDPR requires customers to be made fully aware – in a clear, concise and trans - parent fashion – of how their personal data will be used and by whom. It also provides for the rights to withdraw consent, to access data and for information to be erased. In sharing data with third parties such as account information service providers, banks will need to be aware of the potential for fraud or other risks.
lated firms, communicating its expectations with respect to their effective measures to mitigate the risks of fraud or scams and, in particular,
Authorised Push Payment fraud. 12.3 Responsibility for Losses
Under the MiFID Regulations, investment firms that safeguard client financial instruments and funds must introduce adequate organisational arrangements to minimise the risk of the loss or diminution of client assets, or of rights in con - nection with those assets, as a result of misuse of the assets, fraud, poor administration, inad - equate record-keeping or negligence. Investment firms are required to participate in investor compensation schemes. Such schemes compensate investors, for instance, if an invest - ment firm goes bankrupt and is unable to return financial instruments belonging to an investor. PSD2 provides that, in the case of an unauthor - ised payment transaction, the payment service provider should immediately refund the amount of that transaction to the payer. However, in cer - tain circumstances, the payment service provid - er should be able to conduct an investigation, within a reasonable time, before refunding the payer. The payer may be obliged to bear the losses relating to any unauthorised payment transac - tions, up to a maximum of EUR50, resulting from the use of a lost or stolen payment instrument or from the misappropriation of a payment instru - ment. There should be no liability where the pay - er is not in a position to become aware of the loss, theft or misappropriation of the payment instrument. The payer shall bear all of the losses relating to any unauthorised payment transac - tions if they were incurred by the payer acting fraudulently.
12. Fraud 12.1 Elements of Fraud
Fintech firms are at the forefront of fraud-relat - ed incidents, with the most common examples being credit card fraud, identity fraud and scam- related activity. Many firms, including VASPs, have reported concerns relating to transactions and access or ownership of virtual asset wallets, prominent use of fake identification documents or stolen KYC data, and the involvement of shell companies and bank accounts opened by a third party. Given the increasing prevalence of fraud in the fintech space, it has been paramount to address through regulation. PSD2 actively addressed account takeover fraud via Strong Customer Authentication (SCA), but steps are now being taken to update PSD2 to help stem the tide of the emerging types of fraud. 12.2 Areas of Regulatory Focus The Central Bank noted in its Regulatory Super - visory Outlook Report 2024 that, while digitali - sation continues to deliver concrete benefits for consumers, it also introduces new risks in terms of frauds and scams. The Central Bank sees smishing, phishing and push payment fraud increasing in frequency and becoming more sophisticated. The Central Bank wrote to regu -
386 CHAMBERS.COM
Powered by FlippingBook