Fintech 2025

IRELAND Trends and Developments Contributed by: Christopher Martin, Derek Hegarty and Nicola Munnelly, KPMG Law

does have the potential to increase risks relat - ing to fraud/anti-money laundering, and ter - rorism financing. However, it’s implementation in conjunction with the EU AML Package and related legislation, and the verification/screening safeguards within the Instant Payments Regula - tion itself aim to mitigate this risk. All payment service providers (PSPs) who send or receive credit transfers in euro will be within scope of the Instant Payments Regulation, with different cat - egories of PSPs being obliged to comply under varying timeframes. Credit institutions in the Eurozone receiving instant payments must comply with the require - ments for receiving instant payments from 9 January 2025, and for sending instant payments from 9 October 2025. Other PSPs, eg, payment institutions and e-money institutions, as well as PSPs outside of the Eurozone will need to com - ply on a phased basis for receiving and making instant payments during the course of 2027. Compliance with the Instant Payments Regula - tion will require significant technical and opera - tional changes on behalf of PSPs. However, it equally provides opportunities for PSPs to enhance and increase their offerings for custom - ers, as well as ensuring smoother payments in Ireland and across the EU. Artificial intelligence On 12 July 2024, the EU adopted Regulation (EU) 2024/1689 (AI Act). The AI Act entered into force on 1 August 2024, and in coming into force on a phased basis from 2 February 2025 until 2 August 2026. The AI Act takes a risk-based approach to AI Systems, differentiating between different use cases, with varying levels of restrictions and

requirements. There are five levels of AI Systems identified. • Unacceptable risk – These are prohibited (from 2 February 2025) and include systems which look to manipulate or exploit vulnerabil - ities, evaluate or categorise people with social scores leading to unfavourable treatment. • High-risk – These are subject to various obli - gations including risk management, human oversight, data quality and accuracy, cyber - security, and transparency. Use cases could, amongst other, involve biometrics, as well as access to essential services, and where used in decision-making. • Limited risk – The focus for these AI Systems is on ensuring that people are aware the AI is being used (ie, transparency). This will include, for example, the use of chatbots or ChatGPT, or other AI-generated content. • Minimal risk – For other AI Systems involving minimal risk, eg, spam filers, these will gener - ally fall outside of the scope of act. Whilst the AI Act is of general application, it will have a significant impact on financial institu - tions and fintech providers where AI Systems are used. This may include, for example, in connec - tion with AML/CFT requirements, credit assess - ment, risk assessment and quantification, com - plaints handling, customer communications, advertising, fraud prevention, and to facilitate new and novel areas or products. Regulated entities will need to understand the risks associated with the deployment of AI sys - tems, both from a business, governance, opera - tional, and customer perspective. Caution will need to be taken to ensure that AI systems do not give rise to discrimination, and that a level of human oversight is maintained. Over-reliance on external service providers, both from a concen -

393 CHAMBERS.COM

Powered by