Module Application
Financial services authorisation is a core gateway requirement for organisations seeking to carry on regulated financial services business in or from Ireland and is subject to extensive statutory, regulatory and supervisory oversight at Irish and European Union level. This module applies to organisations that must obtain, vary or maintain an Irish financial services authorisation, registration or licence, including firms seeking approval from the Central Bank of Ireland or, where applicable, authorisation or assessment involving EU competent authorities such as the European Central Bank.
Organisations operating in this area are held to high standards by regulators and competent authorities including the Central Bank of Ireland, the European Central Bank and relevant EU institutions and supervisory bodies. These authorities require organisations to demonstrate that their proposed activities are properly scoped, that the correct authorisation gateway has been identified, and that the firm has robust governance, ownership and control, fitness and probity, minimum competency, financial crime, data protection, reporting, conduct, outsourcing, operational resilience, prudential and breach-response arrangements in place before regulated activities commence and on an ongoing basis.
To meet these expectations, organisations must determine whether their proposed activities, products and services fall within an Irish authorisation, registration or licensing regime, complete the applicable application process, provide complete and accurate information to the relevant authority, obtain any required approvals for controlled functions, pre-approval controlled functions, qualifying holdings or variations to authorisation, and maintain evidence of compliance with the conditions and obligations attached to their authorisation. Organisations must also be ready to operate from launch in a manner that supports fair customer outcomes, effective regulatory reporting, adequate capital and liquidity where applicable, oversight of outsourced and third-party arrangements, incident management, service continuity, regulatory engagement and timely escalation and remediation of breaches. This module is designed to support organisations in navigating Ireland’s financial services authorisation landscape, providing a structured framework to assess, implement and maintain the requirements needed to obtain and preserve authorisation while supporting effective supervision, market integrity, financial resilience and the protection of customers and the wider financial system.
Module Scope
This module covers the principal legal framework, authorisation perimeter, pre-application, application process, appeals, fitness and probity, prudential requirements, ownership and control, compliance controls, reporting, conduct, outsourcing, operational resilience, enforcement and breach-response obligations applicable to financial services authorisation in Ireland. It addresses the obligations of organisations seeking to carry on regulated financial services business in or from Ireland, including the need to determine the correct authorisation, registration or licensing route, prepare and submit complete applications, engage with the Central Bank of Ireland or other relevant competent authorities, and evidence readiness to meet applicable standards from authorisation onwards.
The scope further includes the identification and approval of controlled functions and pre-approval controlled functions, internal fitness and probity frameworks, due diligence and onboarding, competency requirements, role-change approvals, capital, liquidity, leverage, ICAAP, ILAAP, SREP and large exposure requirements, qualifying holdings, ownership and control changes, and variations to authorisation. It also covers financial crime, AML/CFT and data controls, governance, financial, complaints and recordkeeping-related reporting, customer conduct standards, promotions, communications, product and service governance, complaints handling, third-party risk monitoring, service continuity, incident management, exit planning, regulatory engagement, administrative sanctions and the consequences that may arise where organisations fail to obtain, vary, maintain or operate within the scope of the required Irish financial services authorisation.
Some of the specific questions this module covers are:
- Does the organisation obtain, maintain, and, where necessary, challenge through the appropriate appeals process, the relevant authorisation, licence, registration, or approval required to carry on regulated financial services activities in Ireland, in accordance with the applicable legislative and regulatory framework?
- Does the organisation establish and maintain a comprehensive internal fitness, probity and competency framework to ensure that all individuals performing controlled functions and pre-approval controlled functions are competent, capable, honest, ethical, financially sound, appropriately approved, and subject to ongoing oversight, certification and governance in accordance with applicable Irish and European regulatory requirements?
- Does the organisation maintain adequate capital, liquidity and funding resources, comply with prudential ratio and concentration risk requirements, implement sound ICAAP and ILAAP frameworks, and maintain effective governance, stress testing and risk management arrangements to ensure ongoing financial resilience?
- Does the organisation notify and obtain approval from the relevant competent authority before implementing qualifying holding acquisitions, disposals or material variations to its authorisation, and must ensure that all ownership, control and authorisation changes are assessed, managed and implemented in accordance with applicable prudential and supervisory requirements?
- Does the organisation establish, implement and maintain effective compliance controls, including financial crime, AML/CFT, data protection, data security and ICT governance measures, to identify, manage, monitor and mitigate regulatory, operational, financial crime and data security risks?
- Does the organisation establish, maintain and operate effective governance, financial reporting, complaints reporting and records management frameworks to ensure accurate, timely and complete reporting, regulatory transparency, audit readiness, consumer protection and compliance with applicable prudential, conduct and record-retention obligations?
- Does the organisation establish and maintain effective customer conduct, communications, product governance, promotions and complaints handling arrangements to ensure customers are treated fairly, informed appropriately, protected from harm, and provided with suitable financial services throughout the customer lifecycle?
- Does the organisation establish, implement, maintain and continuously enhance a comprehensive operational resilience framework governing ICT third-party risk monitoring, service continuity, incident management and exit planning to ensure the continuity, security, recoverability and resilience of critical or important business services?
- Does the organisation maintain effective arrangements for regulator engagement, enforcement response, cooperation, disclosure, investigation management and compliance with the Central Bank of Ireland’s administrative sanctions and supervisory enforcement frameworks?
The key topics covered in this module are:
- Scope of Authorisation
- Internal Fitness, Probity and Competence
- Prudential Requirements
- Ownership and Authorisation Changes
- Compliance Controls
- Reporting
- Conduct and Customer Outcomes
- Outsourcing and Operational Resilience
- Supervisory Engagement and Administrative Sanctions
The module encompasses a range of legislative sources including:
- Central Bank (Supervision and Enforcement) Act 2013 (IRE)
- Central Bank Act 1942 (IRE)
- Central Bank Act 1971 (IRE)
- Central Bank Act 1997 (IRE)
- Central Bank Reform Act 2010 (IRE)
- Companies Act 2014 (IRE)
- Consumer Credit Act 1995 (IRE)
- Consumer Protection Act 2007 (IRE)
- Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (IRE)
- Data Protection Act 2018 (IRE)
- Financial Services and Pensions Ombudsman Act 2017 (IRE)
- Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD4) (EU)
- Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions (CRD IV) (EU)
- Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments (MiFID II) (EU)
- Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) Minimum Competency Regulations 2017 (S.I. No. 391 of 2017) (IRE)
- Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Senior Executive Accountability Regime) Regulations 2024 (S.I. No. 147 of 2024) (IRE)
- Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Consumer Protection) Regulations 2025 (S.I. No. 81 of 2025) (IRE)
- Central Bank Reform Act 2010 (Section 17A) (Standards for Business) Regulations 2025 (S.I. No. 80 of 2025) (IRE)
- Central Bank Reform Act 2010 (Sections 20 and 22) (Amendment) Regulations 2026 (S.I. No. 20 of 2026) (IRE)
- Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (EU)
- European Communities (Consumer Credit Agreements) Regulations 2010 (S.I. No. 281 of 2010) (IRE)
- European Communities (Distance Marketing of Consumer Financial Services) Regulations 2004 (S.I. No. 853 of 2004) (IRE)
- European Communities (Unfair Terms in Consumer Contracts) Regulations 1995 (S.I. No. 27 of 1995) (IRE)
- European Union (Capital Requirements) Regulations 2014 (S.I. No. 158 of 2014) (IRE)
- European Union (Consumer Information, Cancellation and Other Rights) Regulations 2013 (S.I. No. 484 of 2013) (IRE)
- European Union (Consumer Mortgage Credit Agreements) Regulations 2016 (S.I. No. 485 of 2015) (IRE)
- European Union (Digital Operational Resilience) (No. 2) Regulations 2025 (S.I. No. 20 of 2025) (IRE)
- European Union (Insurance and Reinsurance) Regulations 2015 (S.I. No. 485 of 2015) (IRE)
- European Union (Insurance Distribution) Regulations 2018 (S.I. No. 229 of 2018) (IRE)
- European Union (Markets in Financial Instruments) Regulations 2017 (S.I. No. 375 of 2017) (IRE)
- European Union (Payment Services) Regulations 2018 (S.I. No. 6 of 2018) (IRE)
- European Union (Single Supervisory Mechanism) Regulations 2014 (S.I. No. 495 of 2014) (IRE)
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (EU)
- Regulation (EU) 2019/2033 of the European Parliament and of the Council of 27 November 2019 on the prudential requirements of investment firms (EU)
- Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA) (EU)
- Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (EU)
- Regulation (EU) No 468/2014 of the European Central Bank of 16 April 2014 establishing the framework for cooperation within the Single Supervisory Mechanism between the European Central Bank and national competent authorities and with national designated authorities (SSM Framework Regulation) (ECB/2014/17) (EU)
- Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (EU)
- Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 (EU)
- Central Bank of Ireland: Guidelines for applicants seeking a banking licence under Section 9 of the Central Bank Act 1971
- European Central Bank: Guide to Assessments of Licence Applications
- Central Bank of Ireland: Fitness and Probity Standards Code issued under Section 50 of the Central Bank Reform Act 2010
- Central Bank of Ireland: Guidance on the Individual Accountability Framework
- Central Bank of Ireland: AML/CFT Guidelines for the Financial Sector
- Central Bank of Ireland: Cross-Industry Guidance on Operational Resilience
- Irish Financial Services Appeals Tribunal Rules 2008 (S.I. No. 224 of 2008) (IRE)
Relevant regulators include:
- Central Bank of Ireland
- European Central Bank
- European Banking Authority
- European Securities and Markets Authority
- European Insurance and Occupational Pensions Authority
- Data Protection Commission
- Financial Services and Pensions Ombudsman
- Irish Financial Services Appeals Tribunal
- An Garda Síochána
Non-compliance with Ireland’s financial services authorisation framework can result in significant regulatory, civil and criminal consequences, including refusal, variation, suspension or withdrawal of authorisation, restrictions on regulated activities, Central Bank directions, supervisory investigations, public warning notices, administrative sanctions, public reprimands, monetary penalties, remediation or customer redress requirements, additional capital, liquidity, governance or reporting obligations, and enforcement action against firms or individuals. These consequences may arise where organisations carry on regulated activities without authorisation, fail to maintain authorisation conditions, provide incomplete or misleading regulatory submissions, breach prudential, fitness and probity, ownership, governance, reporting, conduct, AML/CFT, data protection, outsourcing or operational resilience requirements, or fail to cooperate openly with competent authorities.
This module is designed for organisations seeking to obtain, vary, maintain or assess an Irish financial services authorisation, registration, licence or regulatory approval. This includes banks, payment and e-money institutions, investment firms, funds and fund service providers, insurance and reinsurance undertakings, insurance and retail intermediaries, mortgage and credit firms, credit servicing firms, high cost credit providers, bureaux de change, money transmission businesses, trust or company service providers, holding companies, qualifying shareholders, controlled function and pre-approval controlled function holders, and other organisations carrying on, or proposing to carry on, regulated financial services activities in or from Ireland.