Central Bank of Ireland Consumer Protection Code (CPC) Consultation 2024

Overview of the Consultation Paper on the Consumer Protection Code, March 2024 (CP158)

CP158 aims to consolidate and broaden consumer protection regulations. It contains Regulations on Standards for Business, General requirements Regulation and guidance on securing customers’ interests, as well as protecting vulnerable customers.

CPC scope

CP158 contains standards and requirements for regulated financial service providers. Business standards apply to all such providers except for firms offering MiFID services and credit union savings and lending activities. On the other hand, general requirements apply to all regulated financial service providers, with some exceptions. It is proposed to extend the scope of the Code to include bureau de change, providers of hire-purchase agreements, consumer hire agreements, and buy now, pay later (BNPL) agreements.

Securing customers’ interests

Customers’ interests must align with the commercial interests of shareholders and be considered when making decisions. While this requirement already exists under the Central Bank of Ireland’s (CBI) Consumer Protection Risk Assessment guidance, the draft guidance on securing customers interests  places a greater emphasis on protecting customer interests during periods of change, including the introduction of innovative business models, new business lines and new ways of delivering financial services to customers. Firms innovate to become more efficient and cost-effective, which is beneficial to customers, however, firms must also consider the risks these changes pose to consumer choice and access to financial services.

Vulnerable customers

The review includes a new definition of a vulnerable customer and guidance to support firms when dealing with customers in vulnerable circumstances. This includes the following:

• Protocols for reporting suspicions that a consumer may be suffering from or susceptible to financial fraud, scams or abuse must be in place. Specific individuals to whom employees can confidentially report concerns must be appointed.
• Customers must be allowed to nominate a ‘trusted contact person’ for communication in cases of difficulty or suspected financial abuse. However, the trusted contact person will not have the authority to deal with the customer’s affairs and is not a legal representative just because they have been recorded or contacted as a trusted contact person.
• Firms must also consider the Assisted Decision-Making (Capacity) Act 2015, which came into force in April 2023.

Unregulated activities

The review proposes new requirements for regulated firms that also provide unregulated activities. This includes obligations to ensure that customers do not mistakenly believe they are purchasing regulated products and services when they are not. Branding should not contribute to confusion or misunderstanding about a product or service’s regulatory status. Clear communication of the regulatory status of products and services can prevent customers from mistakenly believing they are in a regulated environment when engaging with unregulated offerings. Firms must prioritise their customers’ interests and uphold a strong ethical culture and transparency regardless of the regulatory classification of the products or services.

Mortgage credit and switching

The updated general requirements include several new specific requirements for mortgages. The CBI also proposes integrating the Code of Conduct on Mortgage Arrears (CCMA) into the revised Code and improving current CCMA requirements. Firms will be required to ensure that mortgage product incentives align with customers’ best interests and support their financial independence. Additionally, firms are expected to be transparent by clearly explaining the reasons for including features that incentivise customers. To comply with the Department of Finance’s Retail Banking Review recommendations, the CBI proposes strengthening existing requirements on how regulated firms provide information about alternative mortgage products to existing customers.

Financial abuse

The Standards for Business will introduce a definition of financial abuse which incorporates scams and financial fraud.  This will mean significant changes for financial service providers:

• Firms will need to establish reasonable systems and controls to mitigate the risk of financial abuse to their customers. 
• Financial abuse trends and, in particular, vulnerabilities in processes and distribution channels will need to be monitored. 
• Appropriate escalation processes will need to be in place where there is an increased risk.
• Firms must clearly communicate to customers the risk of financial abuse, the support available and the actions customers can take in case of financial abuse related to the regulated entity’s product or service.

Climate risk and sustainability

The CBI proposes a specific requirement for firms to ensure that their advertising does not mislead customers regarding the sustainability features of products or services, as well as the ‘green credentials’ of the firm itself or its business model. Additionally, the CBI is proposing to introduce a specific requirement that firms consider customers’ sustainability preferences when conducting suitability assessments.

In the guidance on securing customers’ interests, the CBI outlines the broader expectations of firms when providing ‘green’ or ‘sustainable’ products and services to customers. This includes the importance of clear, concise and understandable disclosures to inform customers, enhance understanding and build overall confidence in the green economy.

Digitalisation

The review proposes new obligations to ensure that technology is not used in a way that harms customers. Any digitalisation should consider the impact of proposed changes on customers and identify appropriate measures to mitigate any adverse effects.

Risks associated with the rapid and automated digital execution of contracts should be evaluated, considering the potential need for human interaction or advice. Risks associated with data and AI usage that may lead to information imbalances or result in unfair profiling and exploitation of customers, particularly those less technologically savvy, should also be assessed.

Firms must also consider the implications of online credit delivery, online decision-making, the use of personal data for targeted advertisements, and the use of game-like features.

Additional policy proposals

The revised Code will include requirements from the current Code and combine existing codes and regulations, such as the Code of Conduct on Mortgage Arrears, High-Cost Credit Providers Regulations, and Insurance Requirements Regulations, to create a more unified Consumer Protection Code.

The CBI also plans to consolidate the SME Regulations further into the updated Code. As the SME Regulations currently apply to credit unions, this consolidation will align with their efforts to expand the scope of the revised Code to cover all credit union activities, ensuring a consistent approach to both initiatives.