Fintech in Ireland 2024

Fintech in Ireland 2024

Fintech in Ireland 2024

FINTECH 2024

IRELAND

Ian O’Mara, Joe Beashel

(Matheson LLP)

FINTECH LANDSCAPE AND INITIATIVES

General innovation climate

  1. What is the general state of fintech innovation in your jurisdiction?

Ireland has a very active fintech scene and is one of the leading jurisdictions for fintech start-ups and corporate innovation in Europe. In addition, as a result of Brexit, many payments and e-money firms that previously provided services across the European Union via a UK payments or e-money license have sought to obtain authorization from the Central Bank of Ireland (the Central Bank) to ensure continuity of operations. This has led to a very significant increase in the number of licensed payments and e-money firms operating in the jurisdiction. As of June 2023, there were over 40 such firms formally authorized and operating in Ireland.

Ireland has won an outsized share of European investment in corporate innovation labs, with many global financial services groups establishing their innovation labs in Ireland. Accelerator programs are also expanding their activities in Ireland, with Dublin being added as one of two accelerator locations by the NadiFin fintech accelerator program and the National Digital Research Centre expanding its activities outside Dublin to Waterford and Galway. Dublin remains the hub for fintech activities in Ireland, but other regional centers are also seeing growth.

Notwithstanding the burgeoning start-up scene, digital challenger banks have not penetrated the Irish market to any significant extent and there are currently no home-grown challenger banks. EU digital operators have passported their services into Ireland but have not yet posed an existential threat to traditional Irish banking houses. Robo-advice has yet to make an appearance in the mainstream investments market. Many life and health insurers are now investigating the potential incorporation of wearable devices into insurance underwriting, and some of the main motor insurers have launched safe driving apps that provide telematics-based discounts for drivers.

Government and regulatory support

  1. Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?

The government of Ireland is strongly supportive of fintech and in its recently-revised Strategy for the International Financial Services Sector (Ireland for Finance 2025) has stated its commitment to developing Ireland as a global leader in the financial services sector, creating an environment in which both indigenous and multinational firms can draw on key governmental incentives and support to grow their businesses. The main state business and employment promotion agencies, IDA Ireland and Enterprise Ireland, provide a range of supports for fintech operations at all levels of development and the state Ireland State Investment Fund (ISIF) has made multiple venture capital and equity investments in promising fintech start-ups.

Since 2018, the Central Bank has provided the Innovation Hub for fintech companies operating in Ireland. This is a direct and dedicated point of contact for firms developing or implementing innovations in financial services based on new technologies. This intends to accommodate greater interaction by the Central Bank with the growing number of fintech businesses looking to set up operations in Dublin, or expand their existing operations both in the regulated and unregulated space. A number of initiatives have been undertaken by different financial institutions applying distributed ledger technology, artificial intelligence (AI) and robotics, and the Central Bank is keen to engage with innovators who are operating as regulated and unregulated entities in the financial services space. According to the Innovation Hub: 2021 Update, the Innovation Hub received 84 enquiries, representing a 19 percent increase in enquiry numbers over 2020.

FINANCIAL REGULATION

Regulatory bodies

  1. Which bodies regulate the provision of fintech products and services?

The Central Bank of Ireland (the Central Bank) is the only financial services regulator in Ireland and is responsible for authorizing and supervising all providers of regulated financial services. The Central Bank is responsible for both prudential supervision and conduct of business supervision of regulated entities that it has authorized. Where a regulated firm has been authorized by a supervisory authority in another EU or EEA jurisdiction, the home state regulator will be responsible for prudential supervision but the Central Bank will be responsible for the conduct of business supervision in Ireland. The Single Supervisory Mechanism at the European Central Bank also directly supervises significant credit institutions and has exclusive competence for the authorization of credit institutions (other than branches of third-country credit institutions).

Regulated activities

  1. Which activities trigger a licensing requirement in your jurisdiction?

Whether or not a fintech business is required to hold a financial services authorization will depend on the nature of the activities that the firm engages in. As far as investment-related activities are concerned, Directive 2014/65/EU (Markets in Financial Instruments Directive II) (MiFID 2), was transposed into Irish law by the European Union (Markets in Financial Instruments) Regulations 2017 (the Irish MiFID 2 Regulations). Engaging in any of the investment services and activities listed in MiFID 2 (e.g, providing investment advice or executing client orders) is a regulated activity requiring authorization. Other parts of the MiFID 2 package also have direct effect in Ireland.

Engaging in ‘banking business’ requires authorization under the Central Bank Act 1971 (the 1971 Act). The European Union (Capital Requirements) Regulations 2014 transposed the Directive 2013/36/EU (Capital Requirements Directive IV) (CRD4) into Irish law and the requirements for obtaining an Irish banking license are based on the transposition of the CRD4 package. Other parts of the CRD4 package also have a direct effect in Ireland. ‘Banking business’ means taking deposits or other repayable funds from members of the public and granting credit for own account. There is a restriction in the 1971 Act, in the absence of an exemption from the Central Bank, which prohibits anyone from using the term ‘bank’ in their name or holding themselves out as a bank without holding the necessary authorization. Ireland also has a regime for authorizing branches of credit institutions established in third countries (third-country branches) under section 9A of the 1971 Act.

Consumer lending

  1. Is consumer lending regulated in your jurisdiction?

Subject to very limited exceptions, providing deferred payments, cash loans or other similar financial accommodation to individuals (not just consumers) in Ireland is a regulated activity requiring authorization as a retail credit firm under the Central Bank Act 1997, unless the lender is otherwise authorized to provide such credit, for example, a bank. This is an Irish domestic licensing regime and does not derive from an EU law obligation.

The legislation was further amended in early 2022 by the introduction of the Consumer Protection (Regulation of Retail Credit and Credit Servicing Firms) Act 2022. This legislation, once commenced, will bring providers of indirect credit to consumers, for example, providers of buy now, pay later agreements into the regulatory perimeter for the first time. Previously, indirect providers of consumer credit products were technically outside the scope of Irish financial services law from a licensing perspective. Since the legislation was commenced, a number of firms active in this sector have now sought transitional authorizations from the Central Bank to carry on their newly regulated credit-providing activities while they progress their authorization applications.

Multiple aspects of consumer lending are also regulated (at the conduct-of-business level) under the Consumer Credit Act 1995 (the 1995 Act) and the European Communities (Consumer Credit Agreement) Regulations 2010 (the 2010 Regulations), which regulate the form and content of credit agreements. The 1995 Act and the 2010 Regulations implement the provisions of Directive 87/102/EEC (Consumer Credit Directive) as amended, and CRD4.

The Central Bank’s Consumer Protection Code 2012 (the CPC) and associated addenda are also relevant. The CPC applies to all financial services providers who are authorized, registered or licensed by the Central Bank, as well as financial services providers authorized, registered or licensed in another EU or EEA member state when providing services in Ireland, on a branch or cross-border basis. The CPC essentially requires regulated entities to adhere to a set of general requirements, such as to provide terms of business to consumers, conduct know-your-customer, to establish the suitability of the product, and adhere to lending and advertisement requirements. The CPC is currently being reviewed by the Central Bank through a public consultation and is likely to be comprehensively overhauled in 2024.

There are also separate requirements for mortgage lending to consumers, including the ‘housing loan’ requirements under the 1995 Act, the European Union (Consumer Mortgage Credit Agreements) Regulations 2016, implementing the provisions of Directive 2014/17/EU (Mortgage Credit Directive) and the Central Bank’s Code of Conduct on Mortgage Arrears.

Secondary market loan trading

  1. Are there restrictions on trading loans in the secondary market in your jurisdiction?

Part V of the Central Bank Act 1997 regulates credit servicing, which includes holding the legal title to loans made by regulated financial services providers to individuals and small and medium-sized (SME) businesses. Credit servicing is a regulated activity requiring authorization by the Central Bank. Acquiring the beneficial interest in such loans is not a regulated activity, however, although there are associated licensing requirements applicable to entities that provide administration or servicing in respect of such loans. Trading non-SME corporate loans is not, generally speaking, a regulated activity in Ireland.

There may also be data protection issues and general contractual issues that need to be addressed, irrespective of the nature of the loans being traded.

Collective investment schemes

  1. Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.

Investment funds are authorized and regulated by the Central Bank and may be regulated as:

UCITS, RIAIFs and QIAIFs may be organized through a number of legal structures, the most popular of which are the Irish collective asset-management vehicle (ICAV), the investment public limited company (the investment company) and authorized unit trusts. It is an offence to carry on business as an ICAV, investment company or authorized unit trust unless authorized by the Central Bank.

Fintech companies, whether providing alternative finance products or otherwise, would not typically fall to be regulated as investment funds. However, fintech firms that fall within the definition of alternative investment funds would require authorization. Fintech companies that provide services to investment funds may require authorization if they are providing regulated depositary or administration services. Depositaries and administrators to investment funds may also engage fintech firms, in which case applicable Central Bank outsourcing requirements may apply, although in general, the fintech service providers would not themselves require authorization.

Alternative investment funds

  1. Are managers of alternative investment funds regulated?

The Central Bank authorizes and regulates Irish alternative investment fund managers (AIFMs) under the AIFM Regulations, as well as regulating UCITS management companies in accordance with the UCITS Regulations, and non-UCITS management companies (a residual category post-AIFMD). Most fintech companies would be expected to fall outside the scope of the AIFM Regulations and the UCITS Regulations.

Peer-to-peer and marketplace lending

  1. Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.

There is currently no distinct regulatory regime for peer-to-peer (P2P) or marketplace lending in Ireland. Some of the regimes described in this chapter (e.g, retail credit and Regulation (EU) 2020/1503 (the Crowdfunding Regulation)) may, however, be relevant depending on the nature of the specific activities engaged in and a regulatory analysis of the proposed process flow is therefore always advisable.

Crowdfunding

  1. Describe any specific regulation of crowdfunding in your jurisdiction.

The Crowdfunding Regulation and Directive (EU) 2020/1504 (the MiFID 2 Amending Directive) were recently published to provide a common EU legislative framework in respect of crowdfunding.

The Crowdfunding Regulation became directly effective in Ireland in November 2021, and Ireland has implemented the MiFID 2 Amending Directive into national law. European crowdfunding service providers (ECSPs) are excluded from MiFID 2 by the MiFID2I Amending Directive, and ECSPs are instead covered by the Crowdfunding Regulation.

The Crowdfunding Regulation applies to P2P crowdfunding platforms facilitating business funding (lending to consumers is excluded) and investment-based crowdfunding platforms in relation to transferable securities up to a threshold of €5 million, whereas MiFID 2 will continue to apply to larger crowdfunding platforms.

Prospective ECSPs must apply for authorization under the Crowdfunding Regulation and may avail of the ability to passport their license into each of the EEA member states once approved. The Crowdfunding Regulation also places tailored operational and conduct of business requirements on ECSPs in their interactions with investors.

Invoice trading

  1. Describe any specific regulation of invoice trading in your jurisdiction.

Holding title to loans advanced to consumers and SMEs can constitute ‘credit servicing’ requiring licensing under the Central Bank Act 1997 in certain circumstances. At a conduct-of-business level, the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Lending to Small and Medium-Sized Enterprises) Regulations 2015 apply to regulated financial services providers and regulate the provision of credit by a regulated entity to micro and SME enterprises in Ireland. ‘Credit’ is broadly defined as a deferred payment, cash loan or other similar financial accommodation, including hire purchase, invoice discounting and the letting of goods. There are no regulations specific to invoice trading, described as such, in Ireland.

Payment services

  1. Are payment services regulated in your jurisdiction?

Yes. The provision of payment services is a regulated activity requiring authorization under the European Union (Payment Services) Regulations 2018 (the PSD Regulations), which transpose Directive (EU) 2015/2366 (revised Payment Services Directive) (PSD2) into Irish law. Ireland’s implementation of the PSD2 through the PSD Regulations was consistent with the principle of maximum harmonization, and as such the PSD Regulations reflect the requirements of the PSD2 itself.

Where PSD2 does not apply, there is a domestic regime under Part V of the Central Bank Act 1997, which regulates the ‘money transmission business’. A money transmission business is defined as a business that comprises or includes providing a money transmission service to members of the public.

A proposed text of a PSD3 Directive is due to be published by the EU Commission in the second quarter of 2023 and may lead to further revisions to the regulatory perimeter in Irish law.

Open banking

  1. Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?

Yes. One of the main aims of PSD2 was to increase competition in the payment sector, introduce open banking and facilitate access by third-party providers to a user’s account held with their account servicing payment service provider (usually a bank). The Strong Customer Authentication requirements came into effect in September 2019, and this has required account servicing payment service providers to develop and test APIs to facilitate open access by third-party providers.

Robo-advice

  1. Describe any specific regulation of robo-advisers or other companies that provide retail customers with automated access to investment products in your jurisdiction.

There is currently no specific regulatory regime in place for robo-advisers or other companies that provide retail customers with automated access to investment products in Ireland.

Insurance products

  1. Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?

Any entity that carries on insurance or reinsurance business in Ireland (namely, an insurance or reinsurance underwriter) requires an authorization in accordance with the requirements of Directive 2009/138/EC (Solvency II) as implemented in Ireland by the European Union (Insurance and Reinsurance) Regulations 2015.

The European Union (Insurance Distribution) Regulations 2018 (the IDD Regulations) came into force on 1 October 2018, and transpose Directive (EU) 2016/97 (Insurance Distribution Directive) into Irish law. The IDD Regulations set out authorization and ongoing regulatory requirements for any person engaged in ‘insurance distribution’ in Ireland. This is broadly defined to include advising on, proposing, or carrying out other work preparatory to the conclusion of contracts of insurance, of concluding such contracts, or of assisting in the administration and performance of such contracts. Any fintech firm that sells or markets insurance products in Ireland (as a broker or agent) is likely to require authorization in accordance with the IDD Regulations.

Credit references

  1. Are there any restrictions on providing credit references or credit information services in your jurisdiction?

The provision of third-party credit referencing or credit information services is not specifically regulated in Ireland, but historically this activity has not been widespread – credit checking was conducted directly by lenders themselves. Reflecting the fragmented credit information formerly available in Ireland, the Credit Reporting Act 2013 and associated regulations provide for the establishment and operation of a statutory central credit register (CCR) system, established and operated by the Central Bank. Credit providers in Ireland are required to provide information to the Central Bank for entry to the CCR and are also obliged to make an enquiry in respect of relevant credit applications.

CROSS-BORDER REGULATION

Passporting

  1. Can regulated activities be passported into your jurisdiction?

Yes, where the regulated activity is covered by relevant EU legislation, the provider is authorized in another EU or EEA member state and subject to compliance with the applicable notification procedures under relevant legislation.

As a general principle, where a financial institution authorized in another EU or EEA member state (the home state) passports its services into Ireland through the establishment of a branch in Ireland, or by providing its services on a cross-border services basis, the home state regulator retains responsibility for the prudential supervision of that entity. The regulator of the member state into which passporting is undertaken (the host state), in this case, the Central Bank of Ireland (the Central Bank), will supervise the passported entity’s conduct of business in Ireland. The Central Bank does not in general adopt a gold-plating approach, and in general local conduct of business rules are not excessively onerous.

Requirement for a local presence

  1. Can fintech companies obtain a license to provide financial services in your jurisdiction without establishing a local presence?

Where a fintech company wishes to provide a regulated service, then, subject to the ability to passport into Ireland on a services basis where the fintech company is authorized in another EU or EEA member state, it is not possible to provide regulated financial services in Ireland unless the fintech company establishes a presence in Ireland.

The Central Bank, as the regulatory body responsible for authorizing firms providing regulated financial services in Ireland, applies minimum substance requirements depending on the nature, scale, complexity and risk profile of the firm and the proposed activities and customers.

SALES AND MARKETING

Restrictions

  1. What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?

There is no cross-industry financial promotions regime under Irish law and the promotion, sale and marketing of particular financial services and products are governed by sector-specific requirements, for example, under the European Union (Insurance Distribution) Regulations 2018, the Central Bank of Ireland’s (the Central Bank) Consumer Protection Code 2012 and associated addenda or the European Union (Markets in Financial Instruments) Regulations 2017. These regimes set out rules in relation to offering financial services and products, disclosure and transparency requirements for advertising and rules relating to incentives for the sale of financial products and services to customers in Ireland, among other matters.

CRYPTOASSETS AND TOKENS

Distributed ledger technology

  1. Are there rules or regulations governing the use of distributed ledger technology or blockchains?

There are no specific rules governing the use of distributed ledger technology or blockchain in Ireland, but a regulated financial service provider would need to comply with applicable conduct and regulatory requirements in applying such technologies to its regulated activities. The Central Bank of Ireland (the Central Bank) has issued a discussion paper relating to the impact of such innovation on its Consumer Protection Code and the delivery of financial services to consumers in Ireland.

Cryptoassets

  1. Are there rules or regulations governing the promotion or use of cryptoassets, including digital currencies, stablecoins, utility tokens and non-fungible tokens (NFTs)?

Virtual asset service providers (VASPs) are subject to a new registration obligation with the Central Bank for anti-money laundering and counter-terrorist financing purposes following Directive (EU) 2018/843 (Fifth Anti-Money Laundering Directive). Assuming the cryptoassets are not ‘financial instruments’ or other forms of collective investment, there is no regulatory framework governing cryptoassets in Ireland outside of the current AML framework.

However, there are plans ahead at the EU level for a regulation in Markets in Crypto-Assets (MiCA), which is similar to Directive 2014/65/EU (Markets in Financial Instruments Directive II) (MiFID 2), and this legislative proposal will develop a more suitable regulatory framework for virtual asset service providers across Europe, including passporting rights for those firms. MiCA has recently been finalized at the EU level and the Irish Department of Finance is expected to issue a consultation in the coming months on how certain aspects of it will be transposed into Irish law (such as the transitional authorization regime for VASPs wishing to avail of MiCA).

We expect many of the Irish firms already providing virtual asset services will undergo this new domestic Irish authorization process so that their operating models and compliance frameworks are robust enough to be able to then obtain authorization as a cryptoasset service provider whenever the EU’s MiCA legislation is finalized.

Token issuance

  1. Are there rules or regulations governing the issuance of tokens, including security token offerings (STOs), initial coin offerings (ICOs) and other token generation events?

Assuming the digital currency in question is not considered a ‘financial instrument’ under MiFID and the exchange is not engaging in any other regulated activity, then there is no specific regulatory framework governing the operation of digital currency exchanges or brokerages in Ireland.

However, digital currency exchanges are considered VASPs under Irish AML legislation and VASPs with a physical establishment in Ireland are required to register with the Central Bank for AML supervision purposes only. It is expected that the MiCA regulation, when finalized, will provide a more comprehensive regulatory regime for digital currency exchanges and brokerages in the coming years.

ARTIFICIAL INTELLIGENCE

Artificial intelligence

  1. Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?

There are no specific rules governing the use of artificial intelligence (AI), including in relation to robo-advice, in Ireland. However, a regulated financial service provider would need to comply with applicable conduct and regulatory requirements in applying artificial intelligence (and robo-advice) to its regulated activities and would also need to ensure that it complies with Irish equality legislation (the Equal Status Acts 2000–2015) when using such technology to determine access to services. The Central Bank of Ireland (the Central Bank) has issued a discussion paper relating to the impact of such innovation on its Central Bank’s Consumer Protection Code 2012 (the CPC) and associated addenda and the delivery of financial services to consumers in Ireland.

CHANGE OF CONTROL

Notification and consent

  1. Describe any rules relating to notification or consent requirements if a regulated business changes control.

Most regulated businesses operating in Ireland are subject to change of control regimes that require direct and indirect acquisitions and disposals of qualifying holdings (10 percent or more) to be notified to the relevant competent authority. For firms authorized in Ireland, the notification is made to the Central Bank of Ireland (the Central Bank), which then has a specific time period to review the change of control and request further information, confirm no objection, or object to the change. For credit institutions, the European Central Bank also has a role in the assessment of change of control notifications.

FINANCIAL CRIME

Anti-bribery and anti-money laundering procedures

  1. Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?

The Criminal Justice (Corruption Offences) Act 2018 overhauled Irish anti-corruption laws and introduced a number of new offenses, including a corporate liability offence that allows for a corporate body to be held liable for the corrupt actions committed for its benefit by any director, manager, secretary, employee, agent or subsidiary. The single defense available is demonstrating that the company took all reasonable steps and exercised all due diligence to avoid the offence being committed. Many firms are now implementing robust procedures and delivering training to staff on anti-bribery and corruption rules as a result.

Any fintech company that is a ‘designated body’ for the purposes of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA) will be subject to anti-money laundering (AML) and counter-terrorist financing (CTF) requirements. Certain entities that are designated bodies for the purposes of the CJA, such as leasing companies, or those providing factoring services, do not require authorizations or licenses from the Central Bank of Ireland (the Central Bank), but are subject to AML and CTF obligations under the CJA and are required to register with the Central Bank for that purpose. Fintech providers that are not regulated should therefore check on a case-by-case basis whether they are subject to the CJA.

Directive (EU) 2018/843 (Fifth Anti-Money Laundering Directive) has also been transposed into Irish law and a registration obligation for all firms acting as virtual asset service providers (VASPs) in Ireland has been in force since April 2021. Notably, because the legal framework is based on the EU’s AML directives (and not Directive (EU) 2015/2366 (revised Payment Services Directive)), firms registered under this framework will not be able to passport their licenses across the European Economic Area.

In addition to sector-specific requirements, fintech businesses may need to comply with consumer protection legislation (depending on the nature of the customers), Central Bank conduct rules, anti-money laundering requirements and data protection legislation.

Guidance

  1. Is there regulatory or industry anti-financial crime guidance for fintech companies?

There is nothing specific to fintech companies. In line with other regulators, the Central Bank has generally increased its focus on AML, CFT and cyber risks across all regulated financial services. The Central Bank issued best practice guidance on cybersecurity within the investment firm and fund services industry in September 2015, followed by cross-industry guidance on information technology and cybersecurity risks in September 2016. The Central Bank will also expect relevant firms to apply European Banking Authority guidelines and technical standards published under Directive (EU) 2015/2366 (revised Payment Services Directive) and other specific regimes, as applicable. In June 2021, the Central Bank issued AML and CFT guidelines for the financial sector, to assist both credit and financial institutions in understanding their AML and CFT obligations as ‘designated persons’ under the CJA. These guidelines do not constitute secondary legislation but set out the expectations of the Central Bank regarding the factors that firms should take into account when identifying, assessing and managing ML and TF risks.

DATA PROTECTION AND CYBERSECURITY

Data protection

  1. What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?

Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR) has had effect in Ireland since 25 May 2018 and is supplemented by the Data Protection Act 2018. The GDPR is intended to harmonize further the data protection regimes within the European Union and a full account of its impact is outside the scope of this chapter. For fintech operators, anonymization and aggregation of data for commercial gain may be important. Aggregation of data for commercial gain will only be permissible where the collection, aggregation and commercial use of the data meets GDPR requirements. There may be somewhat greater flexibility in the use of anonymized data for commercial gain. However, it is generally accepted that the standard required for data to be truly anonymized (and therefore not be personal data) is a high one and that anonymization techniques can only provide privacy guarantees if appropriate techniques are used and the application of those techniques is engineered appropriately. This is a complex area and any fintech operator considering engaging in such techniques should seek appropriate specialist advice.

Cybersecurity

  1. What cybersecurity regulations or standards apply to fintech businesses?

The Central Bank of Ireland (the Central Bank) issued best practice guidance on cybersecurity within the investment firm and fund services industry in September 2015, followed by cross-industry guidance on information technology and cybersecurity risks in September 2016. The Central Bank will also expect relevant firms to apply relevant European Supervisory Guidelines, whether issued by the European Banking Authority or the European Supervisory Market Authority (such as the guidelines on security measures for operational and security risks under Directive (EU) 2015/2366 (revised Payment Services Directive) and other specific regimes, as applicable). The forthcoming EU Digital Operational Resilience Act will also be relevant here from 2025 onwards.

OUTSOURCING AND CLOUD COMPUTING

Outsourcing

  1. Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?

There are multiple sector-specific requirements governing outsourcing, for example, under Directive 2014/65/EU (Markets in Financial Instruments Directive II) and Directive 2009/138/EC (Solvency II) regimes. For credit institutions, payments and e-money firms, the European Banking Authority (EBA) has issued extensive Guidelines as of February 2019. The Central Bank of Ireland (the Central Bank) takes an active interest in compliance by regulated firms with outsourcing requirements and in November 2018, published the paper ‘Outsourcing – Findings and Issues for Discussion’, highlighting the most obvious and minimum supervisory expectations for regulated firms around the management of outsourcing risks. More recently, in December 2021, the Central Bank published Cross-Industry Guidance on Outsourcing and Cross-Industry Guidance on Operational Resilience.

Cloud computing

  1. Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?

The Revised EBA Guidelines on Outsourcing (2019) are relevant here. In December 2021, the Central Bank of Ireland also published finalized Cross-Industry Guidance on Outsourcing and Cross-Industry Guidance on Operational Resilience, both of which are relevant to how financial services firms use and rely on cloud computing services in the course of their operational activities.

INTELLECTUAL PROPERTY RIGHTS

IP protection for software

  1. Which intellectual property rights are available to protect software, and how do you obtain those rights?

The principal intellectual property right that protects software is copyright (the right to prevent others from, among other things, copying the software). Under the Copyright Act 2000 (as amended), copyright vests in the author on creation. Organizations should ensure that they have appropriate copyright assignment provisions in place in all agreements they have with employees or contractors to ensure that they obtain these rights.

IP developed by employees and contractors

  1. Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?

The default position under Irish law is that the employer owns intellectual property developed by an employee during the course of employment, unless it is otherwise stated in an agreement with the employee. However, this default position does not extend to intellectual property generated by an employee outside their employment (such as out of hours or off premises).

Contractors and consultants (who are not employees) are generally not subject to the default position described above and, unless the agreement between the contractor or consultant includes an assignment or other transfer of intellectual property to the customer, the contractor or consultant will own any intellectual property rights generated during the course of the work. Ownership of such intellectual property, if related to the subject matter of employment, should be addressed through the relevant contract.

Joint ownership

  1. Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?

Yes. Joint owners of patents cannot assign or grant a license of an interest in a patent or a design right without the consent of all other joint owners. Under the Trade Marks Act 1996 (as amended), a joint owner may sue another joint owner for trademark infringement where the trademark is used in relation to goods or services for which all joint owners have not been connected in the course of trade. On the basis of this legislation, we would expect that the consent of all joint owners is required for a license of the trademark to be given.

Although the Copyright Act 2000 (as amended) is silent as to the rights of joint copyright owners, the current common law position appears to suggest that the consent of all co-owners is required for the grant of a license to third parties.

Trade secrets

  1. How are trade secrets protected? Are trade secrets kept confidential during court proceedings?

The European Union (Protection of Trade Secrets) Regulations 2018 (the Regulations) transpose Directive 2016/43 (Trade Secrets Directive) into Irish law and provide for civil redress measures in respect of the unlawful acquisition, use and disclosure of trade secrets. Prior to the operation of the Regulations, confidential information was protected either through a contractual agreement to keep certain information confidential or through the common law obligation to keep information confidential (because of the nature of the relationship between the discloser and disclose, the nature of the communication or the nature of the information itself).

The Regulations set out the circumstances in which the acquisition of a trade secret is considered lawful (e.g, where the information is obtained by independent discovery) and also the circumstances in which the acquisition of a trade secret, without the consent of the trade secret holder, is considered unlawful (e.g, by unauthorized access to, appropriation of, or copying of documents or materials, et cetera).

The Regulations further provide that in legal proceedings relating to the unlawful, use or disclosure of a trade secret, the court may make an order directing that one or more relevant persons shall not be permitted to disclose or use any trade secret or alleged trade secret which has been identified as confidential.

There is no general rule, however, that requires confidential information that is revealed during court proceedings to be kept secret. It is possible to obtain an order from a court limiting access to such confidential information, but such orders are given on a case-by-case basis.

Branding

  1. What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?

The main intellectual property rights available to protect branding are registered and unregistered trade and service marks.

Registered trade and service mark rights only arise through registration and can be applied for either in Ireland (in respect of Ireland only) or more broadly in the European Union (as an EU trademark) or internationally. Trade and service mark rights give registered owners certain rights to prevent others from using identical or confusingly similar trademarks to their registered mark.

Brand owners can also rely on unregistered trademark rights through the common law of passing off. This allows the owner to prevent others from damaging their goodwill with customers by using branding or get-up that is identical or confusingly similar to their own.

For certain branding (particularly complex branding with artistic elements), copyright protection may also be available.

Remedies for infringement of IP

  1. What remedies are available to individuals or companies whose intellectual property rights have been infringed?

The exact remedies available to individuals or companies depend on the intellectual property right that has been infringed. Generally speaking, however, for infringements of trademarks, patents, copyright and design rights under Irish law, the owner of the right may seek an injunction against further infringement, damages, an account of any profit made by the infringer from any articles incorporating the infringed intellectual property and delivery up or destruction of those articles.

COMPETITION 

Sector-specific issues

  1. Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?

There are no competition issues in Ireland that are specific to fintech companies, nor do we expect that there will be any specific competition issues in the future.

TAX

Incentives

  1. Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?

In addition to the Irish corporation tax rate of 12.5 percent, there are a number of further Irish tax provisions that encourage innovation and investment in fintech in Ireland, including:

  • A 25 percent tax credit for qualifying research and development (R&D) expenditure carried on within the European Economic Area. This tax credit is in addition to the normal business deduction for such R&D expenditure (at the 12.5 percent rate), thus providing relief for expenditure on R&D at an effective rate of 37.5 percent. These credits may also be surrendered by the company to key employees actively involved in R&D activities, thereby reducing the effective rate of Irish income tax for such employees.
  • A best-in-class ‘knowledge development box’, which complies with the Organization for Economic Co-operation and Development’s (OECD) ‘modified nexus’ standard. This can reduce the rate of Irish corporation tax to 6.25 percent for profits derived from certain intellectual property assets, where qualifying R&D activity is carried on in Ireland. This relief can also be claimed in conjunction with the R&D tax credit.
  • Tax depreciation for certain intangible assets. Such assets can be amortized for Irish corporation tax purposes either in line with their accounting treatment or on a straight basis over 15 years.
  • The Employment and Investment Incentive and Start-up Refunds for Entrepreneurs schemes that allow individual investors in fintech companies to obtain Irish income tax relief (of up to 41 percent) on investments made, in each tax year, into certified qualifying companies.
  • Entrepreneur relief, which allows for a capital gains tax rate of 10 percent on the disposal of certain qualifying business assets up to a lifetime amount of €1 million.
  • An extensive double tax treaty network, totaling some 73 treaties, that prevents the taxation of the same portion of a company’s income by multiple jurisdictions.
  • Start-up relief, which provides for a reduction in corporation tax liability for the first three years of trading for certain size companies provided the company was incorporated on or after 14 October 2008 and began trading between 1 January 2009 and 31 December 2021. This relief can be claimed on both profits from trading and on capital gains.
  • A stamp duty exemption for transfers of intellectual property.

Increased tax burden

  1. Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?

There are currently no proposals at the Irish national level to significantly increase tax or administrative costs for fintech companies in Ireland, though it should be noted that Ireland’s corporation tax is set to rise from 12.5 percent to 15 percent as part of an OECD global deal on corporate tax reform that will set a minimum rate of 15 percent for large companies. The expectation is that this will be implemented sometime during 2023.

IMMIGRATION

Sector-specific schemes

  1. What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?

There are no specific immigration schemes available for fintech businesses, or the technology and financial sectors, in Ireland. The ordinary rules in relation to employment permit requirements apply.

UPDATE AND TRENDS IN FINTECH IN IRELAND

Current developments

  1. Are there any other current developments or emerging trends to note?

We expect Ireland to continue to develop as a leading domicile in this area. While we also expect the Central Bank of Ireland (the Central Bank) to follow best EU practice in its regulation of the sector and to adopt a relatively accommodating approach to fintech innovation, we do not necessarily expect the Central Bank to introduce a specific sandbox regime in Ireland.

* The information in this chapter was accurate as of June 2023.

If you need more consulting, please Contact Us at TNHH NT International Law Firm (ntpartnerlawfirm.com)

You can also download the .docx version here.

Rate this post

“The article’s content refers to the regulations that were applicable at the time of its creation and is intended solely for reference purposes. To obtain accurate information, it is advisable to seek the guidance of a consulting lawyer.”

NT INTERNATIONAL LAW FIRM