Remarks by Deputy Governor Colm Kincaid to Central Bank of Ireland’s Consumer Protection Workshop – Consumer Protection at the Heart of Our Mission

Good afternoon and welcome to this Central Bank of Ireland workshop on the Consumer Protection Code.

Today I will focus on the outlook for consumers and investors. But first let me pause to talk a little about the broader context in which we find ourselves. 

We are living through a period marked by extraordinary change, geopolitical instability, rapid technological transformation and shifting economic conditions.  

Governor Makhlouf summarised this well when he said how 2026 has already seen extreme examples of these changes, be it from global conflict (both armed and economic) to continued technological development (including its increasing use and mis-use) to climate change, with extreme weather events across the globe, including here in Ireland and other parts of Europe.¹

This pace of change and the uncertainty of global events means that risks once considered remote have become more likely and it is no longer a question of whether significant change will come, but instead how we will respond to this change, both individually and collectively.

At the same time, innovation in financial services (and in particular digitalisation) continues to bring significant benefits and gives us more control of our finances and more choice.  We can transfer money instantly, we can apply for insurance with just a few taps on our mobile phones and we can access a broader suite of financial products and information.

It is in this context that I want to talk to you today about something that sits at the absolute heart of what we do here at the Central Bank of Ireland as a fundamental expression of our statutory mandate and our public service mission.

I am of course talking about consumer and investor protection.

More specifically, I want to talk about the revised Consumer Protection Code and why I believe it represents one of the most important pieces of work the Central Bank has undertaken in recent years to contribute to our future wellbeing. Not because it is perfect—no regulation ever is.  But because it has been designed for the world we are now in, the risks that world presents to us as consumers and the opportunities modern financial services can provide when well designed and delivered. 

The Landscape We Face

This period of innovation coupled with great structural change and challenge is not merely the backdrop to our work at the Central Bank, but the substance of it. Those geopolitical strains, that complexity, that transformation in how our world operates—all of it flows through the financial system. It reaches us as consumers in our mortgages, our savings, our insurance needs, our ability to plan for retirement and our continued access to the payments we need to live our lives.

For this reason, consumer protection sits at the heart of everything we do. A financial system that does not protect its consumers is a system that will ultimately fail—fail in its stability, fail in its integrity, fail in its purpose.

In our Regulatory & Supervisory Outlook for 2026, we describe a world of heightened geopolitical and macro-financial risks. A world where operational risks, the threat of cyber-attacks and frauds & scams are at elevated levels. A world where consumers face new vulnerabilities from digitalisation and complexity. Recently, I was privileged to co-sign the OECD's Consumer Finance Risk Monitor, providing a risk outlook across 60 jurisdictions and also calling out these issues. And you will see these same issues identified in virtually every such publication whether it be from the perspective of financial stability, market integrity or broader public policy.

This is the reality we face. 

Why we reviewed the Code

The context I have just described is why the Central Bank embarked on a comprehensive review of our Consumer Protection Code in 2022. We did not do it because there was a crisis or because our existing rules had failed to deliver in the past. We did it because we recognised in our Strategy that the landscape facing consumers was about to fundamentally change. We anticipated that digitalisation, financial innovation and changing consumer behaviour would create a new environment in which consumers would need different protections, and in which firms would need clearer expectations about how to serve consumers in a faster pace of change.

We consulted and engaged extensively. We listened to consumers, to civil society and to industry practitioners - many of you here today. We looked at what was happening in other jurisdictions and where international best practice was pointing. We examined the evidence of where consumers were being harmed. And from all that, we designed a Code that speaks to the risks we knew were coming.

The Transformation

So, let’s look at this transformation and how the new Code is responding.

Operational risks are at elevated levels. Increased geopolitical fragmentation, operational complexity (including in supply chains) and cyber risks present new potential to disrupt consumers’ means of payment and other access to financial services. The Code responds with requirements for regulated entities’ risk management systems, internal controls and governance arrangements to manage their affairs sustainably, responsibly and in a sound and prudent manner.

Financial crime is increasing, including as technology (so beneficial to our daily lives) provides criminals with new ways to harm us. The Code responds with explicit requirements that firms take steps to protect consumers against frauds and scams and that where they occur, consumers are supported.

Digitalisation is amplifying both opportunities and risks, and presenting new types of consumer vulnerabilities.  The revised Code introduces new requirements to ensure that the digital technologies firms use are designed and implemented with a consumer focus. But we have been careful to also be technology neutral, recognising the technology of tomorrow will be different yet again from the technology of today.

Data usage and AI risks are growing. Advanced models and expanding data collection have long been used by leading firms, but widespread adoption of AI tools changes this landscape. For consumers, this means their creditworthiness assessments, their insurance pricing, their investment recommendations may be made by algorithms they cannot see or understand. The Code responds by requiring that firms not use data and profiling to identify behaviours, habits, preferences or biases for the purposes of exploiting these to target consumers to their detriment.

Consumers are increasingly time-poor and face complex choices. The Code responds by improving the information consumers will receive when making key decisions like switching their mortgage or insurance and being clearer on what is required of firms to inform consumers effectively. It will also require regulated firms to be much clearer with consumers if any of the services they provide are not regulated by the Central Bank.

A Convergence of Perspectives

And here I want to highlight a crucial point: these risks I describe are not just consumer-specific risks. They are system risks. They are risks that threaten financial stability, that threaten the integrity of the financial system, that threaten the safety and soundness of regulated firms. In short, the landscape is converging around new risks that increasingly transcend traditional categorisations of ‘prudential’, ‘conduct’ and ‘market integrity’.

This is why, at the Central Bank, we have fundamentally integrated our supervisory approach. Consumer protection, safety and soundness of firms, financial stability, and integrity of the financial system are increasingly interconnected and must reinforce one another.

A Living Regime

The pace of change I have described will not slow down. Geopolitical fragmentation will likely continue. Digitalisation will accelerate. New products will be developed. New opportunities and threats will materialise. Consumer behaviour will evolve. AI will become more sophisticated and mainstream. Climate impacts will intensify. This is why we need to see the new Code not as the end of a rule reform process but as the beginning of a new framework that aims to be alive to protecting us in a landscape that is changing at an ever-increasing pace.

This is why I say the Code must be a living regime.

That means of course that, as a regulator, we must continue to listen. We will listen to the firms implementing the Code on areas where clarification is needed. We will listen to consumers and consumer advocates on whether the Code is delivering the protections it promises. We will listen to international peers on emerging risks and best practices. And we will adapt as the situation facing consumers evolves.

I also want to say something directly to firms in this regard: the Code sets out principles and requirements. It is your responsibility to take those principles and design better products and services around them. It is your responsibility to simplify how you explain what you do and communicate with consumers in a manner that informs them effectively. It is your responsibility to make your systems and processes more consumer-centric. That means anticipating consumer needs and risks. It means supporting your customers in the situations where they may be vulnerable. It means investing in operational resilience. It means taking fraud prevention seriously and supporting consumers who fall victim to it. It means using technology to serve consumers, not to exploit them.

Implementation

Of course, a regulatory regime is only as good as its implementation.

In 2026 the Central Bank will undertake 52 specific bodies of work related to protecting consumers and investors. This work programme will cover the key issues consumers are complaining about (including as evidenced by the Financial Services and Pensions Ombudsman), each of the key risks identified by the OECD at global level and the issues identified in our Regulatory & Supervisory Outlook. These are concrete actions targeting where we want to see change.

We will conduct thematic reviews on how firms are dealing with customer complaints and their approach to root cause analysis. We will assess how firms are treating customers in vulnerable circumstances, which may include borrowers in or facing arrears. We will review how firms are handling customer errors and applying learnings. We will examine how firms are implementing the Code's requirements on fraud prevention and supporting fraud victims. We will assess how firms are using artificial intelligence and whether they are discriminating against consumers. We will review commission arrangements to ensure they are aligned with securing customer interests. We will conduct reviews of product governance to ensure products are suitable for their target markets. We will assess how firms are managing the transition to digital delivery. We will review how firms are managing conflicts of interest. We will assess how firms are securing consumer interests in their strategic decision-making.

This is intensive, targeted, evidence-based supervision designed to drive real change in how firms operate. And it is informed by the evidence of what consumers are experiencing. We listen to consumer complaints. We analyse trends. We identify patterns. We target our supervisory work accordingly. And where we find firms are not meeting the standard, we will use the full range of our supervisory toolkit.

Collaboration and Integration

And there is something else I want to emphasise. Increasingly, the risks we face are not risks that any single authority can solve alone. Operational resilience requires collaboration between financial services firms, technology companies and regulators. Combatting frauds and scams requires collaboration between financial services firms, technology companies and law enforcement.  Progressing the National Financial Literacy Strategy requires collaboration between Government departments, the CCPC, the Central Bank, other authorities, firms and civil society. Dealing with the issues presented by digitalisation requires collaboration between regulators, firms, technology providers and consumer advocates. Building a stronger saving and investment culture requires collaboration across the financial system and beyond.

This is why we have embedded collaboration into our approach.

We work through the European Supervisory Authorities to ensure convergence and consistency across the EU. We work at the OECD and international bodies to develop global standards and best practice. We work with other Irish authorities—the CCPC, the FSPO, the Department of Finance—to ensure we are complementary in our approach. We engage with civil society and consumer advocates to ensure we are hearing the voices of those most affected by financial system risks. We work with technology platforms through our trusted flagger status to combat fraud and scams. Through all this, we are actively supporting individuals to manage their financial needs and obligations, to cope with shocks, to pursue their aspirations, and to feel confident about their financial lives and in their financial well-being. Through the delivery of our statutory mandate the Central Bank makes an important contribution to financial well-being. Not solely— many factors outside our control shape financial well-being. But meaningfully.

Consistent with our Code being a living regime, the Central Bank will always be available to listen to the concerns of users of financial services, their advocates and representatives, other agencies, and to firms themselves as they seek to do their best to apply the Code’s standards in practice.

Conclusion

The new Consumer Protection Code represents a fundamental statement about what the Central Bank of Ireland stands for. It serves as confirmation that the Central Bank will continue to respond to the challenges facing the public we serve.  

The risks facing consumers are real. They are growing. They are complex. They are the same risks that threaten financial stability and the integrity of the system. But they are not insurmountable. With the right regulatory framework, with intensive supervision, with collaboration across the system towards a shared goal, and with a commitment to putting consumers at the heart of everything we do, we can mitigate those risks. We can reap the benefits of digital transformation. We can support households to get the full benefit of what financial services could do to help us provide for our future.² We can maintain the trust that is essential to a functioning financial system. We can make our contribution to our own financial well-being and that of the people we care about.

That is what the Code is about. That is what we are committed to delivering. That is what sits at the heart of the Central Bank's mission.

Thank you.