On 26 February 2026, the Central Bank of Ireland (Central Bank) published its 2026 Regulatory and Supervisory Outlook (RSO) report, outlining its perspectives on the key trends and risks shaping the financial sector and its supervisory priorities for the year ahead.
For further information on the Financial Regulation Priorities 2026, the global and domestic risk environment, risk themes and related drivers and supervisory priorities, please see our related article here and for other sector specific information in the RSO please refer to our knowledge page on the William Fry website.
Sectoral Focus – Banking
In our sector specific articles, trends, risks and vulnerabilities are considered from a sectoral perspective in line with the Central Bank’s supervisory approach. In this article we consider the banking sector.
Focus Area 1: Business model and strategy
The domestic and international banking sector is evolving and growing strongly because of new entrants, the expansion of business activities and the arrival of cross-border providers from other EEA member states. Article 21c of the Capital Requirements Directive (CRD6), which contains new third country branch provisions operative in January 2027, will result in new entrants to the Irish banking sector and material business transformations for some existing operations.
For further information on CRD6, please see our articles here and here.
The rapidly evolving payments ecosystem is bringing benefits for consumers and banks but also challenges. As incumbent players adapt and transform legacy IT platforms and new entrants seek to grow, each must
ensure that their change management, governance and financial arrangements keep pace with the complexity of their operations and the risks they take on.
For further information on PSD3/PSR, please see our article here.
It is important that the strategies and plans of new entrants and incumbents have the interests of customers as a focal point and that firms have the financial and operational resources to deliver them safely.
Both established and new providers should prioritise consumer interests (including those in vulnerable circumstances) throughout any changes to existing products and services, the introduction of new ones and in how these are delivered and serviced.
The main planned activities relating to this supervisory focus area in 2026 are:
Focus Area 2: Treatment of customers
The Central Bank continues to see instances where actual harm or the heightened risk of harm arises because customers’ interests are not being fully embedded in board-level and day-to-day decision-making manifesting in poor customer service and errors, unclear customer information, or the failure to properly identify customers in vulnerable circumstances and treat them appropriately. Poor governance and oversight are often a root cause of these issues and banks need to prioritise reviewing and ensuring products are suitable for their customers and proactively engaging with borrowers in or facing arrears.
During times of business and operational change, moving from in-person to digital or remote service provision, strong governance and appropriate oversight are essential. The obligations banks have under the updated Consumer Protection Code, the Access to Cash regime and the Individual Accountability Framework, if properly embedded, are designed to help mitigate these risks, but ultimately it is the culture within the bank that is the key mitigant.
The main planned activities relating to this supervisory focus area in 2026/2027 include:
Focus Area 3: Operational and cyber resilience
Banks’ growing use of technology to deliver services and to improve efficiency, together with the sector’s pivotal role in the economy, increase their risk exposure to operational outages and malicious cyber-attacks. Examples of risks cited by the Central Bank are growing dependencies on third-party service providers and the rise in cyber threat levels via reported bank-related rise in distributed denial of service (DDoS) attacks.
Banks must have effective ICT and operational risk management frameworks and executable contingency plans in place to cover both their own operations and those delivered by their outsourced service providers (including those on which their key outsourced service providers rely).
The sector’s growing dependence on digital channels to deliver services to customers is placing increasing demands on banks’ capacity to manage significant and complex IT change programmes. Banks must also consider the impact on their customers, be timely and clear in their communications and remediate promptly and appropriately.
The main planned activities relating to this supervisory focus area in 2026 include:
Focus Area 4: Financial resilience
The banking sector has demonstrated financial resilience against a challenging economic backdrop and increased competition from the non-banking sector and specialist providers. Domestic banks’ profitability is supported by interest income, increased income diversification and a deposit base that is currently very stable. Asset quality has, on aggregate, been maintained. International banks’ profitability has benefited from an environment that is supportive of their primarily cross-border wholesale activities such as corporate and investment lending, markets and treasury trading, structured finance and securitisation.
Sustained financial resilience requires banks to ensure that their capital and liquidity management is aligned to their risk exposures, appropriately calibrated and sufficiently risk sensitive. Banks need to adopt prudent risk-taking and sound underwriting standards recognising the uncertainties of the external environment. This requires a forward-looking perspective with the use of scenario analysis to consider in a structured way the implications of different possible futures.
The effects of climate change are affecting banks and their customers through their impact on credit lines or the value of real assets exposed to physical and transition risks in Ireland and overseas. While crystallised physical risks, are more visible, the second-round effects – such as disruptions to supply chains, reduced economic activity, input price increases, or increased credit defaults – are less well understood. Some banks have made material progress on embedding the assessment and the management of short, medium and long-term risks stemming from the climate and nature crises into their risk management frameworks in a way that is commensurate with the risks they face, but others need to keep building on progress to date.
Sound financial management can be undermined if deficient data management and reporting capabilities hamper a bank’s ability to monitor and manage risks across the business. The weaknesses the Central Bank sees in some banks’ Risk Data Aggregation and Reporting Requirements (RDARR) frameworks can impede a holistic view of individual and total risk exposures. As the use of more sophisticated models to support decision making increases and AI capabilities are deployed (for example in connection with lending and trading strategies) any deficiencies in a bank’s model risk management and oversight practices need to be addressed.
The main planned activities relating to this supervisory focus area in 2026 include:
Focus Area 5: Financial crime and market integrity
Thanks to efforts over the past decade, traditional banks’ Anti-Money Laundering (AML)/ Countering the Financing of Terrorism (CFT) frameworks are generally mature and well embedded. As the banking sector diversifies in Ireland, there is a need for newer entrants to continue to build and strengthen their AML/CFT frameworks, in line with national and European requirements, including those of the AMLA. Boards and senior management must be able to demonstrate an understanding of their bank’s key Money Laundering (ML) and Terrorist Financing (TF) risks and the adequacy of their risk management and control frameworks.
Banks need to be particularly vigilant and responsive to criminals exploiting new technologies and practices to abuse the system and firms within it. While developments in digitally enhanced business models provide benefits there is a corresponding increase in the risk of exploitation by criminals to launder the proceeds of crime or perpetrate scams and fraud, as well as increased risks of mis-selling and misrepresentation.
International fraud networks are becoming more sophisticated and banks must do more to strengthen their controls, including improving data and management information and enhancing transaction monitoring and IT security systems to reduce the likelihood of frauds and scams occurring. Where fraud does occur, banks need to provide appropriate and timely support to affected customers.
In wholesale financial markets, increased electronification and the application of AI to business models are driving structural changes and technological innovation which places greater demand on bank’s frameworks for the management of market conduct risk. The Central Bank continues to observe deficiencies in banks’ frameworks for the monitoring and mitigation of market conduct risk. The failure of banks to comprehensively identify all market conduct risks emanating from their business activities can manifest in conflicts of interest not being appropriately identified and mitigated, surveillance frameworks for the detection of potential market abuse not keeping pace with business activities and deficiencies in first line of control frameworks.
