Friday 20th January 2023: Central Bank of Ireland (CBI) issued a Dear CEO letter to the fintech industries of electronic money institutions and payments institutions.  The purpose is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around its approach to, and judgements around, regulation and supervision.

If you are looking to get authorised as an electronic money or payments institution in Ireland, contact us.  We are working with a number of such applicants and we advise those already authorised on their on-going regulatory obligations, business models and strategy.  See our Authorisation Page with links to useful Authorisation Guides. 

Busy start to the year with enquiries from UK, Asia and the US continuing to roll in about the benefits, opportunities and challenges of establishing a EEA regulated presence in Ireland, particularly for #emoney and #payments. While Ireland is in the top three of the final round, there remains stiff competition (so to speak) from two other leading jurisdictions.
​
Thus it was good to see, , as I am sure others will agree, the Central Bank of Ireland most recent Dear CEO letter issued to emoney and payments institutions on Friday 20 January 2023 by Mary-Elizabeth McMunn, Director of Credit Institutions Supervision. It will help provide greater clarity not only to currently authorised emoney and payments firms, but also those in the authorisation pipeline and those thinking of filing in Ireland.

It is a meaty document at 5,168 words across eleven (11) pages. Download a copy of the letter and additional relevant reading material here - https://complireg.com/blogs--insights/2023-dear-ceo-letter-re-supervisory-findings-and-expectations-for-payment-and-electronic-money-e-money-firms
​
If you wish to get a quick understanding of the letter in terms of your regulatory obligations search the words 'we expect'. You will see those appear eleven (11) times too!

Right now, best to mark in your calendar and work backwards, that an audit opinion on safeguarding, along with a Board response on the outcome of the audit, is to be submitted to the CBI by 31 July 2023. And it is not just a case of ringing your current external auditors and appointing them.  

• Emoney and payments firms will need to demonstrate that they exercised due skill, care and diligence in selecting and appointing auditors for this purpose; including satisfying themselves that the proposed auditor has, or has access to, appropriate specialist skill in auditing compliance with the safeguarding requirements under the PSR/EMR taking into account the nature, scale and complexity of the firm's business.  Let the beauty parades begin.  And so it should be the case!
• The auditor is to provide an opinion confirming:
  "whether the firm has maintained adequate organisational arrangements to enable it to meet the safeguarding provisions of the PSR/EMR on an ongoing basis, with the specific areas, at a minimum, that should be subject to review and assurance by the auditor outlined in Appendix 2 of the Dear CEO Letter.

The purpose of the letter is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around our approach to, and judgements around, regulation and supervision.


The breakdown of the letter is as follows:

(1)      Supervisory Approach for the Payment and E-Money Sector (provides wider and specific context to our supervisory approach).

(2)      Supervisory Findings (key findings from supervisory engagements over the last 12 months and actions the CBI expects firms to undertake)
➡ Safeguarding;
➡ Governance, Risk Management, Conduct and Culture;
➡ Business Model, Strategy and Financial Resilience;
➡ Operational Resilience and Outsourcing; 
➡ Anti-Money Laundering and Countering the Financing of Terrorism;

• ♻ Risk-Based Approach,
• ♻ Distribution Channels, 
• ♻ Electronic Money Derogation and Simplified Due Diligence

(3) Conclusion and Actions Required (CBI's expectation that this letter is provided to and discussed with your Board, and any areas requiring improvement that directly relate to your firm are actioned).

Next Steps:

Get in contact with Peter Oakes / CompliReg. Founded by the CBI's inaugural Director of Enforcement and AML/CFT Supervision & board director of payments, emoney and MiFID companies. Peter is also a former: FSA (now FCA) enforcement lawyer; senior officer (legal) at ASIC; and adviser to the deputy director of banking at SAMA.


Further Reading:

10 December 2021: Authorisation Guidance and Supervisory Expectations for Payment and Electronic Money Firms (Central Bank of Ireland)
09 December 2021: Central Bank of Ireland Dear CEO Letter on Supervisory Expectations for Payment and Electronic Money (E-Money) Firms

Are you looking for the Report on the Peer review on Authorisation under PSD2 released today by the European Banking Authority?  Click here or the image above to download it in PDF format.

If you are struggling with an application for an electronic money or payments institution authorisation in Europe, contact us here and/or complete the Authorisation/Licence Enquiry Form here.

If you are looking at becoming authorised in Ireland as an emoney institution or payments institution check out Fintech Ireland's and CompliReg's authorisation guides here.

Some good supervisory practices observed during the analysis that might be of benefit for other CAs to adopt.

• publishing guidance to clarify the requirements CAs expect applicants must meet;
  
• comparing applicants’ forecasts against data from existing similar PIs/EMIs to inform the CAs’ assessment of the plausibility of the financial forecasts;
  
• making use of existing EBA and EBA/ESMA guidelines under the Capital Requirements Directive to assess independence of the internal control functions and suitability of the directors and persons responsible for the management of PIs and EMIs. The report also recommends that, as part of any future review of the Guidelines, the EBA provides more guidance on how the proportionality principle should be applied in assessing the suitability of shareholders having a qualifying holding in an applicant’s capital.

The report expands on the recommendations included in the EBA’s response to the European Commission on the review of the PSD2 (EBA/Op/2022/06) and recommends that, as part of its ongoing PSD2 review process, the European Commission:

• clarifies the delineation between the different categories of payment services as well as emoney issuance;
  
• clarifies the applicable governance arrangements for PIs and EMIs;
  
• clarifies the criteria that CAs should use in assessing the suitability of directors and persons responsible for the management of PIs and EMIs;
  
• mandates the EBA to develop a common assessment methodology for granting authorisation as a PI or as an EMI; and
  
• clarifies the requirements that applicants must meet in order to ensure sufficient local substance, leveraging on the best practices mentioned this report.

The objectives of this report are to:

• further strengthen consistency and convergence of the assessment of applications for authorisations of PIs and EMIs across the EEA; and
  
• assess whether the EBA Guidelines have achieved their aim of bringing about consistency and clarity in respect of the information that applicants have to submit as part of an application for authorisation and of contributing to harmonisation in the authorisation process and to a level playing field across the EEA. 

This report is also a partial fulfilment of the mandate conferred by the PSD2 on the EBA to review the Guidelines “on a regular basis and in any event at least every 3 years” (Article 5(5) PSD2).

The peer review was performed by a Peer Review Committee of EBA and CA staff (see Annex 1 for the composition) and covered the CAs from all EU Member States and from two EEA States, as detailed in Annex 2. One EEA CA (IS) was not reviewed because it has only recently implemented the PSD2 and did not receive any application for the authorisation of PIs and EMIs in the period analysed (2019-2021). [CompliReg - not sure if IS is a typo, and should be 'SI' for Slovenia?]

The analysis has been conducted based on the CAs’ responses to a self-assessment questionnaire (SAQ), which covered a three-year period from 1 January 2019 to 31 December 2021. Where necessary, the PRC followed up with the CAs in writing seeking further clarifications and explanations. The PRC also conducted interviews with a subset of 10 CAs (BG, DK, ES, PL, PT, MT, NL, IT, LT and SE) to gain a better understanding of their supervisory practices.

Page 51, para 171 "5. Conclusions and recommendations" sates:

​"​With regard to the timeliness of the authorisation process, the review found that, while all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application, the average duration of the authorisation process varies significantly across MS, ranging from 4-6 months to +20 months. The main reason for this is the quality of applications and applicants’ timeliness in addressing the issues identified with the application. The PRC also identified a number of other reasons for these variations in duration across CAs, which include different timelines set out in national law and different procedural approaches adopted by CAs in the acceptance and assessment of applications."

[CompliReg - no doubt, and there is merit here, many firms will struggle with the EBA's finding that "all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application".]

The Peer reviews were carried out by ad hoc peer review committees composed of staff from the EBA and members of competent authorities, and chaired by the EBA staff.

This peer review was carried out by:

• Co-chairs: Jonathan Overett Somnier Head of Legal and Compliance Unit, EBA and Larisa Tugui Senior Policy Expert, Consumer, Payments and Conduct Unit, EBA
• Members: Adrienne Coleton Legal Expert, Legal and Compliance Unit, EBA; Antonio Barzachki Senior Policy Expert, Consumer, Payments and Conduct Unit, EBA; Gabriel Bosch Senior Expert Specialised institutions and procedures, Autorité de contrôle prudentiel et de resolution; Carolin Kopyto Senior Advisor, Directorate ZK (Supervision of Payment Institutions and Crypto Custody Business), BaFin; and Reinout Temmerman Payments Advisor, Surveillance of financial market infrastructures, payment services and cyber risks, National Bank of Belgium 

CompliReg, your first choice for regualtory authorisations, licences and registrations is proud to support Fintech UK and its endeavours to Map the FCA registered cryptoasset market in the UK.

Fintech UK is looking to partner with registered / regulated (or soon to be) cryptoasset firms on building out a cryptoasset section on our website.  If you are senior executive at a UK registered cryptoasset firm, please contact us here to discuss the proposed project.  Also happy to hear from senior executives at businesses which support crypto firms to support the project. See our CRYPTO page for more information

If you are are crypto firm seeking regulatory advice or director services, please contact CompliReg for assistance at the details appearing here and check out its VASP registration and other authorisation services here.

Hope you like the Map (Version 2.0)!

Don't forget to sign up to our Newsletter (we don't spam) by clicking here.  We use MailChimp, which means you can unsubscribe whenever you like.
Welcome to the second edition (version 2.0) of Fintech UK's and CompliReg's (a leading provider of fintech consulting services to crypto asset firms) UK FCA registered Cryptoasset Firms Map.

There are now 35 registered Cryptoasset firms appearing on the Financial Conduct Authority's (FCA) website as at Monday 18th July 2022.

The first 5 of these firms were registered in 2020. According to the FCA's records, the first registered Cryptoasset firm was Archax on 18 August 2020.  Then in 2021, the FCA registered 22 crypto firms.  Thus far in 2022, the FCA has registered 8 crypto firms.  The most recent to be registered is DRW (7 June 2021).

As we pointed out when we released Version 1.0 of the Map, 2021 saw a flurry of activity and especially in the last quarter of 2021 when 16 firms received their Cryptoasset registration from the FCA - that was a  whopping 60% of the total pool of registered firms at that time. At the current rate, the number of firms registered in 2022 may be less than that in 2021, unless the FCA registers a large pile of crypto firms in the second half of 2022.

As we continue to Map registered Cryptoasset firms, expect to see certain logos appear more than once as several brands will be registering several Cryptoasset firms for different purposes, such as - for example - services for (1) trading and (2) custody. 

At the time we released Version 1, there were 218 (thereabouts) unregistered cryptoasset business listed on the UK FCA's website that appear, to the FCA, to be carrying on cryptoasset activity, that are not registered with the FCA for anti-money laundering purposes.  As of today, that number has increased to 248.

The firms thus far registered by the FCA include:

2020: Archax Ltd, Gemini Europe Ltd, Gemini Europe Services Ltd, Ziglu Limited, Digivault Limited, 

2021: Fibermode Limited, Zodia Custody Limited, Ramp Swaps Limited, Solidi Ltd, Coinpass Limited, CoinJar UK Limited, Trustology Limited, Commercial Rapid Payment Technologies Limited, Iconomi Ltd, Skrill Limited, Paysafe Financial Services Limited, Crypto Facilities Ltd, Fidelity Digital Assets LTD, Payward Limited, Galaxy Digital UK Limited, BABB Platform Ltd, BCP Technologies Limited, Zumo Financial Services Limited, Baanx.com Ltd, Bottlepay Ltd, Genesis Custody Limited, Altalix Ltd, 

2022: X Capital Group Limited, Enigma Securities Ltd, Light Technology Limited, eToro (UK) Ltd, Uphold Europe Limited, Wintermute Trading LTD, Rubicon Digital UK Limited and  DRW Global Markets Ltd

When we released Version 1 we noted that there were 37 firms Cryptoasset firms with Temporary Registration.  You will see 39 on the previous list, but two of those firms were in fact registered - thus there seemed to be a timing issue of the records at the FCA. Regardless, some of the 37 achieved FCA registration in 2022 and others have dropped of the current list.  Revolut Ltd, as of today, is the only firm listed on the Temporary Registration list and it was listed on December 2021 list too.  Interestingly, in addition to a cryptoasset registration, the Revolut group hasn't achieved the obtaining of its much talked about bank authorisation in the UK either.  ​

We are looking forward to seeing how many more will be registered before the end of the year.
This post also appears at:

• Fintech UK: https://fintechuk.com/fintech-uk-news/uk-registered-cryptoasset-map-version-20-monday-18th-july-2021 
• LinkedIN: https://www.linkedin.com/posts/peteroakes_fintechuk-crypto-digitalasset-activity-6954800838179491840-lCjM?utm_source=linkedin_share&utm_medium=member_desktop_web

Today (Monday 11 July 2022) the Central Bank of Ireland issued a press release highlighting weaknesses in Virtual Asset Service Providers’ (VASP) AML/CFT Frameworks.

As of today, according to the Central Bank's website, the total number of VASPs registered in Ireland is ZERO.  See image below.

Question: If there are no firms appearing on the register, does that mean that there are no VASPs operating lawfully in Ireland?  

Answer: No.  VASPs established in Ireland and carrying on business as a VASP immediately prior to the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021  coming into force, who applied to the Central Bank for registration before 23 July 2021 are permitted to continue to offer VASP services pending the outcome of their application ('transitional period'). 

While we have heard stories of firms operating as VASPs in Ireland in circumstances where they do not fall under the transitional period, such firms should be subject - if they came to the attention of the Central Bank -  to criminal and/or regulatory investigation.

​Accompanying today's press release is a bulletin in relation to Virtual Asset Service Providers (VASPs), seeking to assist applicant firms to strengthen both their applications for registration and their Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Frameworks.

The Central Bank says while it seeks to anticipate and support innovation in the financial services industry, firms operating in novel areas must ensure their businesses will not be used to launder the proceeds of crime or to finance terrorism.  The Central Bank issued the bulletin to VASPs to assist them in strengthening their applications and frameworks.

Background: Since 23 April 2021, VASPs are required to comply with the relevant AML/CFT obligations under the Criminal Justice Act 2010 to 2021. Any firm wishing to conduct business as a VASP must apply to the Central Bank for registration. The Central Bank says it is currently progressing the assessment of registration applications, and has provided feedback to 90% of applicants on their proposed AML/CFT frameworks.

Findings: The Central Bank identified, in the vast majority of applications:

• a lack of understanding and compliance with key AML/CFT obligations; and
• significant control weaknesses.

See below for further details on the Central Bank's 'findings' observations.
​
The Central Bank reported that the lack of compliance, coupled with control weaknesses, resulted in a significant number of the applicant firms not being able to demonstrate that they could meet their AML/CFT obligations.

Actions: The Central Bank has reconfirmed that it will only register a firm when it is satisfied that the firm can meet its AML/CFT obligations on an ongoing basis. It has said that all current and potential VASP applicants should:

• take actions to rectify weaknesses;
• review the bulletin; and
• be aware that if they fail to register they may face significant criminal and/or administrative sanctions.

The Central Bank also too the opportunity to remind that:

• VASPs are supervised by it for AML/CFT purposes only, and that consumers do not enjoy the Central Bank’s consumer protection mandate in their dealings with VASPs.
• as with all other supervised financial institutions, registered VASPs will be subject to a supervisory levy which will be driven by the level of resources applied to their supervision.

Incomplete Applications: A number of registration applications did not contain the required information and documentation and consequently such applications did not progress to the assessment phase.

• some firms had submitted policies but no accompanying procedures.
• a number of firms submitted a copy of the firm's internal risk register in place of a documented risk assessment.
• majority of firms that did not progress to the assessment phase had not availed of the pre-application meeting and/or had not given consideration to the guidance documents issued by the Central Bank.

Assessment Phase: In undertaking its assessment of registration applications, the Central Bank noted recurring fundamental issues preventing approving of registration applications as the applicants could not meet their AML/CFT legislative obligations or the Central Bank’s expectations. The Central Bank communicated its concerns and expectations to the applicants for further consideration.

The Central Bank helpfully provided a couple of pages in its bulletin (pages 4 - 6) giving an overview of recurring issues identified during the assessment of VASP registration applications.  These are repeated below.

Money Laundering and Terrorist Financing (ML/TF) Risk Assessment: An effective AML/CFT control framework is built on an appropriate ML/TF risk assessment that focuses on the specific ML/TF risks arising from the firm’s business model. This risk assessment should drive the firm’s AML/CFT control framework such that it ensures there are robust controls in place to mitigate and manage the specific risks identified through the risk assessment. The Central Bank identified a significant number of issues with the ML/TF risk assessments conducted by VASP applicant firms, including: 

• A number of firms had not assessed or documented the ML/TF risks as they pertain to the firm’s customers and business activities. The Central Bank expects a Risk Assessment to be specific to the firm and the specific risks that pertain to that firm’s activities and customers. 
• Several VASP applicant firms did not document the inherent ML/TF risks that pertain to the firm or document how, after assessing the effectiveness/strength of the firm’s control environment, the firm had determined the residual risk rating for each of the risk factors as set out in the CJA 2010 to 2021.
• A number of firms did not consider relevant information in the National Risk Assessment, CJA 2010 to 2021 and/or guidance on risk issued by the Central Bank, when documenting the firm’s risk assessment. This included consideration of inherent risk factors, such as Nature, Scale, Complexity, Geographical Risk, Products and Services risk, etc.

Policies and Procedures: When developing AML/CFT policies, controls and procedures (“AML/CFT P&Ps”), firms should maintain a detailed documented suite of AML/CFT P&Ps, which are:

• supplemented by guidance
• accurately reflect operational practices; and
• fully demonstrate consideration of and compliance with all legal and regulatory requirements. 

The Central Bank identified a number of recurring issues with the AML/CFT P&Ps submitted by applicant firms including; 

• Several firms submitted AML/CFT P&Ps that did not meet the Irish legislative and regulatory requirements, in many instance referring to legislative frameworks in other jurisdictions where parent/group entities are situated. Where firms rely on group policies and procedures, these must be sufficiently detailed, applicable to the Irish entity that is applying for VASP registration and meet the Irish legislative and regulatory requirements.
• The Central Bank received several registration applications that included the firm’s policies but failed to include the firm’s procedures that document how the firm meet their legislative obligations. As detailed in the application guidance, applicant firms are required to submit AML/CFT P&P relating to Customer Due Diligence (“CDD”), Transaction Monitoring, Suspicious Transaction Reporting, Financial Sanctions, Record Keeping, Training and Assurance Testing

Customer Due Diligence (“CDD”): 
CDD involves more than just verifying the identity of a customer. Firms should collect and assess all relevant information in order to ensure that the firm:

• Knows its customers, persons purporting to act on behalf of customers and their beneficial owners, where applicable;
• Knows if its customer is a Politically Exposed Person (“PEP”)
• Understands the purpose of the account and therefore understands the expected activity; and;
• Is alert to any potential ML/TF risks arising from the relationship.

The Central Bank identified a number of recurring issues with the CDD AML/CFT P&Ps submitted by applicant firms including;

• A number of applicant firms failed to demonstrate compliance with the legislative obligation to obtain information reasonably warranted by the ML/TF risk on the purpose and intended nature of the business relationship with a customer prior to the establishment of the relationship.
• The Central Bank received several registration applications where the firm failed to demonstrate how screening is conducted for PEPs for both new and existing customers. A number of firms also failed to document how PEP customers are managed including documenting requirement for Senior Management approval, the application of Enhanced Due Diligence (“EDD”) measures to PEPs and enhanced on-going monitoring measures.
• Several firms failed to document policies and procedures relating to the refresh of CDD documentation.

Financial Sanctions Screening: The Central Bank’s expectation is that firms have an effective screening system in place, appropriate to the nature, size and risk of their business. In addition to this, firms should have clear escalation procedures in place to be followed in the event of a positive match.

• Several firms failed to document the frequency of Financial Sanctions screening, how the firm screens (including what, if any, software is used) and also the steps the firm would take in the case of a Financial Sanctions hit.

Outsourcing: A firm can outsource certain AML/CFT Functions, but are reminded that the firm remains ultimately responsible for compliance with its obligations under CJA 2010 to 2021. It is expected that, where firms outsource AML/CFT functions, a documented agreement is in place that clearly defines the obligations of the outsource service provider. Firms should also evidence that sufficient oversight is conducted on the outsourced activity.

A number of VASP applicant firms outsource certain AML/CFT functions to group-related parties and/or non-group related parties.

• Several firms did not include their policies around outsourcing or submit their service level agreements
• In addition to this, several firms have failed to demonstrate sufficient oversight of the outsourced activities or failed to evidence that appropriate regular assurance testing of the outsourced activities takes place.

Individual Questionnaires for proposed Pre-Approval Controlled Function role holders:
A number of firms have failed to or delayed in submitting Individual Questionnaires (IQs) for each of their proposed Pre-Approval Controlled Function (PCF) role holders. IQs should be submitted for each individual proposed to hold a PCF role as soon as practical.

The Central Bank’s expectation on a firm’s presence in Ireland.
In line with the principle of territoriality enshrined in the EU AML Directives and Section 25 of the CJA 2010 to 2021, the Central Bank expects a physical presence located in Ireland and for there to be at least one employee in a senior management role located physically in Ireland, to act as the contact person for engagement with the Central Bank. In addition, in accordance with Section 106 H of the CJA 2010 to 20212 , the Central Bank may refuse an application where the applicant is so structured, or the business of the applicant is so organised, that the applicant is not capable of being regulated to the satisfaction of the Central Bank. 

Further Reading: ​Press Release - Central Bank highlights weaknesses in Virtual Asset Service Providers’ AML/CFT Frameworks 11 July 2022 

This blog by Peter Oakes, Founder of Fintech Ireland and CompliReg.  Peter qualified as a lawyer in Australia, the UK and Ireland.  He is a director of a number of regulated innovative fintech and adviser to fintech and crypto firms and their professional service providers. Contact him here and follow him on Linkedin and Twitter (Fintech Ireland Twitter). 

A summary of this material appears at Linkedin here 

The first Irish regulated funds to take exposure to crypto-assets have been approved by the Central Bank of Ireland (CBI).

The funds, both Qualifying Investor AIFs (QIAIF), will obtain indirect exposure to Bitcoin, by acquiring cash-settled Bitcoin Futures traded on the Chicago Mercantile Exchange (CME). Before you get too excited looking to by some of the digital asset via the QIAIFs note that this channel of exposure is RESTRICTED TO PROFESSIONAL INVESTORS. [NB: As recently as March 2022 the the Central Bank has issued a warning on the risks of investing in crypto assets].  We have provided further details about the regulatory crypto investing landscape in Ireland under 'Further Reading' below.
 
Last month the CBI informed industry bodies that it had approved in principle at least one QIAIF with a low level of exposure to cash settled Bitcoin futures traded on the CME.
 
The two unnamed QIAIFs are the first type of such funds to provide indirect crypto exposure and approved by the CBI.
 
If you want your existing QIAIFs or you wish to establish a new QIAIF to obtain exposure to crypto assets, get in touch (details above).  I am asked on a regular basis by institutional investors and professional investors how they can get exposure to cryptocurrencies and other digitalassets via regulated products. Unless you are able to gain direct exposure via a virtual asset service provider (VASP), the Irish QIAIF model (non-UCITS) might be your avenue. Note however that the CBI has said it is highly unlikely to approve a UCITS proposing any exposure (either direct or indirect) to crypto assets. Thus retail investors wanting crypto exposure in Ireland need to turn to VASPs/Exchanges direct.

Through Fintech Ireland, CompliReg and the industry experts network, we know the lawyers, ManCos and depositories / custodians who can assist institutional/professional firms and funds promoters looking to gain exposure to the crypto markets.  Further, if you are seeking a registration as a virtual service asset provider or authorisation as a MiFID, emoney institution or payments institution to provide services to  institutional, professional and retail clients, check out our Authorisation Page.

Further reading:

• ID1145 - Central Bank of Ireland 44th Edition (20 December 2021) of the Central Bank AIFMD Q&A

​Question. Can a RIAIF or a QIAIF invest either directly or indirectly in crypto-assets?

Answer. Crypto-assets are generally considered to be private digital assets that depend primarily on cryptography and distributed ledger or similar technology. However, the nature and characteristics of crypto-assets vary considerably. For example, crypto-assets that are tokenised traditional assets (whose value is linked to an underlying traditional asset or a pool of traditional assets (such as financial instruments or commodities)) may have a different risk profile when compared to other crypto-assets that are based on an intangible or non-traditional underlying. For the purposes of this Q&A “crypto-asset” is used to refer to the latter type of crypto-asset. The Central Bank must be satisfied that direct or indirect exposure to crypto-assets is capable of being appropriately risk managed. As of the date of publication of this Q&A, the Central Bank has not seen information which would satisfy it that direct or indirect exposure to crypto-assets is capable of being appropriately risk managed. Though crypto-assets do not all have uniform characteristics, the Central Bank has noted that they can present significant risks, including liquidity risk; credit risk; market risk; operational risk (including fraud and cyber risks); money laundering / terrorist financing risk; and legal and reputation risks. Taking into account the specific risks attached to crypto-assets and the potential that retail investors will not be able to appropriately assess the risks of making an investment in a fund which gives such exposures, the Central Bank is highly unlikely to approve a RIAIF proposing any exposure (either direct or indirect) to crypto assets. In the case of a QIAIF seeking to gain exposure to crypto-assets, the relevant QIAIF would need to make a submission to the Central Bank outlining how the risks associated with such exposures could be managed effectively by the AIFM. The Central Bank’s approach in relation to crypto-assets will be kept under review, continue to be informed by European regulatory discussions on the topic and may change should new information or developments emerge in the future. 
​

• ​​ID 1100  - Central Bank of Ireland 36th edition (20 December 2021) of the Central Bank UCITS Q&A

​Question.  Can a UCITS invest either directly or indirectly in crypto-assets?

Answer. Crypto-assets are generally considered to be private digital assets that depend primarily on cryptography and distributed ledger or similar technology. However, the nature and characteristics of crypto-assets vary considerably. For example, crypto-assets that are tokenised traditional assets (whose value is linked to an underlying traditional asset or a pool of traditional assets (such as financial instruments or commodities)) may have a different risk profile when compared to other crypto-assets that are based on an intangible or non-traditional underlying. For the purposes of this Q&A “crypto-asset” is used to refer to the latter type of crypto-asset. The Central Bank must be satisfied that assets in which a UCITS invests are capable of meeting the eligible asset criteria for UCITS and that indirect exposure to the assets is capable of being appropriately risk managed. As of the date of publication of this Q&A, the Central Bank has not seen information which would satisfy it that crypto-assets are capable of meeting the eligible asset criteria for UCITS or that indirect exposure to crypto-assets is capable of being appropriately risk managed. Though crypto-assets do not all have uniform characteristics, the Central Bank has noted that they can present significant risks, including liquidity risk; credit risk; market risk; operational risk (including fraud and cyber risks); money laundering / terrorist financing risk; and legal and reputation risks. Taking into account the specific risks attached to crypto-assets and the potential that retail investors will not be able to appropriately assess the risks of making an investment in a fund which gives such exposures, the Central Bank is highly unlikely to approve a UCITS proposing any exposure (either direct or indirect) to crypto assets. The Central Bank’s approach in relation to crypto-assets will be kept under review, continue to be informed by European regulatory discussions on the topic and may change should new information or developments emerge in the future. 

• Central Bank of Ireland Warning (22 March 2022)

The Central Bank again emphasised that crypto assets are highly risky and speculative, and may not be suitable for retail customers. In particular people need to be alert to the risks of misleading advertisements, particularly on social media, where influencers are being paid to advertise crypto assets.  The Central Bank has published a plain English explainer for consumers on cryptocurrencies.

• European Supervisory Authorities (EBA, ESMA and EIOPA Warning (17 March 2022)

The ESAs warned consumers that many crypto-assets are highly risky and speculative. The ESAs set out key steps consumers can take to ensure they make informed decisions.