The Central Bank is to commission an independent review of its fitness and probity vetting regime after the Financial Services Appeals Tribunal (FSAT), chaired by the former Supreme Court judge John McMenamin, described its approach as “flawed”.
FSAT found that the appellant was denied fair procedures at every stage of the process, and was “scathing” in its findings, Fitzgerald said.
Necessity for fair notice
It also said that the “various procedures adopted by the Central Bank didn't comply with the requirements of constitutional and actual justice – including the necessity for fair notice, the duty to give reasons, and the concept of allowing the other side to be heard”, she added.
Importantly, the tribunal didn’t conclude that the actual decision was incorrect in terms of the refusal, but ultimately found that the decision in law was incorrect, she said.
“I think this decision probably comes at a very good point when we have the overlay of the conduct standards under IAF coming into play,” she said.
Markets in Crypto Assets Regulation (MiCAR) would kick into action this year, Fitzgerald said, in a change from current very light-touch regulation to substantive authorisation processes.
Like other regulated financial-services providers, crypto will be subject to organisational conduct and prudential requirements.
Rules on market abuse – including the unlawful disclosure of inside information, and private actions likely to lead to the disruption or manipulation of crypto assets – will be applicable under MiCAR, which will apply to certain issuers from June this year.
Utility tokens
It will apply to issuers of utility tokens from 30 December, and the framework itself provides for a transition period.
The Digital and Operational Resilience Act (DORA) would apply to the vast majority of regulated firms from 17 January next year, FitzGerald said.
This sets out requirements on ICT (information and communication technology) risk management, including the monitoring of third-party ICT risk providers, and key contractual provisions to be built into contracts.
DORA required basic and advanced testing of digital-operation resilience within firms, she said, and they must carry out a gap analysis to assess their compliance within existing ICT contracts.
She added that DORA was likely to be a bigger-than-anticipated project, and that firms should grapple with it sooner rather than later.
The webinar heard that, despite an era of ever-increasing regulation, failures would still occur, and bad actors would appear, though their effect should be minimised by the new rules.
The webinar heard that, despite an era of ever-increasing regulation, failures would still occur, and bad actors appear, though their effect should be minimised by new rules.
Guardrails
While there was a view that regulating crypto was legitimising it, the guardrails were needed to afford consumers and others as much protection as possible, the webinar heard.
However, just because an asset was regulated did not mean it was worth investing in, or without risk, the webinar heard.