The Central Bank of Ireland (CBI) has raised the stakes for the country’s MiFID investment firms, publishing a Thematic Assessment on 18 May 2026 that carries direct regulatory obligations and a clear warning that supervisory follow-up may come next, according to a briefing from law firm Zeidler.
Zeidler explains that the assessment reviewed the compliance function across a number of Irish firms regulated under MiFID II, testing adherence to Article 22 of the MiFID II Delegated Regulation and the related ESMA Guidelines. The CBI focused on three considerations: the adequacy of the compliance function and its framework, the effectiveness of compliance planning, monitoring and testing, and the quality of compliance reporting to boards and sub-committees.
Crucially, the findings are not merely advisory. The CBI has mandated that every MiFID investment firm discuss the report at its next board meeting, with that discussion formally recorded in the minutes. Firms must also conduct a comprehensive self-assessment against the findings and the requirements of Article 22 and the ESMA Guidelines, and consider how the compliance function can support the Consumer Protection Code’s standards on securing customers’ interests and protecting vulnerable consumers.
Zeidler notes the review was not all criticism. The CBI found firms had a genuine and generally sound understanding of their obligations, with strategic engagement a particular strength; compliance teams were actively involved in decisions on new business lines and products, in some cases holding voting membership on product approval committees. Resourcing was broadly proportionate, most firms ran risk-based monitoring programmes, and horizon scanning was in place at the majority.
The weaknesses, however, demand attention. Several firms could not demonstrate robust succession plans or contingency arrangements for compliance roles, a risk that could leave them in breach if a head of compliance departs unexpectedly. Compliance training was too often delegated wholly to HR or third parties without input from the compliance team itself. Some risk assessments failed to review all identified risks regularly, compliance plans lacked detail, and board minutes did not always prove that compliance matters were discussed or challenged.
The CBI now expects firms to ensure robust succession planning, engage compliance directly in training design and delivery, run properly calibrated risk-based monitoring, prioritise horizon scanning, and ensure minutes accurately capture board challenge. Where gaps emerge, Zeidler says, firms should implement remedial actions in a proactive and timely manner.
For more, read the full story here.
Copyright © 2026 FinTech Global









