In March 2025, the Central Bank of Ireland published the modernised Consumer Protection Code, following an extensive review of the Consumer Protection Code 2012.
The Consumer Protection Code outlines a set of rules and business standards that regulated financial firms must follow when dealing with consumers. Firms have a year to put the revised Code in place, and so the provisions will apply for the public from March 2026.
This publication follows a comprehensive review that included a discussion paper, public survey, public consultation and engagement with consumer and industry stakeholders.
The Code reflects the way financial services are provided in a digital world, and builds on the protections provided in the existing Code.
The modernised Code is centred on an obligation for firms to secure customers’ interests which embodies a customer-focused mind-set where firms proactively take ownership of, and responsibility for, consumer protection.
It also enhances consumer protections across a range of areas, including:
The types of firms that the Consumer Protection Regulations apply to include:
The Consumer Protection Regulations set out cross-sectoral requirements applying across all sectors, and other specific requirements applying to the provision of Consumer Banking, Credit and Arrears, Insurance and Investments. These Regulations also consolidate a number of existing conduct regulations and codes into one set of regulations. Alongside the publication of the Consumer Protection Code 2025, the Central Bank of Ireland published guidance to support firms in implementing the requirements.
Within our risk consulting framework, we can assist and support firms to effectively implement their consumer protection obligations, risk management frameworks and to build on their understanding of how to implement the requirements set out in the Standards for Business Regulations and the Consumer Protection Regulations.