Central Bank of Ireland modernises the Consumer Protection Code

In March 2025, the Central Bank of Ireland published the modernised Consumer Protection Code, following an extensive review of the Consumer Protection Code 2012.

The Consumer Protection Code outlines a set of rules and business standards that regulated financial firms must follow when dealing with consumers. Firms have a year to put the revised Code in place, and so the provisions will apply for the public from March 2026.

This publication follows a comprehensive review that included a discussion paper, public survey, public consultation and engagement with consumer and industry stakeholders.

The Code reflects the way financial services are provided in a digital world, and builds on the protections provided in the existing Code.

The modernised Code is centred on an obligation for firms to secure customers’ interests which embodies a customer-focused mind-set where firms proactively take ownership of, and responsibility for, consumer protection.

It also enhances consumer protections across a range of areas, including:

• Digitalisation – firms must be customer-focused in the design and implementation of digital services.
• Informing effectively – a shift from requiring firms to disclose information, to informing effectively.
• Mortgage switching – firms must meet new disclosure requirements on switching options and the cost of incentives on the overall cost of credit of a mortgage.
• Provision of unregulated activities by regulated firms – firms must ensure customers can have no impression or misunderstanding that they are purchasing regulated products and services, where that is not the case.
• Firms must be vigilant to the evolving risks of frauds and scams, and take appropriate actions to protect customers.
• Protecting consumers in vulnerable circumstances – an updated definition of vulnerability, recognising that customers can move in and out of circumstances that make them vulnerable.
• To tackle the risk of greenwashing, firms will be required to ensure they communicate clearly on climate and sustainability features of products.
• Enhanced requirements in the areas of consumer credit, small and medium-sized enterprises (SMEs) protections, insurance and investments and pensions.

The types of firms that the Consumer Protection Regulations apply to include:

• Credit Institutions;
• Insurance Undertakings;
• Investment Business Firms, authorised under the Investment Intermediaries Act 1995;
• Investment Intermediaries, authorised under the Investment Intermediaries Act 1995;
• Insurance Intermediaries;
• Mortgage Intermediaries;
• Payment Institutions;
• Electronic Money Institutions;
• Credit Unions, when acting as insurance intermediaries;
• Regulated entities providing retail credit;
• Home Reversion Firms;
• Debt Management Firms;
• Credit Servicing Firms;
• Crowdfunding Service Providers;
• Credit purchasers; and
• Firms providing MiCAR services.

How can Crowe help?

The Consumer Protection Regulations set out cross-sectoral requirements applying across all sectors, and other specific requirements applying to the provision of Consumer Banking, Credit and Arrears, Insurance and Investments. These Regulations also consolidate a number of existing conduct regulations and codes into one set of regulations. Alongside the publication of the Consumer Protection Code 2025, the Central Bank of Ireland published guidance to support firms in implementing the requirements.

Within our risk consulting framework, we can assist and support firms to effectively implement their consumer protection obligations, risk management frameworks and to build on their understanding of how to implement the requirements set out in the Standards for Business Regulations and the Consumer Protection Regulations.