Proposed Consumer Protection Code Revisions: Key Changes and Challenges

insight featured image
On Thursday, March 7, the Central Bank of Ireland (“CBI”) published for public comment a Consultation Paper (“Consultation Paper”) outlining proposed changes to the Consumer Protection Code (“CPC”).

This follows a period of extensive engagement with industry, and the wider public, to ensure that their views were considered. This article focuses on the extent to which these views have been captured within the proposed changes, an overview of the changes themselves, and an initial view on potential implementation challenges.


In October 2022, the CBI published a discussion paper (“Discussion Paper”) to seek views on upcoming CPC revisions. This was followed by a six-month engagement with stakeholders.

The Consultation Paper sets out the CBI’s proposed revisions to the CPC which have been partly informed by the responses to the Discussion Paper and the CBI’s stakeholder engagement.

Overall, the CBI stated that the revised CPC will seek to ensure that firms effectively incorporate customers’ interests in their strategy and decision-making, provide clarity on customer protection obligations, and support consumers and firms in accessing and navigating the new Code through supports, guides, and explainers.

Key issues raised in responses to the Discussion Paper

It was generally agreed that the CPC should be less prescriptive, and more principles based. Moreover, concerns were raised with regard to a “one-size-fits-all” approach given the requirement for flexibility to accommodate a variety of firm types and business models.

Simplification of the Code was also sought, with a succinct, plain English approach enhancing accessibility and understanding for all. Furthermore, alignment with other related rules and regulations was deemed a requirement to facilitate clear interpretation and application.

To what extent have these key issues been adopted?

The revised CPC has been consolidated, incorporating relevant sections of several overlapping codes and requirements (i.e. the Code of Conduct on Mortgage Arrears, the High-Cost Credit Providers Regulations and the Insurance Requirements Regulations).

It will not, however, be a single standalone document and will be located in two separate regulations: (1) the Standards for Business (which will apply to all employees of Regulated Financial Services Providers per the Individual Accountability Framework), which replaces the General Principles of the Code, and (2) the General Requirements, which features new consumer protections alongside existing requirements.

The CBI has sought to make the CPC more accessible, making available various digital tools, explainers, and guides. A Consumers’ Guide will clearly set out both the protections available within the CPC, and related consumers’ responsibilities.

Some key themes, such as financial literacy and availability and choice of financial service providers, are not addressed within the Consultation Paper. However, it is stated that a separate initiative, outside of the scope of the CPC, will be forthcoming.

Separately, the use of a “Key Information” or summary document to better inform consumers has not been included within the scope of the revised CPC, despite apparent consensus that this would have been welcomed.

Finally, while the revised CPC does not appear any less prescriptive than the existing version, the guidance relating to some key proposed changes does allow for flexibility among different types of financial services providers.

Key proposed changes in the revised CPC

Key proposed changes can be divided into two main categories: (1) requirements around how firms should secure customers’ interests in Standards for Business and (2) targeted protections around specific issues within the General Requirements.

Securing customers’ interests

Part 3 of the Standards for Business articulates how firms should meet their existing best interest obligation. Crucially, the standard is outcomes-focused with firms being required to deliver “fair outcomes for customers”. This stands in contrast to the UK’s Consumer Duty which employs a “good outcomes” standard.

The accompanying guidance provides a number of examples and case studies to illustrate the types of practices which firms should adopt and actions that they should take. This accords with the view of many commenters who were of the view that explanation by way of illustrative case studies rather than prescriptive legal definitions would facilitate a clearer understanding.

Importantly, a large range of scenarios, industries and firm types are addressed, with the CBI not prescribing a “one-size-fits-all” approach to securing customers’ interests.

Targeted protections

Targeted protections are reflective of the ways in which financial services are delivered. These include issues such as digitalisation, informing effectively, mortgage credit and switching, unregulated activities, frauds and scams, vulnerability, and climate risk.

While some of the proposed changes consist of new disclosure or advertising requirements, some could prove to be more onerous for firms to implement, as further outlined below.

Potential implementation challenges


The CBI is focused on customer outcomes, with firms that offer digital platforms not only being required to ensure that these platforms are easy to use, but also that they produce consistent and objective outcomes for users.

In addition, there are various prescriptive requirements such as a requirement to slow the digital transaction process, ensuring that a review of key information by the customer can take place, as well as a requirement to provide reminders of cooling off options.

Finally, recommendations from the Retail Banking Review have been incorporated into the revised Code, including the requirement to conduct an ex-post assessment of impacted customers nine months after closing, moving or merging a branch.

This will overlap with the ongoing “Access to Cash” initiative which is concerned with how the decline in cash usage, which corresponds to the increase in digitalisation, is managed.


The four key targeted protections in this area go well beyond the existing obligation to provide appropriate assistance where the firm has identified that a consumer is in vulnerable circumstances. As such, the proposed changes align to the consensus view that vulnerable customers are not currently afforded adequate protection. They are also consistent with the requirements under the Assisted Decision-Making Act which came into effect in 2023.

  1. All staff must be adequately trained on vulnerability issues. Again, this accords with the respondents to the Discussion Paper who were of the view that staff training was critical here. There will be flexibility as regards what training is provided and how it is delivered, however.
  2. Firms will be required to have clear procedures for employees to report concerns that a customer is a victim, or at risk of being a victim, of financial abuse or a fraud or a scam. The identification of such scenarios, along with the subjective nature of views, may pose issues, with further guidance likely to be required in this regard.
  3. Firms must ensure that any information provided by customers which details circumstances of vulnerability is, with the consent of the customer, recorded and is available to staff on a go-forward basis. It is not made clear exactly how this information should be recorded, just that firms’ systems should be able to “support” its recording.
  4. The concept of Trusted Contact Person will be incorporated into the CPC, with firms required to facilitate customers who wish to provide the name of a trusted person (a relative, friend etc.) who a firm may contact in situations of incapacity or where financial abuse is suspected.

Next steps

Following consideration of feedback on the Consultation Paper, the CBI expects the revised CPC to be finalised by early 2025. Following final publication, the CBI is proposing a 12-month implementation period.

How we can help

Grant Thornton Ireland is well positioned to assist your firm with evaluating the impacts of these new regulations and adapting your practices to best meet new expectations.

We have the knowledge and experience to navigate you through the new requirements, ensuring adherence to the specific, and general spirit, of the revised CPC. Our market-leading team of regulatory and conduct professionals are here to help with your implementation readiness and assurance needs including requirements around vulnerable customers, customer communication analysis, and Consumer Protection Risk Assessment support.