Remarks by Gerry Cross, Director of Capital Markets & Funds - CASP Industry Briefing

Remarks by Gerry Cross, Director of Capital Markets & Funds - CASP Industry Briefing

Introduction

Good morning. I am delighted to welcome you to Central Bank of Ireland today as part of our continued engagement with the crypto sector.

This time last year we hosted an industry briefing focused on the path to success in the authorisation of Crypto-Asset Service Providers (CASPs). It has been a very active 12 months, and today I see many of you in the room from newly authorised CASPs who have come through the process successfully.

This morning's event is an excellent opportunity for us all as participants with different roles in the crypto ecosystem to continue the conversation. It comes as we navigate an important milestone in the MiCAR story: the journey from authorised firms to supervised sector.

We know a key question in your minds is "what is next"? We of course continue our commitment to being wholly open and engaged. Today, our industry briefing will:

• Reflect on developments across the sector since we last met.
• Share some insights to help those of you currently in the authorisation process to navigate the remainder of that process.
• Provide some additional perspective on what it means to be a supervised CASP.

Innovation central to the regulatory agenda

First, let me spend a few moments on innovation and its ongoing importance from a financial regulatory point of view.

When the European Commission launched its digital finance package in 2020, it reflected the EU's ambition to embrace a digital transition for the benefit of citizens and to modernise the European economy across sectors. It also sought to turn Europe into a global digital player and to realise the opportunities within innovation, while managing the risks. These are objectives that, at Central Bank, we of course broadly share.

The Central Bank has been a strong supporter of the EU's ambitions in this area. We have sought to play an active and leading role in the development and implementation of both the Markets in Crypto Assets Regulation (MiCAR) and that other regulation that is at the heart of resilient success in a digitalised financial system, the Digital Operational Resilience Act (DORA).

MiCAR is an important step forward in the regulation of crypto activities in Europe. It has introduced for the first time, a comprehensive European regulatory framework for crypto assets and their operational ecosystem. The crypto sector is at the same time coming to maturity as the technologies, products, services, and service providers embed. It is important that continued growth and development in the sector is well governed, value-oriented and positive for customers.

Artificial Intelligence is transforming the way many activities are performed, including of course financial services. We are now observing the interplay of AI technology and Blockchain technology with the potential for a mutual amplification of effect. Blockchain seeks to bring efficiencies including cheaper and faster solutions in financial services, while AI seeks to leverage data for deeper, faster analysis. At a practical level for example, there is potential for the combination of AI with DLT to strengthen fraud detection, thus supporting better outcomes for customers and the wider financial system.

2025 also saw a significant focus on tokenisation. At the Central Bank, we see the transformative potential of tokenisation including in areas such as payments, trading and post-trading, investment funds and asset management.

Since early 2024, Central Bank have been engaging with industry - both collectively and at individual firm level as participants work to bring tokenisation into real life application. Last week, we published a Discussion Paper on DLT & tokenisation in financial services¹. Our aim is to stimulate informed dialogue on the future role of DLT and tokenisation applications within the Irish and European financial markets ecosystem.

Internationally, given the borderless nature of the technology, seeking to ensure good levels of consistency, leveraging the Recommendations from the FSB² and IOSCO³, is important.

Developments in the UK under the FCA's crypto roadmap⁴ are important and we have been engaging with our counterparts there to share learnings and insights. These developments align closely with the objectives of MiCAR - market integrity, consumer protection and monitoring risks to financial stability from the crypto asset markets.

Crypto-asset markets necessitate close regulatory cooperation, and we will continue to engage in active dialogue with our colleagues at an EU and international level including under the auspices of ESMA, EBA and IOSCO. On this, I will say more in a few minutes.

In 2025 we experienced significant market volatility with a market crash in October, followed by a continued broader sell off. Such volatility is a concern for us as regulators, particularly where consumers are impacted. This concern is reflected in the warnings that regulators, including ESMA and Central Bank of Ireland, have issued to consumers concerning crypto markets. While we welcome the entrance of CASPs into the regulatory perimeter, as indicated in those warnings, crypto assets are often volatile and highly risky and as such may not be suitable for all retail customers.

Reflections from 2025 - Authorisation successes and lessons learned

A second important aim of our event this morning is to share reflections from our engagement with CASPs as we authorised a first significant cohort of firms during 2025.

1. Implementing a new risk-based and proportionate framework with open and engaged at its core

   In implementing MiCAR, we recognised that many applicant firms would be new to regulation. Furthermore, the transitional arrangements of MiCAR meant that existing VASPs could continue to operate for only 12 months, presenting a timing challenge. Firms were required to be granted their CASP licence or wind down their existing VASP within this transitionary timeframe.

   We recognised that a considered, risk-based, and proportionate approach was important. Gatekeeping is a core component of our regulatory and supervisory responsibilities - it is the first touchpoint that a new regulated entity has with their regulator. We have also been evolving our approach to gatekeeping generally to ensure that, as well as being effective, it is as efficient, predictable and outcomes focused as possible. As in all areas of our oversight work, it should never be about checking boxes but reaching timely, outcomes-focused judgements on the substance of the matter.

   In line with our broader approach, we wanted to ensure that the authorisation process for CASPs was built on a foundation of clarity, transparency, flexibility, and predictability for applicant firms and the wider industry, while maintaining integrity in the discharge of our important gatekeeping duty. A key contributor towards achieving this has been engaging with our stakeholders - including many of you here this morning - in a constructive, front-footed, and open manner, underpinned by a strong feedback loop. This has enabled firms to engage with us at pace while providing a high level of clarity to firms navigating this new complex journey.

   Core to our approach has been ensuring an outcomes focused implementation of MiCAR-including the ESMA Broker Opinion-challenging firms to keep consumers front of mind, while also having a strong focus on key risk areas such as governance, operational resilience, the safekeeping of client assets, and combatting money laundering and terrorist financing. While other colleagues will address these areas later this morning, I want to say a few words on key areas that matter to us in the Central Bank when authorising firms, and on an ongoing basis as we supervise firms in this sector.

   The Central Bank is firmly committed to an efficient, outcomes-focused and robust approach to the authorisation and supervision of CASPs. We have a mandate to ensure the interests of consumers are protected through proper and effective regulation, and this is at the heart of what we do. This means we place strong focus on firms having a consumer-centric approach. MiCAR provides that CASPs should always act honestly, fairly and professionally to secure the best interests of their clients while our new Consumer Protection Code includes an overarching standard that firms should secure their customers' interests.

   We have expressed scepticism about business models where profitability is driven from the heavy marketing, offering and distributing of unbacked crypto to retail customers for speculative purposes. Where we see higher inherent conduct and investor protection risks in the products offered to customers and investors, we will have higher expectations of firms to address those risks.

   CASPs operate in an increasing technologically innovative space. They also operate in a high-risk environment facing unique cybersecurity challenges. Operational resilience is a key focus for the Central Bank. Digital operational and cyber events are higher probability, potentially high impact, events. The ability of firms to identify, mitigate, respond to, and recover and learn from such events is essential. Firms must ensure that their operational resilience frameworks are robust and commensurate with the nature, scale and complexity of their business.

   The importance of good culture and conduct risk management for CASPs cannot be overstated. It is not merely a regulatory requirement; it should be viewed as a fundamental component of maintaining trust, integrity and stability within the sector, and as an enabler of good growth for firms.

   Effective organisational culture builds on shared purpose and standards such as professionalism, honesty, integrity and accountability to deliver fair outcomes that have the interests of consumers and investors at heart.

   The Central Bank expects to see such standards and values embedded in all the firms we regulate. The directors of the firm have a critical role in setting the culture, living by it themselves and calling out and addressing poor behaviours when observed. This will ensure that when they are faced with a dilemma or a moment of pressure, their instinct will be to do the right thing, not the questionable thing.

2. Driving regulatory convergence and consistency for sectoral clarity

   A perennial challenge with regulation is consistency of application. Any inconsistencies are felt by both the regulator, and the sector being regulated and, potentially, consumers. Clarity and consistency in application at an EU level is critical. MiCAR sets out a harmonised approach to regulating the crypto sector and a strong focus for us at Central Bank has been our work at European level to help drive clarity and convergence in the application of MiCAR across the EU.

   At the European level, significant work has been taking place in the European Supervisory Authorities to drive a harmonised approach to the implementation of MiCAR. At the Central Bank, we have both welcomed this work and, with our peer national authorities, been strongly committed to its implementation. For an area such as crypto assets which is innovative, fast-growing, and impactful, it is critical that there is a coordinated and consistent approach to authorisation and supervision across the EU. Through its Digital Finance Standing Committee (DFSC), ESMA has been driving this outcome based on a shared approach, common expectations, and real-time experience.

   There have been key successes from this collaborative approach including the building of:

   • Consistency across authorities on whether firm proposals, business models, and their component parts are fully compliant with MiCAR and ESMA guidance.
   • Converged approaches on the authorisation and supervision of firms.
   • Strong bilateral engagement and support between NCAs.
   • Agreement on clear messages to retail customers and guidance to firms.

     We have found this to be a very valuable process and are pleased that it is delivering real results.

3. Reflections on Lessons Learned

   In terms of some lessons from the last year that will be helpful to those seeking authorisation:

   Clarity on business model is important.

   The CASP business model has great variety and can be quite complex. This complexity is dependent on the activities and services the CASP seeks to provide, and on the nature of how these activities and services will be delivered - particularly where group structures are involved.

   Clarity on business model in the context of MiCAR was a key challenge for some CASPs seeking authorisation in 2025. It was our experience that firms who came to us with a clear view on the alignment of their business model vis-à-vis MiCAR, particularly the ESMA Broker Model Opinion, moved through the MiCAR CASP authorisation process in a smoother and speedier manner.

   Resourcing and realism are essential.

   Applying for authorisation under MiCAR is a material moment in the life of a CASP. When a firm faces into such a process, it is crucial that it puts the necessary resources behind the application so that the firm is well placed to navigate the process and deliver on the asks MiCAR makes of them. Success is supported by internalising the demands of the process and recognising that there will be important effort required.

   Be prepared

   Preparation and planning are important. Our experience was that appropriately prepared firms navigated the CASP authorisation process in a more efficient and timely way. This can include having the requisite documentation at the appropriate level of detail in place, or the funding to meet your capital requirements, or ensuring access to other resources or expertise in your firm or group to support you in this process. Importantly, think about how you are going to operationalise, especially if you are newly setting up in Europe and leveraging a pre-existing non-European group model.

4. Enhancements

To further improve and streamline the experience of the application process, in the coming weeks we will be establishing a new authorisations portal for CASP applicants. This new facility will provide for a streamlined submission and ongoing engagement process, improve transparency and a dedicated and secure communication channel. This will, we believe, further enhance the experience of CASPs seeking authorisation.

What it means to be a supervised CASP

A third purpose of today's briefing is about giving some further clarity on what it means to be a supervised CASP. What is expected of firms? And what can firms expect of us, including some aspects of our supervisory plans.

It is our objective that the regulatory and supervisory environment enables the potential benefits of innovation for consumers, businesses and society to be realised, while ensuring that the risks are effectively managed and mitigated.

This is not a once and done exercise at the gate. It is something that requires continued commitment from firms to foster a customer-focused culture and take responsibility for managing risks to their business and to their clients on an ongoing basis.

The volatile and inherently high-risk nature of many crypto products leads to potentially material risks for consumers and investors. Faced with this, firms must ensure that their customers interests are fully secured in line with the revised Consumer Protection Code. This includes effectively supporting customers, providing clear and effective disclosures and explanations and ensuring that customers are informed in a manner that drives effective understanding.

For the crypto sector to succeed, compliance, risk management and a customer centric approach should not be seen as a cost of doing business, but rather as being at the heart of a successful business model.

For our part, our outcomes-focused approach to supervision means that we focus our efforts on those risks and vulnerabilities that, in our judgement, pose the greatest threat to the achievement of our four safeguarding outcomes: the protection of consumer and investor interests, the safety and soundness of regulated entities, the integrity of the financial system, and financial stability.

Our recently published Regulatory and Supervisory Outlook Report⁵ sets out our latest view of how the accelerating changes in the operating environment are shaping the risk landscape domestically and internationally, and the key priorities from a supervisory perspective we see across the sectors we supervise.

We recognise that CASP's are a new category of regulated entity within the Markets Sector. CASPs create different risk profiles, particularly as regards custody of crypto assets, AML/CFT, and consumer outcomes that are distinct from traditional trading firms and venues. CASPs material retail client base, novel custody models, and complex market structures result in unique supervisory priorities.

As set out in our Regulatory and Supervisory Outlook Report, our supervisory activities will include a mix of planned and responsive engagements and sectoral thematic reviews. Key areas of focus this year will be:

• Operational Resilience: We recognise that the crypto sector faces unique cyber and operational resilience risks. As such, we will be prioritising operational resilience including post-authorisation reviews of your digital operational resilience plans.
• Treatment of Customers: I have already spoken to the importance of a customer centric approach. Our supervision will focus on how you treat your customers, securing their interests and ensuring they are well- and effectively informed.
• Custody of Crypto Assets: This has been and continues to be an important focus during authorisation. This focus continues into the supervisory context. Ensuring you are effectively safeguarding client assets will be prioritised within our supervision.
• Anti-money laundering: The crypto sector has traditionally been susceptible to AML and CFT risks, including due to its pseudonymous nature. Assessing how firms are identifying and mitigating these risks will be a key focus of our supervision team.
• Finally, Market Abuse: The crypto sector faces unique challenges from a market abuse perspective, including due to the borderless nature of crypto markets, and we will prioritise this area in our supervision, including working with ESMA on pan European surveillance of crypto activity.

A key goal for the Central Bank is enhancing the effectiveness and efficiency that derives from data-driven, technology-enhanced supervision. In Q1, we will launch a new quarterly CASP regulatory return, which will provide us with a detailed view of each CASP's financial position and will inform our ongoing supervisory engagement. This is of course being designed and developed in accordance with the key principles of regulatory simplification and proportionality.

Conclusion

Before I hand over to the team, I want to reiterate the purpose for today. We hope that this event will facilitate the ongoing high-quality conversation that has been underway for some time now in this new ecosystem. We hope that it assists you as industry participants to navigate the next steps to success in your CASP journey with us here in the Central Bank. We find such engagement very valuable and hope that you do also.

For those firms seeking authorisation under MiCAR, a focus on good quality submissions, timely engagement with us, full alignment with MiCAR and the ESMA Broker Model Opinion, an openness to reflect on feedback, and a clear commitment to your European and Irish presence will be important in optimising your journey.

For those firms who have recently entered our supervisory environment as a result of authorisation, hopefully our engagement this morning will help you further navigate the opportunities and challenges of being part of the Central Bank regulated community.

Thank you for your attention and I shall now handover to Sara Byrne.