Central Bank of Ireland sets 2026 supervisory priorities

In its new regulatory and supervisory outlook for 2026 (145-page /2MB PDF) the regulator spells out what it perceives as the risks facing Ireland’s financial industry, despite starting from a strong position – as highlighted by its governor Gabriel Makhlouf in his annual letter to the country’s finance minister.

Five priorities have been identified by the CBI:

• maintaining and building resilience to geopolitical risks and macro-financial uncertainties
• securing consumer and investor interests in a rapidly changing world
• responding to technology-driven transformations
• helping to address the environmental and societal transitions underway, and
• enhancing how the CBI regulates and supervises.

The outlook notes, “Ireland’s position as a highly interconnected financial centre means that risks can emerge and spread quickly.”  In line with that, the CBI highlights some key potential areas of risk as posing particular challenges for 2026.

Operational risks and resilience

Operational and cyber risks are identified by the Central Bank as a very high threat in 2026 and are expressly positioned as a key supervisory priority for the year ahead.  As it notes:
“Increased geopolitical fragmentation and operational complexity raise the likelihood of cyber and other disruptive events, compounded by the rapid rise in cloud computing and growing reliance on a small number of technology providers and infrastructure for critical services.

“Combined, these raise both the probability and potential severity of accidental or malicious incidents as well as the speed of system-wide transmission, with detrimental effects on users.”

The CBI notes that firms are becoming more reliant on complex operating models, outsourcing and digital infrastructure. This increases the risk that operational disruptions, including service outages, cyber incidents or third‑party failures, could seriously affect both consumer trust and financial stability.

The CBI makes clear it expects firms to demonstrate robust operational resilience capabilities, including  the ability to prevent, respond to and recover from severe  disruptions that firms should reasonably anticipate.

This means a focus across the year from the regulator on issues such as remediation strategies for those banks that report material shortcomings in their cybersecurity resilience, along with increased inspection campaigns around security and risk management, and an assessment of banking firms’ dependency on cloud services in case of potential disruption.

For firms operating in the financial sector there is a clear message about the importance of good governance, oversight and senior management accountability. The CBI signalled continued supervisory focus on how firms identify, manage and mitigate operational and cyber risk as part of their core regulatory obligations.

Data and AI

Data, modelling and AI risks are identified by the Central Bank as having increased in 2026 and are positioned as anarea of supervisory focus in light of rapid technological adoption across the financial sector.

The report warns: “Advanced models and expanding data collection have long been used by leading firms, but widespread adoption of third-party AI tools changes the risk landscape and calls for stronger model governance, data quality, transparency and accountability.

“AI can amplify existing weaknesses, with model risk a growing concern in a world where the future differs from the past and is more unstable, and as models drive more business decisions in more firms. AI developments also heighten operational risk, business model risk, and risks to consumers.”

In its outlook the CBI highlights that the use of artificial intelligence can amplify existing risks where issues such as data quality, model design, explainability and oversight are not adequately addressed. The report is explicit that firms remain fully accountable for outcomes generated by AI systems, including where solutions are developed, procured or operated by third party providers.

From a supervisory perspective, there is a strong expectation that boards and senior management understand how AI is being deployed within their organisations and can evidence appropriate governance, controls and effective challenge.

This framing reinforces the CBI’s view that AI is not merely a technological innovation, but a core risk management and supervisory issue requiring clear ownership, transparency and oversight.

Financial crime

Financial crime risks are specifically identified by the Central Bank as a significant and growing threat to the integrity of the financial system and to consumer protection, requiring sustained focus from firms and authorities.

The outlook highlights that financial crime spans money laundering, terrorist financing, sanctions breaches, market abuse, fraud and unauthorised services, with exposure increasing as financial services become more digital first and as crypto assets gain prominence.

“Money laundering is increasingly driven by sophisticated threat actors operating across borders while traditional terrorist financing and sanctions evasion threats remain,” the CBI warns.

“The increasing volume of unauthorised activity, financial scams and fraud is being driven by technology which is providing criminals with new and innovative ways to harm consumers. Digitalisation which facilitates instant payments, e-money and crypto plus new AI tools, expands perpetrators’ capabilities and opportunities.

“This is compounded by weak controls in some firms, with heightened risk of exploitation across channels and products, including cross border.”

As a supervisory priority, the CBIwill assess fraud controls in banking and payments firms, scrutinise incident response arrangements and the treatment of affected customers, and detect and sanction unauthorised providers and market abuse.

It will also focus on emerging AML/CFT risks and on firms’ preparedness for the implementation of the AML Single Rule Book, while supporting the development of the new European AML framework in cooperation with the European Anti Money Laundering Authority (AMLA).

What this means for firms

These supervisory priorities for the CBI will be among the forefront of its 2026 agenda, as the regulator looks to put emphasis on good governance, accountability and resilience from financial firms across these areas.

“Firms must therefore ensure that they are resilient, well-governed and capable of managing evolving risks in a way that protects consumers and investors, safeguards financial stability and maintains trust in the financial system,” the report warns.

For firms operating in or from Ireland, it means they will need to put an increased focus on their ability to meet the CBI’s supervisory targets and requirements across the year, particularly against a backdrop of global change, conflict and economic unrest.