Auditor

Consumer Protection Code 2025: Compliance for Insurance Firms and Intermediaries

The revised Consumer Protection Code applies to every insurance undertaking and intermediary regulated by the Central Bank of Ireland. With the code effective 24 March 2026, insurance firms must ensure their policy documents, customer communications, and governance frameworks meet the new standards.

How the Consumer Protection Code Applies to Insurance

The Consumer Protection Code applies to all regulated financial service providers in Ireland that deal with consumers, including the full insurance distribution chain:

  • Insurance undertakings — life, non-life, and composite insurers authorised by the Central Bank of Ireland or passporting in from another EU member state
  • Insurance intermediaries — brokers, tied agents, and multi-agency intermediaries providing advice or arranging insurance contracts for consumers
  • Reinsurance intermediaries — subject to CPC where they deal with consumers directly or their activities affect consumer outcomes
  • Ancillary insurance intermediaries — entities whose principal activity is not insurance but that distribute insurance products (e.g. retailers selling warranty insurance)

The CPC distinguishes between product manufacturers (insurance undertakings) and distributors (intermediaries). Each has distinct responsibilities under the code's product oversight and governance requirements — manufacturers for product design and target market identification, distributors for ensuring products are sold to customers for whom they are suitable.

Insurance-Specific CPC Requirements

The 2025 revision introduces several provisions that apply specifically to the insurance sector or take on particular significance for insurers:

Product Oversight and Governance

Insurance undertakings (as manufacturers) must design products with a clearly identified target market, monitor product performance over time, and act where products are no longer suitable for the target market. Intermediaries (as distributors) must ensure products are distributed only to customers within the target market.

Claims Handling Standards

The CPC sets defined response timeframes for claim acknowledgements, decision communications, and payment following a decision. Firms must document claims correspondence clearly and maintain records supporting their decisions.

Renewal Notification Obligations

Insurers and intermediaries must provide renewal notices within defined timeframes, including comparison information with the previous year's premium where applicable. The 2025 revision strengthens transparency around premium increases and any changes in cover.

Suitability Assessment Documentation

Where insurance is sold on an advised basis, firms must document the suitability assessment in detail: the customer's needs, circumstances, risk profile, and the rationale for any recommendation. Documentation must evidence that advice was appropriate to the customer at the time it was given.

Remuneration Transparency for Intermediaries

Intermediaries must disclose the nature and basis of their remuneration to consumers, including whether commission is received from an insurer, whether fees are charged to the consumer, and any potential conflicts of interest. The 2025 revision extends disclosure requirements and standardises the format.

Vulnerable Customer Provisions for Insurance

Insurance contexts frequently involve vulnerability — bereavement claims, serious illness, reduced capacity following an accident. The 2025 revision requires firms to identify vulnerability, adapt communications and processes accordingly, and maintain records of how vulnerability has been addressed in specific cases.

CPC and the Insurance Distribution Directive

The Insurance Distribution Directive (IDD) is the EU-wide minimum harmonisation standard for insurance conduct. The CPC is the Central Bank of Ireland's detailed conduct framework that often goes beyond IDD requirements. Insurance firms operating in Ireland must comply with both — and the CPC represents the more detailed and prescriptive standard.

Where the two frameworks overlap, the CPC typically adds Ireland-specific expectations:

  • Product oversight — IDD requires product oversight and governance; the CPC adds specific target market identification and monitoring expectations
  • Disclosure — IDD sets baseline disclosure requirements; the CPC extends these and standardises format and timing
  • Suitability — both frameworks require suitability assessment; the CPC sets detailed documentation standards for evidencing the assessment
  • Vulnerable customers — the CPC adds substantial requirements beyond IDD, particularly the 2025 revision

Firms that built their compliance programmes around IDD alone will have gaps against CPC 2025. The practical task is mapping existing IDD documentation and processes to the CPC's more detailed requirements.

Document Compliance for Insurance Firms

The CPC creates specific document standards that insurance firms must meet across the customer lifecycle:

  • Policy documentation — all material terms, risks, exclusions, and costs prominently and clearly disclosed; warnings unambiguous; plain language throughout
  • Terms and conditions — written in plain language, with key terms defined and consumer-relevant information prioritised
  • Claims correspondence — acknowledgements, decision letters, and payment notifications following defined timelines and clarity standards
  • Complaint records — documented complaint handling including root-cause analysis and systemic remediation actions
  • Annual product reviews — documented reviews of product performance against target market expectations, with evidence of remedial action where products are no longer suitable
  • Suitability documentation — detailed records of advised sales including customer needs, circumstances, risk profile, and the rationale for recommendation

How ComplyLoft Auditor Helps Insurance Firms

The ComplyLoft Auditor can be configured with Consumer Protection Code 2025 requirements and run across insurance policy documents, claims correspondence templates, renewal notices, and suitability documentation. It flags potential gaps and provides a structured starting point for review.

  • Audit policy documents against CPC plain language and disclosure requirements
  • Review claims correspondence templates for clarity, timing compliance, and vulnerable customer considerations
  • Assess suitability documentation for completeness against CPC advised-sales standards
  • Cross-reference IDD documentation with CPC-specific extensions to identify genuine gaps
  • Generate audit trail documentation for Central Bank of Ireland supervisory engagement

ComplyLoft Auditor identifies potential compliance gaps and provides a structured starting point for review. All outputs require human review and sign-off. ComplyLoft does not guarantee compliance.

Explore the Auditor ToolRequest a Demo

Frequently Asked Questions

Does the Consumer Protection Code apply to insurance intermediaries?
Yes. The Consumer Protection Code applies to all regulated financial service providers in Ireland, including insurance undertakings, insurance intermediaries (brokers), and reinsurance intermediaries. Intermediaries are explicitly in scope and must comply with the code's conduct, disclosure, and documentation requirements. The 2025 revision strengthens several intermediary-specific obligations, particularly around remuneration transparency and suitability documentation.
What CPC 2025 requirements are specific to insurance?
Insurance-specific CPC 2025 requirements include: product oversight and governance responsibilities for manufacturers and distributors, claims handling standards with defined response timeframes, renewal notification and comparison obligations, suitability assessment documentation for advised sales, disclosure of remuneration arrangements including commission structures, and enhanced vulnerable customer protections adapted to insurance contexts such as bereavement and serious illness claims.
How does the CPC interact with the Insurance Distribution Directive?
The CPC and the Insurance Distribution Directive (IDD) both govern insurance conduct, but they operate at different levels. The IDD is the EU-wide directive setting minimum harmonisation standards. The CPC is the Central Bank of Ireland's detailed conduct framework that often goes beyond IDD requirements, particularly around vulnerable customers, product oversight, and specific disclosure obligations. Insurance firms operating in Ireland must comply with both. The CPC represents the more detailed and prescriptive requirements that firms must document and evidence.
What document standards does the CPC set for insurance firms?
The CPC requires customer-facing insurance documents to be clear, fair, and not misleading. Specific document standards cover: policy documentation with all material terms, risks and costs prominently disclosed; terms and conditions using plain language; claims correspondence following defined timelines and clarity requirements; renewal notices including prior-year comparisons where applicable; and suitability documentation evidencing how the product matches the customer's needs and circumstances.
When must insurance firms comply with CPC 2025?
The revised Consumer Protection Code is effective 24 March 2026. Insurance firms and intermediaries have had a transition period to update policy documentation, customer communication templates, claims processes, governance frameworks, and staff training. Firms that have not yet completed CPC 2025 readiness are operating with material regulatory risk as the Central Bank of Ireland begins supervisory engagement.

Prepare for CPC 2025 in Insurance

Request a demo to see how ComplyLoft Auditor helps insurance firms identify gaps against the revised Consumer Protection Code.

Request a Demo