Navigating a Central Bank Risk Mitigation Programme: A Practical Guide

The Central Bank of Ireland (Central Bank) takes an outcome focused, risk-based approach to supervision as outlined in their “Our Approach to Supervision”, which was published alongside its Regulatory & Supervisory Outlook Report 2025. 

RMP’s are part of the Central Bank’s Supervisory Toolkit and may be used as an intervention arising from their supervision. 

If you are a Board Chair, CEO, or other senior executive who has received a RMP you may be trying to understand how to respond effectively which is critical, not only to meet regulatory expectations but also to safeguard your organisations reputation and resilience.  

Drawing on years of experience advising boards and executive teams, we’ve developed a practical framework to help leaders like you navigate the RMP process with confidence and clarity.  In this article, I’ll outline key steps to take, common pitfalls to avoid, and how to turn regulatory scrutiny into an opportunity for strengthening governance and risk management.  

Why is Supervision necessary?  

Financial regulation is important and necessary, but, on its own, it is not enough to protect members, consumers and investors, keep firms safe and stable, maintain trust in the financial system, and support overall financial stability, i.e. the Central Bank’s Safeguarding Outcomes.    

That’s why supervision is also essential.  Supervision means the Central Bank will actively work with financial firms, analysing their activities and keeping a close watch to make sure that regulations are followed and risks are mitigated.  This approach ensures that not only are regulations put into practice, but the support is there to check that they are working as intended, and action is taken when they are not.  

By taking an outcome focused, risk-based approach the Central Bank can communicate its supervisory concerns to sectors and firms and highlight the outcomes expected and the timelines for them to be achieved.    

Why does the Central Bank issue a Risk Mitigation Programme (RMP)?  

If a firm is found to have issues or concerns in high-risk areas, for example, poor governance, weak financial controls, or inadequate third-party risk management, the Central Bank may issue a Risk Mitigation Programme (RMP).  A RMP is a formal set of actions a regulated firm must take to fix those issues. It includes:  

• What needs to be done.  

• Who is responsible.  

• When it must be completed.  

This helps ensure the firm:  

• Protects its members, customers and investors.  

• Stays financially sound.  

• Maintains trust in the financial system.  

• Supports overall financial stability.  

When might an RMP be issued?  

A RMP may be issued:  

• After a supervisory review or inspection.  

• If the firm’s regulatory risk profile increases.  

• When there are concerns about compliance, resilience or governance.  

• If the firm’s actions could impact on the wider financial system.  

How to respond to the Central Bank’s Risk Mitigation Programme?  

Outcome focused and risk-based supervision remains fundamental to the Central Bank’s approach and any supervisory concerns will be communicated to sectors and firms.  This may take the form of, for example, a ‘Dear CEO/Chair” letter, issuance of a risk mitigation programme (RMP) requiring a firm to prepare a skilled report, or at the higher end of the Central Bank’s escalation toolkit, the utilisation of direction-making powers, including enforcement actions.  Firms must ensure they take appropriate risk mitigation actions to address the issues identified and the desired outcomes expected. Set out below is a practical framework to help you navigate the RMP process:   

1. Carefully review the RMP letter – it will outline the specific weaknesses identified, the required actions, desired outcomes and the deadlines.  
2. Engage and Clarify – if you are unclear about any part of the RMP, engage your Central Bank supervisor for clarification.   
3. Conduct a Gap Analysis – compare the Central Bank’s expectations with your current frameworks, policies and practices. Focus on the Central Bank’s identified weaknesses and desired outcomes in addition to regulatory requirements, guidance and best practices. 
4. Identify areas where your firm falls short and need enhancement.  
   • Develop a comprehensive remediation plan.  
   • Assign responsibilities.  
   • Board – Clearly communicate to the Board what their responsibilities are in respect of the RMP.  
   • Project Manager – assign a project manager responsible for planning, executing and closing the project considering the weaknesses identified, regulatory compliance. requirements, the Central Bank’s expected outcomes together with internal and external timelines.  
   • Action Owners – ensure detailed actions have a clear owner within the business to drive the remediation actions in line with desired outcomes.  
5. Set internal deadlines – that will ensure that internal reviews and reporting requirements are met in advance of the Central Bank’s deadlines to allow for review and adjustments.
6. Document everything – maintain a clear audit trail of decisions, actions and communications.  
7. Ensure the issues and concerns – identified by the Central Bank in the RMP letter are appropriately strengthened via the remediation actions identified in your plan and are aligned with regulatory requirements and the Central Bank’s desired outcomes.  
8. Develop a comprehensive remediation project management cadence: 
   • Ensure there are internal structures for progressing the remediation plan including regular project touch points and regular internal progress reporting.
   • Provide regular updates to the Central Bank on progress and where required submit evidence of the remediation progress which may include, for example, evidence of updates to policies, training records, system changes or audit results.  
   • Should you hit a roadblock or need more time, communicate early and clearly with the Central Bank.  Be transparent about challenges or delays and propose realistic solutions.  Transparency builds trust.  
   • Make sure responses are well-supported, accurate and aligned with regulatory expectations.  
9. Embed the Central Bank’s desired outcomes – into your systems and controls and ensure it is aligned with identified weaknesses, regulatory requirements, guidance, best practices and the Central Bank’s desired outcome. 
10. Be prepared for a follow-up. The Central Bank may undertake a follow-up inspection or request additional documentation.  
11. Be ready to demonstrate – how changes have been embedded and made operational in addition to how they are monitored and overseen to reinforce the changes and avoid further risk

If you are a Board Chair, CEO or other senior executive who has received a RMP and would like to talk through how you can best organise your team to respond to it, I’m happy to have a conversation with you, on a no obligations basis, to help guide you on those first steps.  

Feel free to reach out directly my contact details are as follows: Carina Myles on +353 1 293346 or carina.myles@eisneramper.ie  

Authors

Reflections from CUMA 2025: Balancing Growth & Governance

Ireland’s credit unions are at a turning point, evolving from simpler savings and loans institutions into fully-fledged financial service providers.  With recent regulatory changes, it is clear that the government sees them becoming our “community banks” – offering personal loans, mortgages, business loans, current accounts and insurance.  However, this transition is in its early stages, with credit unions still understanding how to adapt their business models to sustain long-term growth. 

With the sector on the threshold of significant transformation, this year’s CUMA Conference 2025 presented the perfect opportunity to ask questions, share experiences and voice challenges.  

The expanding role of credit unions means maximising opportunity while minimising risk. 

A key sentiment emerging from CUMA 2025 was that a cautious, strategic approach will be crucial for steady and sustainable growth.  While there is significant potential for credit unions to do more for their members, careful liquidity management, regulatory compliance and operational resilience are essential.  

As the Deputy Governor of the Central Bank, Sharon Donnery recently stated: 

“It is not often you hear a regulator asking a sector to grow its loan book – to say that we are changing the rules to enable you to do more.  So, you won’t be surprised to hear me say that with opportunities come responsibilities.  

And so, while the sector continues to mature its offerings – it must also continue to mature its risk management and governance.” 

The past ten years have been transformative for Irish credit unions.  The number of institutions has halved, while the number of large Credit Unions has more than doubled.  Average reserves now stand at 16.5%, well above the statutory minimum of 10%.  There is an accelerated lending trajectory with substantial growth in loan portfolios – total loans have grown by 73% in the last ten years – and half of this growth has occurred in just the past two years.  More financial products are now available than ever before: mortgages, business loans, current accounts – and with an average loan-to-asset ratio at circa 33%, credit unions still have significant capacity to expand lending activity. 

However, while recent times have been a time of growth, there must also be an acknowledgement of the risks involved and the past mistakes of the financial sector, as well as a general acknowledgement of the limitations of credit unions – the model, the liquidity and the funding mechanisms that they can access, in comparison to banks.  

As Dean Roche, Head of Finance at Ireland’s largest credit union, St Raphael’s Garda Credit Union, made clear in his remarks, caution is the dominant sentiment, even among the most capable institutions.  St Raphael’s would not be approaching the proposed 30% mortgage lending limit set out in CP 159 anytime soon, opting for steady and sustainable growth instead and running their business to ensure it continues to be both financially and operationally resilient.  

As credit unions evolve, so must their governance and risk management structures.   

Recent legislative and regulatory proposals will create substantial opportunities for credit unions to expand their business models responsibly.  

The Credit Union (Amendment) Act 2023 facilitates enhanced collaboration between credit unions and paves the way for corporate credit unions.  CP 159 proposes the decoupling of lending limits, with separate concentration caps for house lending (30% of total assets) and business lending (10% of total assets). It also provides for the removal of asset-tiering restrictions, allowing all credit unions to operate within the same concentration limits regardless of size. 

With retail deposits as a relatively stable funding source, credit unions could become an effective player in the Irish mortgage market.  However, achieving all this requires a fundamental shift in risk culture and Asset and Liability Management (ALM). 

Donal Corbett, CEO of Lumon FX, Europe reminded us in his opening remarks that “Markets can remain irrational longer than you can remain solvent.” He took us back to 2008, when a credit crisis led to a liquidity squeeze which led to a credit crunch.  

Historically, banks focused on capital but underestimated liquidity risk—leading to stark regulatory changes post-crisis.  Credit unions currently lack advanced funding tools such as short-term repo arrangements and access to ECB funding, medium term note programmes and long-term securitisations, and their ALM frameworks are still being developed.  This means their ALM practices must mature before they embark upon a journey towards significant long term lending expansion.  

Credit unions can also consider proactively adopting best practices from the banking sector using for example tools similar to the banking liquidity ratios.  It is also vital that credit unions continue to closely monitor their savings on a forward-looking basis, as well as their lending and investment strategies, to mitigate maturity mismatches. 

And for smaller credit unions, they should be undertaking significant readiness assessment work before they consider entering new product lines such as mortgages and business loans.   

For effective asset and liability management, learn what good looks like. 

In this new territory, understanding “what good looks like” is more crucial than ever.  Dean Roche offered some key insights into how St Raphael’s has maintained stability and growth. 

With ten consecutive years of loan book expansion and a robust Asset Liability Management (ALM) framework, St Raphael’s welcome CP 159 as a progressive step.  The key to their risk strategy? Vigilant liquidity management.  They work to ensure that lending growth doesn’t outpace the predictability of members’ savings. 

Dean emphasised that sustaining loan book growth depends on several factors, including the retention of existing shares, new deposits, and the maturity timing of investments.  This approach centres on discipline: liquidity positions are assessed daily, weekly, and monthly to maintain financial resilience.  

Dean believes St Raphael’s is an attractive mortgage provider due to its trusted reputation, stability, personalised service, and not-for-profit model and he presented St Raphael’s approach for navigating these uncertain waters.   

His advice? Keep pricing structures simple, remain vigilant about member share trends, define a clear risk appetite and enhance ALM frameworks. Stress testing is also vital in preparing for any potential volatility.  

Embracing digitalisation is crucial to compete in a changing financial landscape – but it brings a fresh challenge. 

Another key topic discussed at the conference was the generational shift in expectations that credit unions are now facing.  With 86% of Irish consumers using mobile banking, consumer behaviours are changing, and credit unions must adapt to this new environment. Many credit unions have embraced mobile apps and online banking, but the changing demographic of credit union members presents a challenge for the future of the loan book.  

Traditionally, credit union savings have been “sticky”, but digitisation and SEPA instant payments are making it easier to move your money.  This poses a risk to the future stability of credit unions’ funding sources.  Funds that once remained within the credit union ecosystem can now be transferred instantly to digital banks.  Credit unions can no longer assume that retail savings will be as “sticky” in the future as they are now.  

Times are changing but credit unions must protect their unique position in the community. 

In all discussions, it was widely recognised that a major strength of credit unions remains their member-first approach.  They have always prioritised member welfare, particularly during times of financial hardship like COVID.  This presents a unique challenge as credit unions expand their long-term lending capabilities. They must develop their risk management, operational resilience and financial resilience frameworks. 

Despite the challenges ahead, there is real optimism for credit unions’ future.  The sector has the capacity to grow— safely and steadily — with improved governance, investment strategies and a forward-thinking approach to Asset & Liability Management.  It is vital that this is done properly so they can retain their position as Ireland’s most trusted, community-driven financial institutions. 

Contact EisnerAmper Ireland 

Contact Diarmaid O’Keeffe, Partner, Head of Audit & Advisory, to discuss how to align your strategy with industry changes. 

Authors