Skip to content
Compliance Institute Q1 Member Survey 2026
Your opinion matters – Q1 Member survey
Section 1: Data Breach
1.
Has your organisation ever breached data protection rules?
Yes – I know of at least 1 such instance
Yes – I know of more than 1 instance
I’m not sure – but I think so
No – not that I know of
2.
Has any organisation you previously worked in ever breached data protection rules?
Yes – I know of at least 1 such instance
Yes – I know of more than 1 instance
I’m not sure – but I think so
No – not that I know of
3.
In your professional opinion, and based on your experience, do you think that some breaches go unreported?
Yes, many
Yes, a few
No, not knowingly
4.
Why do you think that some organisations may not report a breach of data protection rules? (Multiple answer question)
The penalties and attention from the regulator
The brand damage – public perception, etc
Individual accountability – nobody wants to get blamed
I don’t think organisations, in the main, would knowingly not report a breach
5.
Has your organisation ever experienced a data breach from outside the organisation – hacking, etc?
Yes
No
Section 2: AI
6.
Has AI made it easier or more difficult for your firm to protect customer data and other critical data? Select the answer which most reflects your opinion.
More Difficult
Easier
It has not had any material impact either way
7.
Under the EU’s Artificial Intelligence Act, providers and deployers of AI systems must ensure a sufficient level of AI literacy of their staff and other persons dealing with AI on their behalf. Has your organisation put measures in place to ensure this requirement is met?
Yes
Some
We are currently putting these in place
We plan to put these in place in 2026
No - not at all
Section 3: Consumer Protection
8.
As a result of the Central Bank’s revision of its Consumer Protection Code, new consumer protection rules will apply from March 24, 2026. Below are some of the main rules being rolled out under the new code – which one do you believe will be of most benefit to consumers?
The requirement on lenders to provide title deeds to a mortgage borrower (or their representative) within ten working days of the request
The end to the auto-renewal of travel insurance, gadget insurance, dental insurance or pet insurance policies
New requirements to facilitate a Trusted Contact Person for customers in vulnerable circumstances, allowing customers to nominate someone the firm may contact if there are difficulties engaging with the customer or concerns about financial abuse, including fraud
The requirement on banks to give more notice of branch closures
The new requirement for financial services firms to ensure that their advertising does not mislead customers on a product’s or service’s sustainability, the “green credentials” of the firm itself, or its business model
9.
Which if the changes outlined above do you think could present the greatest challenge in its implementation?
The requirement on lenders to provide title deeds to a mortgage borrower (or their representative) within ten working days of the request
The end to the auto-renewal of travel insurance, gadget insurance, dental insurance or pet insurance policies
New requirements to facilitate a Trusted Contact Person for customers in vulnerable circumstances, allowing customers to nominate someone the firm may contact if there are difficulties engaging with the customer or concerns about financial abuse, including fraud
The requirement on banks to give more notice of branch closures
The new requirement for financial services firms to ensure that their advertising does not mislead customers on a product’s or service’s sustainability, the “green credentials” of the firm itself, or its business model
10.
The new rules prohibit misleading claims about sustainability or "green credentials" of products/firms, requiring accurate representation. In the main, how prepared do you believe financial services firms in Ireland generally are to substantiate sustainability or “green” claims made in their advertising?
Mostly prepared – the majority of firms have robust processes and evidence, though a few may lag
Moderately prepared – some firms are well-prepared, but gaps are evident across the sector
Poorly prepared – most firms have limited ability to provide reliable evidence
Unprepared – very few firms have meaningful processes or controls in place
11.
To what extent do you believe greenhushing is emerging as an issue within Irish financial services?
A significant issue that is likely to increase
A growing issue, but currently limited
A minor issue at present
Not an issue within the sector
Section 4: Financial Crime
12.
Which of the following do you consider to be the most prevalent financial crime in Ireland?
Fraud
Money laundering
Insider trading
Bribery and corruption
Cybercrime (hacking, phishing, online scams)
Tax evasion
Section 5: Escalating Supply Chain and Operational Cyber Risks
13.
Incidents like the Jaguar Land Rover shutdown highlight how cyber attacks can disrupt operations and supply chains. How confident are you that your firm’s cyber risk framework and incident response plans address such operational risks (beyond data breaches)?
Very confident – we have comprehensive coverage and tested plans in place
Reasonably confident – we have plans to cover most scenarios, but some gaps remain
Not very confident – we have limited coverage of operational/systemic risks
Not confident at all – significant gaps exist
14.
What do you see as the biggest operational risk to the financial services sector in 2026?
Cyber attacks or system outages
Supply chain / third-party service disruptions
Fraud or financial crime
Staff shortages or talent retention
Regulatory changes or uncertainty
Thank you for completing the Compliance Institute Survey 2026
