The Central Bank of Iceland has announced its priorities for financial market supervision for the 2026-2028 period. During this time, the supervisory activities will focus on five areas: resilience of supervised entities, cyber and IT security, combating money laundering/terrorist financing, responsible business practices, and governance.
These priorities take into consideration the work and policies of the Central Bank and its Financial Supervisory Authority, as well as the priorities of the three European Supervisory Authorities (ESAs) – EBA, ESMA, and EIOPA.
Resilience of supervised entities
The Central Bank expects entities under supervision to have processes in place to deal with “unexpected events with short-term effects” including climate change, natural disasters, volcanic eruptions, as well as global political risks.
These types of events tend to raise operational and credit risks, leading to price corrections on the market. The risks are further exacerbated by the high interest rates and inflation in Iceland as well as among Iceland’s main trade partners.
- Priority issues: assessing impact of persistently high interest rates and inflation on asset quality; assessing impact of global political risks on the supervised entities’ operations.
Cybersecurity and IT risks
Cyber and IT risks have continued to be a challenge for the financial sector, following not only more frequent but also more sophisticated cyber attacks. Furthermore, vulnerabilities in the operations of third parties can also have a spillover effect on the market.
Financial market participants are now facing obligations under DORA, which should lead to better resilience, risk management, and preparedness for business continuity. The Central Bank will continue to build educational capacity for the financial sector tied to DORA as well as AI usage and risk management.
- Priority issues: DORA implementation and education; ICT risks and related risk management and governance framework; register of information tied to third-party risk; test plans to assess digital operational resilience; AI use in the sector.
Combating money laundering and terrorist financing (ML/TF)
Measures tied to anti-money-laundering and terrorist financing have been among the Central Bank’s priority areas since 2022. The work in this area during the 2026-2028 period will be framed around the implementation of new EU legislation, the new Anti-Money Laundering Authority (AMLA), as well as the work of the Financial Action Task Force (FATF).
The FATF launched an investigation in 2025 around Iceland’s approach to ML/TF and financing of weapons of mass destruction (WMD). The investigation is set to be completed in 2027. Education, risks tied to virtual assets, and heightened monitoring of the sanctions list will also be in focus.
- Priority issues: education for reporting entities; increased communication with boards and management about the importance of combating money laundering; risk response and management tied to virtual assets, money laundering and financing weapons of mass destruction (WMD).
Responsible business practices
The Central Bank will place special emphasis on consumer protection in the pensions market, especially related to pension insurance distribution practices.
Here, financial market participants are expected to follow approval processes for products and services offered to customers, as well as to address conflicts of interest and respond to information needs based on regulation, both in terms of communication and documentation.
- Priority issues: sales practices tied to distribution of pension insurance; measures to manage conflict of interest; disclosures to investors and consumers, including on sustainability and costs of financial products and services; approval processes for products and services.
Governance
The supervisory expectations are related to the internal governance of companies, in particular their assessment of the qualifications of directors and the composition of boards among the supervised financial players.
This heightened expectation comes as a result of increased consolidation on the market, resulting in mergers between banks and insurance companies.
As a result, the independence of boards and conflict of interest considerations in lending and transactions with related parties creates a new challenge for supervisors and reaffirms the need for strong governance.
- Priority issues: corporate governance and governance of smaller regulated entities; education for regulated entities regarding board composition; managing conflicts of interest and suitability requirements.
The Bank’s new policy
Financial regulation, according to the Central Bank, has changed significantly in the past years, with new regulation, especially stemming from the European Union, creating new educational needs for the market as well as new supervisory obligations.
At the beginning of the year, the Central Bank updated its financial supervision policy. One of the more significant policy changes included simplifying the implementation of financial supervision, aiming to increase the efficiency of the internal resources and capacities without compromising the supervision or the regulatory requirements.
Some of the activities that have already taken place in this direction have been targeted toward credit institutions, which now no longer need to submit quarterly loan portfolio reports.
Moving forward, the Central Bank will continue to explore ways to reduce the complexity of the regulatory framework for the financial market.