The European Commission’s FinTech Action Plan, published today, represents a significant milestone in the development of EU financial services (FS) policy. It gives the strongest indication yet that technological innovation and disruption will be among the main drivers of the EU’s future FS policy agenda, particularly after the next Commission takes office in 2019.
The Action Plan gives firms and markets a clear view of the areas of regulatory focus over the next few years. Yet, when compared to the regulatory response to technological innovation from other international regulators (e.g. the Financial Conduct Authority in UK or the Monetary Authority of Singapore), it does not yet amount to a clear regulatory framework for FinTechs and incumbents which are innovating now. The Commission’s proposals today, while directionally clear, are more exploratory in nature, the results of which will set the foundation for the policy programme of the next executive and legislature, starting in late 2019. Against this background, the absence of immediate or major regulatory or supervisory reforms – out of the 23 measures presented, the only legislative proposal is for a new EU framework for crowdfunding platforms – is less surprising.
It will therefore take time to build a more harmonised regulatory and supervisory approach to FinTech across Member States. In the meantime, given the pace at which technologies and financial markets are evolving, there is a risk that the EU regulatory framework may not offer the certainty and clarity that innovative firms require. This places the onus on the European Supervisory Authorities (ESAs) to bridge the gap, now with a strengthened mandate, by clarifying expectations and highlighting the risks and opportunities of innovative activities and services. They will also need to continue co-ordinating with national supervisory authorities to maintain the consistency of approach to innovation across the EU.
The Action Plan sets out three core objectives: to support the scaling up of innovative business models across the EU Single Market, to encourage the uptake of new technologies, and to strengthen the cybersecurity and IT integrity of the EU financial system. We summarise some of the key measures associated with each of them below.
Facilitating innovation through harmonisation, standards and best practices
The measures related to the first two objectives - focused on FinTech development - encompass four broad areas:
- Understanding the current national approaches to FinTech licensing and, identifying any gaps to be addressed via additional guidelines or legislative action. The focus is on addressing differences at national level in authorising new business models. One specific initiative, in addition to the draft new legal framework for crowdfunding platforms, will be the assessment of the applicability of current regulatory frameworks across the EU for cryptocurrencies and Initial Coin Offerings.
- Supporting the development of common standards and interoperable solutions for FinTech. Notably this will include supporting the development of: standardised PSD2 and GDPR compliant Application Programming Interfaces as a basis for a European Open Banking eco-system; interoperability standards for the Distributed Ledger Technologies (DLTs); and a code of conduct and standard contractual clauses for outsourcing to cloud service providers.
- Mapping the innovation facilitators set up by individual Member States. The ESAs will undertake a review of the different initiatives, such as regulatory sandboxes, across the EU, to identify best practices. If appropriate they will issue Guidelines to promulgate these best practices across the EU. In any case, the Commission plans to issue a blueprint for the development of regulatory sandboxes.
- Assessing the fitness of the existing regulatory framework for the use of disruptive technologies, such as DLTs and artificial intelligence. Although technological neutrality remains a guiding principle, the Commission acknowledges that EU rules which pre-date the emergence of these technologies may not be neutral in practice (e.g. paper-based disclosures or the need for a physical presence). The Commission will set up an expert group, by Q2 2019, to assess whether there are unjustified regulatory obstacles to financial innovation in the current financial services regulatory framework.
The Commission also plans to host quarterly EU FinTech Lab sessions to enable the ESAs and national supervisory authorities to engage with technology solution providers in a neutral, non-commercial environment.
Cyber takes centre stage
Countering cyber risk in the EU financial system has been highlighted as the European Parliament's “number one priority” in the Commission’s Action Plan. This reflects a rapidly growing focus on cyber for many EU-level institutions, including the European Central Bank (ECB).
The pace of technological change, and the way that it can rapidly transform the nature of the cyber threat that firms face, is expected to drive the regulatory imperative to act quickly.
The Action Plan makes clear that the Commission now sees a compelling rationale for this regulatory response to be organised at the EU rather than the national level. It identifies the harmonisation of IT risk management, convergence of cyber “hygiene standards” (i.e. simple routine measures to minimise the risks from cyber threats), and reducing barriers to threat intelligence information sharing as key areas for further work.
Another area of focus for the Commission is the development of a cyber threat testing framework for significant firms active in the EU financial sector.
The mandate given to the ESAs by the Action Plan, to map supervisory practices and recommend legislative improvements, signals the start of what could potentially be a very active legislative and regulatory agenda. As we wrote in our recent report on cyber regulation in Europe, the work that is being undertaken in parallel by the ECB on the cyber resilience of market infrastructures and large banks should also be seen as part of a growing EU-wide push to develop a harmonised FS regulatory framework in this area.
Mind the gap
As we explored in our recent Open Banking article, the rise of FinTech will disrupt regulators as well as firms. Overall, the Commission’s FinTech Action Plan takes a holistic approach to understanding where the balance lies between supporting innovation and competition, while still protecting customers and maintaining financial stability.
More work will be required before the Action Plan can be translated, if necessary, into concrete legislative and regulatory reforms. Challenges such as maintaining technological neutrality, dealing with an expanding regulatory perimeter, and the increasing diversity of innovative business models will be difficult to address. In addition, the consultative and iterative nature of the EU legislative process results in significant lead times, almost always years, before regulatory changes are agreed and implemented. This exacerbates the challenge of regulation keeping up with the pace of technological innovation.
All this means that interim measures, such as supervisory guidelines and the development of industry standards, some of which are indeed explored in the Action Plan, will play a pivotal role in plugging any gaps while legislation and regulation are being developed. They will also help reduce the risk of national authorities heading off in different directions, which could undermine the EU’s overall innovation and competition objectives. Moreover, if supervisory guidelines prove themselves to be effective, they may eliminate the need for legislative solutions in some areas altogether, leaving the EU with a more flexible and responsive framework.
The Action Plan provides a very clear signal of the EU’s future intent in the area of FinTech. It does not include a significant legislative programme, but this hardly surprising given that European Parliamentary elections will take place in mid-2019 and the legislative agenda between now and then is already packed. We expect the Action Plan to lay the foundation for work by the new Parliament and Commission executive in 2019. For this reason, and the fact that the Action Plan will prompt significant supervisory activity over the coming years, financial institutions across the EU need to play close attention to it.