The European Commission’s FinTech Action Plan, published today, represents a significant milestone in the development of EU financial services (FS) policy. It gives the strongest indication yet that technological innovation and disruption will be among the main drivers of the EU’s future FS policy agenda, particularly after the next Commission takes office in 2019.

The Action Plan gives firms and markets a clear view of the areas of regulatory focus over the next few years. Yet, when compared to the regulatory response to technological innovation from other international regulators (e.g. the Financial Conduct Authority in UK or the Monetary Authority of Singapore), it does not yet amount to a clear regulatory framework for FinTechs and incumbents which are innovating now. The Commission’s proposals today, while directionally clear, are more exploratory in nature, the results of which will set the foundation for the policy programme of the next executive and legislature, starting in late 2019. Against this background, the absence of immediate or major regulatory or supervisory reforms – out of the 23 measures presented, the only legislative proposal is for a new EU framework for crowdfunding platforms – is less surprising.

It will therefore take time to build a more harmonised regulatory and supervisory approach to FinTech across Member States. In the meantime, given the pace at which technologies and financial markets are evolving, there is a risk that the EU regulatory framework may not offer the certainty and clarity that innovative firms require. This places the onus on the European Supervisory Authorities (ESAs) to bridge the gap, now with a strengthened mandate, by clarifying expectations and highlighting the risks and opportunities of innovative activities and services. They will also need to continue co-ordinating with national supervisory authorities to maintain the consistency of approach to innovation across the EU.

The Action Plan sets out three core objectives: to support the scaling up of innovative business models across the EU Single Market, to encourage the uptake of new technologies, and to strengthen the cybersecurity and IT integrity of the EU financial system. We summarise some of the key measures associated with each of them below.

Facilitating innovation through harmonisation, standards and best practices

The measures related to the first two objectives - focused on FinTech development - encompass four broad areas:

  1. Understanding the current national approaches to FinTech licensing and, identifying any gaps to be addressed via additional guidelines or legislative action. The focus is on addressing differences at national level in authorising new business models. One specific initiative, in addition to the draft new legal framework for crowdfunding platforms, will be the assessment of the applicability of current regulatory frameworks across the EU for cryptocurrencies and Initial Coin Offerings.
  2. Supporting the development of common standards and interoperable solutions for FinTech. Notably this will include supporting the development of: standardised PSD2 and GDPR compliant Application Programming Interfaces as a basis for a European Open Banking eco-system; interoperability standards for the Distributed Ledger Technologies (DLTs); and a code of conduct and standard contractual clauses for outsourcing to cloud service providers.
  3. Mapping the innovation facilitators set up by individual Member States. The ESAs will undertake a review of the different initiatives, such as regulatory sandboxes, across the EU, to identify best practices. If appropriate they will issue Guidelines to promulgate these best practices across the EU. In any case, the Commission plans to issue a blueprint for the development of regulatory sandboxes.
  4. Assessing the fitness of the existing regulatory framework for the use of disruptive technologies, such as DLTs and artificial intelligence. Although technological neutrality remains a guiding principle, the Commission acknowledges that EU rules which pre-date the emergence of these technologies may not be neutral in practice (e.g. paper-based disclosures or the need for a physical presence). The Commission will set up an expert group, by Q2 2019, to assess whether there are unjustified regulatory obstacles to financial innovation in the current financial services regulatory framework.

The Commission also plans to host quarterly EU FinTech Lab sessions to enable the ESAs and national supervisory authorities to engage with technology solution providers in a neutral, non-commercial environment.

Cyber takes centre stage

Countering cyber risk in the EU financial system has been highlighted as the European Parliament's  “number one priority” in the Commission’s Action Plan. This reflects a rapidly growing focus on cyber for many EU-level institutions, including the European Central Bank (ECB).

The pace of technological change, and the way that it can rapidly transform the nature of the cyber threat that firms face, is expected to drive the regulatory imperative to act quickly.

The Action Plan makes clear that the Commission now sees a compelling rationale for this regulatory response to be organised at the EU rather than the national level. It identifies the harmonisation of IT risk management, convergence of cyber “hygiene standards” (i.e. simple routine measures to minimise the risks from cyber threats), and reducing barriers to threat intelligence information sharing as key areas for further work.

Another area of focus for the Commission is the development of a cyber threat testing framework for significant firms active in the EU financial sector.

The mandate given to the ESAs by the Action Plan, to map supervisory practices and recommend legislative improvements, signals the start of what could potentially be a very active legislative and regulatory agenda. As we wrote in our recent report on cyber regulation in Europe, the work that is being undertaken in parallel by the ECB on the cyber resilience of market infrastructures and large banks should also be seen as part of a growing EU-wide push to develop a harmonised FS regulatory framework in this area.

Mind the gap

As we explored in our recent Open Banking article, the rise of FinTech will disrupt regulators as well as firms. Overall, the Commission’s FinTech Action Plan takes a holistic approach to understanding where the balance lies between supporting innovation and competition, while still protecting customers and maintaining financial stability.

More work will be required before the Action Plan can be translated, if necessary, into concrete legislative and regulatory reforms. Challenges such as maintaining technological neutrality, dealing with an expanding regulatory perimeter, and the increasing diversity of innovative business models will be difficult to address. In addition, the consultative and iterative nature of the EU legislative process results in significant lead times, almost always years, before regulatory changes are agreed and implemented. This exacerbates the challenge of regulation keeping up with the pace of technological innovation.

All this means that interim measures, such as supervisory guidelines and the development of industry standards, some of which are indeed explored in the Action Plan, will play a pivotal role in plugging any gaps while legislation and regulation are being developed. They will also help reduce the risk of national authorities heading off in different directions, which could undermine the EU’s overall innovation and competition objectives. Moreover, if supervisory guidelines prove themselves to be effective, they may eliminate the need for legislative solutions in some areas altogether, leaving the EU with a more flexible and responsive framework.

Looking ahead

The Action Plan provides a very clear signal of the EU’s future intent in the area of FinTech. It does not include a significant legislative programme, but this hardly surprising given that European Parliamentary elections will take place in mid-2019 and the legislative agenda between now and then is already packed. We expect the Action Plan to lay the foundation for work by the new Parliament and Commission executive in 2019. For this reason, and the fact that the Action Plan will prompt significant supervisory activity over the coming years, financial institutions across the EU need to play close attention to it.



David Strachan - Head of EMEA Centre for Regulatory Strategy, Deloitte

David focuses on the impact of regulatory changes - both individual and in aggregate - on the strategies and business/operating models of financial services firms. David joined Deloitte after 12 years at the FSA, where in his last role, Director of Financial Stability, he worked on the division of the FSA into the PRA and the FCA.

Email | LinkedIn


Suchitra Nair - Director, EMEA Centre for Regulatory Strategy, Deloitte

Suchitra is a Director at the Centre for Regulatory Strategy and leads on technological innovation and regulatory strategy. She has over 15 years’ experience in the financial services sector gained in Audit, Corporate Finance and Risk Advisory teams. Prior to joining the Centre, she used to lead the implementation of large scale regulatory change projects at international banks.

Email | LinkedIn

Scott Martin

Scott Martin - Senior Manager, EMEA Centre for Regulatory Strategy, Deloitte

Scott is a Senior Manager in the Centre for Regulatory Strategy advising on international banking regulation, with a particular focus on bank capital, strategy, cyber risk and public policy-making processes. Before joining Deloitte in 2015, he worked in Brussels as an EU regulatory strategist advising a number of global systemically important banks and other financial institutions. He is a graduate of the London School of Economics and previously spent a number of years working as a political advisor to Canada’s Minister of Finance and Minister of Foreign Affairs.

Email | LinkedIn


Quentin Mosseray - Associate, EMEA Centre for Regulatory Strategy, Deloitte

Quentin is an Associate in Deloitte’s Centre for Regulatory strategy, where he focuses on insurance and cyber regulation. He joined Deloitte in 2017 after completing a Masters in Law and Economics, and also holds a double degree in International Relations from the Free University of Brussels and the LUISS University in Rome

Email | LinkedIn



Morgane Fouche - Senior Associate, EMEA Centre for Regulatory Strategy, Deloitte

Morgane is a Senior Associate in Deloitte’s Centre for Regulatory strategy, where she focuses on FinTech regulation. She joined Deloitte in 2017, after working as a consultant on competition policy at an international financial organisation. She also has previous experience working in academia and the French public sector. Morgane holds a dual degree in International Relations from the London School of Economics and the Paris Institute of Political Studies.

Email | LinkedIn



Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.