On March 8, 2018, the Directorate‑General for Financial Stability, Financial Services and Capital Markets Union, a department within the European Commission, published its final version of the FinTech Action Plan1 (“Action Plan”), which aims to enable innovative business models to reach an EU scale as well as to support technological innovation and enhance the security of the financial sector.

The Capital Markets Union (CMU) – one of the Commission's most important projects for the regulation of the financial markets – was initiated in September 2015. The goal of the CMU is to foster a single capital market by increasing cross-border activity, creating deeper and more liquid markets and encouraging greater diversity of funding sources for the real economy. The plan is for capital to benefit small and medium-sized enterprises and infrastructure projects, and promote growth and employment, especially by providing better access to financing and improving financial inclusion for digitally connected citizens.

Currently, the Commission wants to address the increasing impact of new technologies and innovative business models on financial services and capital markets and identify the respective opportunities and challenges, to do’s and gaps, while ensuring full compliance with fundamental safeguards. The Action Plan prioritizes cybersecurity, especially in light of the significant risk to the financial industry posed by cyber attacks. Therefore, one of the main goals will be to strengthen the cyber resilience of the EU financial sector, and ensure a high level of protection for customers and investors alike. Accordingly, it should come as no surprise that technological innovation has given rise to a bigger issue as it has created a new generation financial assets such as crypto-assets, which are closely associated with blockchain technology. Here, the EU’s supervision authority takes the position that this is a high risk area due to the lack of market transparency and the speculative environment.2

The Commission aims to review whether EU regulations for new technologies in the financial sector are fit for purpose. It will also remove obstacles hindering the use of cloud services and enable FinTech applications with the EU blockchain initiative which could help automate compliance and reporting and significantly improve supervision. Moreover, it will become easier for innovative business models to obtain the tools they need to strengthen their position in their national markets and reach EU scale. To achieve this, it will focus on clear and converging licensing requirements, among other things. This will be especially important for the alternative finance industry, which often struggles to identify the correct regulatory alcove.

The Commission and market participants are of the opinion that most innovative business models can work under the existing EU legislation. However, their major concern is that the respective supervisors might take diverging approaches when classifying the various innovative business models and identifying the applicable legislative framework. Another issue is also the difference regarding proportionality when licensing such models.

That said, some innovative services may not be entirely subject to EU legislation, which is where national acts come in. This is already the case with crowdinvesting and crowdlending (peer-to-peer) activities, which has resulted in a certain lack of consistency between national regulatory regimes and real barriers to cross-border activities. The Commission claims that 11 member states have already adopted regulatory regimes for investment-based and lending or loan-based crowdfunding activities, thereby preventing their cross-border development and making their scaling within the EU complex and expensive. Accordingly, the Commission is putting forward a proposal for an EU legal framework for investment-based and lending or loan-based crowdfunding platforms in order to ensure the proportionality of the regulatory requirements and to enable EU passporting for those deciding to operate as European Crowdfunding Service Providers (ECSP).

In this context the Action Plan also points out the importance of creating an environment based on developed standards where supervision is tailored to innovative firms or services. At present, market participants employing innovative technologies or business models often struggle to understand and fulfil regulatory expectations, as their businesses and ideas may differ from standard practices. The supervisor, too, is often challenged by the task of finding a suitable regulatory approach for an innovative model or technology. Accordingly, the Commission would like to enhance communication channels and strengthen contacts between supervisors and FinTechs by introducing and developing so called “innovation facilitators” across the EU. Some member states already work with so-called innovation hubs3 or “regulatory sandboxes”4 which prevent the supervisor from derogating from the application of EU requirements, unless explicitly allowed by such requirements.5 Such regulatory sandboxes are defined by the EBA in a discussion paper published on August 4, 2017, as controlled ‘safe spaces’ in which innovative products, services, business models and delivery mechanisms can be tested without immediately being subject to all of the regulatory requirements. The first goal of the Action Plan is to map existing innovation facilitators set up by the various national supervisors, identify best practices and – in the longer term – consider an “EU experimentation framework” for the adoption of and adaptation to new business models and technologies. Additionally, the Commission intends to establish an EU FinTech Lab as an education and interaction tool, which will raise the level of regulatory and supervisory capacity and knowledge about new technologies.

As for cryptocurrencies, the Commission points out that the first step in reducing anonymity and increasing the traceability of cryptocurrency transactions will be the 4th Anti-Money-Laundering Directive. Cryptocurrency exchanges and custodial wallet providers in the EEA will be required to carry out customer identification and due diligence requirements in order to strengthen investor protection and maintain high standards of protection of personal data. However, the Commission also intends to monitor the development of the crypto industry and possibly take further action later on. On the other hand, the Commission also emphasizes that it is important to avoid confusion between blockchain-based or inspired technologies and cryptocurrencies, the latter only representing one of the various applications of blockchain. Besides the further exploration and monitoring of blockchain potential for the financial industry, the Commission will evaluate and foster the use of blockchain beyond FinTech under the newly established EU Blockchain Observatory and Forum, which will focus on all sectors of the economy and society, e.g. health, public and other sectors. It is of the opinion that distributed ledger technologies (DLT) and particularly blockchain will become a key component of the digital economy and society over the coming years, and has great potential to drive simplicity and efficiency by reorganizing the entire infrastructure and processes. From the financial perspective, however, one of the first approaches will be to link existing national financial databases through DLT. This will, for example, make it easier for investors to access information on listed companies (e.g. annual financial reports, etc.) and assess cross-border investment decisions. Regarding possible regulation of cryptocurrencies, the Action Plan refers to the roundtable on cryptocurrencies hosted by Vice-President Valdis Dombrovskis on February 26th, 2018, emphasizing that the Commission will monitor developments and does not exclude the possibility of moving ahead on regulation at an EU level, while keeping in mind that “blockchain technology holds strong promise for financial markets” and that steps must be made to not hinder technological innovation.6

Moreover, the Action Plan stresses the need for standard and interoperable technical solutions for delivery of financial services. One possible approach here could be to reach a consensus on interoperability standards for the whole market, and establish global rather than local or regional standards. Such standard processes should simplify the exchange of data between market players and facilitate competition, while also complying with the new General Data Protection Regulation (EU) 2016/679, which will be applicable from May 25, 2018. The first step in this direction has already been made via the revised Payment Services Directive (EU) 2015/2366 obliging banks to open communication channels for FinTechs and enable them to provide services based on access to payment accounts.

Another step in improving the flexibility and efficiency of the financial infrastructure will be to remove obstacles that hinder the use of cloud services such as the lack of standardized outsourcing and processing agreements in connection with cloud services, data localization restrictions or the dependency on a few non-EU cloud providers. With regard to repeated cyber incidents and attacks, there is a constant need to align the regulatory and supervisory approach to ensure the integrity of IT resources and the security of the financial sector. The ongoing digital development of the financial sector is a coin of two sides, as it also increases the risk to be attacked and exploited by cyber criminals, thereby undermining confidence in the financial markets and FinTech. The Commission now aims to evaluate possible gaps in current EU financial sector legislation and to find appropriate and sufficient means to ensure an adequate level of resilience.

Additionally, the Commission published a related proposal for an amendment of the Directive 2014/65/EU (commonly known as MiFID II). The amendment assumes a Regulation on European Crowdfunding Service Providers will enter into force and seeks to draw a line between the scopes of application of both measures. In particular, crowdfunding service providers which obtain a license under the future Crowdfunding Service Providers Regulation shall be exempted from the scope of application of MiFID II. The proposal for the Regulation on European Crowdfunding Service Providers (ECSP) for Business was published by the Commission on March 8, 2018.7 The proposal has been put forward for adoption by the European Parliament and Council. The consultation period runs until May 3, 2018.

The Action Plan is only one more project in a series of the Commission’s efforts on a way to a single European capital market. One of the major previous projects in the course of the CMU implementation was the new Prospectus Regulation (EU) 2017/1129, which significantly raised the threshold for prospectus free security offerings, and provided a general exemption for offerings with a total volume of up to €1 million and the possibility for the member states to raise this threshold to €8 million. The new Prospectus Regulation also introduced the EU Growth Prospectus, which is available to small and medium-sized enterprises (SMEs) or issuers, (a) whose securities are traded or are to be traded on an SME growth market, provided that they have an average market capitalization of less than €500 million; or (b) where the offer of securities to the public is of a total consideration of less than €20 million, provided that no securities are traded on a Multilateral Trading Facility (e.g. Scale) and the average number of employees during the previous financial year does not exceed 499 persons. Previously, MiFID II added a new sub category within the MTFs – a so called “SME growth market” aimed at facilitating access to capital for SMEs as well as the further development of specialist markets that aim to cater for the needs of small and medium-sized issuers. MTF operators may (but do not have to) register as an SME growth market with their home supervisory authority, assuming they meet certain requirements set by the member states in accordance with Art. 33 of MiFID II. In particular, at least 50% of the issuers whose financial instruments are admitted to trading on the MTF must be SMEs at the time the MTF is registered as an SME growth market and in any calendar year thereafter. For example AIM, the London Stock Exchange’s international market for smaller growing companies, has already been registered as an SME growth market,8 while the Frankfurt Stock Exchange has designated its relatively new segment Scale as an SME targeting place, but was not yet registered. Nevertheless, some critics have raised the concern that the Commission’s efforts could miss the mark if the MTFs end up imposing additional admission hurdles on issuers, which an SME issuer cannot fulfill.