The recent FinTech consultation paper asked respondents on how FinTech can facilitate greater access to credit, how Big Data affects individual consumers, and whether crowdfunding should be regulated on a pan-EU level. We review six key areas arising from the responses.
To help facilitate an EU-wide strategy, The European Commission issued a FinTech consultation paper in June 2017. The paper asked Financial Services Providers (“FSPs”) and consumers how FinTech could improve access to credit and other financial services and reduce costs while ensuring adequate protection of customer data. Responses to the paper touched on matters of long-standing interest to the Central Bank of Ireland, such as adequacy of IT systems and controls, regulatory reporting, and consumer protection. Interestingly, several other hot topics emerged from the consultation including regulatory sandboxes, robo-advice, RegTech and cloud computing, as well as secure transaction technology blockchain or distributed ledger technology. We explore the six key areas from the consultation and their potential impact on Irish FSPs.
Key Areas from Consultation
Given the Central Bank’s continued focus on the timeliness and accuracy of reports, the focus in the consultation on regulatory reporting is welcome. There is no doubt that many Irish FSPs’ regulatory reporting frameworks are over-reliant on manual processes, which gives rise to the potential for errors and an exposure to enforcement action. The FinTech consultation paper asked how digital technology could help manage the costs of complying with reporting obligations and how cloud computing, blockchain and outsourcing could reduce these costs. The responses to the consultation noted that blockchain could reduce costs in the securities markets by making post-trade processes more efficient and by enhancing reporting and data management. It was also submitted that RegTech presents the best opportunity for reducing compliance costs for FSPs and that it will allow firms to move towards more automated processes for preparing and submitting regulatory reports.
On the issue of cyber risk, the Commission sought feedback on the role of proportionality in meeting cybersecurity requirements. This question is particularly timely given that almost three in five Irish FSPs are concerned about IT security when dealing with their FinTech counterparts. The same number plan to invest in cybersecurity in the year ahead. In addition, the Cross-Industry Guidance on Cybersecurity, issued by the Central Bank in September 2016, already addresses the myriad requirements on Irish FSPs regarding their systems and controls around cyber risk. Disruption to Irish FSPs by FinTech, and the cost of complying with Central Bank requirements around IT, are key challenges to FSPs. It would benefit them if the final EU strategy on FinTech provided for mutual recognition of IT resilience test results obtained in one country by financial regulators across the Member States. The benefit of this is that resilience testing would not need to be repeated by the firm in every Member State in which it operates.
3. Big Data
It is evident that supervisory bodies across the EU see a number of risks for consumers arising from Big Data, such as price discrimination, financial exclusion and lack of transparency. On the other side, industry bodies see Big Data as a positive tool which allows FSPs to offer bespoke products to customers. There is recognition that the General Data Protection Regulation (GDPR) will help put in place adequate safeguards to protect consumers from any discriminatory and unfair practices that may arise as a result of Big Data. On the Irish regulatory front, on 29 June 2017, the Central Bank launched a Discussion Paper on the Consumer Protection Code and the Digitalisation of Financial Services with a view to amending the Consumer Protection Code (CPC) with a closing date of 27 October 2017 for comments. In that paper, the Central Bank sought feedback on whether the CPC is operating to block firms from adopting technologies that are beneficial to their clients, such as the use of Big Data. We will continue to monitor steps taken by the Central Bank on foot of that Discussion and any changes made to the CPC as a result.
4.Sensor data analytics (telematics)
As the EU Commission has been investigating alleged price-fixing in the Irish motor insurance industry, the use of sensor data analytics, also known as telematics, to reduce insurance costs is an important development for Irish motor insurers. While this technology could help manage costs, the use of telematics and wearable technology has advantages and disadvantages for consumers. On the basis of the responses received, however, it appears that industry bodies are in favour of the use of sensor data analytics as personalised data can offer more tailored pricing, and enable insurers to provide consumers with driver coaching, theft notification, stolen vehicle recovery services and advanced roadside assistance.
A financial regulatory sandbox is a ‘safe space’ in which FinTech businesses can test new products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of engaging in the activity in question. The consultation considered the possibility of a “FinTech licence” to allow FinTech businesses to operate across Europe on a level playing field. The Commission sought feedback on the feasibility of creating an EU-wide sandbox and regulatory framework targeted at FinTech businesses who want to operate on a cross-border basis. Sandboxes would allow regulators to work with businesses to foster disruptive innovation and help firms overcome the monetary, technical and regulatory barriers to wide-scale adoption of blockchain. However, while FSPs and potential new entrants to the financial services and FinTech industry clearly see a need for a sandbox, there does not appear to be any appetite on the part of the Central Bank to introduce one in Ireland in the FinTech space. Based on responses by public authorities, it appears that consumer protection concerns are at the heart of regulators’ reluctance around regulatory sandboxes. It will be interesting to see if this will change over time as the EU FinTech strategy develops, particularly as the sandbox tool is used to some degree by other financial regulators, including the FCA in the UK and ASIC in Australia.
Under current Irish law, the Central Bank’s codes of conduct and client asset rules do not apply to crowdfunding platforms and crowdfunding investors are not protected by the deposit guarantee scheme. Several of those who responded to the consultation paper submitted that crowdfunding should be subject to an EU-wide regulatory regime to protect those investing in crowdfunding platforms. It was submitted that crowdfunding platforms could be funded using blockchain by tokenising investments and that this would allow a wider range of people and entities to invest in SMEs across Europe and quicker, easier access to capital for SMEs.
What can we expect next?
While digital innovation, such as blockchain, telematics and Big Data, may afford FSPs significant business opportunities, it also poses certain risks to consumers. This FinTech consultation allowed interested parties to give their views on pressing questions facing FSPs, consumers and regulators.
The Commission is planning to prepare its EU strategy for FinTech based on the responses it has received to the consultation and based on the work of its FinTech Task Force. When the final strategy is published many commentators hope it will lead to a proportionate and pragmatic response to the regulation of cyber risk and to better quality regulatory reporting being submitted by FSPs. It remains to be seen what measures will be introduced on foot of the responses to the consultation to tackle the rising cost of compliance and to promote access to cross-border services for consumers of financial services. In the meantime, we will continue to keep interested parties updated on relevant FinTech legal and regulatory developments at the Irish and EU level.