On 12 July 2019 the European Securities and Markets Authority (ESMA) reported1 on the status of FinTech firm licensing regimes across the EU, based on two ESMA surveys of EU national competent authorities (NCAs). ESMA's report addresses its mandate under the European Commission's FinTech Action plan2 to map licensing approaches for innovative FinTech business models across Europe.

EU NCA surveys

ESMA's surveys, launched in January 2018 and 2019, aimed to identify gaps in the EU regulatory framework and any ways in which NCAs may currently apply proportionality and flexibility in licensing FinTech firms. Their scope was limited to firms supplying services within ESMA's remit of (i) clearing and settlement, (ii) capital raising, (iii) investment management and investor services, and (iv) market support.

The survey results confirmed that NCAs do not typically distinguish between FinTech and traditional business models in their authorisation and licensing activities, since authorisation applies to financial activities and is not technology-specific.

Most NCAs view the EU legislative framework as being flexible enough to apply licensing rules proportionately to emerging FinTech business models. Authorisation may be granted for only some of a firm’s requested investment services, with special conditions attached to any licence.

Cryptoasset gaps

The NCAs validated ESMA's January 2019 advice3 on Cryptoassets, Initial Coin Offerings (ICOs) and Distributed Ledger Technology (DLT)distinguishing cryptoassets already regulated at EU level as financial instruments under the Markets in Financial Instruments Directive II (MiFID II) from those which are not. Many NCAs raised a lack of clarity around the definition of financial instruments and the legal nature of cryptoassets. Some queried ICO issuers' self-assessment as issuers of utility tokens outside the regulatory perimeter, while others raised the potential need for regulatory amendments to take account of clearing and settlement on the blockchain, and the categorisation of some cryptoasset exchanges as MiFID II trading venues.

NCAs also asked for clarity around the eligibility of cryptoassets for regulated funds, valuation approaches and liquidity requirements. One suggested supplementing the existing framework for investment companies with specific rules on technological expertise for those whose investment funds include digital assets as a component. Another focused on cryptoasset custody rules, noting that one bank was seeking its guidance in this area. NCAs also suggested specifically regulating the brokerage and asset management of cryptoassets.

Cloud outsourcing and cyber security clarity

NCAs sought greater EU level clarity around governance and risk management of outsourcing to the cloud and cyber security. ESMA views the 10 April 2019 Joint Advice of the European Supervisory Authorities (ESAs)4 to the European Commission on the need for legislative improvements relating to Information and Communication Technology (ICT) risk management requirements in the EU financial sector, and on the costs and benefits of a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector, as addressing many of the issues raised.

Sandboxes and hubs could drive divergence

ESMA references the ESAs' January 2019 joint report on FinTech Regulatory Sandboxes and Innovation Hubs5 and the co-operation and co-ordination objectives of the 3 month-old European Forum for Innovation Facilitators6 in suggesting that innovation facilitators such as hubs and sandboxes may impact divergence across FinTech licensing regimes. A study on the UK Financial Conduct Authority’s sandbox is cited as showing its influence on regulation as well as on FinTech business models.

Crowdfunding, social trading and copy trading

ESMA notes, in response to concerns raised by NCAs around marketplace lending, that regulation of crowdfunding service providers is under scrutiny by the European Parliament and Council, and that the upcoming review of the Consumer Credit Directive is also pertinent, especially in relation to NCA questions concerning electronic platforms for student loans. NCAs also mentioned potentially amending MiFID II to clarify the position in relation to social trading (a form of investing which permits investors to observe the trading behaviours of their peers and traders and to follow their investment strategies using 'copy trading' methods7).

Other innovative business models

Two NCAs felt that business models involving digital ID verification, online identification or remote identification without human involvement - while not regulated - required more regulatory clarity at EU level. Other business models cited in this regard included paperless contracting, online strong customer authentication (SCA) exemption handling, and corporate factoring platforms.

What does this mean for market participants?

ESMA's report usefully sets out how regulators across Europe view the current operation of innovative business models within existing EU rules. ESMA concludes that no other new EU financial services regulation is needed at this stage (crypto/DLT, sandboxes and cloud outsourcing apart, all of which are subject to scrutiny in separate ongoing workstreams).

However some NCAs proposed areas for further examination, including the proportionality of MiFID II licensing requirements for smaller trading platforms currently categorised as a multilateral system and thus requiring licensing as a regulated market, Multilateral Trading Facility (MTF) or Organised Trading Facility (OTF).

Some NCAs also suggested that those FinTech firms providing pure technology services to regulated firms, while not themselves undertaking regulated activities, could also be regulated - though they did not propose how this might be done.