On 15 March 2018, the European Banking Authority (EBA) published its FinTech Roadmap setting out the next steps and indicative milestones for 2018/2019.

The Roadmap Roadmap takes into account the outcomes of the EBA FinTech Discussion Paper published in August 2017 and the European Commission FinTech Action Plan of March 2018.

The Roadmap explains the approach that EBA will take in relation to the following priorities:

Authorisation and regulatory perimeter issues relating to FinTech

The authorisation work stream will involve the monitoring of the regulatory perimeter, including assessing current authorisation and licencing approaches to FinTech firms.

More specifically, the EBA will map the authorisation and licensing approaches and procedures applied by competent authorities when authorising firms adopting innovative FinTech business models.

The EBA expects to finalise, before the year end, its assessment with a view to publishing a report and, if appropriate, an opinion.

Regulatory sandboxes and innovation hubs

The EBA will analyse regulatory sandboxes and innovation hubs with a view to developing a set of best practices to enhance consistency and facilitate supervisory co-ordination.

To this end, the EBA will conduct an analysis, also on the basis of a further survey of competent authorities, of the features of the regulatory sandboxes.

The EBA will report, by the year end, on the outcome of this work, and where appropriate, this will be accompanied by an opinion and/or proposals to promote best practices and enhance supervisory consistency in the operation of regulatory sandboxes, including, where appropriate, EBA guidelines.

This may have an impact on countries like Italy which do not have regulatory sandboxes.

Impact on incumbent institutions' business models and prudential risks and opportunities arising from the use of FinTech

The EBA will monitor emerging trends and analyse the impact on incumbent institutions’ business models and the prudential risks and opportunities arising from the use of FinTech in order to enhance knowledge sharing.

This work will result in a report on the impact of FinTech on the business models of institutions and a report on prudential risks and opportunities for institutions focussing on several use cases.


The EBA will promote best supervisory practices on assessing cybersecurity and a common cyber threat testing framework.

The EBA will focus on:

  1. producing ICT risk guidelines addressed to credit institutions and investment firms, which will include guidance for evaluating and mitigating ICT risk, including cybersecurity risk; 
  2. (producing harmonised supervisory practices for assessing the management of cybersecurity risk in credit institutions, investment firms, payment institutions and e-money institutions; 
  3. (evaluating the development of an intelligence-led cyber threat-testing framework and promote best practices. 

In addition, also a potential follow-up actions in relation to security incident reports pursuant to PSD2 may be envisaged.

Consumer protection

The EBA's intention is also to address consumer issues arising from FinTech, in particular in the areas of unclear regulatory status of FinTech firms and related disclosure to consumers, potential national barriers preventing FinTech firms from scaling up services to consumers across the single market, as well as to assess appropriateness of the current regulatory framework for virtual currencies. 

During 2018, the EBA will conduct work on unclear regulatory status, cross-border issues, disclosure, automation in advice.

During 2019, the EBA will assess the applicability of the Alternative Dispute Resolution Directive to FinTech firms and the financial exclusion in the context of big data algorithms.

The EBA will also continue to monitor, among other things, developments on the interaction between PSD2 and GDPR and eIDAS Regulation.


The EBA undertakes to identify and assess money laundering/terrorism financing (ML/TF) risks associated with regulated FinTech firms, technology providers and FinTech solutions.

The EBA is working to address the knowledge gap between FinTech firms, technology providers and AML/CFT competent authorities by facilitating the sharing of knowledge also through meetings and round tables.

The envisaged outcome is the publication of a fact-finding exercise on ML/TF risk associated with FinTech solutions and providers and an update of the Risk Factor Guidelines.

FinTech Knowledge Hub

The Roadmap also mentions the establishment of a FinTech Knowledge Hub.

Receive free news and analysis – written by Hogan Lovells' world-leading legal teams and tailored to your preferences –  by registering on Engage. You can also access our cutting-edge interactive Lawtech tools, designed to help you make better decisions and save time and money.

 You can also keep track of all the Engage content by following our LinkedIn page.