As part of its Fintech Action Plan, the European Commission established an expert group to identify regulatory obstacles to the adoption and scaling of fintech across the EU. That group has just published its findings in the form of thirty recommendations, calling for bold policy action across a number of areas. At the same time, the EC has launched two public consultations on crypto-assets and operational resilience in financial services. Both the expert recommendations and public consultations are likely to inform and drive the EU’s legislative agenda over the coming years.
Purpose of the report
As part of its Fintech Action Plan, the European Commission (EC) established an Expert Group on Regulatory Obstacles to Financial Innovation (ROFIEG) in 2018. The ROFIEG set out to consider what action would help to support the adoption and scaling of fintech across the EU and protect against key risks (e.g. to consumers, investors and financial stability).
30 recommendations, 4 categories
In its final report, the ROFIEG sets out thirty recommendations grouped into four categories:
- Category 1 - Adapting regulation for technology and technology for regulation: The need to adapt regulation to respond to new and changed risks caused by the use of innovative technologies (e.g. AI and DLT) and take up any emerging opportunities in regulatory and supervisory technology.
- Category 2 - Ending fragmentation and creating a level playing field: The need to remove regulatory fragmentation and ensure a level playing field between incumbents and new market entrants (both fintech start-ups and bigtechs) across the EU.
- Category 3 - Reconciling data regulation with developments in technology: The need to reconcile the regulation of personal and non-personal data with the opportunities and risks offered by fintech.
- Category 4 – Promoting financial inclusion and the ethical use of data: The need to consider the potential impact of fintech from the perspective of financial inclusion and the ethical use of data.
From the list of thirty, the group highlights the following areas of priority:
- Clarity around the explainability and interpretability of AI
(Recommendation 1, Category 1)
ROFIEG recommends measures to clarify in what circumstances it is appropriate to impose explainability and interpretability requirements around the use of artificial intelligence and related technologies, as well as guidance on how to meet such requirements. In particular, it highlights the need for guidelines in the context of credit-scoring. The report points to uncertainties and divergences around the application of GDPR (the EU’s General Data Protection Regulation) as one driver behind this recommendation.
- Same activity, same risks, same regulation
(Recommendation 13, Category 2)
ROFIEG recommends steps to ensure that financial sector regulation follows the principle that the “same activity creating the same risks should be regulated by the same rules”. This is a departure from the traditional institutions-based framework, which has meant that banks are often subject to more comprehensive regulatory requirements than their non-bank competitors. The report recommends that the principle apply to all types of rules, including prudential rules, organisational requirements and conduct rules. This could have a significant impact on tech giants seeking to provide financial services.
- Ending fragmentation, especially for KYC
(Recommendations 15 – 17, Category 2)
ROFIEG recommends the Commission work to ensure the “highest possible uniformity” in regulation across the EU. This is driven by a concern that regulatory fragmentation is hindering market efficiency by acting as a barrier to scaling, which also affects the competitiveness of EU-based fintech. In particular, it recommends that KYC processes and requirements are fully harmonised across the EU financial sector and calls for convergence in national positions towards the use of innovative technologies in customer due diligence.
- Preventing unfair treatment of competing downstream services
(Recommendation 22, Category 2)
ROFIEG recommends rules to ensure that large, vertically integrated platforms do not unfairly discriminate against downstream services that compete against their own similar services. For example, without appropriate regulation, large tech companies with access to significant data (including search histories or social media) could effectively lock customers into their platforms and promote only their own vertically integrated services. Similarly, providers of smartphone operating systems could prevent users from accessing competing payment applications.
- Better frameworks for non-personal data and user-driven data sharing
(Recommendations 27 and 28, Category 3)
ROFIEG flags that there is currently no GDPR-equivalent framework governing how non-personal data may be accessed and processed. This may create uncertainties and thus inefficiencies around the exchange of non-personal data, an asset which may have significant value for certain new business models. It recommends new measures to clarify the law in this area. It also recommends new rules to bring about broader user-driven data sharing in the economy, through the use of standardised sharing interfaces, for example. The report highlights the current asymmetry in the European market, where banks are required to provide customer account information to their competitors under PSD2 (the revised Payment Services Directive) whilst the operators of large digital platforms, which hold significant consumer data (for example, around social networks and spending patterns) are not obliged to reciprocate.
Legislative action to promote commercial use of crypto-assets
Whilst not specifically flagged as an area of priority, the report also calls for bold policy action around crypto-assets, including to promote their use in a commercial context across the EU. In particular, the report recommends a common conflict-of-laws rule, to address the question of which national law applies when the location of the relevant assets is spread across multiple jurisdictions through a distributed ledger.
It also calls for EU authorities to consider the clarification and harmonisation of other relevant aspects of commercial law, including matters of property, corporate and insolvency law. In discussing the ownership issues to be resolved, it hits on the key point that:
“Whilst the technology may suggest direct ownership of a particular crypto-asset, a clear legal structure must still exist to confer rights onto the token holder, extending to the underlying real-world assets (if any) held through custodial structures”
Harmonisation of taxonomies and tackling key risks flowing from activities in cryptoassets are some of the other recommendations in this area. On these points, the group emphasises the importance of having a uniform approach across the EU.
Soon after the ROFIEG report was released, the EC launched two new public consultations on:
- a framework for markets in crypto-assets; and
- a digital operational resilience framework for financial services
The consultation papers cover some of the same ground as the expert report in their respective areas. For example, the cryptoasset document touches on a number of the issues outlined above and stresses the importance of having a common EU framework for crypto-assets, including stablecoins. It dives considerably further into the detail, however, inviting views on legislative approaches to a wide range of related issues.
Stakeholders have until 18 March 2020 to contribute to the public consultations.
Both the expert recommendations and public consultations are likely to inform and drive the EU’s legislative agenda over the coming years.