Banking & Finance Eurozone Hub
Our Expertise Banking & Finance
How does the Basel Committee on Banking Supervision (BCBS) "Consultative Document" differ from the EBA's FinTech Discussion Paper and what does this mean EU-27's banking sector?
On 31 August 2017, the Bank for International Settlements' BCBS joined the renewed debate on how FinTech is reshaping the financial sector. The BCBS is the leading global forum for coordinating policy on improving banking supervision worldwide. This Client Alert briefly discusses the impact of the proposals in the BCBS' Consultative Document titled: "Sound Practices: Implications of fintech developments for banks and bank supervisors"1 and why this matters for the EU27's banking sector.
In the EU the European Banking Authority (EBA), the European Central Bank (ECB) and a host of national supervisory authorities have been leading the debate on FinTech's opportunities, its risks as well as how to regulate activity and participants. The EU Commission has provided overarching policy guidance, which also extends beyond financial services, and has also set its priority for a Digital Single Market. With the BCBS' entry in to the debate and its role as the global standard setter, this will likely impact the EU's and Eurozone's own FinTech specific workstreams. What the BCBS paper does certainly do better than the EBA workstream is to ask supervisors and regulatory policymakers how they plan to embed FinTech and RegTech within their own operations and mandates.
So why does this all matter?
The BCBS periodically issues "standards", "guidelines" and "sound practices". In a number of jurisdictions, a degree of supervisory expectation exists that firms will comply with the relevant "BCBS principles" even where they do not have the force of law. The BCBS' consultation is still open for comment until 31 October 2017 and importantly it will close earlier than the EBA's own FinTech Discussion Paper2, which is scheduled to close on 6 November 2017. The contents and impacts of the EBA Discussion Paper were discussed in our recent Client Alert3.
The BCBS "sound practices" that are proposed in the BCBS paper cover similar themes to those "Proposed way forward" action points and EBA policy. Despite global consensus to supervise yet nurture FinTech, the differences between the BCBS and the EBA policy matter. Please see the Annexes hereto for further
1 See: https://www.bis.org/bcbs/publ/d415.htm 2 Available: http://www.eba.europa.eu/documents/10180/1919160/EBA+Discussion+Paper+on+Fintech+%28EBA-DP2017-02%29.pdf 3 Available: http://www.bakermckenzie.com/en/insight/publications/2017/09/eba-launches-consultation
analysis. That being said, it is conceivable that the outcome of the BCBS Consultative Document may influence and shape the EBA's own policymaking on FinTech. For market participants, this would also avoid a situation where, certainly in the EU, one would have to think about how to concurrently meet BCBS as well as EBA driven policy along with supervisory expectations of the European Supervisory Authorities, the ECB and national authorities. Any dual application of standards would also likely hinder the EBA's priorities to harmonise regulation and improve supervisory convergence more generally and specifically in relation to FinTech.
That being said, the BCBS is a global forum4. Consequently, this may mean that outside the EU, the BCBS "sound practices" might have greater relevance as the benchmark standard as opposed to the EU, where EU standards will take precedence. As an example, the BCBS' shaping of the prudential capital regime known as "Basel III international regulatory framework for banks", co-exists with various jurisdiction specific implementations across the globe. In the EU, this led to CRR/CRD IV being introduced as harmonising legislative instruments so that the BCBS global standard was thus supplemented, implemented and amended by those EU standards.
Nevertheless, the BCBS also publishes standalone regulatory standards. Some of these cover areas that are not covered or not as fully covered by EU and/or national rules. In such cases, BCBS standards may remain the preferred benchmark for supervisor and supervised alike. Then there are cases such as BCBS 239: "Principles for effective risk data aggregation and risk reporting"5, where the BCBS Principles are the preferred point that supervisors and supervised consider. This is the case even if some of the contents are thematically covered by national or EU legislative and regulatory instruments.
In short, whilst the EU Commission and the EBA have the power to make binding regulatory and supervisory policy across the EU-27 and the Eurozone-19's banking sector, and whilst national supervisory and Banking Union supervisory authorities will police compliance, what the BCBS publishes will certainly matter. For those stakeholders, whether FinTech or "traditional" financial services providers, that are likely to be affected by the policy proposals of both papers will need to prioritise where they respond and how. This may mean looking at where there are minimum common standards and how to leverage value from this.
A tale of two papers... with some common themes and conclusions
Rather unsurprisingly, whilst the two papers differ in content and depth, they are both in agreement that the emergence of FinTech provides opportunities yet also presents new and additional risks. Both BCBS and EBA conclude that FinTech may prompt disruption to "traditional" financial services. Such disruption may translate into adverse impacts and certainly risks for incumbent and traditional financial services providers in maintaining their current operating models, especially in light of the changing nature of technology and customer expectations as well as who will ultimately "own the customer relationship" across various products and services.
4 As per its mission statement: "The Basel Committee on Banking Supervision provides a forum for regular cooperation on banking supervisory matters. Its objective is to enhance understanding of key supervisory issues and improve the quality of banking supervision worldwide." 5 See: http://www.bis.org/publ/bcbs239.pdf
Both papers put forward specific policy proposals across thematic areas. The grounds for the policy proposals are based on research conducted by the relevant organisations. Both papers also found that there is no common definition of what constitutes FinTech and instead pointed to the "working definition"6 of the Financial Stability Board. The papers equally found that discrepancies of how and what type of FinTech activity is regulated, and by whom, existed and that the breadth of discrepancies differed widely across the jurisdictions surveyed.
Despite the common findings and themes, the policy proposals in the BCBS paper are quite high-level in their scope and substance when compared to those put forward in the EBA Discussion Paper. The BCBS puts forward 10 "Observations" which are supplemented by 10 "Recommendations". Despite overlaps in terms of thematic areas, the BCBS "Recommendations" do not contain, nor are they drafted with the intention of providing, the same level of commitment to definitive policy or rulemaking workstreams as the EBA's own "Proposed way forward" action points.
The EBA "Proposed way forward" points set goals to nurture FinTech and harmonise supervision across all of financial services activity within the EBA's mandate. In contrast, the BCBS' drafting aims to provide supervisors and the supervised with food for thought on how to forward plan how to identify, mitigate and manage risks from FinTech's potential to adversely disrupt as well as how to nurture and promote FinTech's positive developments. Analysis of these overlaps and conceptual gaps are set-out in Annex A hereto.
BCBS Sectors, EBA Clusters and a "regulatory Rosetta Stone"
The EBA's survey resulted in creating four specific FinTech "Clusters" (See Annex C). These set out specific FinTech activities that are within the EBA's mandate. These Clusters form in many ways a useful first step to building a quasi "regulatory Rosetta Stone" to delineate how FinTech activity is compatible with respective regulated activity in the "traditional" financial services sector.
The BCBS' survey followed the same methodology of grouping activity, albeit without creating the same link mapping the corresponding "traditional" financial services regulated activity. In short, this has led to duplication of work and conceptual differences. This led to the BCBS FinTech "Sectors" and corresponding "financial activity lines", which are set out in Annex B hereto and which are comparably more high-level than what the EBA has produced. In summary, a BCBS Sector may cover areas in an EBA Cluster, but the EBA Clusters are more granular and thus a BCBS Sector and EBA Cluster may not be mutually exclusive and subject to gaps such as the EBA having an entire Cluster D "Other related financial service" with activity that is different than the BCBS' Sector "Market Support Services".
Outlook and some next steps
Both BCBS and the EBA, along with a host of other existing and possibly pending supervisory policy papers on FinTech, have concluded that more cooperation and supervisory convergence is needed to ensure a harmonise regulatory environment
6 "technologically enabled financial innovation that could result in new business models, applications, processes or products with an associated material effect on financial markets and institutions and the provision of financial services."
for FinTech providers, users and competitors alike. The flurry of publications on the same subjects, themes and policy responses however makes this goal potentially a longer one to achieve.
That being the case, the BCBS paper's analysis, the proposed scenarios, defined terms and cross-reference to how FinTech might interlink with the BCBS 2011 "Principles for sound management of operational risk" (PSMOR)7 is valuable in advancing the debate on how FinTech can impact and/or reshape the identification, mitigation and management of operational risk, even if national or EU level requirements apply in that area.
Market participants and stakeholders, especially those operating in the EU and/or the Eurozone will need to carefully consider where they dedicate their resources in responding. Globally active institutions may also want to weigh up how much their engagement on FinTech workstreams can shape that what is being proposed at the global level will be followed, without super-equivalent requirements, at the regional and thus EU level.
The degree of where participants will aim to dedicate their time to respond is also likely to be largely driven by whether there are any stakeholder representative groups that can take the lead and efficiently present a concise and harmonised voice for relevant persons. In any event, as with the EBA Discussion Paper, the BCBS Consultative Document marks yet another step in a coming of age for this sector of financial services activity as well as the "future proofing" of regulatory concepts and supervisory approaches.
BCBS' 10 key Observations and Recommendations:
Conceptual equivalence in EBA Discussion Paper?
1 The nature and the Banks and bank
scope of banking
risks as traditionally consider how they balance
ensuring the safety and
significantly change soundness of the banking
over time with the
system with minimising the
growing adoption of risk of inadvertently
FinTech, in the form inhibiting beneficial
of both new
innovation in the financial
sector. Such a balanced
approach would promote
While these changes the safety and soundness
may result in new
of banks, financial stability,
risks, they can also consumer protection and
open up new
compliance with applicable
laws and regulations,
consumers, banks, including anti-money
the banking system laundering and countering
7 See www.bis.org/publ/bcbs195.htm
and bank supervisors.
financing of terrorism (AML/CFT) regulations, without unnecessarily hampering beneficial innovations in financial services, including those aimed at financial inclusion.
2 For banks, the key
Banks should ensure that
risks associated with they have effective
Yes, but no mention of
the emergence of
governance structures and
processes in order to
identify, manage and
monitor risks associated
with the use of enabling
These risks were
technologies and the
identified for both
emergence of new
incumbent banks and business models and
new FinTech entrants entrants into the banking
into the financial
system brought about by
These structures and
processes should include:
robust strategic and business planning processes that allow banks to adapt revenue and profitability plans in view of the potential impact of new technologies and market entrants;
sound new product approval and change management processes to appropriately address changes not only in technology, but also in business processes;
implementation of the Basel Committee's Principles for sound management of operational risk (PSMOR) with due consideration to FinTech developments; and
monitoring and reviewing of compliance with applicable regulatory requirements, including
those related to consumer protection, data protection and AML/CFT when introducing new products, services or channels.
3 Banks, service
Banks should ensure they
have effective IT and other
FinTech firms are
increasingly adopting processes that address
the risks of the new
implement the effective
financial products and needed to properly support
technologies, such as
but also pose their
own inherent risks.
4 Banks are increasingly
Banks should ensure they have appropriate
To a certain degree yes
partnering with and/or processes for due
- outsourcing however
outsourcing operational support
diligence, risk management and ongoing
for technology-based monitoring of any
financial services to third-party service
operation outsourced to a third party, including
covered in other
providers, including FinTech firms. Contracts
should outline the
causing the delivery responsibilities of each
of financial services party, agreed service
to become more
levels and audit rights.
Banks should maintain
commoditised. While controls for outsourced
services to the same
can 6 Implications of standard as the operations
conducted within the bank
banks and bank
supervisors arise for
a multitude of
typically occurs for
reasons of cost-
flexibility and/or increased security and operational resilience. While operations can be outsourced, the associated risks and liabilities for those operations and delivery of the financial services remain with the banks.
Bank supervisors should
cooperate with other public
expected to raise
authorities responsible for
issues that go beyond oversight of regulatory
the scope of
functions related to
FinTech, such as conduct
supervision, as other authorities, data protection
objectives may also authorities and financial
be at stake, such as intelligence units, with the
objective of, where
privacy, data and IT appropriate, developing
security, consumer standards and regulatory
protection, fostering oversight of the provision
of banking services,
whether or not the service
is provided by a bank or
6 While many FinTech Given the current and
firms and their products in
potential global growth of FinTech companies,
particular, businesses international cooperation
focused on lending between supervisors is
currently focused at supervisory activities for
the national or
regional level, some operations, where
FinTech firms already appropriate.
operate in multiple
especially in the
payments and cross-
potential for these
firms to expand their
operations is high,
especially in the area
7 FinTech has the potential to change
Bank supervisors should assess their current
To an extent - yes
traditional banking business models, structures and operations. As the delivery of financial services becomes increasingly technology-driven, reassessment of current supervision models in response to these changes could help bank supervisors adapt to FinTech related developments and ensure continued effective oversight and supervision of the banking system.
staffing and training models to ensure that the knowledge, skills and tools of their staff remain relevant and effective in supervising new technologies and innovative business models. Supervisors should also consider whether additional specialised skills are needed to complement existing expertise.
8 The same
consider investigating and
offer efficiencies and exploring the potential of
new technologies to
FinTech firms and
improve their methods and
banks, such as
processes. Information on
AI/ML/advanced data policies and practices
analytics, DLT, cloud should be shared among
computing and APIs, supervisors.
may also improve
9 Current bank
Supervisors should review
their current regulatory,
supervisory and licensing
licensing frameworks frameworks in light of new
generally predate the and evolving risks arising
technologies and new from innovative products
business models of and business models.
FinTech firms. This Within applicable statutory
may create the risk of authorities and
unintended regulatory jurisdictions, supervisors
gaps when new
should consider whether
these frameworks are
move critical banking sufficiently proportionate
and adaptive to
ensuring safety and
conversely, result in soundness and consumer
unintended barriers to protection expectations
entry for new
with mitigating the risk of
business models and inadvertently raising
barriers to entry for new
firms or new business
10 The common aim of jurisdictions is to
strike the right
Supervisors should learn from each other's
approaches and practices,
No - at least not as explicitly
No - at least not as explicitly
No - at least not as 8
balance between safeguarding financial stability and consumer protection while leaving room for innovation. Some agencies have put in place approaches to improve interaction with innovative financial players and to facilitate innovative technologies and business models in financial services (e.g. innovation hubs, accelerators, regulatory sandboxes and other forms of interaction) with distinct differences.
and consider whether it would be appropriate to implement similar approaches or practices.
BCBS' FinTech Sectors8
Comprised of 3 "Sectors" and 8 items that are "Market Support Services":
Sector Sector 1 Credit, deposit and capital raising services
Financial activity types Crowdfunding; Lending marketplaces; Mobile banks; and Credit-scoring.
Sector 2 Payments, clearing and settlement services
Retail Mobile-wallets; Peer-to-peer transfers;
and Digital currencies.
Wholesale Value transfer networks; FX wholesale; and Digital exchange
Sector 3 Investment management services
"Market Support Services"
High-frequency trading; Copy-trading; E-trading; and Robo-advice.
Portal and data aggregators; Ecosystems (infrastructure, open source, APIs); Data applications (big data analysis, machine learning,
predictive modelling); Distributed ledger technology (blockchain, smart
8 See page 9 of BCBS Discussion Paper.
contracts); Security (customer identification and authentication); Cloud computing; Internet of things/mobile technology; and Artificial intelligence (bots, automation in finance,
EBA's six thematic areas and the "Proposed way forward" action points
1. Authorisation and registration regimes and sandboxing /innovation hub approaches
2. Prudential risks and opportunities for credit institutions, payment institutions and electronic money institutions
"Proposed way forward" points - specific actions to be undertaken by the EBA include:
producing a Report or Opinion comparing regulatory treatment of selected activities and provision of services with a view to reviewing the regulatory perimeter and whether to change how regulatory principles interact with one another and how these are shaped by FinTech;
undertaking further assessment of the features of a sandboxing regime, innovation hub and similar regimes;
conducting an assessment on the merits of converting EBA Guidelines on PSD2 authorisations into Regulatory Technical Standards; and
reviewing the merits of harmonising how authorisation applications are reviewed in order to achieve more consistent supervisory practices including possibly looking at ESMA and/or Banking Union approaches for inspiration.
undertaking further work on identifying the prudential regulatory risks and opportunities for credit institutions, payment institutions and electronic money institutions using new technologies and FinTech and providing EBA supervisory Guidance to national supervisors in the ESFS (and possibly to the Banking Union) on how to coordinate supervisory approaches and identify systemic issues;
assessing risks and use cases specific for the additional use of "blockchain" and other DLT-based solutions in the payments market and possibly include updates to supervisory warnings and Opinions on the use of virtual currencies; and
continuing the development and implementation of security related products required under PSD2 and take remedial action where necessary.
3. The impact of FinTech on the
continued monitoring of FinTech's impact on existing business models and the strategic responses of firms;
business models of
credit institutions, payment institutions and electronic money institutions
monitoring the relationships between incumbent and new players is set to evolve in the financial sector and what this means for changes in the ownership of customer relationships, threats to business model viability and what new business and distribution chain
models are emerging due to FinTech's evolution.
assessing how to extend the regulatory perimeter to
protection and retail
better protect consumers. The EBA may also propose
specific new consumer protection measures;
improving relevant deficiencies in clarity on whether
the provision of financial services over the internet is
acting under the freedom to provide services (as
permitted under the respective licences) and whether
this needs strengthening as part of the concurrent work
of the Joint Committee of the three ESAs on cross-
border supervision of retail financial services;
deciding whether to update or upgrade relevant EBA
Guidelines and relevant Regulatory Technical
Standards within the EBA's mandate to improve
supervision and information sharing within the ESFS;
exploring the issuance of Guidelines and/or supervisory Recommendations addressed to relevant components of the ESFS and/or financial institutions to establish consistent efficient and effective supervisory practices and/or internal processes within supervised institutions on complaints handling (mostly relevant for retail clients);
advancing further work to:
o review barriers in EU legislation that restricts
digitisation (by requiring physical presence, paper
copies, wet ink i.e. handwritten signatures);
o assess how information should be assessed in the digital ecosystem and provision of banking systems through digital and mobile channels;
o explore presence of regulatory gaps, specifically re
disclosure relating to banking products and
services provided by FinTech firms;
o evaluate the need for standard information on risks
(the Discussion Paper does not call for a FinTech
"Key Investor Information Document" - which
should cause a sigh of relief from most) that might
take the form of non-text measures to ensure
disclosure obligations are presented and digested
as well as disclosure requirements that improve
o how to improve financial literacy and reduce
financial exclusion by continuing to coordinate and
foster national initiatives and promoting transparency and clarity of pre-contractual information.
5. The impact of FinTech on the resolution of financial firms
6. The impact of FinTech on AML/CFT
evaluating how to improve the prevalence of RRP plans as well as how to improve RRP regimes for FinTech firms; and
reviewing how digitisation may also speed up the movements of deposits in times of crisis as well as how it changes behavioural patterns in relation to deposit runs.
working in conjunction with its sister ESAs: ESMA and EIOPA, the EBA will finalise an Opinion on the use of FinTech solutions for AML/CFT purposes and how to embed a more harmonised approach across the EU.
EBA's FinTech Clusters9:
In comparison to the BCBS Consultative Document, the EBA's FinTech Clusters and the Financial Services Types provide for greater clarity:
Cluster Cluster A Credit, deposit and capital raising services
Cluster B Payments, clearing and settlement services
Financial Services Type
A1: taking deposits; A2: taking other repayable funds (i.e. funds other
than deposits); A3: lending, including inter alia, consumer credit,
credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting); A4: financial leasing; A5: guarantees and commitments; A6: credit intermediation under article 4(5) of the Mortgage Credit Directive (Directive 2014/17/EU); A7: money broking; or A8: any other financial services of a kind within this cluster. B1: provision of payment accounts; B2: services enabling cash to be placed on a payment account as well as the operations required for operating a payment account; B3: services enabling cash withdrawals from a payment account as well as all the operations required for operating a payment account; B4: execution of direct debits including one-off direct
9 See also page 18 of the EBA Discussion Paper.
Cluster C Investment services/investment management services
debits; B5: execution of payment transactions through a
payment card or a similar device; B6: execution of credit transfers; B7: issuing of payment instruments; B8: acquiring of payment transactions; B9: money remittance; B10: issuing and administering means of payment
other than those referred to in Art. 4(3) of PSD (Directive 2007/64/EU); B11: services to initiate payment orders at the request of the payment service user with respect to a payment account held with another payment service provider; B12: services to provide consolidated information on one or more payment accounts held by the payment services user with another payment services provider. NB: this may include "screen-scraping"; B13: operation of fa payment system; B14: ancillary services to payment and/or e-money services (see Art. 16(1)(a) PSD); B15: issuance of e-money; B16: distribution of e-money; B17: redemption of e-money; B18: currency exchange; or B19: any other financial services of a kind within this cluster.
C1: Trading for own account or for account of customers in any of the items referred to in point 7 of Annex 1 to CRD IV (Directive 2013/36/EU);
C2: participation in securities issues and provision of services relating to such issues;
C3: advice to undertakings on capital structures, industrial strategy (as per Point 9 of Annex 1 to CRD IV);
C4: portfolio management and advice; C5: safekeeping and administration of securities; C6: safe custody services; C7: advisory services (per Art. 7 of Mortgage Credit
Directive); C8: any other financial services of a kind within this
Cluster D Other financial related activities
D1: credit reference services (as per Point 13 of Annex 1 to CRD IV);
D2: comparison services; D3: compliance services related to know your
customer/anti-money laundering; D4: compliance services - other; or D5: any other financial services of a kind within this
Many market participants might notice that the table above misses a number of business lines that might constitute regulated activity for purposes of a number other supervised sectors. Some of these fall within the mandate of EBA's sister authorities, ESMA and EIOPA. In order for the above to operate as a true tool of capturing what is happening in the FinTech world and what this might mean from an EU financial supervision perspective, this means taking the Clusters above and expanding them to capture all activity so that the table could operate as a more powerful regulatory Rosetta Stone going forward.
If you would like to receive more analysis from our wider Eurozone Group or in relation to the topics discussed above, including what the BCBS Consultative Document and/or the EBA Discussion Paper might mean for specific market participant types within or looking to enter the EU and/or the Eurozone, then please do get in touch with any of our Eurozone Hub key contacts below.
Eurozone Hub Contacts
Michael Huertas, LL.M., MBA Counsel Solicitor (England & Wales and Ireland) Registered European Lawyer Frankfurt michael.huertas@ bakermckenzie.com
Sandra Wittinghofer Partner Rechtsanwltin and Solicitor (England & Wales)
Dr. Manuel Lorenz, LL.M. Partner Rechtsanwalt and Solicitor (England & Wales)
Baker & McKenzie - Partnerschaft von Rechtsanwlten, Wirtschaftsprfern und Steuerberatern mbB
Friedrichstrasse 88/Unter den Linden 10117 Berlin Tel.: + 49 30 2 20 02 81 0 Fax: + 49 30 2 20 02 81 199
Neuer Zollhof 2 40221 Dusseldorf Tel.: + 49 211 3 11 16 0 Fax: + 49 211 3 11 16 199
Frankfurt am Main Bethmannstrasse 50-54 60311 Frankfurt / Main Tel.: + 49 69 2 99 08 0 Fax: + 49 69 2 99 08 108
Munich Theatinerstrasse 23 80333 Munich Tel.: + 49 89 5 52 38 0 Fax: + 49 89 5 52 38 199
This client newsletter is prepared for information purposes only. The information contained therein should not be relied on as legal advice and should, therefore, not be regarded as a substitute for detailed legal advice in the individual case. The advice of a qualified lawyer should always be sought in such cases. In the publishing of this Newsletter, we do not accept any liability in individual cases.
Baker & McKenzie - Partnerschaft von Rechtsanwlten, Wirtschaftsprfern und Steuerberatern mbB is a professional partnership under German law with its registered office in Frankfurt/Main, registered with the Local Court of Frankfurt/Main at PR No. 1602. It is associated with Baker & McKenzie International, a Verein organized under the laws of Switzerland. Members of Baker & McKenzie International are Baker McKenzie law firms around the world. In common with terminology used in professional service organizations, reference to a "partner" means a professional who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm.