With fintechs attracting increasing interest from venture capitalists, growth in the M&A activity and partnerships with incumbents, 2018 is shaping up to be the year of the regulators.

Following a public consultation last year, the European Commission is expected to announce its fintech action plan in February 2018 with a remit to create a more competitive and innovative European financial sector.

The European Commission indicated that it will focus on three core principles—firstly, to enable innovative business models to reach EU scale through technology neutrality so that the same rules are applied to traditionally sold products and services (e.g., via branches) as those sold digitally; secondly, to support the uptake of technological innovation in the financial sector through proportionality so that the rules are suitable for different business models, size and activities of the regulated entities; and thirdly, to enhance the security and integrity of the financial sector to ensure transparency, privacy and security for consumers. It remains to be seen how these will be translated into policy initiatives and legislative actions.

It will be particularly interesting to see which measures the European Commission will propose in order to reduce barriers in the single market for fintechs, e.g., by proposing streamlined authorization and registration regimes for fintechs in EU countries, or EU-wide regulatory sandbox regimes. The European Banking Authority (EBA) identified authorization and sandboxing regimes also as a possible area of future work in its fintech discussion paper.

Data security and cybersecurity concerns were top of the agenda in the consultation, and distributed ledger technology (DLT) is also a point of attention, although it remains to be seen whether this will result in EU-wide regulatory action, or rather in "softer" measures such as the setting up of observatories on the topic and the development of best practices.

In February 2018, the European Commission announced the creation of a EU Blockchain Observatory and Forum to act as a location for building European expertise on blockchain.

Fintechs and financial stability

In 2017, the Financial Stability Board (FSB) issued a report on the potential financial stability implications from fintech. The FSB identified three areas as priorities for international collaboration:

  • The need to manage operational risk from third-party service providers
  • Mitigating cyber risks
  • Monitoring macrofinancial risk that could emerge as fintech activities increase

In the EU, based on the fintech mapping exercise and existing EBA work, the European Banking Authority identified (i) the impact on prudential and operational risks for credit institutions, electronic money institutions and payment institutions; (ii) the impact of fintech on the business models of these institutions; and (iii) the impact of fintech on the resolution of financial firms as possible areas of future work.

We expect an increased focus on outsourcing arrangements and other aspects of fintech that can have an impact on operational risks and financial stability in 2018.

Artificial intelligence under the microscope

As part of its consultation on fintech in 20171, the European Commission asked a number of questions regarding AI, such as:

  • Is enhanced oversight of the use of artificial intelligence (and its underpinning algorithmic infrastructure) required? For instance, should a system of initial and ongoing review of the technological architecture, including transparency and reliability of the algorithms, be put in place?
  • What minimum characteristics and amount of information about the service user and the product portfolio (if any) should be included in algorithms used by the service providers (e.g., as regards risk profile)?
  • What consumer protection challenges/risks have you identified with regard to artificial intelligence and Big Data analytics (e.g., robo-advice)?

The European Parliament carried out a consultation on the future of robotics and artificial intelligence. The results of the consultation will feed into the forthcoming European Parliamentary Research Service’s Cost of Non-Europe on Robotics and Artificial Intelligence Report, and help the European Parliament to address the ethical, economic, legal, and social issues arising in the area of robotics and artificial intelligence for civil use.

We expect further scrutiny by EU and national regulators of the application of AI in general, as well as in the specific fintech context in 2018. It will be interesting to see whether the developments in this area will be limited to "best practices" and soft law recommendations, or will move beyond that to prescriptive, hard law measures.

Towards fintech-friendly jurisdictions

Fintech regulation remains to some extent a national patchwork of various regulations, also within the EU.

It will be interesting to monitor whether national regulations adopt innovative "fintech-friendly" measures to profile themselves as the jurisdiction of choice for forward-looking financial companies.

By way of example, France adopted a pioneering regulation aimed at creating a formal legal framework for the use of blockchain technology for the issuance and transfer of unlisted securities. A further implementing decree will need to be introduced by July 1, 2018.

The dawn of crypto-currency regulation

France’s finance minister, Bruno Le Maire, said at the end of 2017 that he will propose that the G20 group of major economies discuss regulation of the bitcoin virtual currency when it meets in April. The German finance minister, Peter Altmaier, has expressed his support for this proposal, which will include the risks of speculative activities and fraud.

Le Maire also instructed Jean-Pierre Landau, a former French central bank governor, to further investigate the topic of cryptocurrencies and to propose guidelines for the further development of regulation on the topic. Any resulting regulation must be aimed at avoiding tax evasion, money laundering and the financing of criminal activities and terrorism.

These developments are linked to an increased regulatory focus on cryptocurrencies in other parts of the world, such as China and South Korea.

New anti-money laundering rules loom

After lengthy discussions, the European Parliament and the European Council reached an agreement regarding the amendment to the Anti- Money Laundering Directive, initially proposed by the European Commission in July 2016 (AML 5).

The text still needs to be officially endorsed by the Council and the European Parliament before its publication; parliament and council will be called to adopt the proposed directive in the first reading. The publication is expected towards the middle of 2018, with implementation expected by the end of 2019.

AML5 will extend the scope of application of the existing EU anti-money laundering regulations to virtual currency exchange platforms and custodian wallet providers. Virtual currency exchange platforms and custodian wallet providers will have to apply customer due diligence controls, ending the anonymity that could be associated with such exchanges.

For exchanges and service providers already complying with stricter rules applicable in the US or in other jurisdictions, the AML5 requirements will not herald a significant change to their business practices, but rather a need to fine-tune and to be prepared for regulatory enforcement. For other market participants, AML5 will introduce tougher standards, which they will need to start preparing quickly for or risk falling behind.

A crackdown on the "Wild West" for ICOs

In November 2017, the European Securities and Markets Authority (ESMA) issued two statements on Initial Coin Offerings (ICOs), one on risks of ICOs for investors and another on the rules applicable to issuers. ESMA stated that "it has observed a rapid growth in ICOs globally and in Europe and is concerned that investors may be unaware of the high risks that they are taking when investing in ICOs. Additionally, ESMA is concerned that firms involved in ICOs may conduct their activities without complying with relevant applicable EU legislation".

The ESMA statement is confirmation of the idea that ICOs are an "unregulated" form of fundraising is indeed misleading. Instead, these operations require a careful assessment in light of various existing regulations, including applicable existing securities regulations

In the United States, the Securities and Exchange Commission and the US Department of Justice have indicated that they are actively scrutinizing ICOs, with the SEC starting to bring a number of charges. It remains to be seen whether EU regulators will follow this lead.

The regulation of ICOs is a patchwork. Within the EU, there is no fully harmonized securities regulation, so there is room for diverging approaches. We believe it will be important to continue to monitor the diverging regulatory approaches in the relevant jurisdictions, and it will be interesting to see whether some jurisdictions will develop as "safer" harbors for these types of transactions.

"Data as the new oil" and D-Day for GDPR in 2018

Finally, as the General Data Protection Regulation (GDPR) will formally come into force in the EU on May 25, 2018, the interaction with other regulations (such as PSD2) and fintech activities will be an important area to follow.