On March 8, 2018, the European Commission (“Commission”) released a Fintech Action Plan (“Action Plan”) and a new proposal to regulate crowdfunding service providers.

The Action Plan, which follows a 2017 public consultation on technological innovation in the financial services industry, comprises of specific steps for the “EU to embrace digitalisation of the financial sector”. The Action Plan is part of the Commission’s broader initiatives to establish a capital markets union as well a single market for consumer financial and digital services. It also comes in the wake of the General Data Protection Regulation (“GDPR”) coming into effect later this year and a proposal for a regulatory framework providing for the free flow of non-personal data in the EU.

The nineteen targeted initiatives of the Action Plan are organized under three broad themes as follows:

A. Enable Businesses to Reach EU Scale

Clear, consistent licensing requirements to facilitate business growth to EU-scale

1. Crowdfunding Service Provider Regulation: Although the existing passport system enables businesses to provide their services across the EU, the Action Plan observes that regulators have taken conflicting approaches to more innovative business models, such as crowdfunding service providers. The Commission has thus proposed an EU Regulation on crowdfunding service providers with the aim to further encourage these businesses to grow across the EU while also providing sufficient investor protection.

2. Input from European Supervisory Authorities (“ESA”): The Commission will invite ESAs to map current licensing approaches for fintechs and to provide recommendations or guidance on the need for EU financial services legislation, if appropriate.

3. Crypto-Assets and Initial Coin Offerings (ICOs): In light of the emergence of ICOs as well as the volatility associated with crypto-assets, the Commission will work with ESAs and other authorities to assess whether regulatory action at the EU level is needed. The Action Plan recognizes the importance of finding a way for Europe to participate in this market while also keeping in mind such concerns as consumer protection, privacy, and financial stability.

Increase market competition and cooperation through common standards

4. Fintech Standards: The Commission aims to work with other bodies, such as the European Committee for Standardisation, to develop an approach on establishing fintech standards, including with respect to blockchain.

5. Industry Standards for Open Banking: The Commission will encourage industry players to develop standardised application programming interfaces that are compliant with the GDPR and the Payment Services Directive as a foundation for an open banking eco-system.

Use innovation facilitators (ie. regulatory sandboxes) to facilitate innovative businesses

6. Identify Best Practices for Fintech Facilitators: The Commission invites ESAs to identify best practices for Fintech facilitators (such as innovation hubs or regulatory sandboxes) and issue guidelines, if appropriate.

7. Information Sharing and Cooperation: The Commission encourages authorities at the national and EU level to follow the best practices identified, cooperate, and share information on the use of such fintech facilitators.

8. Report by Q1 2019: The Commission will author a report with best practices for regulatory sandboxes by 2019.

B. Support Technological Innovation in the Financial Sector

Assess suitability of rules in the financial sector

9. Expert Group on Obstacles to Financial Innovation: Feedback received during the public consultation raised concerns about ways in which existing rules might impede technological innovation such as the lack of clarity on the enforceability of smart contracts and regulatory requirements for paper-based disclosures. An expert group will be set up by the Commission to assess if there are unjustified regulatory obstacles to innovation in the financial services industry.

Remove obstacles to cloud services

10. Guidelines on Outsourcing: The Commission invites ESAs to determine if guidelines on outsourcing to cloud service providers are needed.

11. Industry Codes of Conduct: Stakeholders in the cloud industry are encouraged by the Commission to establish their own regulatory codes of conduct to ease switching between cloud service providers. Financial sector participants are also encouraged to facilitate data porting.

12. Standard Contractual Clauses: The Commission also encourages the development of standard contractual clauses for cloud outsourcing by financial institutions, particularly with respect to audit/reporting requirements and how the materiality of the outsourced activities would be determined.

EU Blockchain Initiative

13. Digitisation of Regulated Information: The Commission will carry out a consultation on the further digitisation of regulated information on listed companies, including whether a European Financial Transparency Gateway, built on distributed ledger technology, can be implemented.

14. Comprehensive Strategy: The Commission intends to continue developing a comprehensive approach to blockchain and distributed ledger technology addressing all sectors, including the use of Fintech and Regtech.

15. Blockchain as a Digital Services Infrastructure: Following the launch of an EU Blockchain Observatory and Forum earlier this year, there will be a further assessment of whether blockchain can be used as a digital services infrastructure under the Connecting Europe Facility and how blockchain can be used for the Next Generation Internet.

EU FinTech Lab

16. EU FinTech Lab: Starting in 2018, the Commission intends to host an EU FinTech Lab on a quarterly basis to bring together regulatory authorities and vendors to address concerns over authentication technologies, RegTech, open banking standards, machine learning and cloud technology, among other things.

Retail Investment Products

Retail Investment Products: The Commission will evaluate how technology, such as automated-advisors and online calculators, can be better used to aid consumers in comparing and finding suitable retail investment products from across the EU, noting that further work is needed to ensure, for instance, that datasets are interoperable.

C. Enhance the Financial Sector’s Cyber Resilience

17. Cyber Threat Workshop: The Commission will host a workshop in 2018 to evaluate how information on cyber threats can be better shared among industry players while still protecting privacy.

18. Cybersecurity Supervisory Practices: ESAs are invited to map by 2019 their existing supervisory practices around cybersecurity and consider issuing guidelines and further guidance to the Commission on legislative reform, if appropriate.

19. Cyber Resilience Testing Framework: ESAs are also invited to conduct a cost-benefit analysis of creating a cyber resilience testing framework for significant industry players within the entire EU financial industry.