National Competent Authorities do not typically distinguish between FinTech and traditional business models in their authorising and licensing activities. This is one of the findings set out in ESMA’s recently published report on the licensing regimes of FinTech firms (the “Report”), which provides an overview of ESMA’s work on mapping and assessing licensing approaches for innovative FinTech business models and divergences in national licensing regimes. Based on the evidence gathered, ESMA concludes that at present most innovative business models can operate within the existing EU laws and does not put forward any additional recommendations for changes in EU regulation at this stage.
In its FinTech Action Plan, adopted in March 2018, the European Commission asked ESMA and the other European Supervisory Authorities (the “ESAs”) to conduct several actions including, to map existing authorisation approaches, and, if necessary, clarify the applicable EU legislative framework for financial services.
ESMA conducted two surveys to gather evidence from national competent authorities (“NCAs”) on the licensing regime applicable to FinTech firms in their jurisdictions. The first, conducted in January 2018, sought to identify potential gaps and issues in the existing EU regulatory framework, assesses how the existing national regimes diverge and, if identified, propose recommendations to adapt the EU legislation to the emerging innovations. The second, launched one year later, attempted to identify the ways in which NCAs employed the concepts of “proportionality” and “flexibility” when licensing FinTech firms.
The Report (here) sets out the key findings resulting from those surveys, namely:
- regulatory gaps and issues primarily arise in the area of crypto-assets, initial coin offerings (“ICOs”) and distributed ledger technology (“DLT”). The NCAs called for more clarity at EU level with respect to the definition of financial instruments and the legal nature of cryptoassets;
- there is a need for greater clarity around the governance and risk management processes associated with both cloud security and cloud outsourcing;
- there is a direct link and interdependencies between innovation facilitators and authorising approaches for innovative FinTech business models; and
- there is a need for an EU wide holistic crowdfunding regime, in particular for crowdfunding based on non-MiFID II instruments.
In respect of its findings, ESMA is of the view that the issues raised are addressed in its recent Advice on ICOs and crypto-assets to the EU institutions and in the Joint ESA advices on:
- the need for legislative improvements relating to Information and Communication Technology risk management requirements in the EU financial sector; and
- the costs and benefits of a coherent cyber resilience testing framework for significant market participants and infrastructures within the EU financial sector.
Accordingly, ESMA did not put forward any additional recommendations for change. However, ESMA recognised the need for further examination in some areas, such as the proportionality of MiFID II provisions, especially with regard to the licensing requirements for small-scale trading platforms.