Response to discussion on Approach on financial technology (Fintech)
Go back
Whilst ESBG certainly agrees that further investigation is warranted, the following findings of the survey already deserve to be highlighted:
• 53% of FinTech firms are not regulated under EU or national law;
• Considering the emphasis placed by the legislator and regulator on the need for con-sumer protection, the presence of so many unregulated players would suggest either a failure in monitoring, (and/)or a policy decision to privilege “innovation” experiments potentially at the expense of consumer security, (and/)or a lack of transposition of the otherwise often boasted level playing field principle.
• Should none of the above assumptions hold, then the only possible conclusion to the survey findings would be that incumbent providers of financial services are over-regulated, an onerous framework that should urgently be repelled.
In that sense, the issues identified by the EBA in section 4.1 are relevant and complete. The remark however that “there may be reasons that justify differences in treatment” can only be accepted against the background of a call for further investigation of the FinTech landscape. Otherwise, the working assumption should remain that the same regulatory and supervisory obligations apply to the provision of same services, across the single market.
With respect to the policy approach to FinTech under national regimes, it would be very useful to see a mapping of national sandboxing regimes, innovation hubs or similar regimes with the regulatory and supervisory requirements applied by Member States: it would be difficult to understand that Member States with lax or inexistent requirements deploy an ambitious approach to sandboxing, innovation hubs or other regimes.
Furthermore ESBG recommends that, participation in potential sandboxes should not dis-criminate on the basis of entity size, but rather let all types of entities participate on equal terms (as e.g. is the case in the UK). Therefore, work to further assess the features of sand-boxing regimes, innovation hubs and similar regimes is supported. Thus, ESBG encourages the EBA to move forward with guidelines in this area and look forward to the final report.
The proposed way forward of the EBA – activities to be implemented in 2017/2018 - is supported, as is an assessment of the merits of converting the EBA Guidelines on authori-sations under PSD2 into an RTS once experience is obtained, this not only to ensure com-pliance but also to identify and certify that high levels of consumer and data protection are safeguarded. This assessment should also take national regulation into consideration.
• Innovative services (based on new technology) are not only (by far) provided by new market entrants.
• Innovative services do entail ICT risks. But incumbents who have in place tested pro-cesses and procedures for the introduction of new technology and products, and are subject to stringent business continuity and resilience obligations, should be better armed than new market entrants to mitigate such risks.
• In certain fields, new technology may indeed facilitate lower regulatory compliance costs. This however provides little solace to incumbent credit institutions when they have to compete with non-regulated, non-supervised market entrants.
• Generally, the experience of the past 5 years cannot but lead to challenge the assertion that FinTech (meaning: new technology) “preserv[es] fair competition”. The EBA sur-vey certainly does not paint either any “fair” competition landscape.
• A growing participation of new market entrants in the provision of financial services (and in the market infrastructures supporting these) inevitably leads to an increase in operational risk and hence capital requirements for incumbent credit institutions, thus increasing their cost base. Capital requirements arising from operational risks are cur-rently only required for incumbent credit institutions. However, the operational risks arising from innovative technological solutions for the provision of financial services also affect new market entrants, who might actually be more vulnerable than incum-bents. Therefore, as “a connected system is only as safe as its weakest element”, and adopting the “level-playing field” principle, new market entrants should be subject to capital requirements based on their operational risks.
• The much-vaunted sharing of data provides for a good illustration to that point. The General Data Protection Regulation places data controllers under stringent obligations (and sanctions in case of non-compliance). New market entrants may struggle with the implementation of this Regulation, and may not be equipped to meet the responsibility and liability requirements that an effective sharing of data demands.
Therefore, in order to provide guidance to supervisors on how to act on, understand and evaluate these new prudential risks, ESBG believes that it is essential to maintain commu-nication with and continuously observe trends in the industry. In particular, communica-tion between supervisors in identifying and evaluating new prudential risks stemming from new technologies would be useful to prevent regulatory arbitrage.
As through the application of new technologies, smaller non-regulated entities can poten-tially circumvent requirements of capital and/or liquidity and even AML/CFT controls when executing traditional bank services such as lending or payments. If these require-ments are eased or prone to circumvent, this could limit society’s capacity to withstand fi-nancial turbulence.
The above-mentioned arguments also imply that, in general, the global digitisation land-scape should be taken into consideration by European regulators and legislators. Of im-portance here are market drivers and market developments, as well as the implications that global entities have with respect to the formulation, entry into force and enforceability of legislation by European authorities. Provided these remarks are taken into consideration, the proposed way forward can be supported.
The key threat from FinTech for incumbent credit institutions will though come from plat-forms (i.a. distribution platforms, segment platforms, data aggregation platforms) including those characterized as “GAFAs”. This threat has not been identified by the EBA, and should be added. In general, this means that the global digitization landscape should be taken into consideration by regulators and legislators, with respect to both market drivers and developments, and the implications these may have with respect to the formulation, entry into force and enforceability of legislation by EU authorities.
Competition from platforms raises critical challenges for incumbent credit institutions, in-cluding strategic choices to be made between the manufacturing of products and their dis-tribution, the management of a range of new partnerships, the protection of customer data, the allocation of product liability, and the capability to achieve scale.
As mentioned in the previous question, the regulators and supervisors need to take the global digitisation landscape into consideration with respect to the formulation, entry into force and enforceability of EU regulation. As the global digital players control a large part of the Internet and consumer data, they may take advantage of any regulatory imbalance to process and apply data in a way which banks are constrained by law to emulate. Hence, threats not only arise with the smaller innovators, but legislators also need to take larger non-banking entities into consideration so as to avoid the creations of a “lean regulation sector”.
In this respect ESBG concurs with the conclusions of the World Economic Forum’s recent Report “Beyond Fintech: a pragmatic assessment of disruptive potential in financial ser-vices”.
However, in general, ESBG would like to highlight that it is the overall competitive land-scape based on GDPR and PSD2 per se which could be regarded as threatfull.
Although ESBG believes that it is important to evaluate the potential risks with new tech-nologies, ESBG also believes that it is important to regulate the service and/or product and not the technology behind the service. Therefore, it is important to have an under-standing of different back-end technologies and establish horizontal communications be-tween different supervisors to better understand potential risks.
This being said, ESBG approves the way forward proposed in sub-section 4.2.2, and is looking forward to continued dialogue, including public consultations, with the EBA on the different steps planned in the way forward.
To stimulate innovation and to achieve a level playing field in the area of innovation, all entities no matter their size must have the same opportunities to innovate. Here, as con-cluded by the EBA, less constrained new market entrants can be more agile when applying new technology that can radically change how their products or services are defined, pro-duced and/or distributed. However, these might not possess the infrastructure and/or ex-pertise to assess the risks connected to the development of their new products and/or ser-vices. One possibility, respecting sound business values, is that the incumbents can service the FinTech with such infrastructure in the value chain.
On the other hand, the so-called incumbents have licenses and established communica-tions with regulators and supervisors. Moreover, they also possess infrastructure to scruti-nize innovative developments through their already established compliance, risk manage-ment and legal departments. This in turn, however, constrains their ability to be as innova-tive as less regulated entities; since they are required to be compliant and are under con-stant supervision.
Furthermore, the relationships between technological innovation and regulatory and super-visory obligations deserve further analysis. Indeed, because of compliance with such obli-gations, incumbent credit institutions tend to introduce technological innovation in an “in-cremental” mode, where essentially new technology is applied to enhance the convenience or the efficiency of existing products and services without however changing neither (most of) the value chain nor the business model (at least in the short term), whereas less con-strained new market entrants can often afford to apply a “transformational” mode, where the application of new technology radically changes how a product or service is defined, produced and/or distributed. One (amongst many) example can be found in the challenge faced by credit institutions seeking to adopt cloud services (in particular in a cross-border environment, even within the EU) whilst meeting existing supervisory requirements.
Hence, ESBG believes that, to achieve a level playing field whilst maximizing the innova-tive potential in the European economy, there is a need to create a more dynamic regulato-ry and supervisory environment that facilitates innovation by incumbents and FinTech. Such an environment could entail an adjustment of the current regulation to give entities, regardless of size, the same opportunity to innovate. These adjustments need to be set in dialogue with supervisors, incumbents and FinTech.
This being said, ESBG approves the way forward proposed in sub-section 4.3.1, and is looking forward to continued dialogue, including interviews and public consultations, with the EBA on the different steps planned in the way forward.
With respect to RegTech, as it is briefly referenced to in recital 96, ESBG Members under-stood from the public hearing that the EBA considers RegTech as a separate issue and that the EBA will address it at a later stage after the FinTech analysis has been made. ESBG believes that RegTech deserves priority so we welcome this next step; otherwise, we would like to see RegTech to be included on EBA’s FinTech roadmap.
Regulators hold a key responsibility in enabling this process. On one side, as highlighted earlier in this response, regulation and supervision must enable incumbent credit institu-tions to deploy new technology-based products and services without any undue encum-brance, on the other side FinTech firms should be subject to the same obligations than credit institutions in this respect, in order to establish a safe foundation for partnerships, and ultimately to ensure a level playing field – in particular against the background that technology is lowering barriers to market entry, thus increasing the number of start-ups, although only a few may survive their first year.
However, a discussion of innovation also needs to take into account incremental innova-tion (both common systems and bank specific), i.e. innovation to enhance existing prod-ucts and services without changing the business model. Therefore, it is important to distin-guish between a technical innovation that leads to a new product or service and a technical innovation that improves the characteristics of current products and services.
Given the importance of this incremental innovation, it is important that the EBA and other government institutions not only focus on innovation in the front-end part of the value chain, but also create the preconditions for credit institutions to continuously invest and improve in the back-end systems. Today, based on sound business cases, incumbent credit institutions are investing in and providing the infrastructure to support the products and services provided to their customers. However, going forward, as products and ser-vices will be provided by both new and old entities the incumbents’ willingness and capa-bility to provide and invest in such infrastructure should not be taken for granted.
It is also useful to remind that it is credit institutions who provide liquidity and asset safe harbour for FinTech firms.
Additional note: global FinTech funding remained stable in 2015 and 2016 (at USD 19 bil-lion, according to BI Intelligence report, August 2017).
Indeed, the fragmentation and recomposition of the provision of services induced by digiti-zation creates challenges for consumers, notably with respect to service and product liabil-ity and redress. In the financial area, such challenges are compounded by the imperative of assessing the creditworthiness and sustainability of the provider, which often hinges on the precise role that this provider is playing in a given product or service value chain.
At the most basic level, this would call for unambiguous identification of providers, based on (single market-wide) harmonised authorization and registration process. In order to ease understanding by consumers, a limitation to the number of categories of providers must al-so be considered, even when the responsibilities and liabilities of these providers would have been harmonised EU-wide. Consumers should be fully informed upfront about the party in a given product or service value chain with whom complaints and claims should be lodged (whilst – for consumer convenience – a single party may be assigned a “claim con-centrator” role, it is though not acceptable that such role is performed without compensa-tion for that party, nor without the possibility for that party to cap the risks arising from that role – PSD2 dispositions with respect to the relationship between ASPSPs and PISPs are certainly not the appropriate blueprint in this field for the future).
Generally, as highlighted earlier in this response, the complexification of the financial ser-vices value chain as well as the multiplication of partnerships call for taking another look at existing dispositions on product and service liability. Here, the digital dimension can of-fer supervisors, incumbents and FinTech new possibilities to provide such transparency to consumers. Hence, ESBG encourages the EBA when performing its in-depth review of EU legislation requirements, to take technical developments into account to find the right bal-ance between consumer protection and fostering innovation.
Under these considerations, the way forward proposed in sub-section 4.4.1 is supported, and ESBG looks forward to continued dialogue, including interviews and public consulta-tions, with the EBA on the different steps planned.
This is why not only at least equivalent yet ideally same regulation should be extended to non-regulated FinTech firms, but also such regulation should from the onset be conceived with fostering innovation and the single market in mind, and not limited to “cross border” transactions. The cross-border provisioning of financial services also adds complexity to the consumer protection legislation differences between the EU member states and to home/host supervision.
Under these considerations, the way forward proposed in sub-section 4.4.2 is supported, and ESBG looks forward to continued dialogue, including interviews and public consulta-tions, with the EBA on the different steps planned.
Whereas that goal may not be attained with any single stroke, a useful starting contribution would be to compile an overview of the waivers and other national dispositions imple-mented by Member States from both a regulatory and supervisory perspective applied to the transposition of a number of EU legislations. This should serve as the basis for an as-sessment of the impact that these differences in transposition have for consumer protection and for the level playing field between incumbent credit institutions and FinTech firms.
The issues identified by the EBA under sub-section 4.4.3 are consistent with the concerns and issues raised earlier in this response. The proposed way forward is supported.
Furthermore, some Member States have been or are gold plating the EU consumer protec-tion framework and also financial market regulations making it difficult from providers from other states to use their standard offering and thus making “foreign” providers more expensive, and thus less attractive with the effect that the local market is reserved for the domestic providers.
As an example, although the Austrian ESBG member fully adheres to and supports the Austrian banking secrecy law, in some areas (e.g. data aggregation and analysis), this legis-lation might act as an obstacle to fully take advantage of the digital potential. Consequent-ly, some specific exemptions to it might be worth considering.
The remarks made in the response immediately above, with respect to the necessity for “fool-proof” legislation to the furthest extent possible, remain fully relevant as the key way to ease understanding by consumers and prevent complaints and claims. As mentioned above, it is also important that governments introduce and adapt relevant subjects at early stages within national education programmes.
There are two main types of algorithms behind the notion of “robo-advisers”:
a. “Profiling algorithms”, which are used to obtain a particular profile from the client through the information obtained from knowledge and experience, investment objec-tives, investment horizon, etc. This process sometimes includes the suitability tests that MiFID regulates, in order to obtain the adequate information and profile clients appro-priately.
b. “Quantitative management algorithms”, which are used to take decisions regarding in-vestment in a certain type of asset or portfolio management. These algorithms take into consideration quantitative data which determines the quality of the investment made and will ultimately lead to profit differentials.
In order to enhance consumer protection (and to provide a minimum set of standards to the robo-advice sector), some sort of supervision of initiative of the service will be re-quired. Currently, many robo-advisory solutions base their profiling decisions on a very lim-ited set of variables, and no suitability tests are undertaken, whilst customers are not able to perceive which measures each robo-adviser takes. Therefore, in order to avoid that cli-ents perceive the same level of risk and quality of advice by robo-advisers taking different consumer protection measures, it is proposed that these services should be both supervised and rigorously compliant with MiFID II rules (for which supervision might also be needed).
Thus, the benefits that the mobilization of artificial intelligence by financial service provid-ers will bring will not be constrained by adverse reactions of an uninformed public or over-zealous legislators. A range of actions from financial service providers could usually com-plement the approach described above and assuage such concerns upfront:
• When deploying artificial intelligence, financial service providers should ensure that both the systems and the ways in which they are used integrate the values for which they stand.
• Artificial intelligence should be deployed responsibly, notably ensuring that:
- Systems are tested sufficiently according to purpose-designed procedures in order for their output to be in line with each bank’s values;
- To meet expectations of fairness, the algorithms used remain interpretable, i.e. both banks’ staff and customers (on request) must be able to understand how systems deal with input and why a certain output is produced;
- Customer feedback is scrupulously taken into account, in particular in case of dis-satisfaction, including by providing access to staff.
• Financial service providers should abide by their responsibility and liability policies and obligations to the same extent, whether artificial intelligence is, or not, involved in an outcome that causes responsibility and liability to be assigned and claimed.
• The security and integrity of customers should be assured through the artificial intelli-gence systems and processes deployed.
• A continued dialogue should be instigated between financial service providers and regulators and supervisors, for the former to contribute their ever-growing experience with technology, ethical management, and legal implications and potential requirements not only to sectoral but also to public debate and further research. In all instances regu-lation should remain technology-neutral.
With these remarks, the way forward proposed by the EBA is supported.
• Indeed, a generalisation of instant payments would require an amendment to current resolution procedures, in particular where a week-end is involved. At the same time, instant payment systems come with all the required audit trails which allow to ascertain without ambiguity when an instruction has been accepted and when it was, or should have been executed, thus easing the sequencing required in a resolution process. How-ever, a large adoption of instant payments should lead to revisiting the “zero-hour rule” and adjusting it to the new environment.
• Indeed, digitization may speed up the movement at deposits in a time of crisis. ESBG would however submit that as per PSD2 Art. 83, payer’s payment service provider are required to ensure that after the time of receipt, the amount of the payment transaction will be credited to the payee’s payment service provider’s account by the end of the fol-lowing business day. Whilst not insignificant in times of crisis, this possible one-day difference with an instant payment scenario does not create a wholly new environment.
• Should there be a large adoption of technologies that remove intermediaries, then in-deed authorities’ resolution powers should be adjusted to this new environment, and theoretically extended to the relevant distributed parties in a given value chain. How-ever, the question whether such parties shouldn’t come under the purview of regulators and supervisors well before any resolution process should be contemplated – please see earlier remarks to that effect in this response.
With these considerations, the proposed way forward is supported.
• Technological innovation is not being deployed in a vacuum, but in a space (the single market) defined by other policy objectives too, notably market integration, consumer protection, and fair competition.
• In particular in a digital environment, where borders get blurred, differences between Member States are counter-productive (leading notably to consumer confusion and provider arbitraging).
• Equally, differences in the constraints applicable to different categories of providers are counterproductive, for the same reasons, i.e. consumer confusion and provider arbi-trage.
• These issues get compounded in the field of AML/CFT, as it is clear that the future will see many interactions and partnerships between incumbent credit institutions and FinTech firms.
FinTech firms must thus be subject to the same obligations as incumbent credit institutions where they provide or support the same services as the latter. This is all the more indispen-sable as there is a need for more industry collaboration on analytics to identify and report suspicious transactions for AML/CTF and sanctions compliance, and for an improvement in pattern recognition across institutions.
With these considerations, the proposed way forward is supported.
The requirements are also phrased to leave room for interpretation regarding identity proof-ing and verification that could lead to inconsistent implementation and approach to new technologies between the banks. One requirement for identification and verification is the address of the customer that cannot be considered called for or even fulfilled regarding cer-tain technical solutions.
A harmonized European framework regarding the prevention of money laundering and ter-rorism financing to ensure the consistent application of the 4th and the upcoming 5th Anti-Money Laundering directives is necessary for the acceptance of the means for identifying customers remain in the Member States and for the European banks to have the same pos-sibilities to accept new technologies and new customers, especially in a cross-border non face-to-face scenario.
Question 1: Are the issues identified by the EBA and the way forward proposed in section 4.1 relevant and complete? If not, please explain why.
First and foremost, ESBG applauds the EBA’s initiative to perform a survey of the current “FinTech” (as per the BCBS definition) landscape. Even though the survey encompasses about 20% of the estimated current EU FinTech population, it provides an invaluable (and at times, chilling) snapshot of the opportunities and issues raised by the emergence of FinTech in a non-harmonized regulatory and supervisory single market environment. ESBG would recommend that such a survey be performed at regular (ideally: annual) in-tervals over the next years at least.Whilst ESBG certainly agrees that further investigation is warranted, the following findings of the survey already deserve to be highlighted:
• 53% of FinTech firms are not regulated under EU or national law;
• Considering the emphasis placed by the legislator and regulator on the need for con-sumer protection, the presence of so many unregulated players would suggest either a failure in monitoring, (and/)or a policy decision to privilege “innovation” experiments potentially at the expense of consumer security, (and/)or a lack of transposition of the otherwise often boasted level playing field principle.
• Should none of the above assumptions hold, then the only possible conclusion to the survey findings would be that incumbent providers of financial services are over-regulated, an onerous framework that should urgently be repelled.
In that sense, the issues identified by the EBA in section 4.1 are relevant and complete. The remark however that “there may be reasons that justify differences in treatment” can only be accepted against the background of a call for further investigation of the FinTech landscape. Otherwise, the working assumption should remain that the same regulatory and supervisory obligations apply to the provision of same services, across the single market.
With respect to the policy approach to FinTech under national regimes, it would be very useful to see a mapping of national sandboxing regimes, innovation hubs or similar regimes with the regulatory and supervisory requirements applied by Member States: it would be difficult to understand that Member States with lax or inexistent requirements deploy an ambitious approach to sandboxing, innovation hubs or other regimes.
Furthermore ESBG recommends that, participation in potential sandboxes should not dis-criminate on the basis of entity size, but rather let all types of entities participate on equal terms (as e.g. is the case in the UK). Therefore, work to further assess the features of sand-boxing regimes, innovation hubs and similar regimes is supported. Thus, ESBG encourages the EBA to move forward with guidelines in this area and look forward to the final report.
The proposed way forward of the EBA – activities to be implemented in 2017/2018 - is supported, as is an assessment of the merits of converting the EBA Guidelines on authori-sations under PSD2 into an RTS once experience is obtained, this not only to ensure com-pliance but also to identify and certify that high levels of consumer and data protection are safeguarded. This assessment should also take national regulation into consideration.
Question 2: Are the issues identified by the EBA and the way forward proposed in subsection 4.2.1 relevant and complete? If not, please explain why.
In sub-section 4.2.1 it would appear that the EBA refers to both innovative services and new market entrants when using the term “FinTech”. A clear distinction is required:• Innovative services (based on new technology) are not only (by far) provided by new market entrants.
• Innovative services do entail ICT risks. But incumbents who have in place tested pro-cesses and procedures for the introduction of new technology and products, and are subject to stringent business continuity and resilience obligations, should be better armed than new market entrants to mitigate such risks.
• In certain fields, new technology may indeed facilitate lower regulatory compliance costs. This however provides little solace to incumbent credit institutions when they have to compete with non-regulated, non-supervised market entrants.
• Generally, the experience of the past 5 years cannot but lead to challenge the assertion that FinTech (meaning: new technology) “preserv[es] fair competition”. The EBA sur-vey certainly does not paint either any “fair” competition landscape.
• A growing participation of new market entrants in the provision of financial services (and in the market infrastructures supporting these) inevitably leads to an increase in operational risk and hence capital requirements for incumbent credit institutions, thus increasing their cost base. Capital requirements arising from operational risks are cur-rently only required for incumbent credit institutions. However, the operational risks arising from innovative technological solutions for the provision of financial services also affect new market entrants, who might actually be more vulnerable than incum-bents. Therefore, as “a connected system is only as safe as its weakest element”, and adopting the “level-playing field” principle, new market entrants should be subject to capital requirements based on their operational risks.
• The much-vaunted sharing of data provides for a good illustration to that point. The General Data Protection Regulation places data controllers under stringent obligations (and sanctions in case of non-compliance). New market entrants may struggle with the implementation of this Regulation, and may not be equipped to meet the responsibility and liability requirements that an effective sharing of data demands.
Therefore, in order to provide guidance to supervisors on how to act on, understand and evaluate these new prudential risks, ESBG believes that it is essential to maintain commu-nication with and continuously observe trends in the industry. In particular, communica-tion between supervisors in identifying and evaluating new prudential risks stemming from new technologies would be useful to prevent regulatory arbitrage.
As through the application of new technologies, smaller non-regulated entities can poten-tially circumvent requirements of capital and/or liquidity and even AML/CFT controls when executing traditional bank services such as lending or payments. If these require-ments are eased or prone to circumvent, this could limit society’s capacity to withstand fi-nancial turbulence.
The above-mentioned arguments also imply that, in general, the global digitisation land-scape should be taken into consideration by European regulators and legislators. Of im-portance here are market drivers and market developments, as well as the implications that global entities have with respect to the formulation, entry into force and enforceability of legislation by European authorities. Provided these remarks are taken into consideration, the proposed way forward can be supported.
Question 3: What opportunities and threats arising from FinTech do you foresee for credit institutions?
The opportunities presented for incumbent credit institutions by the deployment of FinTech are generally well presented in sub-section 4.2.1 (under consideration of the re-marks immediately above). Therefore, many ESBG members invest in creating a fruitful partnership with reliable FinTech in order to benefit from comparative advantages and, consequently, be able to individualise the services delivered to customers. As ESBG mem-bers have a strong focus on customer centricity and the creation of added values for cus-tomers, open banking, for instance, would provide the opportunity to combine in-house date with data which is accessible from other sources.The key threat from FinTech for incumbent credit institutions will though come from plat-forms (i.a. distribution platforms, segment platforms, data aggregation platforms) including those characterized as “GAFAs”. This threat has not been identified by the EBA, and should be added. In general, this means that the global digitization landscape should be taken into consideration by regulators and legislators, with respect to both market drivers and developments, and the implications these may have with respect to the formulation, entry into force and enforceability of legislation by EU authorities.
Competition from platforms raises critical challenges for incumbent credit institutions, in-cluding strategic choices to be made between the manufacturing of products and their dis-tribution, the management of a range of new partnerships, the protection of customer data, the allocation of product liability, and the capability to achieve scale.
As mentioned in the previous question, the regulators and supervisors need to take the global digitisation landscape into consideration with respect to the formulation, entry into force and enforceability of EU regulation. As the global digital players control a large part of the Internet and consumer data, they may take advantage of any regulatory imbalance to process and apply data in a way which banks are constrained by law to emulate. Hence, threats not only arise with the smaller innovators, but legislators also need to take larger non-banking entities into consideration so as to avoid the creations of a “lean regulation sector”.
In this respect ESBG concurs with the conclusions of the World Economic Forum’s recent Report “Beyond Fintech: a pragmatic assessment of disruptive potential in financial ser-vices”.
However, in general, ESBG would like to highlight that it is the overall competitive land-scape based on GDPR and PSD2 per se which could be regarded as threatfull.
Question 4: Are the issues identified by the EBA and the way forward proposed in subsection 4.2.2 relevant and complete? If not, please explain why.
ESBG would not read paragraph 87 as representing accurately the Commission’s motives in revising the PSD. As evidenced by the protracted debate over the finalization of the Regulatory Technical Standards on Strong Customer Authentication, the Commission’s ambition to appear innovative may at times relegate concerns about consumer protection to secondary ranks.Although ESBG believes that it is important to evaluate the potential risks with new tech-nologies, ESBG also believes that it is important to regulate the service and/or product and not the technology behind the service. Therefore, it is important to have an under-standing of different back-end technologies and establish horizontal communications be-tween different supervisors to better understand potential risks.
This being said, ESBG approves the way forward proposed in sub-section 4.2.2, and is looking forward to continued dialogue, including public consultations, with the EBA on the different steps planned in the way forward.
Question 5: What opportunities and threats arising from FinTech do you foresee for payment institutions and electronic money institutions?
N.A. (ESBG is replying as representative of credit institutions and associations of credit institutions).Question 6: Are the issues identified by the EBA and the way forward proposed in subsection 4.3.1 relevant and complete? If not, please explain why.
Whilst ESBG can generally agree with the description provided under sub-section 4.3.1, ESBG is of the opinion that innovation should be stimulated in general and therefore ESBG would nevertheless like to stress that the focus shouldn’t solely be on the impact of FinTech. Indeed, there are 4 types of innovations currently impacting notably incumbent credit institutions: certainly technological innovation, but also behavioral innovation (in the expectations and requirements of their customers, often induced by experiences from outside the financial sector), legislative innovation (although generally not in synch with ei-ther technological or behavioral innovations), and business model innovation (of new mar-ket entrants, but primarily of large technology companies, such as the platform players re-ferred to earlier in this response – see Question 3). These 4 innovation streams have to be taken into consideration to paint a comprehensive picture of the market landscape for no-tably incumbent credit institutions.To stimulate innovation and to achieve a level playing field in the area of innovation, all entities no matter their size must have the same opportunities to innovate. Here, as con-cluded by the EBA, less constrained new market entrants can be more agile when applying new technology that can radically change how their products or services are defined, pro-duced and/or distributed. However, these might not possess the infrastructure and/or ex-pertise to assess the risks connected to the development of their new products and/or ser-vices. One possibility, respecting sound business values, is that the incumbents can service the FinTech with such infrastructure in the value chain.
On the other hand, the so-called incumbents have licenses and established communica-tions with regulators and supervisors. Moreover, they also possess infrastructure to scruti-nize innovative developments through their already established compliance, risk manage-ment and legal departments. This in turn, however, constrains their ability to be as innova-tive as less regulated entities; since they are required to be compliant and are under con-stant supervision.
Furthermore, the relationships between technological innovation and regulatory and super-visory obligations deserve further analysis. Indeed, because of compliance with such obli-gations, incumbent credit institutions tend to introduce technological innovation in an “in-cremental” mode, where essentially new technology is applied to enhance the convenience or the efficiency of existing products and services without however changing neither (most of) the value chain nor the business model (at least in the short term), whereas less con-strained new market entrants can often afford to apply a “transformational” mode, where the application of new technology radically changes how a product or service is defined, produced and/or distributed. One (amongst many) example can be found in the challenge faced by credit institutions seeking to adopt cloud services (in particular in a cross-border environment, even within the EU) whilst meeting existing supervisory requirements.
Hence, ESBG believes that, to achieve a level playing field whilst maximizing the innova-tive potential in the European economy, there is a need to create a more dynamic regulato-ry and supervisory environment that facilitates innovation by incumbents and FinTech. Such an environment could entail an adjustment of the current regulation to give entities, regardless of size, the same opportunity to innovate. These adjustments need to be set in dialogue with supervisors, incumbents and FinTech.
This being said, ESBG approves the way forward proposed in sub-section 4.3.1, and is looking forward to continued dialogue, including interviews and public consultations, with the EBA on the different steps planned in the way forward.
With respect to RegTech, as it is briefly referenced to in recital 96, ESBG Members under-stood from the public hearing that the EBA considers RegTech as a separate issue and that the EBA will address it at a later stage after the FinTech analysis has been made. ESBG believes that RegTech deserves priority so we welcome this next step; otherwise, we would like to see RegTech to be included on EBA’s FinTech roadmap.
Question 7: What are your views on the impact that the use of technology-enabled financial innovation and/or the growth in the number of FinTech providers and the volume of their business may have on the business model of incumbent credit institutions?
Against a general background of customer behavioral, technology and regulatory change, incumbent credit institutions are focused on finding the best solutions, including the best partners, to solving challenges and implementing these solutions as quickly and safely as possible. Thus, incumbent credit institutions generally both buy technology and build solu-tions, and partner with FinTech firms.Regulators hold a key responsibility in enabling this process. On one side, as highlighted earlier in this response, regulation and supervision must enable incumbent credit institu-tions to deploy new technology-based products and services without any undue encum-brance, on the other side FinTech firms should be subject to the same obligations than credit institutions in this respect, in order to establish a safe foundation for partnerships, and ultimately to ensure a level playing field – in particular against the background that technology is lowering barriers to market entry, thus increasing the number of start-ups, although only a few may survive their first year.
However, a discussion of innovation also needs to take into account incremental innova-tion (both common systems and bank specific), i.e. innovation to enhance existing prod-ucts and services without changing the business model. Therefore, it is important to distin-guish between a technical innovation that leads to a new product or service and a technical innovation that improves the characteristics of current products and services.
Given the importance of this incremental innovation, it is important that the EBA and other government institutions not only focus on innovation in the front-end part of the value chain, but also create the preconditions for credit institutions to continuously invest and improve in the back-end systems. Today, based on sound business cases, incumbent credit institutions are investing in and providing the infrastructure to support the products and services provided to their customers. However, going forward, as products and ser-vices will be provided by both new and old entities the incumbents’ willingness and capa-bility to provide and invest in such infrastructure should not be taken for granted.
It is also useful to remind that it is credit institutions who provide liquidity and asset safe harbour for FinTech firms.
Additional note: global FinTech funding remained stable in 2015 and 2016 (at USD 19 bil-lion, according to BI Intelligence report, August 2017).
Question 8: Are the issues identified by the EBA and the way forward proposed in subsection 4.3.2 relevant and complete? If not, please explain why.
N.A. (ESBG is replying as representative of credit institutions and associations of credit in-stitutions).Question 9: What are your views on the impact that the use of technology-enabled financial innovation and/or the growth in the number of FinTech providers and the volume of their business may have on the business models of incumbent payment or electronic money institutions?
N.A. (ESBG is replying as representative of credit institutions and associations of credit institutions).Question 10: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.1 relevant and complete? If not, please explain why.
Considering that consumer protection has been at the forefront of legislators’ justification for introducing many dispositions in the field of retail banking in the past, and that these have significantly increased the cost of providing such services, it is essential that consum-ers obtain full transparency and clarity about their rights and limitations thereto when transacting with providers notably in the digital world.Indeed, the fragmentation and recomposition of the provision of services induced by digiti-zation creates challenges for consumers, notably with respect to service and product liabil-ity and redress. In the financial area, such challenges are compounded by the imperative of assessing the creditworthiness and sustainability of the provider, which often hinges on the precise role that this provider is playing in a given product or service value chain.
At the most basic level, this would call for unambiguous identification of providers, based on (single market-wide) harmonised authorization and registration process. In order to ease understanding by consumers, a limitation to the number of categories of providers must al-so be considered, even when the responsibilities and liabilities of these providers would have been harmonised EU-wide. Consumers should be fully informed upfront about the party in a given product or service value chain with whom complaints and claims should be lodged (whilst – for consumer convenience – a single party may be assigned a “claim con-centrator” role, it is though not acceptable that such role is performed without compensa-tion for that party, nor without the possibility for that party to cap the risks arising from that role – PSD2 dispositions with respect to the relationship between ASPSPs and PISPs are certainly not the appropriate blueprint in this field for the future).
Generally, as highlighted earlier in this response, the complexification of the financial ser-vices value chain as well as the multiplication of partnerships call for taking another look at existing dispositions on product and service liability. Here, the digital dimension can of-fer supervisors, incumbents and FinTech new possibilities to provide such transparency to consumers. Hence, ESBG encourages the EBA when performing its in-depth review of EU legislation requirements, to take technical developments into account to find the right bal-ance between consumer protection and fostering innovation.
Under these considerations, the way forward proposed in sub-section 4.4.1 is supported, and ESBG looks forward to continued dialogue, including interviews and public consulta-tions, with the EBA on the different steps planned.
Question 11: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.2 relevant and complete? If not, please explain why.
The issues expressed under sub-section 4.4.2 actually tie directly into the previous sub-section. It is obvious that borders tend to fade in the provision of digital services, so that all consumer issues highlighted immediately above are only compounded.This is why not only at least equivalent yet ideally same regulation should be extended to non-regulated FinTech firms, but also such regulation should from the onset be conceived with fostering innovation and the single market in mind, and not limited to “cross border” transactions. The cross-border provisioning of financial services also adds complexity to the consumer protection legislation differences between the EU member states and to home/host supervision.
Under these considerations, the way forward proposed in sub-section 4.4.2 is supported, and ESBG looks forward to continued dialogue, including interviews and public consulta-tions, with the EBA on the different steps planned.
Question 12: As a FinTech firm, have you experienced any regulatory obstacles from a consumer protection perspective that might prevent you from providing or enabling the provision of financial services cross-border?
N.A. (ESBG is replying as representative of credit institutions and associations of credit institutions).Question 13: Do you consider that further action is required on the part of the EBA to ensure that EU financial services legislation within the EBA’s scope of action is implemented consistently across the EU?
Notably throughout the Commission’s Digital Single Market initiative ESBG has been per-sistent in stressing the utter requirement for harmonized legislation applied throughout the EU, certainly for all matters pertaining to and affected by digitization.Whereas that goal may not be attained with any single stroke, a useful starting contribution would be to compile an overview of the waivers and other national dispositions imple-mented by Member States from both a regulatory and supervisory perspective applied to the transposition of a number of EU legislations. This should serve as the basis for an as-sessment of the impact that these differences in transposition have for consumer protection and for the level playing field between incumbent credit institutions and FinTech firms.
Question 14: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.3 relevant and complete? If not, please explain why.
Many European regulations, such as PSD2, already stipulated how consumer’s complaints are to be handled. However, from a financial services perspective, if a FinTech company is un-regulated it still needs to respect and adhere to other national customer complaints re-quirements and should therefore be under certain supervision by national competent au-thorities. Thus, a pan-European guideline for consumer complaints could be a positive contribution to the non-regulated part of the industry and especially for entities acting from outside the EU.The issues identified by the EBA under sub-section 4.4.3 are consistent with the concerns and issues raised earlier in this response. The proposed way forward is supported.
Question 15: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.4 relevant and complete? If not, please explain why.
The issues identified by the EBA under sub-section 4.4.4 are consistent with the concerns and issues raised earlier in this response. The proposed way forward is supported.Question 16: Are there any specific disclosure or transparency of information requirements in your national legislation that you consider to be an obstacle to digitalisation and/or that you believe may prevent FinTech firms from entering the market?
In general, there are many consumer protection legislations requiring that great amounts of information should be provided to the consumer ex-ante. Most of these regulations are at Union level and the amount of text makes it difficult to provide services on mobile devic-es. Here other national requirements, such as the requirement that certain contracts need to be physically signed in a bank branch, also make it more difficult to digitalise certain products and services.Furthermore, some Member States have been or are gold plating the EU consumer protec-tion framework and also financial market regulations making it difficult from providers from other states to use their standard offering and thus making “foreign” providers more expensive, and thus less attractive with the effect that the local market is reserved for the domestic providers.
As an example, although the Austrian ESBG member fully adheres to and supports the Austrian banking secrecy law, in some areas (e.g. data aggregation and analysis), this legis-lation might act as an obstacle to fully take advantage of the digital potential. Consequent-ly, some specific exemptions to it might be worth considering.
Question 17: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.5 relevant and complete? If not, please explain why.
Whilst enhancing financial literacy is a general concept that can certainly be supported, no-tably against the background of an increasingly digital world the key recommendation would be to design legislation that is “fool-proof” by default (e.g. unfortunately neither the PSD2 nor the General Data Protection Regulation provide for a positive example in this re-spect). This should be achieved notably by legislators avoiding to unnecessarily fragment and complexify the provider landscape, and ensuring that harmonized conditions apply across the single market (which would also overcome the issue of language barriers It is al-so important that governments introduce and adapt relevant subjects, to promote digital and financial literacy, at an early stage in the national education.Question 18: Would you see the merit in having specific financial literacy programmes targeting consumers to enhance trust in digital services?
Taking into consideration the remark made immediately above, ESBG does not believe in the merit of specific, digital-focused financial literacy programmes. Financial literacy should be promoted from a channel and technology-neutral angle, whilst digital literacy (with a particular emphasis on cybersecurity aspects) is a field of its own and should be promoted by a number of stakeholders in society, including governments. Beyond financial literacy, special EU efforts should be dedicated towards increasing digital literacy. Some banks already provide digital literacy programmes but the engagement of more stakeholders should be promoted.The remarks made in the response immediately above, with respect to the necessity for “fool-proof” legislation to the furthest extent possible, remain fully relevant as the key way to ease understanding by consumers and prevent complaints and claims. As mentioned above, it is also important that governments introduce and adapt relevant subjects at early stages within national education programmes.
Question 19: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.6 relevant and complete? If not, please explain why.
Investments in robo-advisors have been increasing strongly since 2014, and by 2020 the market is expected to grow by 200%. Therefore, automated financial advice is expected to ultimately lead to a growth in the number of customers reached by banks via digital tools. The objective of robo-advisors is to both reduce costs and reach new customer segments that prefer to interact through digital channels.There are two main types of algorithms behind the notion of “robo-advisers”:
a. “Profiling algorithms”, which are used to obtain a particular profile from the client through the information obtained from knowledge and experience, investment objec-tives, investment horizon, etc. This process sometimes includes the suitability tests that MiFID regulates, in order to obtain the adequate information and profile clients appro-priately.
b. “Quantitative management algorithms”, which are used to take decisions regarding in-vestment in a certain type of asset or portfolio management. These algorithms take into consideration quantitative data which determines the quality of the investment made and will ultimately lead to profit differentials.
In order to enhance consumer protection (and to provide a minimum set of standards to the robo-advice sector), some sort of supervision of initiative of the service will be re-quired. Currently, many robo-advisory solutions base their profiling decisions on a very lim-ited set of variables, and no suitability tests are undertaken, whilst customers are not able to perceive which measures each robo-adviser takes. Therefore, in order to avoid that cli-ents perceive the same level of risk and quality of advice by robo-advisers taking different consumer protection measures, it is proposed that these services should be both supervised and rigorously compliant with MiFID II rules (for which supervision might also be needed).
Thus, the benefits that the mobilization of artificial intelligence by financial service provid-ers will bring will not be constrained by adverse reactions of an uninformed public or over-zealous legislators. A range of actions from financial service providers could usually com-plement the approach described above and assuage such concerns upfront:
• When deploying artificial intelligence, financial service providers should ensure that both the systems and the ways in which they are used integrate the values for which they stand.
• Artificial intelligence should be deployed responsibly, notably ensuring that:
- Systems are tested sufficiently according to purpose-designed procedures in order for their output to be in line with each bank’s values;
- To meet expectations of fairness, the algorithms used remain interpretable, i.e. both banks’ staff and customers (on request) must be able to understand how systems deal with input and why a certain output is produced;
- Customer feedback is scrupulously taken into account, in particular in case of dis-satisfaction, including by providing access to staff.
• Financial service providers should abide by their responsibility and liability policies and obligations to the same extent, whether artificial intelligence is, or not, involved in an outcome that causes responsibility and liability to be assigned and claimed.
• The security and integrity of customers should be assured through the artificial intelli-gence systems and processes deployed.
• A continued dialogue should be instigated between financial service providers and regulators and supervisors, for the former to contribute their ever-growing experience with technology, ethical management, and legal implications and potential requirements not only to sectoral but also to public debate and further research. In all instances regu-lation should remain technology-neutral.
With these remarks, the way forward proposed by the EBA is supported.
Question 20: Are the issues identified by the EBA and the way forward proposed in section 4.5 relevant and complete? If not, please explain why.
The issues identified by the EBA would call for the following comments:• Indeed, a generalisation of instant payments would require an amendment to current resolution procedures, in particular where a week-end is involved. At the same time, instant payment systems come with all the required audit trails which allow to ascertain without ambiguity when an instruction has been accepted and when it was, or should have been executed, thus easing the sequencing required in a resolution process. How-ever, a large adoption of instant payments should lead to revisiting the “zero-hour rule” and adjusting it to the new environment.
• Indeed, digitization may speed up the movement at deposits in a time of crisis. ESBG would however submit that as per PSD2 Art. 83, payer’s payment service provider are required to ensure that after the time of receipt, the amount of the payment transaction will be credited to the payee’s payment service provider’s account by the end of the fol-lowing business day. Whilst not insignificant in times of crisis, this possible one-day difference with an instant payment scenario does not create a wholly new environment.
• Should there be a large adoption of technologies that remove intermediaries, then in-deed authorities’ resolution powers should be adjusted to this new environment, and theoretically extended to the relevant distributed parties in a given value chain. How-ever, the question whether such parties shouldn’t come under the purview of regulators and supervisors well before any resolution process should be contemplated – please see earlier remarks to that effect in this response.
With these considerations, the proposed way forward is supported.
Question 21: Do you agree with the issues identified by the EBA and the way forward proposed in section 4.6? Are there any other issues you think the EBA should consider?
This question epitomizes a number of the issues highlighted earlier in this response. A few principles – often quoted by policy makers and legislators, yet quite imperfectly transposed until now – should be reaffirmed:• Technological innovation is not being deployed in a vacuum, but in a space (the single market) defined by other policy objectives too, notably market integration, consumer protection, and fair competition.
• In particular in a digital environment, where borders get blurred, differences between Member States are counter-productive (leading notably to consumer confusion and provider arbitraging).
• Equally, differences in the constraints applicable to different categories of providers are counterproductive, for the same reasons, i.e. consumer confusion and provider arbi-trage.
• These issues get compounded in the field of AML/CFT, as it is clear that the future will see many interactions and partnerships between incumbent credit institutions and FinTech firms.
FinTech firms must thus be subject to the same obligations as incumbent credit institutions where they provide or support the same services as the latter. This is all the more indispen-sable as there is a need for more industry collaboration on analytics to identify and report suspicious transactions for AML/CTF and sanctions compliance, and for an improvement in pattern recognition across institutions.
With these considerations, the proposed way forward is supported.
Question 22: What do you think are the biggest money laundering and terrorist financing risks associated with FinTech firms? Please explain why.
It is obvious that both new technology and FinTech firms act as an appealing beehive for fraudsters and terrorists, in particular in activities such as crowdfunding, marketplace lend-ing, virtual currencies, and prepaid cards. This is due mostly to the lax regulatory and su-pervisory environment of these activities applicable to new market entrants, combined with the possibility in some activities to maintaining a certain level of anonymity.Question 23: Are there any obstacles present in your national AML/CFT legislation which would prevent (a) FinTech firms from entering the market, and (b) FinTech solutions to be used by obliged entities in their customer due diligence process? Please explain.
Technologies that help a correct and secure identification of customers both remotely or in person could greatly help the usability of financial services and ease processes within the banks. The regulators and supervisors need to take the global digitization landscape into consideration in particular regarding regulations on remote identification and verification of customers. FinTech players are also blocked by innovative approaches (e.g. Artificial Intel-ligence/Machine Learning methods to improve AML Monitoring, etc.), which are at times unknown to the regulator and therefore not accepted. Therefore, enhancing know-how and regulatory guidelines for innovative approaches in the RegTech area is recommended as the current national AML/CFT legislation and framework could imply obstacles for such FinTech solutions as the requirements of identity proofing and verification are, to a large extent, excluding the possibilities of new technologies.The requirements are also phrased to leave room for interpretation regarding identity proof-ing and verification that could lead to inconsistent implementation and approach to new technologies between the banks. One requirement for identification and verification is the address of the customer that cannot be considered called for or even fulfilled regarding cer-tain technical solutions.
A harmonized European framework regarding the prevention of money laundering and ter-rorism financing to ensure the consistent application of the 4th and the upcoming 5th Anti-Money Laundering directives is necessary for the acceptance of the means for identifying customers remain in the Member States and for the European banks to have the same pos-sibilities to accept new technologies and new customers, especially in a cross-border non face-to-face scenario.