European Association of Co-operative Banks (EACB)

As a general comment, EACB members appreciate the EBA’s FinTech mapping exercise. Even though, as well noted in the discussion paper, the exercise was limited to a sample of 282 FinTech firms, we do think that it nevertheless gives a better insight into the current financial services offered and innovations applied.

It is also very timely that the EBA chose (as did the European Parliament and the Basel Committee on Banking Supervision (BCBS)) to align the definition of FinTech with the one given by the Financial Stability Board (i.e. ‘Technologically enabled financial innovation that could result in new business models, applications, processes, or products with an associated material effect on financial markets and institutions and the provision of financial services’).

Indeed, the term FinTech is most of the time used synonymously with ‘FinTech start-up companies’, thus ignoring that technology-enabled innovation in financial services does not depend on the size or legacy of a firm and that innovative financial technology–based solutions and services are increasingly being developed by banks.

As acknowledged by the BCBS consultative document ‘Sound Practices: Implications of fintech developments for banks and bank supervisors’, the term FinTech has exploded in popularity in recent years and is used variously to describe a wide array of innovations and actors in a rapidly evolving environment. In our view it is particularly important to agree on a common understanding given that, as rightly pointed out in the BCBS paper, the definition can influence how supervisors approach FinTech.

As acknowledged in the EBA discussion paper, the use of technologies by financial services firms is not new per se. Financial services firms have long implemented internal technological solutions to support the provision of services to their customers and to ensure that they comply with their regulatory obligations.

Finally, it is worth noting that in its discussion paper the EBA refers to both innovative services and new market entrants when using the term ‘FinTech’, which could be confusing.

With regard to the issues and way forward identified by the EBA, we think that they are relevant and comprehensive.

Level playing field

EACB members particularly support the EBA’s intention to further analyse national regulatory regimes as differences could potentially lead to level playing field issues and forum shopping.

In this fast-changing environment, a level playing field is key to assure not only fair competition but also consumer protection. The latter should remain the key priority. A level playing field has the role of ensuring consumers are not put at risk and that financial stability is maintained, irrespective of the service provider. The Digital Single Market is an opportunity for all operators willing to embrace the digital transformation. The same regulatory conditions and supervision should apply to all actors who seek to innovate and compete on FinTech: large digital players (big tech firms), financial institution players (incumbent banks) and FinTech start-ups players.
Any regulatory framework must keep barriers to entry to a minimum, and should also not hinder incumbents’ ability to innovate and develop. The principle of ‘same services, same risks, same rules and same supervision’ in order to ensure consumer protection and market integrity should always apply.

Innovation hubs/sandboxing similar regimes

There is a need to facilitate the experimentation of new technological solutions and business models to foster innovation. As underlined by the BCBS, in the past two years several regulatory and supervisory bodies have to this end set up a variety of innovation facilitation mechanisms captured under labels such as innovation hubs, accelerators and regulatory sandboxes.

As acknowledge in the BCBS’s survey, these terms should first be approached with caution as they could cover very different approaches. Secondly, it is too early to draw firm conclusions on the benefits and challenges of these initiatives and to identify best practices; in particular, concrete insights about the regulatory implications of sandboxes are still limited. Nevertheless, in our opinion competition between national supervisors on the basis of regulatory arbitrage should be avoided at all costs.

Accelerators are private initiatives and it is unrealistic to establish the EU as a whole as an innovation hub. National regulatory sandboxes should provide an efficient gateway for both new entrants and incumbents in the FinTech sector, by providing not only advice in relation to regulatory requirements they will need to comply with, but also as a testing facility in the context of national specificities.

It should be stressed that sandboxes should not be lowering regulatory standards, as consumer protection is paramount. We support the recommendation made in the BCBS’s survey that sandbox participants must inform consumers and all relevant stakeholders that the company is providing the service under a sandbox regime.

Even though we are not convinced that sandboxes can provide better results compared to market-driven innovation, co-operative banks believe that guidelines, if any, should ensure sandboxes or other innovations hubs or similar regimes include both new (start-up) and incumbent (e.g. banks) FinTech providers and that a level playing field with those outside the sandbox is in place by ensuring transparency on the experiments going on and any regulatory ‘lenience’ considered. We particularly value the importance of further analysing these regimes, also as to whether the means used to achieve the aim of sandboxes to facilitate innovation and competition are in line with existing EU directives and regulations.

It should be noted that there is an increasing cooperation and partnership among incumbent banks and FinTech start-ups to provide innovative products and services that they indeed would need to test commonly. As acknowledged in the mapping exercise, most innovations appear to be applied by both regulated (EU and national) and non-regulated FinTech players.

As a consequence, we agree with the EBA’s intention to further assess the features of sandboxing regimes, innovation hubs and similar regimes. While on the one hand we believe that a time of probation should be given at national level to manage regulation in a changing field, on the other, in order to avoid regulatory arbitrage opportunities arising from national regimes establishing regulatory sandboxes, it will be necessary to set up a legal framework with minimum criteria to be complied with under experimentation platforms.

EBA Guidelines on authorisations under PSD2

With regard to the EBA proposal to assess the merits of converting the EBA Guidelines on authorisations under PSD2 into RTS, EACB members believe that it would be too early as the Guidelines have just been published (July 2017) and there are no practical experiences on their applications as of yet. If the EBA decides the contrary, justification should be given. Technical Standards should always come from a practical point of view and be easily modified for practical reasons. It would make more sense to go for the option proposed in point d of the EBA Discussion Paper to assess the merits of harmonising the assessment of applications for authorisations in the short term.

Authorisation and registration regimes

With regard to the EBA’s intention to undertake further work to assess the merits of harmonising the assessment of applications for authorisations, we believe that consistency in the authorisation of credit and payment institutions should be the aim across the national legislations in the EU Member States - considering that, as the EBA mapping exercise shows, FinTech firms reported as not regulated under EU or national law provide payment services (33%).

In its consultation on FinTech, the European Commission wonders whether the EU should introduce new licensing categories for FinTech activities.

We believe that the European Commission and other relevant regulators must provide a clear and
comprehensive regulatory and supervisory framework before introducing new licensing categories for FinTech activities. A fair, level and competitive playing field must be in place to address the concern that specially licensed FinTech activities would be able to offer services and products in direct competition with full-service banks (incumbent banks), while being subject to a more limited and less burdensome regulatory regime that could harm consumers.

As co-operative banks have been traditional banking channels to members, clients and SMEs, any ‘non-bank licensing’ for lending or other financial services distort the level playing field, including the risk of a new kind of ‘sub-prime crisis’, and would weaken those banks which are sustainable pillars of the economy.

When determining what activities are core banking activities, the question to ask is what activities are necessary for a company to undertake to be eligible to be licensed as a national bank.
We believe that the analysis of changes in the risk profile of credit institutions due to their interaction with FinTech seems complete and relevant. We also believe that existing practices at national level could be considered in this context.

Credit and payment institutions are in a good position when it comes to management of the risks involved in FinTech activities due to existing risk management frameworks and strategies. To control the significant increase in overall operational risks, new entrants should be required to manage risk at the same level as credit and payment institutions. In particular, readiness in terms of cybersecurity capabilities and combating digital fraud should be emphasized. As evidence of this, the BCBS consultative document ‘Sound Practices: Implications of fintech developments for banks and bank supervisors’ stresses the fact that FinTech start-ups that provide critical services to large numbers of financial institutions may pose systemic risks to the financial sector.

European authorities should facilitate the digital transformation of European banks in order to remain competitive vis-à-vis new entrants. Competitive pressure may come from FinTech start-up or from global technology companies (such as Google, Apple, Facebook and Amazon, known as GAFAs). These companies have redefined customer experience that is based on convenient 24/7 services. Indeed, they combine key assets such undisputed know-how in user experience, considerable financial means allowing them to invest in promising FinTech start-ups, powerful technological innovation, data control, etc. It is worth noting that the BCBS raises several times the issue of the concentration risk, given that big tech firms from West (GAFA) and East (Baidu, Alibaba, Tencent, know as a BAT) could become systemically important.

To remain competitive and provide enhanced customer experience, some of our members provide more tailored services based on a ‘customer-centric approach’ built on the provision of holistic services. For example, car loans have evolved into ‘all-inclusive’ Mobility-as-a-Service (MaaS) packages that combine elements of loan, insurance and related third-party services.

We believe that the EBA should, for any risk identified, check if regulation already in place with the aim to cover the risk concerned applies equally to all players. FinTech start-ups and big tech firms should have similar, if not the same, capital/liquidity/consumer requirements for a given activity as a financial institution. The broad range of FinTech clients, from consumers to financial institutions, makes it a challenge to align existing regulations in this new setting. Indeed, the FinTech start-ups involvement in the banking sector may require adjustment to the regulatory framework (CRR, CRD, BRRD) and/or the operational risk profile of these actors.

We would suggest the following topics for scrutiny:

- FinTech start-ups are not only a major competitor but also partners for the European banking sector. However, when a bank acquires a FinTech start-up, its main asset, i.e. its software, is automatically depreciated given the deductibility that has to be applied to calculate capital levels for banks. If the buyer were a non-bank, such deductibility would not take effect. This is tantamount to assigning a zero value to Google’s search engine if it were bought by a bank. As a consequence, incumbent banks may be less open to financing FinTech start-ups.

- In addition, the prudential risks linked to the use of FinTech shouldn’t be only identified for established credit institutions (incumbent banks). It would be useful to also consider whether any potential system-wide issues could arise because new entrants are less burdened by regulatory requirements – often deriving from the new entrants’ choice of legal structure, which is designed to avoid the heavy regulatory burden of the financial sector. Small structures may be more exposed than credit institutions to some kind of risks (cyber risks, for example).

Concerning the approach to adopt, we fully support the Commission’s stance on FinTech, which relies on three core principles: technological neutrality, proportionality and market integrity.

In our view, the current supervisory and regulatory approach is too focused on individual financial products, such as mortgage loans. To facilitate provision of new breeds of customer friendly services, authorities should recognise the benefits of cross-selling of products and services. Bundled services and combined offers are often a prerequisite for new services that provide clear benefits for customers. It should be noted that beneficial bundling of financial products differs clearly from detrimental tying practices, which are is already forbidden in specific legislation (PAD, MCD, IDD and MiFID II).

Finally, we are surprised that the GDPR is not mentioned in the EBA DP as its impact could be important: new entrants may not be equipped to meet the responsibility and liability requirements that an effective sharing of data demands.
Technology in and of itself is neither positive nor negative – social benefit will only accrue from how technology is used by both regulated and non-regulated market players.

In our view, the EBA has well evaluated the opportunities for all the stakeholders resulting from technological innovation.

In particular, in terms of future opportunities, cost reduction due to efficient use of financial technology can be seen as one important positive factor. Credit institutions can become more competitive if they use new technology in the right manner. Cooperation with FinTech start-ups can provide more business opportunities to banks as well, and in some cases this cooperation already takes place.

FinTech could also facilitate a change of focus from products to customers and increase revenue from retail banking, commercial banking and corporate finance. A decrease in trading and sales costs, asset management and retail brokerage seems likely. The customer base could experience a growth by new multiple channels in conjunction with new cross-sectoral opportunities.

Among the opportunities for credit institutions listed in the Discussion Paper, the EACB welcomes the EBA’s draft recommendations on the use of cloud services by credit institutions and investment firms. We believe that they represent a first step forward in ensuring a common approach by regulators/supervisors regarding procedures and methodologies. Nevertheless, we would like to re-state, as said in our response to the consultation, that these draft recommendations should be set within the context of the cloud industry.

The adoption of cloud is slowed down by the lack of clarity on the legal constraints to comply with when using cloud services. The main barrier remains customers’ lack of confidence (e.g. banks). The leading cloud computing providers are major US companies such as Microsoft, Amazon, Google, Salesforce or Oracle. Banks, even major ones, are currently fragile in their negotiating position, cloud providers subjecting their services to standard terms and conditions. Customers, in particular banks, need to be confident that they have met their needs (technical and legal) when adopting cloud services. Therefore, a reference framework is required (please look at page 4 of our response to the EBA consultation on the draft recommendation here).

With regard to the threats, we believe an area of further reflection and possible action, which we were surprised not to see included in the EBA’s consultation document, is the impact of platforms, for instance, on the distribution of and access to services.

Moreover, as underlined in the discussion paper, in reason of the competitive pressure credit institutions may face stemming from other operators entering their traditional markets, business risk appears to remain one of the most important risks to manage for credit institutions. Differences in the regulatory treatment of FinTech firms, and particularly between incumbent credit institutions (all regulated) and some new entrants (not or less regulated), could create distortions of competition that could unfairly exacerbate the competitive pressure.

The banking industry faces digital challenges in competition with emerging technological players who do not have to face the heavy regulatory burden and prudential regulation imposed on the banking sector. As the EBA has observed, the different regulatory treatment of FinTech firms offering similar financial services as traditional credit institutions definitely could benefit from further investigation. This issue could potentially lead to level playing field issues and forum shopping for the most amenable regulatory treatment. We strongly believe that in any foreseen action or regulation the principle ‘same service, same risk, same rules’ should apply.
The issue should also be assessed globally. European banks should not be weakened on the global scene. As underlined in the report issued in August this year by the World Economic Forum (WEF) ‘Beyond Fintech: a pragmatic assessment of disruptive potential in financial services’, globally there are differences in the regulatory priorities. The example is given of the strong regulatory impetus for open data and consumer protection in Europe, putting incumbents under growing pressure.

Another risk, as well noted by in the Discussion Paper, are changes in customer loyalties, which could also influence the stability of institutions’ funding.

Finally and with regard to cybersecurity risks, we fully agree that a harmonisation of supervisory practices for assessing the management of cybersecurity risk by institutions across Member States would be highly appreciated. Nevertheless, the issue of cybersecurity is covered from two perspectives: ICT/cyber risk in critical infrastructures versus banking/cyber risk in critical infrastructures. A harmonisation should cover both approaches and achieve a general European position on cybersecurity.
We think that the issues identified by the EBA are all relevant.

We would like to stress the following points:

- Information and Communication (ICT) risks are one of the main worries as such, so a frequently updated heat map (or radar) on arising risks, threats and opportunities provided by the EBA would bring much added value.

- Payments should be given particular attention. According to the EBA mapping exercise, FinTech firms not subject to a regulatory regime under EU law mostly provide services in the context of payments; as a consequence, for this activity the possibility of distortion of competition is even greater in case of differences in the regulatory treatment.

- On PSD2, the delay of RTS on strong customer authentication and common and secure communication is causing uncertainty and increasing costs for all parties involved.

- On Blockchain and Distributed Ledger Technology (DLT), the EBA should consider the existing DLT applications: Bitcoin, Etherium, etc., especially to assess their conformity to PSD2 and accounting rules. Similar careful consideration should be given to the systemic risks of real-time transactions (see question 20 also).
EACB members believe that opportunities may lie in efficiency gains in third-party optimisation or even discontinuation of interfaces or physical storage by pure digital products.

For what concerns threats, we think that the major threats stem from the potential presence of unregulated and unsafe products in the market. Such products might for instance be used by customers without knowing their inherent risks, e.g. Bitcoin, or be portfolios marketed as day-to-day money accounts that still pay interest and are not sufficiently insured.

Moreover, new business models of FinTech firms could endanger the service offering and cause customer fluctuation with incumbent payment and electronic money institutions and could influence the stability of their funding.

We think it is also important to put payment institutions and electronic money institutions into a more global perspective. As acknowledged by the World Economic Forum (WEF) in its report ‘Beyond Fintech: a pragmatic assessment of disruptive potential in financial services’, payments businesses are experiencing intense pressure on margins and a challenging regulatory environment. The latter evolving very differently among jurisdictions, which could lead to regional distinctions between payments ecosystems.

As concluded by the WEF, the coming application of the PSD2 by January 2018 will greatly shift the payments landscape in Europe. It ‘will advance the development of new payment schemes in Europe but it is highly unlikely that changes to European payments will influence the regulation of US markets’.

It should be considered that while regulators are curtailing financial institutions’ control over access to their own core systems, lowering market power and shifting profits away from firms that oversee their own core systems (PSD2 in Europe), some US actors are growing and could take advantage of the situation. The BCBS consultation paper recognises that given their global position, their large customer base and the use of a vast amount of information about their customers to provide them with tailored financial services, big tech firms may have a considerable competitive advantage over their competitors, e.g. incumbent banks, in the provision of financial services.

This poses considerable problems in terms of ensuring a level playing field and protecting the viability and innovation capacity of the European financial and industrial ecosystem.
EACB members believe that the detailed examination is reasonable and the issues identified relevant.

We particularly welcome the EBA’s acknowledgement that credit institutions are facing a very challenging period in an environment of low profitability and huge competition.

As suggested in the BCBS survey, FinTech firms are engaged in a battle for customer relationship and customer data. Any framework developed in Europe should facilitate innovation counting on the strength of all FinTech firms (incumbent banks, non-banking FinTech/FinTech start-ups). In this context, it is important to ensure that regulation, which represents another challenge in itself (with significant investments at stake), does not hinder incumbents’ ability to innovate and transform themselves (distortion of competition).

As underlined in the paper, banks operate established and secure core systems and have to constantly invest to modernize IT systems. A new round of investment is necessary in order in particular to fully support instant transactions. If market incumbents must allow some degree of connectivity to newcomers, it is important to ensure that all market participants contribute to the appropriate level of investment in the underlying systems.

As already mentioned, in its report ‘A Pragmatic Assessment Of Disruptive Potential In Financial Services’, the WEF underlines that regulators are curtailing financial institutions’ control over access to infrastructure, lowering market power and shifting profits away from firms that oversee infrastructure, giving the example of PSD2 in Europe.

The EBA’s intention to further analyse the relationship between incumbent credit institutions and new players in the financial sector appears particularly relevant, as we are likely to see increasing cooperation and partnership among banks and new FinTech start-ups providing innovative products and services to the market. EACB members particularly welcome the EBA’s plan to hold interviews with a representative sample of credit institutions to understand the impact on credit institutions’ business models. EACB members look forward to being involved in the EBA’s interviews.

As noticed by the BCBS’ consultative document, among the scenarios presented, elements of the distributed bank scenario are playing out. In this scenario, incumbents, FinTechs and big tech companies operate as joint ventures, as partners or under other structures where delivery of services is shared across parties. Again, the best way to foster innovation in Europe will be to rely on the strengths of all actors and their complementarities and not to favour some of them.

It its important to once again restate that the Commission and all other European institutions involved in the different political, legislative and supervisory steps must always apply the principle of ‘same services, same activities, same risks, same rules and same supervision’ in order to ensure consumer protection and market integrity.

Among the open questions put forward in the WEF report as being able to shape the industry’s development, we believe the potential impact of the rise of digital identity in financial services and the capacity of firms to monetise the data flows available to them will be particularly relevant.

Last but not at least, it should be ensured that the European legislative framework is sufficiently competitive in an international environment.
Considering the landscape, while the advent of the internet and web-related technologies has had the benefit of reducing transaction costs for searching, evaluating and negotiating commercial relations, such efficiencies have also generated strong advantages for a handful of firms with huge economies of scale, resulting in nearly monopolistic structures in parts of the e-business economy such as Amazon, Google, Facebook, Alibaba or Tencent.

As said in question 6, in the distributed bank scenario presented in the BCBS paper, incumbents and FinTech companies are partnering with big tech firms, which then become relevant third-party providers in the financial system. And because of this, the BCBS recognises the importance of properly monitoring and assessing the concentration risk, given that big tech firms (GAFA and BAT) could become systemically important. Similarly, the WEF suggest in its report that as the dominance of large tech firms extends into finance, regulators need to consider the risk of market dominance even more strongly.

At the same time, the arrival of FinTech start-ups and the establishment of digital platforms has spurred innovation, accelerated the transformation of banks and opened the door to new win-win collaborations. Although there is some degree of competition, the complementary strengths and weaknesses of all FinTech firms (banks, non-banking FinTech/FinTech start-ups) mean that entities will often do better by cooperating rather than by competing.

As mentioned in the answer to Q6, banks and FinTech companies operate as joint ventures, partners or other structures. While there are still good reasons for banks to rely on internal IT departments, there is considerable potential to create value (for themselves and the economy at large) by nurturing an ecosystem of start-ups and technology innovators that can assist banks in developing shared platforms, thereby increasing resilience and cost-effectiveness of banking and payment systems.

Application Programming Interfaces (APIs) are key for all the players in this new landscape and bring to the foreground new models such as:

• Model bank as a platform: aggregation of functional components within a customer banking interface that is ‘user experience centric’;
• Model bank as a service: development of bricks integrated into platforms proposing financial services such as payment (e-merchants); and
• Bank as a code: integration of the banking service via a code integrated directly by the developers of customer products.

As acknowledged in the discussion paper, there are complementarities among actors. Banks have a lot to offer to FinTech start-ups, in particular, specific financial expertise (risk assessment, evaluation and management), scalability owing to their large customer base, as well as many years of experience in providing clients with operational security in a highly regulated sector, not to speak of financing needs. The respective strengths of both banks and FinTech start-ups mean that both will often do better by cooperating rather than by competing.
EACB members agreed with the EBA’s consideration to expand the work foreseen on incumbent credit institutions (i.e. to better understand the impact of FinTech on the business model of credit institutions) to also include in its scope payment institutions and electronic money institutions.

As stated in Q6 concerning the EBA’s proposed actions to understand the impact of FinTech on credit institutions’ business models, similarly we welcome the EBA’s foreseen actions focused on payment institutions and electronic money institutions, also given that – as well-noted in the EBA mapping exercise – FinTech firms not subject to a regulatory regime under EU law mostly provide services in the context of payments.

Moreover, we think that the scope of the study should be broad enough to cover global development including the involvement of big tech companies and their actual and possible future role in the market, since payment is even more global than banking and is a sector in which big tech companies invest today most concretely.

Again, the best way to foster innovation in Europe will be to rely on the strengths of all actors and their complementarities and not to favour some of them.
EACB members believe that the issues and concerned described in our response to Q7 and also highlighted by the BCBC paper and WEF report, can also applied in the case of payments. Particularly considering that the EBA’s mapping exercise stressed that FinTech firms are dominant in the provision of payments.

As seen in our response to Q7, it must be recognised that the arrival of FinTech start-ups has spurred innovation, accelerated the transformation of banks and opened the door to new win-win collaborations. FinTechs could bring solutions in the payments or securities space, too:

- DLT offers new opportunities/advantages (e.g. fewer intermediaries; ability for investors to face borrowers more directly (cost reduction, more transparency); leading to direct investment/better access to financing; new market opportunities due to process simplification) in any sector that needs or wants to offer more transparency, traceability and community building. DLT can provide for the development of more efficient trading platforms and payments systems. However, DLT is also at a very premature stage and its use holds several challenges for an implementation involving lots of clients (e.g. appropriation by the customer of the new trust approach; liability management to be defined; governance; integration in the internal banking ecosystem). DLT is the innovation where collaboration with other market players will most be needed as no DLT system will be possible without global and far-reaching collaboration;

- Interoperability is highly beneficial, provided it is developed in a way that ensures high levels of cybersecurity, data safety and customer protection. Many of our members are seeking collaboration with third parties in a win-win scenario in which banks and FinTechs start-ups develop customer-centric products that are at the same time secure, cost-effective and innovative. To this effect, a wide adoption of Application Programming Interfaces (APIS) will pave the way for a secure, competitive and innovative environment for financial services as is already the case today for many other online activities and interactions.

- Real-time payments: a number of banks have been reviewing new Blockchain-based payment protocols available on the market, such as Ripple, and experimenting with a proof of concept platform based on Ethereum. These solutions take advantage of the capabilities of Blockchain to execute payment obligations netting and enable real-time clearing without the involvement of correspondent banks on each transaction.

However, the EACB must caution that the growth of FinTech should not happen at the expense of financial and consumer protection as stipulated by the relevant EU and national legislation. The full benefits from technological innovation and healthy competition can only happen if the principle of ‘same services, same risks, same rules and same supervision’ is safeguarded.
A high level of consumer and customer protection is important regardless of the service provider. The core existence of financial services and institutions is based on public trust in the services provided.

We appreciate that the EBA acknowledges that the authorisation status of FinTech firms is crucial not only in terms of competition but also in terms of consumer protection. It seems difficult to envisage that 53% of FinTech firms could remain outside the EU framework (without any regime or with an unidentified or national one) considering the imperatives of stability of the financial system and protection of the consumer.

We agree with the way forward proposed by the EBA on the regulatory status of FinTech. We consider that the regulation applied to FinTech (start-ups and incumbents) should both foster innovation and ensure a high level of consumer protection. It is indeed necessary to ensure that consumers can easily determine who they are dealing with, what the firm’s regulatory status is and what specific rights they have as consumers, no matter which entity – start-up or incumbent – is providing the financial services. The principle ‘same activities, same risks, same rules and same supervision’ should always be applied to the entities concerned (start-ups and incumbents) in order to ensure consumer protection, to enhance consumer trust in innovative solutions and to avoid distortion of competition between incumbents that innovate and start-ups.

This level playing field should guarantee that the necessary consumer protection measures are in place and that consumers are not put at risk, irrespective of who is the provider.

The start-up nature of many FinTech providers may pose challenges to regulators. Many start-ups are doing a great job in innovating new services and concepts, but related consumer protection issues may not be in the heart of their core functions. We find it important that regardless of the size, nature, scale or complexity, financial services providers (including FinTech start-ups) comply with consumer protection standards.

In this context, it would be desirable to go further than the EBA’s recommendations by setting up similar procedures to rescript. Authorities would keep control over the application of regulations and make sure customer protection is effective:

• Certain practices authorised in a country are exported in countries which have not yet authorised the same practices or set rules. The rescript procedure, or equivalent, would allow competent authorities to reject practices if customer protection is not guaranteed;
• New players are rarely regulated and often are not even asked to have a recovery plan. The scope of regulation is sometimes difficult to establish on certain types of activities or services proposed by these new players.

The rescript procedure, or equivalent, would allow competent authorities to take a position on the scope of deregulation in the face of customer protection concerns.
It should not be forgotten that today cross-border operations are an exception and not the rule. According to the Eurobarometer 373 survey of 2012, as also confirmed by Eurobarometer 446 of 2016, the vast majority of financial products and services are purchased in the respondent’s own country because respondents feel they can buy everything they need in their own country. There is a very low demand for cross-border operations.

Moreover, as said in the BCBS paper and as shown by its survey, ‘There are few global providers for the fintech financial products and services reviewed and only limited examples of products and services being offered in more than one jurisdiction. It is difficult to determine whether this is driven by the complexity of managing across differing licensing and regulatory frameworks, or if the fintech business models have yet to achieve full penetration of domestic markets that would warrant the increased investment’.

As suggested in the EBA’s discussion paper, consumer protection laws are far from being harmonised across the EU Member States. We agree with the EBA’s conclusion that this could result in regulatory arbitrage and different levels of consumer protection across Member States.

We would also warn that aggravating factors also exist: even maximum harmonisation of consumer protection rules in retail financial services has not prevented a divergence in national legislations, particularly due to Member States’ growing tendency to gold-plate, either when transposing or in the extensive interpretations of the texts by national regulators, which prevents all European banks from being on a ‘level playing field’.

We see a need to extend the regulation in place to non-regulated FinTech firms in order to address cross-border issues: as already suggested in previous answers, any foreseen action or regulation should apply the principle ‘same service, same risk, same rules, same supervision’ in order to avoid non-regulated FinTechs from ‘cherry picking’ the jurisdiction with the most favourable regulatory regimes.

Among the EBA’s proposed activities to address cross-border consumer issues, we consider that information sharing among EU banking regulators/supervisors at the EBA’s level would help to collect issues that should be resolved through legislative change at European level rather than by each Member State leading to different legislative frameworks in the EU.

Having said the above, we believe that an even more pressing issue could be that of an international level playing field. Considering that providers from non-EU jurisdictions presently are bound by less stringent regulatory requirements and have thus been able to grow scale, they are in a good position to enter a harmonised EU market.
Firstly, the rules of international private law require that professionals comply with the consumer-protection rules of the consumer’s habitual country of residence when the professional directs his activities to a consumer from another Member State. This is a real brake for the development of cross-border operations as it would be very costly for banks to adapt their contracts to each Member State’s market.

Secondly, digital identity frameworks are currently not sufficiently developed and, to the extent they are mature, regulatory fragmentation across Europe regarding digital identity remains a big obstacle for a harmonised European framework such as eIDAS could be.

Thirdly, and finally, as acceptance of the means for identifying customers remains with the Member States, it is necessary to harmonise the European framework regarding the prevention of money laundering and terrorism financing (AML/CFT) to ensure the 4th Anti-Money Laundering Directive is implemented in a consistent way.
First of all, we sincerely appreciate the effort undertaken to scrutinise FinTech development and produce this paper.

EACB members believe that all competent authorities should be brought to a table to discuss the issues (concerted effort of EBA, ESMA and EIOPA). We also suggest having a ‘FinTech’ radar for banks of EU Member States to share knowledge and to be informed about current banking/FinTech products and services.

Concerning disclosure requirements, as acknowledged by the European Commission in its Green Paper on retail financial services and consequently in its Action Plan, several pieces of legislation at EU level have been adopted in recent years (e.g. MCD, CCD, PRIIPs, MIFID2, PAD, PSD2, etc.) to ensure that information disclosure is effective, transparent and comparable. The effects of this legislation have, however, not been measured yet because their implementation is not yet finished.

EACB members believe that no new regulation is required at the moment as it is preferable to make use of the existing comprehensive regulation protecting consumers. This recently adopted legislation must be given time to produce its effects before undertaking new measures. In line with the principles of better regulation, the impact and potential risks and benefits of new technologies are not well understood and need to be studied first before adopting new regulations, which may stifle innovation.

The accumulation and inflexibility of excessively detailed rules prevents banks from developing their products and services in line with new technologies, which has the effect of distorting competition with new, less regulated players.
Due to the increased cross-border nature of FinTech activities, having efficient, complete and consistent complaints-handling procedures is key.

EACB members agree that the findings of the EBA concerning non-regulated FinTech firms, which may have unsuitability or non-existing complaints-handling procedures, should receive attention.

Currently, regulations tend to assign to incumbent banks the role of ‘claim concentrator’ without fair compensation (notably in PSD2). As far as regulated FinTech firms (banks) are concerned, consumer protection is fulfilled thus:

• Thanks to the recent Directive on alternative dispute resolution for consumer disputes, low-priced mediation and reconciliation mechanisms will be expanded further;

• The Directive on Unfair Commercial Practices provide consumers with sufficient protection from any abusive sale of financial products;

• To help consumers to find an adequate redress mechanism in cross-border situations, the Financial Dispute Resolution Network (FIN-NET) was founded in 2001. The Commission, in its Consumer Financial Services Action Plan intends to prepare a campaign to raise consumer awareness of FIN-NET. EACB members fully support measures to expand the use of FIN-NET. Moreover, the possibility to use the existing Commission platform ‘Online Dispute Resolution mechanism’ should be encouraged.

We think that issues identified by the EBA are relevant. In particular, we do appreciate the reference made to liability. We think that in a situation where there is an interaction of multiple firms providing a service (as per the example made in the discussion paper on the offering of automated financial advice), clarity on who is responsible is essential for both the customer and all the parties involved in the provision of the service. It could be argued that the best approach for ensuring consumer protection is for banks to take a risk-based approach to mitigating and controlling for possible consumer protection risks.

Regarding the common contact point for complaints issue, EACB members believe that having a common contact point for complaints and complaint handling procedures could be a benefit that financial institutions could provide in cooperation with FinTech start-ups, most of which do not yet provide these features.

With regard to the way forward proposed by the EBA, EACB members believe that should the EBA proceed with some of the planned initiatives – notably guidelines on firms’ internal complaints handling procedures; update the existing cross-sectoral Joint Committee Guidelines for complaints handling for the securities and banking sectors; and opinion to the EU legislators – such initiatives should be principles-based in order to leave some flexibility for firms, which already have complaints handling procedures in place in line with the existing cross-sectoral Joint Committee Guidelines for complaints handling.

With regard to point d ‘management of complaints data’, we are hesitant to this proposal if it means a standardisation of complaints data and additional reporting obligations.
EACB members firmly believe that the EBA’s proposed way forward 120 a) and b), which are interlinked, are extremely important to accelerate digitalisation.

We support the EBA’s intention to conduct an in-depth review of EU legislation requirements that may restrict digitalisation. In our view, the priority should be to adjust the already adopted measures to the new digital technologies. Any measure taken in this field should benefit all financial services providers and should apply to all sales channels.

Indeed, digitalisation provides new challenges in relation to existing legislation. For example, according to different sectorial legislation, financial services providers have to provide customers with pre-contractual information through a standardised information format (SECCI, ESIS, KID…). These requirements are difficult to implement on websites and mobile channels (as also recognised by the Commission in its Green Paper) because service providers are not usually allowed to make any changes to these information sheets. Only the minimum content of information should be regulated. Basic information should not be too burdensome to fit the digital world. Furthermore, we would suggest reviewing the mandatory (pre-contractual) information with the aim to make the information clearer and shorter for consumers. If there are easements in the context of the content of the information, then these easements should be applicable for both new and incumbent providers and for all kinds of distribution channels. Moreover, the mandatory information should not have the effect of standardising products. The concept of a fertile innovation ecosystem with respect of data protection and security and the promotion of agility and simplification, no matter the players (incumbents or new ones), should be addressed.

The assessment of how information should be presented in the digital ecosystem is essential. It is worth recalling that in its Green Paper on retail financial services the European Commission underlines the need for proportionate information on retail financial service products.

The concept of ‘durable medium’ should be interpreted in a way that it is possible to make contracts and obey information requirements via digital channels. Most customers are not in favour of paper copies or CD-ROMs.

In addition to this, the use of electronic identity instead of handwritten signatures should be encouraged by different means. The possibility to have a common electronic identity like eIDAS in the public sector – even though the eIDAS as applied today shows that qualified signatures, if done on a server, have no security value added to the mechanism protecting access to the server signature (mostly mobile Transaction Authentication Number (TAN)) – should be investigated.

We are not convinced about some suggestions made by the EBA, such as imposing a time lag before a transaction can be executed or obliging providers to test ways for consumers to gain clarifications and/or procedures to evaluate consumers’ comprehension via quizzes. We believe that a catalogue of good practices from real-life applications and with consumer feedback might be helpful. This catalogue could be extended over time to include new ideas or adapt to new technologies.

Any new requirement on additional information to provide to the consumer should be considered with caution, particularly looking at the concrete impact on consumers.
As mentioned in Q15, digital identity frameworks are currently not sufficiently developed and, to the extent they are mature, regulatory fragmentation across Europe regarding digital identity remains a big obstacle for a harmonised European framework such as eIDAS in the public sector (keeping in mind the observation made on this in the previous answer).

Another obstacle is data localisation restrictions in some Member States. Something the Commission is looking at with the recent Regulation proposal on the free flow of data.
As rightly stated in the discussion paper, in the EU financial literacy remains very low and also varies widely, also due to different age distributions, mobile affinity, non-personal services averse, risk awareness, etc.

We welcome the way forward suggested by the EBA to continue to coordinate and foster national initiatives on financial literacy as financial education is everyone’s concern, specifically including public authorities, far beyond the framework of a mere banking relationship.

The EBA may recommend the European Commission organise information campaign on the new risks brought to consumers by digital channels and on the risk mitigation measures they should take in the digital environment.

It should be noted that social responsibility is among the key principles of co-operative banks. In this context, co-operative banks actively encourage, develop and promote a variety of initiatives on financial education/training programmes/workshops that are aimed at schools (e.g. children and teenagers) but also, for example, members of the boards of directors, in the areas of corporate governance, CSR, strategic planning and financial analysis, and also at their members and managers of local and regional banks.
Yes, EACB members believe that by increasing consumers’ knowledge and financial literacy it is possible to enhance trust in digital services and make them more comfortable when using services that are provided online in the digital form. The emphasis should be particularly put on an ageing people who are not considered as ‘digital natives’.

As stated for Q17, we support the EBA’s work to continue to coordinate and foster national initiatives on financial literacy. We do note, however, that the market is already active in providing financial literacy programmes and that the EBA should use these to reinforce its core task of regulation and ensuring the functioning of secure and fair markets as the best basis for customers to choose adequate protections.
We welcome the fact that the EBA looks at the phenomenon of robo-advice and artificial intelligence. Although automated financial advice can produce more reactive, real-time solutions for customers, for the time being it remains together with artificial intelligence a niche technology.

While interest is justified, it is much too early to make any statistically significant measurements about the use of automated financial advice and artificial intelligence today and as a consequence it is too early to propose guidelines/recommendations.

In principle, ‘automated financial advice’ is ‘financial advice’ and is covered by MiFiD2/MiFiR. Any definition of customer segmentation is based on the customer profile and not on the technology used.

With respect to consumer protection and as reported in the report and discussion paper of the EBA on the topics, the EBA has identified two main risks: namely a possible malfunctioning of the tool due to errors, hacking or manipulation of the algorithm or exclusion (of customers) due to micro segmentation. Even though we recognise the risks associated with the use of robo-advice, AI and big data analytics, we consider that any future initiative should not prevent their use, which has the potential to improve consumer protection through a better knowledge of the consumer’s personal situation.

We would like to stress that human reasoning should always be more valued than machine reasoning and reasonable exceptions to machine-generated decisions should always be implemented. The judgement on human behaviour should be based on human understanding, human reasoning and causality, not only on correlation.

For instance, a bank can be asked to give a customer credit, despite her/his history and AI analysis, because such customer is making a change in her/his life or profession and probably needs the credit to do so; this flexibility and ability to discern should guide banks’ behaviour as well as regulatory requirements and oversight.

Finally, it is also important to stress that although the characteristics of automated financial advice limit human intervention, access to an operator (via an online chat, mail or telephone) may be provided to help the customer along the process. This is very important, in particular where the customer’s financial or digital knowledge is low. It may be sufficient for a human to stand ‘at the end’ of every process. Of course, AI and big data analytics can be used throughout, but human intervention must always be possible.
EACB members believe that the issues identified are relevant.

As noted by the EBA as a result of its survey, resolution-related requirements on FinTech firms are not common and divergent practices are emerging across jurisdictions in respect of the requirements for FinTech firms to have a resolution/recovery plan.

Financial institutions are generally already familiar with resolution and recovery plans (in terms of BRRD) and thus could in partnerships with FinTechs support with competence.

We would also like to highlight that the availability and speed of financial transactions have risen significantly, which might create a considerable impact on systemic risks. Pro-cyclic effects might increase and markets might get even more nervous. Similarly, fraud risk may increase in an unprecedented way. The EBA should monitor and investigate these possible impacts caused by FinTech.
We agree that the lack of distinction between FinTech firms and non-FinTech firms in the AMLD and its predecessor has caused a wide range of approaches from Member States on this topic in the EU. We think that the missing harmonisation in combination with the cross-border movement of services over the internet is raising questions that need to be answered at EU level. We also ascertain that this situation has made it more difficult for financial institutions to employ innovative and/or FinTech solutions to fulfil their AML/CDD obligations, which we think could not only – as suggested by the EBA –potentially hamper the development of FinTech firms using innovative CDD solutions, but also represent a big obstacle for a harmonised European digital identity framework such as eIDAS.

As expressed previously in our answers, we are in favour of providing for a broad scope of possible methods to be used in the process of digital on-boarding, ranging from those notified in line with the eIDAS Regulation to others. As different national requirements still apply to the remote identification of customers, in our view, as a first step, harmonisation is required, notably to allow for digital on-boarding including via video. The financial industry’s compliance obligations (i.e. KYC, AML, etc.) could be more efficient if there were a regulatory framework that allowed public/private institutions (indistinctly) to provide services related to KYC.

Moreover, in our view the EBA’s finding that, considering the EU’s AML/CFT framework, not all FinTech firms have been designated as ‘obliged entities’ in all Member States, even where they provide similar services to firms that have been designated as such, is a huge issue for scrutiny.

This being said, reading Art. 18(3) of Directive (EU) 2015/849, which states ‘When assessing the risks of money laundering and terrorist financing, Member States and obliged entities shall take into account at least the factors of potentially higher-risk situations set out in Annex III’, in conjunction with the list of factors and types of evidence of potentially higher risk listed in Annex III (point (2) letter (e): ‘Product, service, transaction or delivery channel risk factors: new products and new business practices, including new delivery mechanism, and the use of new or developing technologies for both new and pre-existing products;’), we can conclude that FinTech firms might be classified as an ML/FT high-risk business by nature.

EACB members think there must be a clear definition on the categorisation of ‘obliged entities’ under the AMLD, to make the coverage of FinTechs transparent – hence avoiding the possibility of loopholes for fraudulent vehicles.

For this reasons, EACB members share the EBA’s view that it may be appropriate to explore further how different national approaches to classifying FinTech firms for AML/CFT purposes influence the money laundering and terrorist financing risks affecting the internal market. Surveying national approaches could help to define a common perimeter of Fintech firms ‘obliged entities’ to AML/CFT for all European Member States.

Indeed, the BCBS in its survey warns that financial players may be outside the scope of banking sector regulation and subject to less stringent AML/CFT rules than are banks. If not proportionate to the AML/CFT risks, these regulatory gaps or loopholes may lead to some distortion of competition, which may violate the level playing field principle and lead to increased potential for financial crime.

We also think that the EBA should look into already existing, more or less unregulated systems such as Bitcoin, or even more anonymous Zerocoin, Monero or Hawala systems.
EACB members believe the most critical money laundering and terrorist financing risks concerning FinTechs arise from alternative payment services, trading, virtual currencies and other payment instruments, crowdfunding and crowdinvesting. The source of funds is a basic element of the Know-Your-Customer-Principle and therefore one of the most crucial parts of daily AML work. If the risk-based approach and the AML regulations do not apply to FinTechs, the consequence will be competitive disadvantage for obliged entities and a setback of money laundering regulation in general. Fighting money laundering and terrorist financing would be aggravated if the banking industry standards for continuous monitoring of the customer and his transactions, built over years, were to be lowered or simply not applied to FinTech firms.

Systems in the DLT field that feature the promise of total anonymity might also attract money-laundering activities. Peer-to-peer transactions require some kind of monitoring when there is the risk of bypassing regulation and oversight.

Recent cases of identity theft and phishing are also a matter of concern for financial institutions that worry about losing the trust of their customers once a security breach surfaces.
As already mentioned in our answer, the differences in the transposition of Directive 2005/60/EC by Member States on financial institutions’ ability to carry out customer identification and verification remotely and through digital means could not only be an obstacle for some FinTech firms entering the market but also for the set-up of an harmonised European digital identity framework.
European Association of Co-operative Banks (EACB)