The Covid-19 pandemic has radically accelerated a digital transformation in financial services.
During the resultant lockdowns, consumers of financial services have become increasingly dependent on digital technologies such as online banking and FinTech solutions. The increased reliance on digital finance has spurred on innovation but has also exposed consumers to certain risks and raised some concerns relating to financial stability. These recent events and several preceding communications such as the 2018 FinTech Action Plan (COM (2018)109 final), provide the backdrop to the European Commission’s adoption of the Digital Finance Package in September 2020. The Digital Finance Package has two parts:
- A Digital Finance Strategy (COM (2020) 591 final); and
- A Retail Payments Strategy (COM (2020) 592 final).
The Digital Finance Strategy
The Digital Finance Strategy sets out general lines on how the EU can support the digital transformation of finance in the coming years, while regulating its risks. The strategy has 4 main priorities that will promote digital transformation in the EU up to 2024:
1. Removing fragmentation in the Digital Single Market: So that new customers can access financial services quickly and easily (known as “customer on boarding”), anti-money laundering (AML) and counter-terrorism financing (CTF) rules will be harmonised throughout the EU. Electronic identification and trust services for electronic transactions (e-IDAS) rules will be revised with a view to allowing customer data to be reused (i.e. subject to informed customer consent). Furthermore, licensing and passporting regimes will be harmonised to enable the scaling up of digital financial services across the EU Single Market.
2. Adapting the EU regulatory framework to facilitate digital innovation: The existing EU regulatory framework for financial services will be supplemented by the following proposed legislation:
- A proposal for a regulation on markets in crypto-assets (COM(2020) 593) (“MiCA”). MiCA will introduce a bespoke regime for crypto-assets not covered by existing financial services legislation, as well as e-money tokens. Rules will be introduced on capital requirements, custody of assets, a mandatory complaint holder procedure available to investors, and rights of the investor against the issuer. Issuers of significant asset-backed crypto-assets (so-called global ‘stablecoins’, such as Facebook’s Libra) will be subject to more stringent requirements.
- A proposal for a regulation on a pilot regime on distributed ledger technology (DLT) market infrastructures (COM(2020)594 (the “Pilot Regime”). The Pilot Regime will allow for experimentation through temporary derogations for the use of DLT in the trading and post-trading of crypto-assets that qualify as financial instruments, where existing legislation precludes or limits their use. These temporary derogations will allow regulators to gain experience on the use of DLT in market infrastructures, while ensuring that they can deal with risks to investor protection, market integrity and financial stability.
- A proposal for a regulation on digital operational resilience for the financial sector (COM (2020)595) (“DORA”). DORA will introduce a comprehensive framework on digital operational resilience for EU financial entities. ICT third-party service providers to financial entities will fall within its scope. This is important given potential systemic risks entailed by increased outsourcing to a limited number of critical ICT third parties, such as cloud computing service providers.
- A further measure is that by 2024, the Commission aims to clarify supervisory expectations about how the legislative framework on financial services should apply to artificial intelligence (AI) applications
3. Promoting data-driven innovation in finance by establishing a common financial data space: The Commission will propose legislative amendments to require information that is publicly released under EU financial services legislation to be made systematically available in machine-readable formats. It will also put in place the necessary conditions to enable the use of innovative technologies such as RegTech’ tools to facilitate reporting by regulated entities, and ‘SupTech’ tools to facilitate supervision by supervisory authorities. A legislative proposal will enable the sharing and use of customer-permissioned data by banks and 3rd party providers to create new services (known as ‘Open Finance’).
4. Addressing the challenges and risks with digital transformation: The Commission will propose the necessary adaptations to the existing financial services legislative framework with respect to consumer protection and prudential rules. The purpose of this will be to protect end-users of digital finance, safeguard financial stability, protect the integrity of the EU financial sector and ensure a level playing field between existing financial institutions and new market participants, paying particular attention to the principle “same activity, same risk, same rules”.
The Retail Payments Strategy
The Retail Payments Strategy aims to further develop the European payments market so that Europe can benefit fully from innovation and the opportunities that come with digitalisation. It focuses on 4 key pillars which are closely interlinked:
1. Increasingly digital and instant payment solutions with pan-European reach: The Commission has set out several key actions in this regard, which include (amongst others):
- A review of the Single Euro Payments Area (SEPA) Instant Credit Transfer (SCT Inst.) Scheme to determine whether it would be appropriate to propose legislation requiring payment service providers to adhere to the scheme by the end of 2021; and
- To closely monitor cases of non-compliance with the SEPA Regulation (for instance, refusals of cross-border SEPA Direct Debit Transactions, known as ‘IBAN discrimination’) and to launch any necessary infringement procedures.
2. Innovative and competitive retail payments markets: At the end of 2021, the Commission will launch a review of the application and impact of the Payment Services Directive (PSD2) which has enabled new business models based on the sharing of payment account data (known as ‘Open Banking’).
A key aspect of PSD2 is that it requires payment service providers to implement ‘strong customer authentication’ (SCA) when users access their payment accounts and complete transactions online. SCA requires user authentication based on the use of two or more of the following elements: (1) something only the user knows, such as a password; (2) something only the user possesses, such as a phone; and (3) something the user is, such as by way of fingerprint/face recognition.
The Commission will consider SCA’s impact on the level of payment fraud in the EU and explore whether additional measures should be considered to address new types of fraud, in particular with regard to instant payments. The Commission will also examine the existing legal limits on contactless payments, with a view to striking a balance between convenience and fraud risks. It will evaluate any new risks stemming from unregulated services, especially technical services ancillary to the provision of regulated payment or e-money services and assess whether and how these risks can best be mitigated. It is also proposed to align the PSD2 and E-Money Directive (EMD2) frameworks by including the issuance of e-money as a payment service in PSD2.
3. Efficient and interoperable retail payment systems and other support infrastructures: In parallel with its ongoing and future competition enforcement, the Commission will examine whether it is appropriate to propose legislation aimed at securing a right of access under fair, reasonable and non-discriminatory conditions, to technical infrastructures considered necessary to support the provision of payment services. An example of such infrastructure is smartphones’ in-built ‘Near-Field Communication’ (NFC) chips which are often used to enable contactless payments to be made. On 15 December 2020, the Commission proposed a regulation on contestable and fair markets in the digital sector (known as the Digital Markets Act) which, if enacted, would require manufacturers of devices using such infrastructure, to provide access to it under equal conditions to third party providers of ancillary services and related software applications.
4. Efficient international payments, including remittances: The Commission’s objective is for cross-border payments involving non-EU countries, including remittances, to become faster, more affordable, more accessible, more transparent and more convenient. This will also encourage greater use of the euro and strengthen its position as a global currency. The Commission believes that a mix of actions at global and jurisdiction-specific level is required. For example, where feasible, the Commission expects payment system operators, to facilitate linkages between European instant payment systems and instant payment systems adopted by 3rd countries which have an appropriate level of consumer protection, fraud and AML/CTF prevention and interdependencies risks mitigation measures.
The Digital Finance Strategy makes it clear that digital finance will play a key part in the EU’s post-Covid-19 recovery plan. The strategy is a demonstration of the European Commission’s intent to lead the way globally in respect of the regulation of markets in crypto-assets, to ensure the digital operational resilience of the financial sector and to clarify supervisory expectations on the application of financial services regulation to artificial intelligence (AI) applications. Data-driven innovation in finance will be important in the coming years and Open Finance is now firmly on the horizon, although the precise shape of the regulatory framework that will be applied to it remains a matter of speculation.
Similarly, the Retail Payments Strategy recognises that Covid-19 has further reinforced the shift to digital payments and confirmed the vital importance of safe, accessible and convenient (including contactless) payments for remote and face-to-face transactions. A clear emphasis of the strategy is the review of the application and impact of the Payment Services Directive (PSD2) and in particular the provisions relating to consumer protection and prevention of fraud. Interoperability of retail payment systems and other support infrastructures is also high on the agenda, including rights of access under fair, reasonable and non-discriminatory conditions to technical infrastructures considered necessary to support the provision of payment services.