This month, we have seen the EBA publish a discussion paper on its approach to FinTech following a FinTech mapping exercise undertaken this spring. The paper sets out the areas where the EBA see potential regulatory risks arising from FinTechs and where future work should be focused. In particular they identify the following as areas for further analysis:
- Authorisation and sandboxing regimes;
- Impact on prudential and operational risks for credit institutions, electronic money institutions and payment institutions;
- Impact of FinTech on the business models credit institutions, electronic money institutions and payment institutions;
- Consumer protection and retail conduct of business issues;
- Impact of FinTech on the resolution of financial firms; and
- Impact of FinTech on anti-money laundering and counter-terrorism financing.
Some of the key areas of focus include concerns around forum shopping for the most amenable regulatory regime and how the varying regulatory status of FinTech firms may lead to consumer rights issues. The EBA highlights complaints handling procedures, consumer rights in cross-border provision of services and inadequate disclosures to consumers in the digital environment as potential consumer rights risks for FinTech firms.
The EBA proposes producing an opinion comparing the regulatory treatment of selected activities with a view to reviewing the perimeter of regulation, including the nature of regulated activities prescribed in EU law and level playing field and consumer protection issues. While further guidance on the application of regulation would help provide clarity, it remains unclear whether the EBA intend to strengthen the perimeter and bring more FinTech services within current regulation and how national authorities would interpret such an opinion.
Although overall FinTechs are viewed as beneficial for competitiveness and innovation, the EBA also raises concerns around the impact FinTech firms will have on the risk profile and business models of credit institutions, electronic money institutions and payment institutions. These include issues such as increased operational risk (i.e. cybersecurity issues, outsourcing risk and data privacy breaches) and increased solvency risk levels caused by competitors operating through cheaper infrastructure models. Current EBA proposals are limited to identifying and analysing potential risks and providing training for supervisors, however, they also suggest that this may result in future updates to EBA Guidelines for supervisors.
In the AML/CTF space, the EBA discusses the potential conflict between AML/CTF obligations on financial institutions and the desire to employ innovation and/or FinTech solutions. The EBA, with ESMA and EIOPA, intend to issue an opinion on the use of FinTech for AML/CFT compliance purposes, aimed at contributing to a harmonised approach across the EU. Given the recent implementation of 4MLD and the proposed 5MLD changes currently being discussed, an opinion from European Supervisory Authorities on the interplay between FinTech and AML/CFT would contribute to a greater understanding of how financial institutions can comply with their obligations while continuing to foster innovation and customer-centric developments.
Comments on the discussion paper can be made until 6 November 2017 and a public hearing will be held on 4 October 2017. The EBA will then review the responses with the aim of deciding on further steps to take during 2018.