ESCB/European banking supervision response to the European Commission’s public consultation on a new digital finance strategy for Europe/FinTech action plan

ESCB/European banking

supervision response to

the European

Commission’s public

consultation on a new

digital finance strategy for

Europe/FinTech action plan

August 2020

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Contents

Executive summary 2

Introduction 5

1 Digital finance in the context of the pandemic crisis 7

2 The ECB’s general approach to digital finance 9

3 The ECB’s views on the priority areas identified by the Commission 11

3.1 The ECB’s views on Commission priority 1: ensuring that the

EU financial services regulatory framework is fit for the digital

age 11

3.2 The ECB’s views on Commission priority 2: enabling consumers

and firms to reap the opportunities offered by the EU-wide

Single Market for digital financial services by removing

fragmentation 12

3.3 The ECB’s views on Commission priority 3: promoting a

well-regulated data-driven financial sector for the benefit of EU

consumers and firms 14

ANNEX: The ECB’s response to the European Commission’s

questionnaire 15

General questions 15

1 Ensuring a technology-neutral and innovation friendly EU financial

services regulatory framework 18

2 Removing fragmentation in the single market for digital financial services 32

3 Promote a well-regulated data-driven financial sector 42

4 Broader issues 61

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Executive summary

This European System of Central Banks (ESCB)/European banking supervision

response (hereafter referred to as “the ECB response”) has been approved by the

Governing Council of the European Central Bank (ECB) and was prepared with the

assistance of national central banks (NCBs) and national competent authorities

(NCAs) and in consultation with the Supervisory Board of the ECB. A separate ESCB

response has addressed considerations regarding payments in the context of a

specific consultation of the European Commission on a retail payments strategy for

the European Union (EU), launched on the same day as this consultation.

The ECB broadly supports the priority areas identified by the European

Commission in the consultation document to foster the development of digital

finance in the EU, which have gained further in importance in the light of the recent

coronavirus (COVID-19) pandemic crisis, namely: (1) ensuring that the EU financial

services regulatory framework is fit for the digital age; (2) enabling consumers and

firms to reap the opportunities offered by the EU-wide Single Market for digital financial

services by removing fragmentation; (3) promoting a well-regulated data-driven

financial sector for the benefit of EU consumers and firms; and (4) enhancing the

digital operational resilience framework for financial services. As regards the latter

priority, the ECB has provided a separate contribution in the context of the specific

consultation launched by the Commission on this matter.

While the ECB recognises that financial technology (“fintech”) and innovation

may bring significant benefits for financial institutions, their customers, the

financial system and the broader economy, the digital transformation of the

banking sector has to be performed taking due account of the risks related to

the use of innovative technologies. The pandemic crisis has acted as a catalyst to

accelerate the already planned digitalisation efforts of the financial sector as well as

the further transformation of their business models, and has also highlighted additional

challenges and risks for financial institutions.

The ECB follows a technology-neutral approach to its areas of competence,

including banking supervision and the oversight of payment systems, in accordance

with the SSM Regulation and the Treaty on the Functioning of the European Union.

The ECB’s role is to ensure the safety and soundness of the banking sector,

maintaining a high standard of prudential supervision and oversight of payment

systems, schemes and instruments, irrespective of the particular business model or

the application of any particular technological solution. The ECB aims to maintain a

level playing field for banking services, and follows the guiding principle of “same

activity, same risks, same supervision and regulation”. In its role as catalyst in the field

of payments, the ECB fosters an innovative market for euro payments in cooperation

with the relevant stakeholders and pursues the objectives of strategic autonomy and

resilience.

“European banking supervision” refers to the Single Supervisory Mechanism (SSM) in view of the NCA

involvement in the preparation of this response.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

The ECB has responded to the evolving challenges and risks arising from

financial innovation on multiple fronts. On the central banking side, consistent with

its mandate to ensure financial stability and the smooth functioning of payment

systems, the ECB is monitoring and assessing the implications of fintech and actively

exploring new technologies that may prove useful in supporting the ECB’s functions.

On the banking supervision side, the ECB is assessing the evolving business models

and looking into the related new risks and challenges that banks are facing due to

innovation and digitalisation, and is closely monitoring banks’ related risk

management practices and internal governance also in the light of the current

pandemic crisis. In the same vein, the Eurosystem is also currently reviewing its

oversight frameworks for payment instruments.

One important challenge in relation to digital finance will be to reassess the

dependence of European financial service providers on non-EU providers of

critical services and technical infrastructures (e.g. the “cloud”), while EU-based

global players have struggled to emerge. This could lead to banks’ reliance on a few

non-EU service providers and possible concentration issues at both entity and

systemic levels.

In the context of the current regulatory framework, different entities which could

perform to a certain extent similar activities, such as credit institutions, e-money

institutions and payment institutions, are subject to various regulatory and supervisory

frameworks, either at national or European level. As this trend is accelerated by

innovation and digitalisation, this framework may need to be reviewed to ensure a

level playing field and maintain the principle of “same activity, same risks, same

supervision and regulation”. Moreover, as part of its oversight role over payment

systems, instruments and schemes, the ECB envisages enhancing its cooperation

with national authorities supervising payment service providers (PSPs).

As regards the above-mentioned priorities of the European Commission, the ECB

considers that:

• While the current EU financial services regulatory framework is already

broadly technology neutral, it should support fair competition and ensure

a level playing field in digital financial services, while addressing

associated risks and also reinforcing the need to develop strong risk

management at the firm level. Important areas for improvement would be to

enhance clarity on the application of existing laws and regulations to innovative

technologies and related business models, and to diminish the fragmentation

resulting from different legal and regulatory frameworks and industry standards

across EU Member States, in order to foster the Internal Market, the

pan-European application of standards and a level playing field.

• With regard to facilitating the use of digital financial identities throughout the EU,

the ECB fully endorses the mandatory use of unique identifiers, based on

internationally recognised global standards including legal entity identifiers

(LEIs), unique transaction identifiers (UTIs) and unique product identifiers (UPIs).

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

• The ECB supports the need for enhanced cooperation throughout the EU

on different schemes such as regulatory sandboxes and innovation hubs,

and acknowledges the benefits of fostering an open dialogue between

supervisors and supervised entities. This may encourage banks (and other

financial entities) to launch innovative solutions, while being able to monitor the

accompanying risks in a controlled environment.

• The ECB considers that open finance can have implications for the

supervised banks, at both entity and systemic levels and also as regards the

nature of the cooperation between these banks and new potential actors, such as

third-party providers. In this respect, the ECB is adapting its supervisory

approach towards the regulated entities to the new landscape that the revised

Payment Services Directive (PSD2) has enabled, also in anticipation of the next

developments. While open finance and the use of alternative data (such as data

from public sources) can enable the modernisation of banks’ internal processes,

it should however be ensured that customer data sharing, also with third-party

providers, meets clear legal requirements and fulfils security standards.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Introduction

On 3 April 2020, the European Commission launched a public consultation covering a

range of issues that fall under the umbrella term “digital finance”, aiming to contribute

to the new EU FinTech action plan to be published later this year.

The Commission

seeks to identify if there is a need to adapt the current regulatory framework or to

launch new initiatives, against the backdrop of a rapidly evolving financial landscape,

driven by a fast uptake of technologies by incumbent firms and the entrance into the

market of new players (including technology companies).

The ECB welcomes this consultation in view of the key relevance of digital finance for

the entire financial sector. Enhanced technological possibilities and changing

customer demands have affected markets and businesses worldwide, including the

European financial sector. In line with the European Commission’s objectives, the

ECB considers that it is essential for Europe to manage, regulate and supervise the

financial system in a way that promotes and protects Europe’s values and financial

stability.

Against this background, this ECB response, which has been approved by the

Governing Council of the ECB, was prepared with the assistance of ESCB committees

and of NCAs through the internal structures of the ECB and in consultation with the

Supervisory Board of the ECB. The Annex specifies the views of the ECB regarding

various questions raised by the European Commission in its consultation

questionnaire. The ECB has focused its response on the questions falling within its

central banking and banking supervision tasks and has not expressed views on

aspects which do not relate to its mandate (e.g. consumer protection). In order to

ensure consistency, the term “ECB” will be used throughout the response to express

these views.

The European Commission has identified the following priorities:

1. ensuring that the EU financial services regulatory framework is fit for the digital

age, i.e. technology neutral and innovation friendly;

2. enabling consumers and firms to reap the opportunities offered by the EU-wide

Single Market for digital financial services by removing fragmentation;

3. promoting a well-regulated data-driven financial sector for the benefit of EU

consumers and firms;

4. enhancing the digital operational resilience framework for financial services.

Priority 4 is not covered in this ECB response since this priority and related questions

were covered in a previous European Commission public consultation launched in

The current consultation follows two previous European Commission public consultations launched in

December 2019, focusing on crypto-assets and digital operational resilience respectively. The

Commission has also launched a specific consultation on a retail payments strategy for the EU, in parallel

to the present one. All four consultations contribute to informing the European Commission in view of a

new digital finance strategy for Europe/FinTech action plan to be published in the third quarter of 2020.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

December 2019 on digital operational resilience for which the ECB has provided a

separate contribution.

Furthermore, considerations regarding payments are addressed in a specific

consultation of the European Commission on a retail payments strategy for the EU

launched on the same day as the present consultation and for which a specific ESCB

response has been submitted.

The ESCB response identifies a need for coordinated

action on multiple fronts to reinforce the EU’s independence and competitiveness in

the field of payments. In this respect, the successful roll-out of instant payments is a

strategic priority that could benefit to an equal degree from mandatory adherence to

the SEPA Instant Credit Transfer scheme and from adding instant credit transfers to

the list of services of the Payment Accounts Directive

, under certain conditions. The

ESCB response also encourages the Commission to revise the Settlement Finality

Directive (SFD)

so that adequately supervised or overseen entities (e.g. e-money

and payment institutions) become eligible to directly access SFD-designated payment

systems, while at the same time avoiding the creation of undue risks for payment

systems. Similarly, the ESCB supports taking regulatory action to ensure open access

to key technical infrastructure services (e.g. mobile device capabilities) based on

transparent, objective and non-discriminatory criteria that take into account security

standards, oversight and supervisory requirements. The ESCB response stresses the

importance of satisfying the needs of all EU citizens by preserving access to, and

acceptance of, cash at the point of sale.

See the “European System of Central Banks response to the European Commission’s consultation on a

retail payments strategy for the EU” on the ECB website.

Directive 2014/92/EU of the European Parliament and of the Council of 23 July 2014 on the comparability

of fees related to payment accounts, payment account switching and access to payment accounts with

basic features (OJ L 257, 28.8.2014, p. 214).

Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality

in payment and securities settlement systems (OJ L 166, 11.6.1998, p. 45).

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

1 Digital finance in the context of the pandemic crisis

Financial technology (“fintech”)

may bring significant benefits for financial

institutions, their customers, the financial system and the broader economy.

The emergence of fintech has led to changes in their business models. Fintech can

improve the customer experience, enabling for example digital onboarding, the use of

online customer interfaces, and the roll-out of services and products in a more

affordable and efficient manner. The application of artificial intelligence (AI), coupled

with the large volumes of data now available, can also help financial institutions

improve many of their back-office functions. More generally, fintech has a significant

potential to enhance the competitiveness of the EU financial sector by deepening the

Internal Market and fostering the capital markets union. As pointed out by the

European Commission

, strong and innovative digital capacities in the financial sector

will help improve the EU’s ability to deal with emergencies such as the COVID-19

outbreak. On the other hand, this digital transformation has to be performed taking due

account of the risks related to the use of innovative technologies.

The pandemic crisis has highlighted the need for banks

and financial market

infrastructures (FMIs) to avail of mature digital capabilities to deliver products

and services. In this respect, banks have adjusted their operations, ensuring

business continuity and enabling them to continue to provide services on a

cross-border basis.

These are not new phenomena for the banking sector, but the

crisis is acting as a catalyst to accelerate the already planned digitalisation efforts of

banks as well as the further transformation of their business models.

It is still too early to tell how the post-pandemic landscape will look.

Nevertheless, this crisis has also highlighted additional challenges and risks for banks,

PSPs and FMIs. As they transfer their processes to contingency environments, their

exposure to cyber threats increases, as does the risk of IT failures. Banks’ IT systems

must be resilient enough to withstand the current heavy reliance on remote working

and servicing. Furthermore, digitalisation strategies require sufficient means, a due

implementation supported by knowledgeable staff, measured by financial and

non-financial risk metrics, and adequate governance procedures. Finally, updating or

even replacing legacy IT systems may require significant efforts, especially if banks

use multiple IT systems which are linked together.

The euro area central banks and supervisors are closely monitoring how technological

changes and innovation affect financial markets and banks. As further explained

below, the ECB will continue to engage with the banking industry, in order to

adequately tailor its supervisory approach and its approach to oversight, also with a

Fintech is a term used throughout the response to refer to financial technology – in the ECB’s view an

umbrella term for any kind of technological innovation used to support or provide financial services that

could result in changes to business models, applications, processes or products.

See the consultation document (page 8) on the European Commission’s website.

The terms “bank” and “credit institution”, as defined in Article 4(1) of Regulation (EU) No 575/2013 of the

European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions

and investment firms, are used interchangeably.

See also the blog post by Pentti Hakkarainen, Member of the Supervisory Board of the ECB, entitled “The

first lesson from the pandemic: state-of-the-art technology is vital”, 8 May 2020.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

view to ensuring that the euro area banking sector is in a position to face the

challenges of the new post-pandemic environment.

It is up to banks however to face this new reality, shift to greater digitalisation and step

up their innovation efforts, in order to meet changing customer demands, with

adequate risk management procedures in place. If banks adopt an agile, responsible

and risk-based approach towards innovation, they could face the increased

competition in the financial sector and amend their value proposition, streamline their

internal processes and become more cost efficient, ensuring the sustainability of their

business models.

For further information, see Box 4 of the “ECB Annual Report 2019”.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

2 The ECB’s general approach to digital finance

Regarding innovation and technology in the digital finance area – and in line

with its principles – the ECB follows a technology-neutral approach to

supervision and oversight. The ECB’s role is to ensure the safety and soundness of

the banking sector, maintaining a high standard of prudential supervision, irrespective

of the application of any particular technological solution. With regard to its oversight

role

, the ECB is currently revising its harmonised oversight approach, which sets

common oversight standards for payment instruments and schemes. The new

framework includes, besides payment schemes, the assessment of payment

arrangements providing different technological solutions. The aim is to evaluate the

associated risks and mitigate them regardless of technological implementation.

The ECB has responded to the evolving challenges and risks arising from

financial innovation on multiple fronts. On the central banking side, consistent

with its mandate to ensure financial stability and the smooth functioning of payment

systems, the ECB is monitoring and assessing the implications of fintech and actively

exploring new technologies that may prove useful in supporting the ECB’s functions.

Profitability pressures stemming from competition with technology companies are

being amplified by banks’ needs for investment in digitalisation, which requires time to

yield net benefits. Growing interlinkages with firms could mean that any disruptions

might have systemic implications for the financial system unless adequate safeguards

are put in place. Another important challenge in relation to digital finance will be to

reassess the dependence of financial institutions on non-EU providers of critical

services and technical infrastructures (e.g. the cloud), while EU-based global players

have struggled to emerge. This could lead to banks’ reliance on a few non-EU service

providers at both the entity and systemic levels. On the banking supervision side,

the ECB is looking into the new risks and challenges that banks are facing due to

innovation and is closely monitoring their risk management practices, also in light of

the current pandemic crisis. The risks associated with the use of fintech are not limited

to IT. The ECB is therefore adapting its methodological toolbox, reflecting on the

technologies used and providing supervisory recommendations across all prudential

risk categories, including governance, business model and operational risk.

The ECB’s ongoing work within the euro area aims to foster a common approach to

fintech-related risks, ensure a consistent supervisory approach across the euro area

and open a dialogue with the industry

, also in view of its mandate in relation to the

authorisation and supervision of banks in the euro area.

The ECB aims to maintain a

level playing field for banking services and financial services more generally, and

According to the

Eurosystem oversight policy framework, the Eurosystem pursues three complementary

approaches to promote the safety and efficiency of FMIs, namely: (i) owning and operating FMIs;

(ii) conducting oversight activities; and (iii) acting as a catalyst. The term “FMI” encompasses, inter alia,

payment systems, and clearing and settlement systems. Furthermore, as payment instruments and

payment schemes are an integral part of payment systems, the Eurosystem includes these in central

bank oversight of payment systems.

See the ECB Banking Supervision website.

In accordance with Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks

on the European Central Bank concerning policies relating to the prudential supervision of credit

institutions, the ECB has the tasks to, amongst others, decide on common procedures for credit

institutions in the euro area, perform direct supervision of significant institutions in the euro area and

oversee the functioning of the system.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

follows the guiding principle of “same activity, same risks, same supervision”

and

regulation. This means that similar activities that generate similar risks require the

same regulatory treatment and supervisory approach, in order to ensure consistency.

This has also been reflected in the regulatory framework and supervisory approach

further specified in the SSM Supervisory Manual. While the ECB does not prescribe

how banks should conduct their business, supervisors look into the risks related to the

bank’s activities and if they are adequately managed. In this regard, the ECB is

proactively engaging with banks to gain knowledge of their transformation process

and take-up of innovative technological solutions. This work in relation to digital

transformation and the use of innovative technologies is conducted by assessing

banks’ business model changes and related risks. The work on fintech supervision has

also been made part of the SSM supervisory priorities for 2020

to assess banks’

business models in the light of increasing digitalisation and related risks such as IT

and cyber risks.

Therefore, it is of utmost importance to assess the risks and benefits arising from new

technologies in the increasingly digital and changing landscape. The ECB is

continuously adapting its supervisory (and oversight) approach vis-à-vis fintech,

leveraging on knowledge gained through industry dialogues and exchanges with other

authorities. In this regard, the ECB’s supervisory approach will benefit from the

support of legislation that is technology neutral and addresses the new landscape and

risks related to digitalisation and innovation.

In the context of the current regulatory framework, different entities which could

perform to a certain extent similar activities, such as credit institutions, e-money

institutions and payment institutions, are subject to varying regulatory and supervisory

frameworks, either at national or European level. As this trend is accelerated by

innovation and digitalisation, this framework may need to be reviewed to ensure a

level playing field and maintain the principle of “same activity, same risks, same

supervision and regulation”. Moreover, as part of its oversight role over payment

systems, schemes and instruments, the ECB envisages enhancing its cooperation

with national authorities supervising PSPs.

See the speech entitled “A binary future? How digitalisation might change banking” by Andrea Enria,

Chair of the Supervisory Board of the ECB, at the banking seminar organised by De Nederlandsche

Bank, Amsterdam, 11 March 2019.

See the “SSM Supervisory Priorities 2020” on the ECB Banking Supervision website.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

3 The ECB’s views on the priority areas identified by the

Commission

As mentioned above, the ECB broadly supports the priority areas identified by the

Commission in relation to digital finance and the related policy work to spur the

development of digital finance in the EU. Indeed, this is in line with the ECB’s priority to

remain technology neutral, while taking into account new benefits and risks related to

innovation and digitalisation. The ECB’s views on the consultation’s questions in

relation to the three priorities in question are further specified below.

3.1 The ECB’s views on Commission priority 1: ensuring that the EU

financial services regulatory framework is fit for the digital age

In the ECB’s view, the European Commission’s priority appears to be in line

with the current EU financial services regulatory framework, which is already

broadly technology neutral. However, in matters of regulation, technological neutrality

is not a means in itself: it needs to be balanced against the risks that the free use of

technological innovation may entail. The EU financial services regulatory framework

should support fair competition in digital financial services, while addressing

associated risks and also reinforcing the need to develop strong risk management at

the firm level. Furthermore, the development of digital finance should take into

consideration wide accessibility of basic financial services and the technologies that

underpin them.

The ECB supports a technology-neutral approach to regulation, supervision

and oversight.

While remaining mindful that new technologies do not undermine

common standards and interoperability, the ECB does not attempt to steer the market

in one direction or the other when it comes to the use of particular technologies.

Recent developments in technologies and financial market players suggest that the

regulatory framework should be further clarified and adapted to the new digital reality

to preserve and enhance the level playing field of the EU financial system in the

evolving landscape. For example, the entrance of technology companies into the

financial services sector, big technology (“big tech”) companies in particular,

has raised concerns that the principle of “same activity, same risks, same

supervision” and regulation could be undermined.

Should big tech companies

decide to enter financial services on a large scale, and especially into the retail market,

it has to be ensured that risks associated with their activities are appropriately

captured and addressed in the regulatory framework.

See also the panel remarks “On supervisory architecture” by Andrea Enria, Chair of the Supervisory

Board of the ECB, at the Financial Stability Institute 20th anniversary conference, Basel, 12 March 2019.

See also the speech entitled “A binary future? How digitalisation might change banking” by Andrea Enria,

Chair of the Supervisory Board of the ECB, at the banking seminar organised by De Nederlandsche

Bank, Amsterdam, 11 March 2019.

Ibid.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Through the licensing process

and the ongoing supervision of banks in the euro

area (both significant and less significant institutions), it can be observed that certain

aspects of the supervision of banks’ use of innovative technologies and

digitalisation strategies require enhanced attention, touching on various topics.

These topics include: (i) the increased use of cloud service providers, leading to

concentration (both idiosyncratic and systemic) among a few providers, including big

tech companies; (ii) the use of AI for a range of functions, e.g. credit scoring and

robo-advice, to ensure the performance of the models and also prevent bias; (iii) the

move towards an open banking model to enhance the effective and safe use of

available data; (iv) the use of distributed ledger technology (DLT) for certain activities,

such as trade finance, requiring a good governance of the platforms and an

understanding of the technologies; and (v) regulatory technology (regtech), for the

purpose of meeting regulatory requirements, reporting, supporting compliance and

enhancing risk management in a credit institution.

The ECB is continuously adapting its supervisory approach to banks’ use of

innovative technologies, leveraging on knowledge gained through its own

experience with advanced technologies, industry dialogues and exchanges

with other authorities in the European and global fora. The ECB’s objective is to

promote a common understanding of fintech-related risks and ensure that they are

assessed in a consistent manner across the euro area.

Overall, the ECB considers that important areas for improvement would be to

enhance clarity on the application of existing laws and regulations to innovative

technologies and related business models, and to diminish the fragmentation resulting

from different legal and regulatory frameworks and industry standards across EU

Member States, in order to foster the Internal Market, the pan-European application of

standards and a level playing field. In this regard, targeted amendments to

legislation, interpretative guidance and a periodic review of existing rules would

be useful to ensure that the EU framework remains effective and technology neutral.

While the ECB sees some benefits in bespoke regimes for nascent technologies, such

as DLT, these will have to be balanced against the risks of their leading to a complex

and potentially inconsistent regulatory framework.

3.2 The ECB’s views on Commission priority 2: enabling consumers and

firms to reap the opportunities offered by the EU-wide Single Market

for digital financial services by removing fragmentation

A level playing field is of utmost importance to fully reap the opportunities of an

EU-wide Single Market for digital financial services. This requires, among other things,

building up reliable legal and monitoring frameworks. An important step in that

direction would be a generally accessible real-time European business register,

whether centrally managed or as a digitally linked network of national registers. Such a

See “Guide to assessments of fintech credit institution licence applications”, ECB Banking Supervision,

September 2017.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

institutions, preferably LEIs.

In this context and with regard to facilitating the use of digital financial identities

throughout the EU, the ECB fully endorses the mandatory use of different

identifiers, based on internationally recognised global standards including LEIs, UTIs

and UPIs, which is crucial to reap the benefits of and speed up the comprehensive

digitalisation and automation of processes in financial services. With regard to the LEI,

the ECB considers that it is a key and indispensable element of digital financial

identities, and that it should be leveraged and used to the greatest extent possible. In

that context, it should be noted that the European Systemic Risk Board has set up a

task force to prepare a recommendation on the establishment of an EU legislative

framework for greater adoption of LEIs across the EU, requiring all legal entities in the

EU to have an LEI and that each entity’s LEI is also mandatory for financial transaction

and public reporting. The ECB is of the view that the various aspects of the European

Commission’s identified framework, in relation to providing rules and guidance at an

EU level, are relevant and justified, and can create greater efficiency of such

frameworks.

In addition, the ECB supports the need for enhanced cooperation throughout the

EU on different schemes such as regulatory sandboxes and innovation hubs,

and acknowledges the benefits of fostering an open dialogue between supervisors

and supervised entities. The ECB notes that regulatory sandboxes are under

development in various Member States. While the setting-up of an EU-wide

sandbox would be a task for the legislator to decide on, such an initiative, as well

as national initiatives, would need to be in line with the European regulatory framework

and the division of competences contained therein, as well as the ECB’s mandate for

licensing credit institutions and supervising credit institutions.

Therefore, the ECB

welcomes the European Commission’s initiatives to address cross-border aspects

when European entities operate in such schemes, in order to ensure a harmonised

approach and foster a level playing field.

With regard to the use of passporting to scale up activities across the Member States,

the ECB welcomes the work of the European Banking Authority (EBA) on potential

impediments to the cross-border provision of banking and payment services.

The

ECB supports further work by the Commission/EBA on the cross-border

provision of services, which is especially relevant for digital finance. Currently,

only some Member States have defined a framework for credit institutions to provide

cross-border financial services using intermediaries (e.g. branches) in another

Member State and the respective notification process. The ECB is of the view that

additional clarity could be helpful in this area to ensure a consistent approach

throughout the EU and foster the ease of cross-border operations which are especially

relevant for digitally operating credit institutions.

See also the speech entitled “Innovation and digitalisation in payment services” by Yves Mersch, Member

of the Executive Board of the ECB, at the Second Annual Conference on “Fintech and Digital Innovation:

Regulation at the European level and beyond”, Brussels, 27 February 2018.

“Report on potential impediments to the cross-border provision of banking and payment services”,

European Banking Authority, 29 October 2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Finally, taking a broader perspective, the ECB supports the cooperation throughout

the EU in the context of other initiatives, e.g. those aiming to monitor the fintech

phenomenon in Europe and related statistical initiatives.

3.3 The ECB’s views on Commission priority 3: promoting a

well-regulated data-driven financial sector for the benefit of EU

consumers and firms

The ECB considers that open finance can have implications for the supervised

banks, at both the entity and systemic levels and also as regards the nature of the

cooperation between these banks and new potential actors, such as third-party

providers. The revised Payment Services Directive (PSD2)

has created a new

environment for access to payment account data, as well as the potential for

added-value services. These data can now be shared with competitors, including

non-banks. At the same time, technological developments have made big data, cloud

services and AI algorithms more accessible, increasing the value of data for banks.

Against this background, the ECB is adapting its supervisory approach towards the

regulated entities to the new landscape that PSD2 has enabled, also in anticipation of

the next developments.

With respect to consent-based access to personal data and data sharing in the

financial sector, in the ECB’s view, alternative data sources such as public data

could be useful in providing insights, even though supervisory decisions or actions

cannot be taken based directly and solely on such data, also in view of data quality

issues. However, data generated by means of advanced technologies can

complement the data collected by traditional means. For instance, alternative data

from the news and social media can be used for sentiment analysis. Some alternative

data sources are public and, in this sense, bring the benefit that they are widely

accessible with limited or no confidentiality restrictions.

See, for example, “IFC Report on central banks and fintech data issues”, Bank for International

Settlements, February 2020.

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on

payment services in the internal market (OJ L 337, 23.12.2015, p. 35).

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

ANNEX:

The ECB’s response to the European

Commission’s questionnaire

General questions

Question 1

What are the main obstacles to fully reap the opportunities of innovative technologies

in the European financial sector (please mention no more than 4)?

Please also take into account the analysis of the Expert Group on Regulatory

Obstacles to Financial Innovation

in that respect.

The ECB considers the following to be the most important areas for improvement, so

that European financial service providers can fully reap the opportunities that have

arisen from the emergence of innovative technologies:

1. Enhance clarity on the application of existing laws and regulation to innovative

technologies and related business models. Some technological innovations

entail a degree of legal uncertainty, which could hinder the uptake of innovation

by financial service providers. The uncertainty stemming from the lack of a stable

legal taxonomy in this area, taking into account new innovative applications in the

financial sector for the performance of financial activities and for the delivery of

products and services, as well as the specific requirements related to the use of

innovative technologies, could subsequently lead to uncertainty as to the

regulatory and supervisory regime applicable to newcomers as well as

incumbents, including with regard to anti-money laundering (AML) and

know-your-customer (KYC) requirements. For instance, regarding the General

Data Protection Regulation (GDPR) and other relevant legislation, guidance

would be needed on the application of the requirement for erasure in DLT

platforms, as well as on the issue of specificity of user consent in AI models.

2. Diminish the fragmentation due to different legal and regulatory frameworks

and industry standards across EU Member States, in order to foster the Internal

Market, the pan-European application of standards and a level playing field.

3. Reassess the dependence of financial institutions on providers of critical digital

services (e.g. cloud-based services) and technical infrastructures, which are

mostly non-EU providers. At the same time, EU-based global players have

struggled to emerge.

“Final report of the Expert Group on Regulatory Obstacles to Financial Innovation: 30 recommendations

on regulation, innovation and finance”, European Commission, 13 December 2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

4. Enhance the assessment of risks and benefits arising from new

technologies, in view of the increasingly digital and changing landscape.

The ECB is continuously adapting its supervisory and oversight approach to

fintech, leveraging on knowledge gained through its own experience in applying

advanced technology, industry dialogues, exchanges with other authorities and

participation in fora focused on innovation, such as the European Forum for

Innovation Facilitators (EFIF). The objective is to promote a common

understanding of fintech-related risks among supervisors and legislators and to

ensure that they are assessed in a consistent manner within the EU.

Question 2

What are the key advantages and challenges consumers are facing with the

increasing digitalisation of the financial sector (please mention no more than 4)?

For each of them, what if any are the initiatives that should be taken at EU level?

The ECB refrains from answering questions in relation to consumer protection.

Building on previous policy and legislative work, and taking into account the

contribution digital finance can make to deal with the COVID-19 emergency and its

consequences, the Commission services are considering four key priority areas for

policy action to spur the development of digital finance:

1. ensuring that the EU financial services regulatory framework is

technology-neutral and innovation friendly;

2. reaping the opportunities offered by the EU-wide Single Market for digital

financial services for consumers and firms;

3. promoting a data-driven financial sector for the benefit of EU consumers and

firms; and

4. enhancing the operational resilience of the financial sector.

Question 3

Do you agree with the choice of these priority areas?

Yes

Don’t know / no opinion / not relevant

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 3.1

Please explain your answer to question 3 and specify if you see other areas that would

merit further attention from the Commission:

Subject to the following remarks, the ECB supports the European Commission’s

choice of priority areas, which appear to be broadly justified and consistent with the

legal framework related to EU financial services regulation.

Specifically, the EU financial services regulatory framework is already broadly

technology neutral. Looking at the legal framework governing the banking sector, the

Capital Requirements Regulation and Directive (CRR/CRD)

package does not

include any provisions regarding preferential treatment in relation to banks using

innovative technologies. In addition, the revised Markets in Financial Instruments

Directive (MiFID II)

speaks of a “system” in the context of defining regulated

markets, multilateral trading facilities (MTFs) or organised trading facilities (OTFs)

without distinguishing in terms of the technology they deploy. Equally, from a

payments and post-trading perspective, the revised Payment Services Directive

(PSD2)

, the Settlement Finality Directive (SFD)

, the Systemically Important

Payment Systems Regulation (SIPSR)

, the European Market Infrastructure

Regulation (EMIR)

and the Centralised Securities Depository Regulation (CSDR)

describe a “system” in contractual rather than technological terms. As a regulatory

focus, technological neutrality – especially in an open market economy with free

competition, such as the Single Market – is conducive to innovation-friendly regulatory

outcomes.

However, in matters of regulation, technological neutrality should not be viewed in

isolation; instead, it needs to be balanced against the risks that the free use of

technological innovation may entail. There are several examples where the EU

legislator regulated technological developments differently due to their novel risks. For

instance, MiFID II seeks to ensure that algorithmic trading or high-frequency

algorithmic trading techniques do not create a disorderly market and cannot be used

for abusive purposes. Similarly, while the GDPR

acknowledges that the increased

Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on

prudential requirements for credit institutions and investment firms (OJ L 176, 27.6.2013, p. 1) and

Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the

activity of credit institutions and the prudential supervision of credit institutions and investment firms

(OJ L 176, 27.6.2013, p. 338).

Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in

financial instruments (OJ L 173, 12.6.2014, p. 349).

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on

payment services in the internal market (OJ L 337, 23.12.2015, p. 35).

Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality

in payment and securities settlement systems (OJ L 166, 11.6.1998, p. 45).

Regulation of the European Central Bank (EU) No 795/2014 of 3 July 2014 on oversight requirements for

systemically important payment systems (ECB/2014/28) (OJ L 217, 23.7.2014, p. 16).

Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC

derivatives, central counterparties and trade repositories (OJ L 201, 27.7.2012, p. 1).

Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on

improving securities settlement in the European Union and on central securities depositories (OJ L 257,

28.8.2014, p. 1).

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the

protection of natural persons with regard to the processing of personal data and on the free movement of

such data (OJ L 119, 4.5.2016, p. 1).

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

scale of collection and sharing of consumers’ personal data due to technological

developments brings new challenges for the protection of personal data (e.g. in

relation to DLT and erasure), it calls upon technology to facilitate the free flow of

personal data within the EU and to ensure a high level of data protection. Therefore,

the European Commission’s consultation paper identifies priority areas which are in

line with technological neutrality and innovation friendliness.

In addition, EU regulation should support fair competition in digital financial services.

Technology-neutral regulation also serves this objective. Furthermore, the

development of digital finance should take into consideration wide accessibility of

basic financial services and the technologies that underpin them.

A further priority area could be to harmonise substantive rules related to digital finance

(e.g. formation of digital contracts, transfer of crypto-assets, whether outright or by

way of collateral, cross-border technical acceptance of eID/eSignature solutions, legal

validity of smart contracts and blockchain-registered transactions). Considering the

likely challenges, an incremental approach would seem more advisable, placing the

emphasis on the regulation of the cross-border aspects of digital finance activities.

The accessibility of basic financial services by all user groups (including vulnerable

groups) should also be considered as a relevant issue, as well as digital inclusion,

because increased digitalisation of financial services requires new skills of users and

adequate access to technologies.

1 Ensuring a technology-neutral and innovation friendly EU

financial services regulatory framework

Question 4

Do you consider the existing EU financial services regulatory framework to be

technology neutral and innovation friendly?

Yes

Don’t know / no opinion / not relevant

Question 4.1

If not, please provide specific examples of provisions and requirements that are not

technologically neutral or hinder innovation:

Overall, the ECB considers that the current EU framework is technologically neutral,

as banks need to fulfil the same requirements depending on the specificities of their

business model and risk profile, while on this basis proportionality can also be applied

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

(for specific examples that this may not be the case, please refer to the report of the

Expert Group on Regulatory Obstacles to Financial Innovation).

In line with the above-mentioned report, it should be analysed to what extent the

current framework for financial services is technology neutral and able to

accommodate fintech innovation and whether it needs to be adapted, also with a view

to making the framework suitable for further innovations within the financial sector.

The ECB is of the view that interpretative guidance, targeted amendments and a

periodic review of existing rules would be useful to ensure that the EU framework

remains technology neutral also going forward, given the change of the nature of

banks’ business models as a result of innovation and digitalisation.

Question 5

Do you consider that the current level of consumer protection for the retail financial

products and services established by the EU regulatory framework is technology

neutral and should be also applied to innovative ones using new technologies,

although adapted to the features of these products and to the distribution models?

Yes

Don’t know / no opinion / not relevant

Question 5.1

Please explain your reasoning on your answer to question 5, and where relevant

explain the necessary adaptations:

The ECB expresses no views on this question.

“Final report of the Expert Group on Regulatory Obstacles to Financial Innovation: 30 recommendations

on regulation, innovation and finance”, European Commission, 13 December 2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Identifying areas where the financial services regulatory framework

may need to be adapted

Question 6

In your opinion, is the use for financial services of the new technologies listed below

limited due to obstacles stemming from the EU financial services regulatory

framework or other EU level regulatory requirements that also apply to financial

services providers?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Distributed Ledger

Technology (except crypto-

assets)

Cloud computing

Artificial Intelligence/

Machine learning

Internet Of Things (IoT)

Biometrics

Quantum computing

Other

If you see other technologies whose use would be limited in the financial services due

to obstacles stemming from the EU financial services legislative framework, please

specify and explain:

In terms of other technologies, the ECB believes that application programming

interfaces (APIs) provide advantages for banks, including potential improvements to

efficiency, data standardisation, privacy, as well as data protection, in comparison to

other techniques (e.g. screen scraping). Banks have been internally relying on APIs

for many years. They traditionally maintain multiple systems to run their operations

and APIs enable the communication among these. Recently, the focus has turned to

external APIs. The use of APIs, in the context of PSD2 but also beyond, is increasing

in banks, especially those that intend to monetise their APIs via different models. To

achieve interoperability of external APIs, the ECB considers that a clear and

consistent regulatory framework for APIs, as well as their standardisation, where

possible, would be beneficial. In this context, further discussions also including

relevant stakeholders may be necessary.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 6.1

Please explain your answer to question 6, specify the specific provisions and

legislation you are referring to and indicate your views on how it should be addressed:

Regarding DLT (except crypto-assets), the ECB believes that the existence of

harmonised definitions, legal clarity (e.g. on the governance of the platform and

applicable law) and standardisation, where possible, would be beneficial for the

expansion of DLTs in banking solutions and FMIs.

At the beginning of 2019, the EBA published a guideline on outsourcing

arrangements.

This guideline also integrated the 2017 EBA recommendations on

outsourcing to cloud service providers. The ECB has actively contributed to the

elaboration of this guideline. It contains no significant restrictions on the usage of

cloud services. Nevertheless, further action could be taken to strengthen the legal

certainty for industry participants on the use of cloud computing in the financial sector

and its effective supervision, in particular in the area of standardisation of services and

contracts, and requirements in relation to the location of data, as well as the providers’

facilities.

“Final Report on EBA Guidelines on outsourcing arrangements”, European Banking Authority,

25 February 2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 7

Building on your experience, what are the best ways (regulatory and non-regulatory

measures) for the EU to support the uptake of nascent technologies and business

models relying on them while also mitigating the risks they may pose?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Setting up dedicated

observatories to monitor

technological and market trends

(e.g. EU Block chain Observatory

& Forum; Platform Observatory)

Funding experimentation on

certain applications of new

technologies in finance (e.g. block

chain use cases)

Promoting supervisory innovation

hubs and sandboxes

Supporting industry codes of

conduct on certain applications of

new technologies in finance

Enhancing legal clarity through

guidance at EU level for specific

technologies and/or use cases

Creating bespoke EU regimes

adapted to nascent markets,

possibly on a temporary basis

Other

Please specify what are the other ways the EU could support the uptake of nascent

technologies and business models relying on them while also mitigating the risks they

may pose:

While the ECB sees some benefits in bespoke regimes for nascent technologies (such

as the use of blockchain), there are also risks of their leading to a complex and

possibly inconsistent regulatory structure and provisions in different EU Member

States. Similarly, the creation of regimes applicable on a temporary basis may be

relevant for nascent markets, but could also increase regulatory uncertainty in relation

to provisions related to nascent markets (e.g. new innovative players in the field of

lending, wealth management). Therefore, enhancement of the European regulatory

framework may be necessary to ensure a level playing field.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Assessing the need for adapting the existing prudential frameworks

to the new financial ecosystem, also to ensure a level playing field

Question 8

In which financial services do you expect technology companies which have their main

business outside the financial sector (individually or collectively) to gain significant

market share in the EU in the five upcoming years?

Please rate each proposal from 1 to 5:

(very low

market

below 1%)

(low

market

(neutral)

(significant

market

share)

(very

significant

market

share above

25%)

N.A.

Intra-European retail payments

Intra-European wholesale

payments

Consumer credit provision to

households with risk taking

Consumer credit distribution to

households with partner

institution(s)

Mortgage credit provision to

households with risk taking

Mortgage credit distribution to

households with partner

institution(s)

Credit provision to SMEs with risk

taking

Credit distribution to SMEs with

partner institution(s)

Credit provision to large

corporates with risk taking

Syndicated lending services with

risk taking

Risk-taking activities in Life

insurance products

Risk-taking activities in Non-life

insurance products

Risk-taking activities in pension

products

Intermediation / Distribution of

life insurance products

Intermediation / Distribution of

non- life insurance products

Intermediation / Distribution of

pension products

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Other insurance related activities,

e.g. claims management

Re-insurance services

Investment products distribution

Asset management

Others

Please specify in which other financial services you expect technology companies to

gain significant market share in the EU in the five upcoming years:

It should be examined to what extent fintech ecosystem companies and financial

services platforms might start gaining additional market share in the next years as a

result of their offering and a combination of various aforementioned financial services.

Question 8.1

Please explain your answer to question 8 and, if necessary, describe how you expect

technology companies to enter and advance in the various financial services markets

in the EU Member States:

Technology companies could deploy various strategies to become more active in the

payments market. They could build on existing payment infrastructure, cooperate with

existing PSPs, or choose to offer their own payment solutions on a newly developed

proprietary or third-party infrastructure. In the latter case, new solutions may also have

a negative impact on market integration. Technology companies could also enter new

markets by taking over successful start-up companies. In Europe, for the most part,

technology companies offer technical services to banks and PSPs both at the front

end (e.g. electronic wallets) and back end (e.g. cloud services) of the payments value

chain. The ECB believes that technology companies could pursue a more prominent

role in payment service provision. Large technology companies with cross-border user

bases may develop new global payment schemes/arrangements by using new and

innovative technologies/assets. Technology companies’ strategies could be potentially

broader than the provision of new payment instruments/arrangements (e.g. extending

to eID solutions). However, at this stage, it is not possible to estimate these

companies’ market share in five years’ time. Ultimately, the technology companies’

expansion in financial services would depend on the underlying business model of the

technology company.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 9

Do you see specific financial services areas where the principle of “same activity

creating the same risks should be regulated in the same way” is not respected?

Yes

Don’t know / no opinion / not relevant

Question 9.1

Please explain your answer to question 9 and provide examples if needed:

In relation to the banking sector:

Any entity in the euro area that accepts deposits and offers loans to the public is

supervised as a credit institution and hence must adhere to the applicable regulation.

Only the ECB can grant licences to such institutions.

The entrance of service providers such as technology companies into the financial

services sector, more specifically big tech companies, has raised concerns that the

principle of “same activity, same risks, same supervision and regulation” could be

undermined. Should big tech companies decide to start providing financial services on

a large scale, and especially in the retail market, this could significantly transform the

financial landscape. Big tech companies provide services to a large customer base

and can leverage on economies of scale and their presence on multiple markets to

offer financial services to both consumers and merchants, as well as gaining access to

large amounts of user data that can be exploited for credit rating purposes and

targeted marketing. At the same time, these service providers could deliberately

choose their product characteristics to circumvent the existing regulation, potentially

undermining the applicability of the “same activity, same risks, same supervision and

regulation” principle.

At the current juncture, in the euro area at least, the ECB witnesses that big tech

companies are partnering with banks or providing ancillary services. Examples of the

former include Google Pay and Apple Pay, services which are being rolled out across

the EU with benefits for the participating banks, but also for the big tech companies

that would not need to meet the regulatory requirements themselves, and of course for

consumers. Some big tech companies are also key providers of cloud services for

banks.

Nevertheless, as mentioned elsewhere in the ECB’s answers (see, for example,

Question 10 and Question 12), it is important that we remain vigilant in this respect

In line with its mandate in Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific

tasks on the European Central Bank concerning policies relating to the prudential supervision of credit

institutions (OJ L 287, 29.10.2013, p. 63).

See also the speech entitled “A binary future? How digitalisation might change banking” by Andrea Enria,

Chair of the Supervisory Board of the ECB, at the banking seminar organised by De Nederlandsche

Bank, Amsterdam, 11 March 2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

and are prepared at an EU level to consider adjusting the regulatory perimeter if and

when big tech companies should increasingly offer banking services, such as lending

to consumers and/or small and medium-sized enterprises (SMEs), to ensure that the

risks related to these services are adequately addressed (including concentration

risks), and in a similar manner across the various institutions providing those services,

as well as in the various European jurisdictions.

Question 10

Which prudential and conduct risks do you expect to change with technology

companies gaining significant market share in financial services in the EU in the five

upcoming years?

Please rate each proposal from 1 to 5:

(significant

reduction

in risks)

(reduction

in risks)

(neutral)

(increase

in risks)

(significant

increase in

risks) N.A.

Liquidity risk in interbank

market (e.g. increased volatility)

Liquidity risk for particular

credit institutions

Liquidity risk for asset

management companies

Credit risk: household lending

Credit risk: SME lending

Credit risk: corporate lending

Pro-cyclical credit provision

Concentration risk for funds

collected and invested (e.g. lack

of diversification)

Concentration risk for holders

of funds (e.g. large deposits or

investments held in a bank or

fund)

Undertaken insurance risk in

life insurance

Undertaken insurance risk in

non-life insurance

Operational risks for

technology companies and

platforms

Operational risk for incumbent

financial service providers

Systemic risks (e.g. technology

companies and platforms

become too big, too

interconnected to fail)

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Please specify which other prudential and conduct risk(s) you expect to change with

technology companies gaining significant market share in financial services in the EU

in the five upcoming years:

The ECB does not provide any views on this matter.

Question 10.1

Please explain your answer to question 10 and, if necessary, please describe how the

risks would emerge, decrease or increase with the higher activity of technology

companies in financial services and which market participants would face these

increased risks:

The ECB notes that consideration should be given to the possible entrance of big tech

companies into the financial services market. They can draw upon the vast amounts of

data from their wide customer base and combine this with their extensive use of

innovative technologies to better tailor their product offering. Big tech companies have

the potential to quickly gain a significant market share, which could lead to significant

concentration risks and, in the event of operational failures and targeted cyberattacks,

could have a systemic impact on the financial system as a whole, thus increasing

financial stability risks.

Incumbent financial institutions are reacting to this changing environment by

transforming their business models. This could imply, for instance, transforming the

bank itself into a fully fledged digital institution, establishing a stand-alone digital bank

or partnering with non-bank fintech or big tech companies to deliver certain products,

creating ecosystems where financial institutions, fintech start-ups and service

providers cooperate. In relation to its oversight and supervisory mandates, the ECB

does not attempt to steer the market in one direction or the other. Our aim is to

maintain a level playing field in financial services. Our guiding principle is “same

activity, same risks, same supervision and regulation”.

Therefore, the evolving

business models and the application of new technologies are being monitored with

regard to the related risks and banks’ risk management processes.

The security and operational resilience of the financial sector can be affected in a

number of ways by the increased use of new technologies. Overall, it can be expected

that the increased presence of technology companies will create more operational

complexity and add intermediaries in the financial sector, also increasing third-party

See also the speech entitled “A binary future? How digitalisation might change banking” by Andrea Enria,

Chair of the Supervisory Board of the ECB, at the banking seminar organised by De Nederlandsche

Bank, Amsterdam, 11 March 2019.

Money-laundering and

terrorism financing risk

Other

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

dependencies. This may raise systemic risk, as operational problems that arise in one

country may spread to other countries. A complicating factor in this respect may be

that the presence of such companies in many countries may reduce the insight of

national overseers and prudential supervisors into the type and scale of financial

activities taking place within their jurisdictions. As the pace of technological innovation

increases, the financial sector will see more often the introduction of innovative

technology which has not been intensively market-tested and is therefore inherently

more risky from an operational point of view. At the same time, the accelerated

adoption of new technologies could also enhance the resiliency of the sector. For

example, the use of cloud services could, under certain conditions, improve

operational systems’ availability, scalability and resilience compared with what can be

achieved with on-premises data centres.

A competitive attitude of market players should not result in a deterioration of business

operating conditions which could increase operational risks due to underinvestment in

IT security.

The reliance on external technology providers increases the surface of attack, thereby

potentially facilitating the propagation of disruptions. However, some specialised

technology companies have a strong interest in ensuring a high level of cyber and

operational resilience, as the provision of technology services is their core business.

Lastly, when EU financial service providers increasingly rely on (critical) services

offered to them by non-EU technology firms, EU sovereignty with regard to those

services (e.g. the ability to regulate and supervise those non-EU service providers)

decreases. The same applies when non-EU technology firms replace EU financial

service providers for services to EU citizens and businesses (for example, when

non-EU big tech companies’ market share in offering retail payment services

increases).

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 11

Which consumer risks do you expect to change when technology companies gain

significant market share in financial services in the EU in the five upcoming years?

Please rate each proposal from 1 to 5:

(significant

reduction in

risks)

(reduction

in risks)

(neutral)

(increase

in risks)

(significant

increase in

risks N.A.

Default risk for funds

held in non-banks and

not protected by Deposit

Guarantee Scheme

Liquidity risk

Misselling of insurance

products

Misselling of investment

products

Misselling of credit

products

Misselling of pension

products

Inadequate provision of

information

Inadequate complaint

and redress process and

management

Use/abuse of personal

data for financial

commercial purposes

Discrimination e.g.

based on profiles

Operational risk e.g.

interrupted service, loss

of data

Other

Please specify which other consumer risk(s) you expect to change when technology

companies gain significant market share in financial services in the EU in the five

upcoming years:

The ECB refrains from providing a response in relation to consumer risks.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 11.1

If necessary, please describe how the risks would emerge, decrease or increase with

the higher activity of technology companies in financial services and which market

participants would face these increased risks:

The ECB does not provide an answer to this question.

Question 12

Do you consider that any of the developments referred to in the questions 8 to 11

require adjusting the regulatory approach in the EU (for example by moving to more

activity-based regulation, extending the regulatory perimeter to certain entities,

adjusting certain parts of the EU single rulebook)?

Yes

Don’t know / no opinion / not relevant

Question 12.1

Please explain your answer to question 12, elaborating on specific areas and

providing specific examples:

Technology companies have entered into the financial services sector, thereby

allowing them to remain outside the remit of the financial regulatory regime for some

activities, while in the case of regulated activities the required authorisation has to be

obtained, or the service/product has to be offered in a partnership with an entity having

the required authorisation (i.e. a banking licence). However, in the ECB’s view, the

prospect of technology companies increasing their footprint in the financial services

sector and using increasingly sophisticated ways to provide these services could

warrant the need to extend the regulatory perimeter and to explore the possibility of

complementing the current entity-based regime with an activity-based approach.

From the ECB’s perspective, an important financial stability concern relates to the

increasing reliance of financial institutions on big tech companies for certain technical

services supporting the provision of financial services such as cloud computing (see

also Question 8.1). Such services are typically provided by a handful of big tech

companies, almost all of which are located outside the EU, posing challenges to the

EU regulators in terms of their reach and effective intervention. Moreover, big tech

companies’ service provision is not limited to the financial sector. The ECB believes

that these considerations underscore the need for closer cooperation, coordination

and dialogue at both global and cross-sectoral levels. They may also call for some

institutional arrangements to ensure such cross-border and cross-sectoral

coordination.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Enhance multi-disciplinary cooperation between authorities

Question 13

Building on your experience, what are the main challenges authorities are facing while

supervising innovative/digital players in finance and how should they be addressed?

Please explain your reasoning and provide examples for each sector you are referring

to (e.g. banking, insurance, pension, capital markets):

In relation to the banking sector:

The ECB follows a technology-neutral approach to banking supervision, whereby any

licensed credit institution in the euro area will be supervised according to the same

high standards, proportionate to its individual risk profile. Many banks in the euro area,

including both incumbent institutions as well as market entrants, are using fintech.

Based on the licensing of banks which use fintech, as well as the ongoing supervision

of banks in the euro area (both significant and less significant institutions), there are

recurring issues with regard to supervision, touching on, among others, the following

topics:

• increased use of cloud service providers, leading to concentration (both

idiosyncratic and systemic) among a few providers including big tech companies;

• use of AI for a range of back-office functions and increasingly also front-office

functions;

• move towards an open banking/beyond banking model;

• use of DLT for certain activities.

As mentioned in our answer to Question 1, the ECB is continuously adapting its

supervisory approach to banks’ use of innovative technologies, leveraging on

knowledge gained through its own application of advanced technologies, industry

dialogues and exchanges with other authorities. The ECB’s objective is to promote a

common understanding of fintech-related risks and ensure that they are assessed in a

consistent manner across the euro area.

Question 14

According to you, which initiatives could be put in place at EU level to enhance this

multi-disciplinary cooperation between authorities?

Please explain your reasoning and provide examples if needed:

The ECB supports and is proactively engaged in EU-wide initiatives aimed at

enhancing cooperation between competent authorities and supporting mutual learning

among supervisors. These include for example the Commission’s FinTech Lab, the

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Horizon 2020 project and the European Forum of Innovation Facilitators (EFIF),

amongst others. In addition, the ECB works together with the NCAs to adapt its

supervisory approach within the SSM.

With specific reference to the EFIF, the ECB welcomes and supports the proposals of

the European Commission to further enhance this format and to incorporate dialogues

such as those previously organised under the auspices of DG-CONNECT (e.g. the

FinTech Lab).

As mentioned earlier in response to Question 12, the activities of big tech companies,

especially technical service provision to financial institutions, require closer

cooperation and coordination at both global and cross-sectoral levels. They may also

call for some institutional arrangements to ensure such cross-border and

cross-sectoral coordination.

The ECB supports in particular the development of an EU-level enhanced and

dedicated oversight framework, which would be tailor-made for critical third-party

providers and would be based on binding tools, such as direct intervention and

sanctioning powers by the relevant competent authorities. The ECB supports the idea

of oversight of critical third-party providers being performed by a dedicated oversight

function, which could leverage on and complement the existing Eurosystem oversight

framework for critical service providers of FMIs. We are of the opinion that any

possible new framework should also focus on the issues related to “chain outsourcing”

(i.e. fourth-party service providers).

Cross-border activities of financial service providers require furthermore enhanced

and proactive cooperation and exchange of information based on adequate technical

tools among prudential supervisors, as well as between prudential supervisors and

overseers of payment systems and payment schemes in the EU.

2 Removing fragmentation in the single market for digital

financial services

Question 15

According to you, and in addition to the issues addressed in questions 16 to 25 below,

do you see other obstacles to a Single Market for digital financial services and how

should they be addressed?

The ECB broadly agrees with the European Commission’s assessment of the

obstacles to a Single Market for digital finance. Please refer also to the ECB’s

response to the retail payments consultation (in particular, the need to facilitate further

the provision of instant/faster payments both for domestic and cross-border payments

across the EU).

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Facilitating the use of digital financial identities throughout the EU

Question 16. What should be done at EU level to facilitate interoperable cross- border

solutions for digital on- boarding?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Harmonise rules governing

customer due diligence

requirements in the Anti-Money

Laundering legislation

Harmonise rules governing the

acceptable use of remote

identification technologies and

services in the Anti-Money

Laundering legislation

Broaden access for obliged

entities to publicly held

information (public databases and

registers) to enable verification of

customer identities

Provide further guidance or

standards in support of the

customer due diligence process

(e.g. detailed ID elements, eligible

trusted sources; risk assessment

of remote identification

technologies)

Facilitate the development of

digital on-boarding processes,

which build on the e-IDAS

Regulation

Facilitate cooperation between

public authorities and private

sector digital identity solution

providers

Integrate KYC attributes into e-

IDAS in order to enable on-

boarding through trusted digital

identities

Other

Please specify what else should be done at EU level to facilitate interoperable

cross-border solutions for digital on-boarding:

The ECB has addressed digital identities and the need for action at EU level to

promote the development of cross-border compatible digital identity solutions (for

payment authentication purposes) in the parallel European Commission public

consultation on a retail payments strategy. In its response, the ECB notes that

changes to eIDAS (electronic identification, authentication and trust services) are

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

needed to: (i) enable the use of national eID/eSignature solutions by the private

sector; (ii) facilitate PSPs’ cross-border acceptance of eID/eSignature solutions; and

(iii) enable PSPs to use a single EU eIDAS-compliant solution for remote onboarding,

servicing and payment authentication at any PSP in Europe. Furthermore, in order for

the EU to reap the full benefits of digitalisation and to facilitate European solutions, it is

important to ensure that national laws facilitate and/or give equal treatment to

paper-based and digital identities, signatures and documents/contracts.

Customer due diligence is not addressed in this response, as the topic falls outside of

the ECB’s mandate.

Question 17

What should be done at EU level to facilitate reliance by financial institutions on digital

identities gathered by third parties (including by other financial institutions) and data

re-use/portability?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Make the rules on third party

reliance in the Anti-Money

Laundering legislation more

specific

Provide further guidance relating

to reliance on third parties for

carrying out identification and

verification through digital means,

including on issues relating to

liability

Promote re-use of digital identities

collected for customer due

diligence purposes in accordance

with data protection rules

Promote a universally accepted

public electronic identity

Define the provision of digital

identities as a new private sector

trust service under the

supervisory regime of the eIDAS

Regulation

Other

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Please specify what else should be done at EU level to facilitate reliance by financial

institutions on digital identities gathered by third parties (including by other financial

institutions) and data re-use/portability:

In addition to what has been said in response to Question 16 with respect to eIDAS,

one key prerequisite for the wide reliance on digital identities is that such identities rely

on a unique, standardised and harmonised means of entity identification, based on

internationally recognised global standards. In that context, the LEI (ISO 17442) is the

global standard and should be further leveraged and promoted. The introduction of

overlapping/competing standards should be avoided, as this would lead to

inefficiencies in the identification process, as well as in subsequent analysis and

sharing processes.

Question 18

Should one consider going beyond customer identification and develop Digital

Financial Identities to facilitate switching and easier access for customers to specific

financial services?

Should such Digital Financial Identities be usable and recognised throughout the EU?

Which data, where appropriate and in accordance with data protection rules, should

be part of such a Digital Financial Identity, in addition to the data already required in

the context of the anti-money laundering measures (e.g. data for suitability test for

investment services; data for creditworthiness assessment; other data?

Please explain your reasoning and also provide examples for each case you would

find relevant.

The ECB has not provided a response on this topic.

Question 19

Would a further increased mandatory use of identifiers such as Legal Entity Identifier

(LEI), Unique Transaction Identifier (UTI) and Unique Product Identifier (UPI) facilitate

digital and/or automated processes in financial services?

Yes

Don’t know / no opinion / not relevant

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

If yes, in which framework(s) is there the biggest potential for efficiency gains?

The ECB fully endorses the mandatory use of different identifiers based on

internationally recognised global standards, including LEIs, UTIs and UPIs, which are

crucial to reap the benefits of and speed up the comprehensive digitalisation and

automation of financial services processes. Amongst other benefits, the ECB

acknowledges that the identifiers enable data interoperability and the provision of

standardised information, as well as facilitating data processing, financial decisions

and automation. All of the aspects of the aforementioned framework, in relation to

providing rules and guidance at an EU level, are relevant and justified from the ECB’s

perspective.

Turning to data related to fintech from a statistical perspective, collaboration and

coordination among the EU authorities could be envisaged with respect to a fintech

monitoring framework. Currently, information about fintech entities is scarce and not

harmonised. Moreover, there is no agreed statistical definition of fintech. Such a

monitoring framework would make it possible to keep track of the progress in

achieving the digital strategy goals, as well as identify areas which would require

further statistical support.

Making it easier for firms to carry out technology pilots and scale up

across the Single Market

Question 20

In your opinion (and where applicable, based on your experience), what is the main

benefit of a supervisor implementing (a) an innovation hub or (b) a regulatory sandbox

as defined above?

The ECB observes that providing a space for an open dialogue on banks’ innovative

applications is a key feature and benefit of national innovation hubs and regulatory

sandboxes, as this may encourage banks (and other financial entities) to launch

innovative solutions. A regulatory sandbox enables entities to experiment with

innovative financial products or services in a defined space and time period, while

containing the consequences of a possible failure.

In addition, such schemes could enable supervisors to monitor banks’ innovation

activities, in order to enhance their understanding of related risks relevant for the

banking sector, as well as the wider financial sector (depending on each supervisor’s

mandate), and ultimately foster a level playing field. At present, the establishment of a

sandbox at EU level is not currently foreseen in European legislation (including in the

CRR/CRD).

“IFC Report on central banks and fintech data issues”, Bank for International Settlements, February

2020.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Within the euro area, banks’ innovation strategies are being assessed and discussed

in the context of the EU bank licensing regime and ongoing supervisory dialogue,

which allows for a close discussion on banks’ innovative efforts. The ECB also

pursues a market intelligence strategy, which consists of dialogue with market

participants and other supervisory authorities, in order to encourage information and

knowledge sharing and enhance understanding of the use of innovative technologies

by banks in the euro area.

Therefore, the ECB welcomes the European Commission’s initiatives to address

cross-border aspects when European entities operate in such schemes, in order to

ensure a harmonised approach and foster a level playing field, also for the potential

testing of new technologies in a controlled environment.

In this context, the ECB has also incorporated the use of supervisory technologies as

a core element into its strategic vision for banking supervision. To leverage the full

potential of new technologies, the ECB has therefore created a dedicated supervisory

technology (suptech) hub and introduced an ambitious digitalisation roadmap outlining

a set of actions over a three-year horizon.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 21

In your opinion, how could the relevant EU authorities enhance coordination among

different schemes in the EU?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Promote convergence among

national authorities in setting up

innovation hubs and sandboxes,

through additional best practices

or guidelines

Facilitate the possibility for firms

to test new products and activities

for marketing in several Member

States (“cross border testing”)

Raise awareness among industry

stakeholders

Ensure closer coordination with

authorities beyond the financial

sector (e.g. data and consumer

protection authorities)

Promote the establishment of

innovation hubs or sandboxes

with a specific focus (e.g. a

specific technology like Block

chain or a specific purpose like

sustainable finance)

Other

Please specify how else could the relevant EU authorities enhance coordination

among different schemes in the EU:

The establishment of a sandbox at EU level is not currently foreseen in European

legislation and ultimately the setting-up of an EU-wide sandbox would be for the

regulators to decide on. Such an initiative, as well as national initiatives, would need to

be in line with the European regulatory framework and the division of competences

contained therein, as well as the ECB’s mandate for licensing credit institutions and

direct supervision of significant institutions.

Further coordination and cooperation

may be beneficial to ensure alignment between national initiatives and address

cross-border issues.

See also the speech entitled “Innovation and digitalisation in payment services” by Yves Mersch, Member

of the Executive Board of the ECB, at the Second Annual Conference on “Fintech and Digital Innovation:

Regulation at the European level and beyond”, Brussels, 27 February 2018.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 21.1

If necessary, please explain your reasoning and also provide examples for each case

you would find relevant:

The ECB in its supervisory function is also monitoring the various schemes

implemented throughout the euro area, and discussing their relevance from a banking

supervision perspective. We will also continue contributing to the discussions taking

place at an EU level.

Question 22

In the EU, regulated financial services providers can scale up across the Single

Market thanks to adequate licenses and passporting rights.

Do you see the need to extend the existing EU licenses passporting rights to further

areas (e.g. lending) in order to support the uptake of digital finance in the EU?

According to the current regulatory framework, the entities that are authorised to

provide banking or payment services can passport all or some of these services

(e.g. lending) to clients in other Member States. The question as to which activities,

innovative or not, should be subject to authorisation in a Member State, consequently

qualifying for possible passporting to other Member States, is rather a question of

regulatory perimeter.

With respect to the use of passporting to scale up activities across the Member States,

the ECB supports the EBA’s recommendation, outlined in its report on potential

impediments to the cross-border provision of banking and payment services

, that the

European Commission should provide an update of its interpretative communications

on the cross-border provision of services. It is especially relevant for digital finance, in

order to receive more clarity on when a digital activity is to be regarded as a

cross-border provision of services and in which cases it should then be classified

under the freedom to provide services or the freedom of establishment.

In its interpretative communication (97/C 209/04), the European Commission had also

addressed the use of intermediaries for banking activities in another Member State.

Currently, only some Member States (e.g. Spain

) have defined a framework for

intermediaries from other Member States to provide cross-border banking or financial

services in their country and the respective notification process. The ECB is of the

view that additional clarity could be helpful in this area. This clarity should also foster

stronger relationships between entities which are passporting and the NCA of a target

Member State.

“Report on potential impediments to the cross-border provision of banking and payment services”,

European Banking Authority, 29 October 2019.

Royal Decree 309/2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Ensuring fair and open access to relevant technical infrastructures

for all financial service providers that wish to offer their services

across the Single Market

(It should be noted that this topic is also included, from the payment perspective, in the

Retail Payments consultation)

Question 23

In your opinion, are EU level initiatives needed to avoid fragmentation in the Single

Market caused by diverging national measures on ensuring non-discriminatory access

to relevant technical infrastructures supporting financial services?

Please elaborate on the types of financial services and technical infrastructures where

this would be relevant and on the type of potential EU initiatives you would consider

relevant and helpful:

From a payments perspective, access to technical infrastructures was covered in the

ESCB response to the retail payments consultation. In its response, the ESCB

supports action by the EU regulator to ensure open access to key technical

infrastructure services on the basis of transparent, objective and non-discriminatory

criteria that take into account security standards, oversight and supervisory

requirements.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Empowering and protecting EU consumers and investors using

digital finance across the Single Market

Question 24

In your opinion, what should be done at EU level to achieve improved financial

education and literacy in the digital context?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Ensure more affordable access at

EU level to financial data for

consumers and retail investors

Encourage supervisors to set up

hubs focussed on guiding

consumers in the digital world

Organise pan-European

campaigns and advisory hubs

focusing on digitalisation to raise

awareness among consumers

Collect best practices

Promote digital financial services

to address financial inclusion

Introduce rules related to financial

education comparable to Article 6

of the Mortgage Credit Directive,

with a stronger focus on

digitalisation, in other EU financial

regulation proposals

Other

Please specify what else should be done at EU level to achieve improved financial

education and literacy in the digital context:

The ECB refrains from providing a response in relation to consumer financial

education.

Question 25

If you consider that initiatives aiming to enhance financial education and literacy are

insufficient to protect consumers in the digital context, which additional measures

would you recommend?

The ECB refrains from providing a response in relation to consumer financial

education.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

3 Promote a well-regulated data-driven financial sector

Question 26

In the recent communication "A European strategy for data", the Commission is

proposing measures aiming to make more data available for use in the economy and

society, while keeping those who generate the data in control.

According to you, and in addition to the issues addressed in questions 27 to 46 below,

do you see other measures needed to promote a well-regulated data driven financial

sector in the EU and to further develop a common European data space for finance?

In addition to the issues addressed in Questions 27 to 46, the ECB considers that

some dedicated tools and methods should be developed so that data obfuscation

allows data usage without compromising confidentiality.

Facilitating the access to publicly available data in finance

Question 27

Considering the potential that the use of publicly available data brings in finance, in

which areas would you see the need to facilitate integrated access to these data in the

EU?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Financial reporting data from

listed companies

Non-financial reporting data from

listed companies

SME data

Prudential disclosure stemming

from financial services legislation

Securities market disclosure

Disclosure regarding retail

investment products

Other

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Please specify in which other area(s) you would see the need to facilitate integrated

access to these data in the EU:

In the ECB’s view, public access to financial data should focus on two areas: financial

reporting data and banking supervision quantitative disclosure requirements

(so-called Pillar 3 of the Basel framework). At present, the EBA is integrating

supervisory reporting and quantitative Pillar 3 disclosure requirements for financial

institutions into a single reporting framework, in which the data disclosed under Pillar 3

will form a subset of the data subject to supervisory reporting. This integration is a

precondition for the EBA to develop and maintain a public data hub comprising

information disclosed in accordance with the quantitative Pillar 3 disclosure

requirements and extracted from supervisory data. Financial reporting data could be

easily added; in fact, this information is already collected by supervisors, albeit within a

different consolidation scope.

Credit institutions would benefit from such a framework, since they would only report

the respective information once, and prudential supervisors as well as public data

users would benefit from having easier access to pertinent data. Moreover,

establishing a framework for a central data repository at the EBA could significantly

improve the quality of supervisory data and make the EBA transparency exercises

redundant. It would also more broadly foster the integration of the EU banking sector

by facilitating market participants’ access to information disclosed under Pillar 3 of the

Basel framework.

This approach is currently followed by the US authorities, where a federal agency (the

Federal Financial Institutions Examination Council ‒ FFIEC) collects and discloses

supervisory data on behalf of banks. This implies cost savings for banks as their

Pillar 3 disclosure obligations are limited to the qualitative part. A similar central data

repository at EU level would disclose Pillar 3 data in accordance with requirements for

financial institutions (on a quarterly, semi-annual or annual basis), in order to ultimately

put the European Union at the same level as the United States in terms of public data

availability.

The EBA may require a legal mandate to make available public data as part of a

central repository without the explicit consent of the financial institutions to which

these data belong. This mandate should, however, be without prejudice to the power

of competent authorities to request additional ad hoc information from supervised

entities. Therefore, the ECB sees merit in further exploring the legal and practical

feasibility of establishing a central data repository at the EBA.

The integration of statistical, prudential and resolution data envisaged by

Article 430(c) of the CRR would facilitate the establishment of such a public repository.

Ideally, the data contained in the repository should be a subset of the information

available to authorities, in order to avoid duplicated data requests and to ensure

alignment between the two.

In addition to the above-mentioned priority areas, the ECB believes that further areas

could be explored, in particular environmental, social and governance (ESG)

reporting.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

In order to make the best use of alternative data sources, access to privately held data

(e.g. by social media firms) ‒ possibly via appropriate agreements with the private

sector ‒ needs to be organised in such a manner that public bodies, including central

banks, can gain access to the data in a sustainable manner, in particular for statistical

and analytical purposes.

Finally, the ECB sees merits in supporting the initiatives related to the Open Data

Directive

, e.g. high-value datasets or the EU Open Data Portal.

Question 28

In your opinion, what would be needed to make these data easily usable across the

EU?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Standardised (e.g. XML) and

machine-readable format

Further development of the

European Financial Transparency

Gateway, federating existing

public databases with a Single EU

access point

Application Programming

Interfaces to access databases

Public EU databases

Other

Please specify what else would be needed to make these data easily usable across

the EU:

The ECB believes that, in order to ensure data comparability for public users, there are

certain changes to the Pillar 3 disclosure framework that are necessary. These

changes are also required to fully integrate supervisory reporting with disclosure

requirements.

Firstly, since some Pillar 3 disclosure templates have flexible reporting formats, it is

important to expand the use of fixed reporting formats to the extent possible, in order

to improve data comparability and consistency. Banks would still be free to publish

additional disclosures to complement the information published in the fixed formats.

Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data

and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).

See the EU Open Data Portal.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Secondly, the materiality thresholds applied for Pillar 3 data disclosure should be the

same as for supervisory reporting, in order to ensure alignment between the two.

Thirdly, the revision policy applied to Pillar 3 data should be the same as for

supervisory reporting. Otherwise, in the event of data corrections, public users would

not be able to access updated information.

Fourthly, interoperability with other datasets would also be necessary.

Finally, exploring new technologies (e.g. DLT) in this context could be considered.

Consent-based access to personal data and data sharing in the

financial sector

Question 29

In your opinion, under what conditions would consumers favour sharing their data

relevant to financial services with other financial services providers in order to get

better offers for financial products and services?

Whilst consumer protection matters do not fall under the ECB’s remit, the ECB

acknowledges that consumers are the owners of their financial services-related data

and may be reluctant to share them with third parties, unless they receive some kind of

benefit, such as better financial conditions, access to specific services or information,

as can be seen from practices of big technology companies

. For this reason,

consumers may be in favour of sharing their financial data under several conditions.

Below are a few examples:

1. The data should be anonymised when possible. Access to the actual data of the

physical persons should be granted to other financial service providers or

non-financial service providers only when the consumer accepts the offer.

2. The data content and the individual data points should be made explicit and

consumers should be made aware of the use of their data. The consumer should

also be put in a position to select the data points he/she is willing to share.

3. The consumer should give his/her explicit consent to share the data with other

financial service providers or non-financial service providers. However, this

consent should not be given automatically.

4. The data should be used only by those with proper authorisation and should not

be shared with third parties for other purposes.

Big tech companies may already have access to large amounts of (financial) data stemming from their

business.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 30

In your opinion, what could be the main benefits of implementing an open finance

policy in the EU?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

More innovative and convenient

services for consumers/investors,

e.g. aggregators, comparison,

switching tools

Cheaper traditional services for

consumers/investors

Efficiencies for the industry by

making processes more

automated (e.g. suitability test for

investment services)

Business opportunities for new

entrants in the financial industry

New opportunities for incumbent

financial services firms, including

through partnerships with

innovative start-ups

Easier access to bigger sets of

data, hence facilitating

development of data dependent

services

Enhanced access to European

capital markets for retail investors

Enhanced access to credit for

small businesses

Other

If you see other benefits of implementing an open finance policy in the EU, please

specify and explain:

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 31

In your opinion, what could be the main risks of implementing an open finance policy in

the EU?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Privacy issues / security of

personal data

Financial exclusion

Poor consumer outcomes (e.g.

unfair pricing strategies)

Misuse of consumers’ financial

data

Business confidentiality issues

Increased cyber risks

Lack of level playing field in terms

of access to data across financial

sector activities

Other

If you see other risks of implementing an open finance policy in the EU, please specify

and explain:

Question 32

In your opinion, what safeguards would be necessary to mitigate these risks?

The ECB believes that the following safeguards would be relevant for the related risks:

1. Privacy issues/security of personal data: to mitigate this risk, the data should

be anonymised via an appropriate method, depending on the associated risks

and the intended use of the data. Access to the actual data of the physical

persons should be granted to other financial service providers only when the

consumer accepts the offer and the finality of the use of the data is ensured.

2. Financial exclusion and poor consumer outcomes: to mitigate these risks,

consumers should be put in a position to select the data points they are willing to

share. With the appropriate awareness, consumers could avoid sharing the most

sensitive data points, so that they cannot be used for adverse selection.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

3. Misuse of consumers’ financial data: to mitigate this risk, the rule should be

that data should be used only by authorised financial service providers and

should not be shared with third parties for other purposes without prior consent. A

code of conduct could also be introduced. Breaches of this rule should be fined.

An authority should be tasked with monitoring compliance.

4. Cyber risk: the ECB believes that an open finance policy could increase cyber

risk. Such a policy can only be implemented in the EU if and when the banking

sector has reached sufficient maturity in terms of cybersecurity risk management

and digital operational resilience.

Question 33

In your opinion, for which specific financial products would an open finance policy offer

more benefits and opportunities?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Savings accounts

Consumer credit

SME credit

Mortgages

Retail investment products (e. g.

securities accounts)

Non-life insurance products (e.g.

motor, home…)

Life insurance products

Pension products

Other

If you see other financial products that would benefit of an open finance policy, please

specify and explain:

Question 33.1

Please explain your answer to question 33 and give examples for each category:

The following financial products could benefit from an open finance policy:

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

• Savings accounts, retail investment products, pension products, life insurance

products: more competition may allow investors to gain better returns.

• Consumer credit, SME credit, mortgages: more competition may allow borrowers

to obtain better conditions. Access to more information could enable market

operators to perform more accurate and comprehensive credit scoring, enabling

a wider set of customers to benefit from lending services.

• Non-life insurance products: more competition may lead to a broader range of

products and more favourable conditions.

• Other: new financial products may be offered to satisfy latent needs of

consumers, investors and businesses.

However, the related risks should be adequately mitigated, including by changing

business models, which could also bring new risks. In this context, it should also be

ensured that customer data sharing with third-party providers meets clear legal

requirements and fulfils security standards.

Question 34

What specific data (personal and non-personal) would you find most relevant when

developing open finance services based on customer consent?

To what extent would you also consider relevant data generated by other services or

products (energy, retail, transport, social media, e-commerce, etc.) to the extent they

are relevant to financial services and customers consent to their use?

Please explain your reasoning and provide the example per sector:

In the ECB’s view, and in the context of customer consent to the use of their personal

and non-personal information, the usage of any (financial) service should not be

dependent on this consent and not giving that consent should not prevent consumers

from receiving the service.

With respect to other relevant data, based on some studies, access to social media

information does indeed enhance, for example, credit risk model performance.

Depending on the specific application, the usage of the data generated by other

services or products should be scientifically sound.

Gambacorta, L. et al., “How do machine learning and non-traditional data affect credit scoring? New

evidence from a Chinese fintech firm”, BIS Working Paper No 834, Bank for International Settlements,

December 2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 35

Which elements should be considered to implement an open finance policy?

Please rate each proposal from 1 to 5:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Standardisation of data, data

formats

Clarity on the entities covered,

including potential thresholds

Clarity on the way data can be

technically accessed including

whether data is shared in real- time

(e.g. standardised APIs)

Clarity on how to ensure full

compliance with GDPR and e-

Privacy Directive requirements

and need to ensure that data

subjects remain in full control of

their personal data

Clarity on the terms and

conditions under which data can

be shared between financial

services providers (e. g. fees)

Interoperability across sectors

Clarity on the way data shared will

be used

Introduction of mandatory data

sharing beyond PSD2 in the

framework of EU regulatory regime

If mandatory data sharing is

considered, making data available

free of cost for the recipient

Other

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Please specify what other element(s) should be considered to implement an open

finance policy:

Supporting the uptake of Artificial intelligence in finance

Question 36

Do you/does your firm already deploy AI based services in a production environment

in the EU?

Yes

Don’t know / no opinion / not relevant

Question 36.1

If you/your firm do/does already deploy AI based services in a production environment

in the EU, please specify for which applications?

The ECB has refrained from answering this question due to its relevance from an

industry perspective (rather than supervisory authority perspective).

Question 37

Do you encounter any policy or regulatory issues with your use of AI?

Have you refrained from putting AI based services in production as a result of

regulatory requirements or due to legal uncertainty?

From the ECB’s perspective, data protection issues can be encountered when working

with and implementing AI-based tools. For instance, when contracting external

companies, data cannot always be shared with them. This can have an impact on the

data quality as, without providing enough domain-specific data for retraining/testing

purposes, AI models can become less accurate. As AI models cannot always be fully

developed in house because of limited resources (e.g. AI-based natural language

processing (NLP) models developed by big tech companies are superior in quality and

performance), this can affect the use of AI. In this context, the use of AI-based services

when sharing data with third parties may also give rise to legal as well as reputational

risks.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 38

In your opinion, what are the most promising areas for AI- applications in the financial

sector in the medium term and what are the main benefits that these AI-applications

can bring in the financial sector to consumers and firms?

In the ECB’s view, AI applications could be applied by banks in many areas of their

operations, both in the back office and in customer-facing services.

Promising areas include activities related to assessing large numbers of granular

transactions, reviewing large amounts of structured/unstructured corpora or engaging

in highly repetitive tasks/processes (e.g. anti-money laundering/combating the

financing of terrorism (AML/CFT), KYC, data quality, pattern or rare case recognition).

AI can also help banks to make better use of the vast amounts of data they have,

helping them to tailor their products to customers. Through our work in the ECB,

including interactions with banks, we have identified two key customer-facing areas

where banks can increasingly apply AI-based solutions: credit scoring and automated

wealth management or robo-advice.

In the case of credit scoring, AI could allow banks to widen their customer base,

providing credit scores for clients with limited or no credit history. Depending on the

programming of the algorithm, automation could decrease the possibility of human

bias when banks make a final decision.

In the case of automated wealth management, AI-based models, coming at reduced

cost, enable banks to provide such services to a much broader base of clients with

limited or no human intervention, although experience in the ECB shows that most

models are currently hybrid. There are examples of some banks running such services

in house, but also others which have chosen instead to partner with third-party

robo-advisors.

For all applications, adequate governance and understanding are important, both at

staff and board level. In addition, control functions and internal audit should be in a

position to assess the use of AI for various applications within the bank.

From a supervision angle, AI and machine learning (ML) can help to:

• facilitate and analyse regulatory reporting from financial institutions to

supervisors;

• improve (i.e. provide faster) alerts, feedback and guidance to supervised

institutions;

• break down language barriers by providing instant translation into, for example,

English.

The ECB believes that promising areas for consumers and firms could be more

proactive and customised services and recommendations (e.g. regarding financial

opportunities), improving account management, anomaly detection or preventing

default risks.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 39

In your opinion, what are the main challenges or risks that the increased use of AI-

based models is likely to raise for the financial industry, for customers/investors, for

businesses and for the supervisory authorities?

Please rate each proposal from 1 to 5:

1. Financial industry

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

1.1. Lack of legal clarity on certain

horizontal EU rules

1.2. Lack of legal clarity on certain

sector-specific EU rules

1.3. Lack of skills to develop such

models

1.4. Lack of understanding from

and oversight by the supervisory

authorities

1.5. Concentration risks

1.6. Other

Please specify what other main challenge(s) or risk(s) the increased use of AI- based

models is likely to raise for the financial industry:

The ECB outlines below risks related to different aspects of banks’ business models:

Governance

• management’s (possible lack of) technical skills, knowledge and experience;

• banks’ performance metrics need to be designed to capture innovative aspects of

credit scoring;

• ensuring that banks have the appropriate know-how and processes to identify

and manage potential incremental risks, related to customer or third-party data

privacy and use;

• ensuring that banks consider whether the use of AI/ML could inadvertently lead to

proxy discrimination, given the potential opacity of algorithms.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Operational risk

• whether banks have in place appropriate safeguards to check data integrity;

• whether banks have in place verification and validation techniques to detect and

mitigate security and operational risks;

• whether banks have in place measures to ensure that the model is performing

well and is not deviating from the expected behaviour.

Other risks

• Risk management both for internally developed models and in the case of

outsourcing is a primary concern. Data quality risks are observed especially

where data is processed/prepared by third parties. However, in order to win

customers and remain profitable, banks see the need to keep pace with

technological innovation. In view of the risks of being an early mover and the high

investments needed (with uncertain returns), it is more a matter of when banks

will move towards implementing a new strategy.

• At the recent EU FinTech Lab, it was stressed that the explainability of AI models

remains key to ensure that the outcomes can be checked, and that the models

should not train themselves to become biased. Similar issues were discussed at

the ECB fintech industry dialogue on 21-22 May 2019.

• Legacy systems pose a challenge to the integration of AI.

• Quantum computing may become necessary to reap strategic benefits from

some technological advancements (e.g. the rapid growth of datasets and the

need for data processing power for AI models).

• Regulators and supervisors have indicated that they are assessing how these

changes and the increased technological capabilities are affecting banks. At the

EU FinTech Lab, it was also mentioned that AI is still in the early adoption phase

and has much more potential for the future. This would also mean that risks may

become more prominent going forward.

• Ethics: the development, deployment and use of any AI solution should adhere to

some fundamental ethical principles, such as the respect for human autonomy,

the prevention of harm, fairness and explainability.

These principles can be

embedded from the start in any AI project, in an “ethical by design” approach.

This also means that the business case made at the beginning of an AI project

can include a high-level analysis of conformity to ethical principles and can refuse

unethical solutions. Having an ethical policy in place enforcing the above

principles and setting the boundaries for acceptable and unacceptable use cases

are recommended. Such a policy can apply also when the AI solution (or part of

it, for example external data) is purchased from a third-party vendor.

See the presentation on the ECB Banking Supervision website.

As mentioned in the Ethics Guidelines for trustworthy artificial intelligence from the European

Commission’s High-Level Expert Group on AI, 8 April 2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Furthermore, setting up an ethics committee (to validate new AI use cases,

periodically review fairness metrics from live models, etc.) or integrating this

function into an existing similar committee is also recommended, especially when

AI technology is widely used in a bank.

2. Consumers/investors

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

2.1. Lack of awareness on the use

of an algorithm

2.2. Lack of transparency on how

the outcome has been produced

2.3. Lack of understanding on how

the outcome has been produced

2.4. Difficult to challenge a specific

outcome

2.5. Biases and/or exploitative

profiling

2.6. Financial exclusion

2.7. Algorithm-based behavioural

manipulation (e.g. collusion and

other coordinated firm behaviour)

2.8. Loss of privacy

2.9. Other

Please specify what other main challenge(s) or risk(s) the increased use of AI- based

models is likely to raise for customers/investors:

The ECB refrains from answering questions in relation to consumers.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

3. Supervisory authorities

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

3.1. Lack of expertise in

understanding more complex

AI-based models used by the

supervised entities

3.2. Lack of clarity in explainability

requirements, which may lead to

reject these models

3.3. Lack of adequate coordination

with other authorities (e.g. data

protection)

3.4. Biases

3.5. Other

Please specify what other main challenge(s) or risk(s) the increased use of AI- based

models is likely to raise for the supervisory authorities:

The rapid evolution of technology, as well as the strong growth of datasets and data

processing power, could create gaps in supervision. However, supervisory authorities

should ensure the suitability (or lack thereof) of existing requirements on governance

and risk management regarding the use of AI. In the ECB’s view, the scarcity of AI

experts on the market has led to a reliance on third parties and related co-sourcing

and outsourcing risks, as has happened with cybersecurity experts. In addition,

specialised training in relation to AI techniques and data labelling requires a generally

significant effort, as well as the availability of scarce specialised supervisory

resources.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 40

In your opinion, what are the best ways to address these new issues?

Please rate each proposal from 1 to 5

(irrelevant)

(rather

not

(neutral)

(rather

relevant)

(fully

relevant)

N.A.

New EU rules on AI at horizontal

level

New EU rules on AI for the

financial sector

Guidance at EU level for the

financial sector

Experimentation on specific AI

applications under the control of

competent authorities

Certification of AI systems

Auditing of AI systems

Registration with and access to AI

systems for relevant supervisory

authorities

Other

Please specify what other way(s) could be best to address these new issues:

The ECB has selected the most relevant solutions from those identified in the table

above. In one particular case, an NCA has developed a number of general principles

with regard to AI. The principles are divided into six key aspects of responsible use of

AI, namely: (i) soundness; (ii) accountability; (iii) fairness; (iv) ethics; (v) skills; and

(vi) transparency (or “SAFEST”). From a prudential perspective, soundness is the

aspect of AI that is of primary concern. The application of AI in the banking sector

should be reliable and accurate, behave predictably, and operate within the

boundaries of applicable rules and regulations. Banks should also be accountable for

their use of AI, as AI applications may not always function as intended and can result

in damage to the firm itself, its customers and/or other relevant stakeholders. AI

applications should not inadvertently disadvantage certain groups of customers.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Harnessing the benefits data-driven innovation can bring in

compliance and supervision

Question 41

In your opinion, what are the main barriers for new RegTech solutions to scale up in

the Single Market?

Please rate each proposal from 1 to 5:

Providers of RegTech solutions:

(irrelevant)

(rather

not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Lack of harmonisation of EU rules

Lack of clarity regarding the

interpretation of regulatory

requirements (e.g. reporting)

Lack of standards

Lack of real time access to data

from regulated institutions

Lack of interactions between

RegTech firms, regulated financial

institutions and authorities

Lack of supervisory one stop shop

for RegTech within the EU

Frequent changes in the

applicable rules

Other

Please specify what are the other main barrier(s) for new providers of RegTech

solutions to scale up in the Single Market:

The ECB has selected the most relevant barriers from those identified in the table

above.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Financial service providers:

(irrelevant)

(rather not

relevant)

(neutral)

(rather

relevant)

(fully

relevant) N.A.

Lack of harmonisation of EU

rules

Lack of trust in newly developed

solutions

Lack of harmonised approach to

RegTech within the EU

Other

Please specify what are the other main barrier(s) for new financial service providers

solutions to scale up in the Single Market:

The ECB has selected the most relevant barriers from those identified in the table

above.

Question 42

In your opinion, are initiatives needed at EU level to support the deployment of these

solutions, ensure convergence among different authorities and enable RegTech to

scale up in the Single Market?

Yes

Don’t know / no opinion / not relevant

Question 42.1

Please explain your answer to question 42 and, if necessary, please explain your

reasoning and provide examples:

From the ECB’s perspective, greater clarity regarding the interpretation of regulatory

reporting requirements, as well as enhanced standardisation, where feasible, could

make it possible for regtech applications to be scaled up and to become more widely

available. At the same time, coordination among supervisors could level the playing

field and enable economies of scale.

The compliance requirements for banks are numerous and extend across several

areas. At the same time, regulatory changes are frequent. The available regtech

solutions and their applicability to the current requirements should be checked

frequently. Entities with cross-border activities might need suitable solutions for each

jurisdiction, in accordance with the local regulatory framework. Hence, there is not one

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

solution that will fit all. An assessment per solution category could be beneficial in this

respect, whilst taking into consideration the existence of different local frameworks.

Question 43

In your opinion, which parts of financial services legislation would benefit the most

from being translated into machine-executable form?

Please specify what are the potential benefits and risks associated with

machine-executable financial services legislation:

The ECB expresses no views on this question.

Question 44

The Commission is working on standardising concept definitions and reporting

obligations across the whole EU financial services legislation.

Do you see additional initiatives that it should take to support a move towards a fully

digitalised supervisory approach in the area of financial services?

Please explain your reasoning and provide examples if needed:

In the ECB’s view, banks are faced with a multitude of different incident reporting

schemes. The current different regulatory frameworks for cyber incident reporting in

the EU (e.g. PSD2, TARGET2, ECB/SSM, eIDAS, Network and Information Security

(NIS) Directive, GDPR, etc.) are characterised by different templates, taxonomies,

thresholds, information requirements and time frames. In addition, these frameworks

lead to the burden of multiple reporting of the same incidents in slightly different ways

to different authorities.

In the medium-to-long term, some centralisation through an EU hub for information

and communication technology (ICT) and security incident reporting could be

established. ICT and security incidents could be securely reported by banks through

the hub. The content of and thresholds for this reporting need, of course, to fit the

purpose of each of the authorities. Authorities could receive alerts from the hub and

retrieve information based on their mandate and individual needs. The creation of

such a centralised EU hub could enable a thematic analysis of incidents, help inform

authorities of common sectoral vulnerabilities and enhance our supervisory approach.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

Question 45

What are the potential benefits and drawbacks of a stronger use of supervisory data

combined with other publicly available data (e.g. social media data) for effective

supervision?

Please explain your reasoning and provide examples if needed:

In the ECB’s view, publicly available data could be useful in providing insights, even

though supervisory decisions or actions cannot be taken based directly and solely on

such data. An example would be the usage of alternative data from the news and

social networks for sentiment analysis.

In addition, publicly available data has the advantage of being widely accessible, with

limited or no confidentiality restrictions. However, the issue of data quality is crucial,

since low-quality data may lead to inaccurate estimations, unrealistic models and

ultimately poor decisions. Expert judgement will always be needed for the evaluation

of the information and the decision on the correct action to be taken.

4 Broader issues

Question 46

How could the financial sector in the EU contribute to funding the digital transition in

the EU? Are there any specific barriers preventing the sector from providing such

funding?

Are there specific measures that should then be taken at EU level in this respect?

In the ECB’s view, the digital transition will require substantial investments by EU

firms, in order to compete globally. In 2016, the value added of the ICT sector

accounted for 4% of EU GDP, compared with 5.8% in Japan, 5.4% in the United States

and 4.9% in China. Figures from the Digital Economy and Society Index report

published in 2019

also show that less than one-fifth of EU companies were highly

digitalised, although the picture is highly heterogeneous across Member States,

sectors and firms. While larger companies are relatively good at exploiting

e-commerce possibilities (with 42% of companies with more than 250 employees

making e-sales in 2018), SMEs were lagging behind (with only 19% making e-sales in

2018).

The ECB is of the view that successfully making the digital transition and reaping the

benefits of the digital Single Market require adequate IT infrastructures. While the EU

budget is already financing, for example, broadband internet connections through the

Connecting Europe Facility, private financing will also be needed. When developing

new online businesses, firms will also have to invest in cybersecurity and operational

resilience, which should be covered by private financing. Overall, before the

See the European Commission’s website.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

COVID-19 crisis, SME spending on digitalisation was expected to reach €65 billion by

2022.

EU corporates, and in particular SMEs, rely largely on bank funding. However, the

pandemic may lead to a deterioration of bank asset quality and an increase in

non-performing loans, which may in turn limit banks’ ability to provide additional

lending to EU companies. Digital technologies are also reliant on intangible capital,

which poses specific challenges.

The nature of intangible assets makes them less

easy to use as collateral, so firms that invest in intangible assets use less debt

financing (both from banks and from markets). Instead, these firms finance

themselves with retained earnings and equity.

Against this background, a greater

supply of market-based, equity funding would facilitate the digital transition.

Further

progress in developing the capital markets union is therefore needed, in order to meet

new funding needs stemming from the adaptation to long-term challenges, be it

digitalisation or sustainability. In this respect, the final recommendations of the

Commission’s High-Level Forum on capital markets union should provide a sound

basis for a new action plan, which is expected later this year.

The ECB recognises that digitalisation has the potential to facilitate capital market

funding, by bridging the gap between investors and firms, e.g. through investment

platforms. Lastly, informational gaps could also be addressed through the

development of single data access portals, which would facilitate due diligence by

investors and reduce transaction costs for companies.

Question 47

Are there specific measures needed at EU level to ensure that the digital

transformation of the European financial sector is environmentally sustainable?

In the ECB’s view, the financial sector (including FMIs) requires a substantial amount

of energy and resources to operate (as visible, for instance, in the higher uptake of

cloud technology in the financial sector relative to other sectors). The digital

transformation of the sector may pose risks in this respect, should innovative services

be implemented without taking their environmental impact into account. At the same

time, however, it also creates opportunities to use technology to reduce the

environmental footprint of financial services and infrastructures. Certain actors in the

market have already implemented plans to account for and manage their impact on

the environment; establishing standards, best practices or a discussion forum would

facilitate a harmonious transition at the level of the European market. In particular, the

criteria for environmental sustainability could be given more importance when

See “Financing the digitalisation of small and medium-sized enterprises ‒ The enabling role of digital

innovation hubs”, European Investment Bank, 2019.

See the welcome remarks by Philip R. Lane, Member of the Executive Board of the ECB, at the ECB

conference on “Challenges in the digital age”, Frankfurt, 4 July 2019, and Dell’Ariccia, G. et al., “Bank

lending in the knowledge economy”, Working Paper Series, No 2429, ECB, June 2020.

See Andersson, M. and Saiz, L., “Investment in intangible assets in the euro area”, Economic Bulletin,

Issue 7, ECB, 2018.

See De Haas, R. and Popov, A., “Finance and carbon emissions”, Working Paper Series, No 2318, ECB,

September 2019.

ESCB/European banking supervision response to the European Commission’s public

consultation on a new digital finance strategy for Europe/FinTech action plan

implementing new services (e.g. payment methods) or FMIs. Additionally, FMIs, with

their high level of reliability, could be leveraged to facilitate the provision of information

to their users regarding the environmental impact of goods, services or investment

products.

Some DLT set-ups use the consumption of energy to create a barrier against attacks

as an alternative to the identification of parties involved in the validation of transactions

(referred to as “proof of work”). In the light of the EU ambition to make the EU economy

sustainable and to become the first climate-neutral continent (under the European

Green Deal), and the EU agenda on sustainable finance, energy-intensive solutions

should be discouraged. In this context, some entities have also started using AI to

make their energy use more efficient.

As a result, the ECB would endorse the development of a monitoring and reporting

framework at global level concerning financial entities’ environmental footprint,

including their supply chain.

Postal address 60640 Frankfurt am Main, Germany

Telephone +49 69 1344 0

Website www.bankingsupervision.europa.eu

For specific terminology please refer to the SSM glossary (available in English only).