One of EBA’s main responsibilities as outlined within the Commission’s FinTech Action Plan refers to monitoring the regulatory perimeter of national CAs (Competent Authorities) under its remit. This exercise was performed by addressing CAs specific questions, covering the period between 1st September 2017 and 22nd March 2019. As per their answers, during the last 18 months, only one CA reported the adoption of a national legislation on FinTech activities, and only one CA proposed changes to its regulatory perimeter (proposal of national law on crowdfunding).
This report was issued as a result of the 2017 FinTech Discussion Paper outcomes, which underlines the fact that the majority of FinTech firms (31%) are not subject to any regulatory regime. Moreover, only 5% are subject to authorization under national law, and only 9% are subject to national registration requirements.
Hence, the first part of the report focuses on the unregulated FinTech firms, from two important perspectives:
1. Shift from not being subject to any regulatory regime to being subject to a regulatory regime; and
2. Specific type and nature of the unregulated activities or services.
With respect to the first point, some of the identified FinTech have been affected by the extended scope of the PSD2 regulation towards payment initiation services and account information services. However, the regulatory status of FinTechs is mainly driven by their business model, i.e. if it carries out regulated financial services, then, it can be subject to regulatory requirements.
Regarding the second point, the report presents the main activities performed by, mostly, the unregulated FinTech, such as: crypto-assets, technical services providers, technological support, RegTech, other services relying on or provided via technology, platform-based services, intermediation services, etc. EBA classifies these activities as of ancillary nature or as related to non-financial aspects of the financial business, hence the reason they are not subject to regulatory requirements.
Key findings of the analysis of regulatory status
The findings stress that EBA will continuously monitors the regulatory status of FinTech firms (including the nature of ancillary services) as part of its responsibilities.
As mentioned above, the analysis has identified crypto-assets activities as one of the activities defining FinTech business models. However, various aspects of this area are not yet regulated, but are in the process to be dealt with in the near future, as laid down in EBA’s Report on crypto-assets published in January 2019.
Another outcome of the analysis underlines that crowdfunding and peer-to-peer lending (activities also carried out by FinTech that are not regulated) embed features of financial services and activities. It is recommended that they be regulated to ensure consumer protection and AML/CFT controls.
Authorization process and the principle of proportionality
The second part of the report assesses whether the innovative business models of FinTech firms pose challenges towards the current EU regulatory framework (CRD IV, PSD2 and EMD2), which is adopted by the traditional business models, mostly with respect to the authorization process of FinTech activities and the application of the proportionality principle.
Regarding the authorization process, under PSD2 and EMD2, 19 CAs have made publicly available guidance for payment and e-money institutions, while 4 others are in the process of updating or finalizing their guidance.
Neither of the CRD IV or PSD2 regulations provide instructions to CAs with respect to their ability to attach limitations/conditions/restrictions to the authorization process. However, a rather small number of CAs have imposed such provisions.
On the other hand, concerning the authorization process as credit institutions, 16 CAs (including the ECB) have the authority to apply limitations/conditions/restrictions. These can be classified as either to be met prior to the activation of the authorization, or subsequently on an ongoing basis.
EBA assessment also explored whether CAs apply the principle of proportionality when granting authorization as a credit institution. The outcome was positive irrespective of the nature of the business model (traditional/ innovative), considering a case-by-case analysis (considering the nature, scale and complexity of the entity’s activities, riskiness and impact on the financial system).
There is evidence showing that there is greater uncertainty governing the business projections and capital requirements of FinTech, hence, such firms entities are encouraged to prepare an exit plan. EBA underlines that greater attention should be paid to management and data protection, IT systems and outsourcing risks regarding FinTech applicants.
In the context of initial capital, EBA notes that the ECB assesses whether FinTech applicants are able to hold an adequate level of capital to cover losses in the first 3 years of activity, as the start-up phase is usually more likely to generate financial losses.
EBA notes that the EU regulatory framework is harmonized with respect to incorporating the principles of proportionality and flexibility, however, there are still some divergent national practices as to the authorization conditions to be met by applicants. The outcome of the report stresses the need for further regulatory work to be done in this direction.
„For more than a week now, ScoreRise enrolls daily hundreds of users through an innovative facial recognition interface. Enrollment takes less than a minute and it does not require presence of a human operator or video recording. And, of course, it stays fully GDPR compliant with help from Reff & Associates and Deloitte Romania.”