The new EU Digital Finance and Retail Payment strategies set out the EU Commission’s blueprint to build a globally competitive and innovative EU Financial Services (FS) sector, by removing unnecessary regulatory barriers, while addressing emerging risks.
The EU's ambition revolves around four key areas: strategic use of data to enable innovation; modernisation of the regulatory framework to support the digitisation of products, services, and retail payments; operational resilience; and a shift away from a narrow focus on regulated entities, towards a “same activity, same risk, same rules” approach.
These proposals set out the overall approach to the 2020-24 digital legislative agenda. But legislative negotiations are likely to be lengthy and highly politicised. It could take a few years before some of the major initiatives are finalised.
Nevertheless, firms must prioritise engaging with EU policy-makers to inform and help shape a future-proof policy framework for digital FS which strikes the appropriate balance between innovation and risk mitigation. In the short term however, firms will have to work with the current fragmented, and in some cases uncertain, regulatory environment.
These two strategies sit alongside three legislative initiatives on crypto-assets and digital operational resilience, and a pilot regime for market infrastructures based on distributed ledger technology (DLT).
Despite the immediate focus on responding to the pandemic, the EU Commission pressed ahead with the launch of its Digital Finance and Retail Payments strategies last week.
The strategies sit at the core of the EU’s broader digital economic transformation and post-pandemic recovery plan, and build on its flagship cross-sector initiatives such as the EU digital and data strategy. They set out an ambitious plan to create a globally competitive EU digital finance ecosystem underpinned by a strong and modern regulatory framework, able to deliver clear benefits to both EU consumers and businesses.
In this article, we give an overview of the key initiatives which the Commission plans to pursue under each of the four overarching priorities set out in the two strategies.
Priority 1 - Tackling fragmentation in the Digital Single Market
A well-functioning single market for digital FS is necessary to allow firms to scale-up across national borders, and to offer consumers access to much more innovative and diverse FS services and products.
The key initiatives that the Commission will focus on are digital identities, instant payments, and a further harmonised licencing and passporting regime within the EU.
Digital identities - The COVID-19 lockdown measures demonstrated clearly that digital identities are a fundamental component of an effective and secure digital FS ecosystem. The EU Commission will develop a legal framework for interoperable digital identity solutions that can be reliably used for digital customer onboarding across all EU Member States. The framework will be underpinned by updated and harmonised anti-money laundering and counter-terrorism financing rules, and a review of the e-IDAS framework . Interoperable digital IDs solutions will play a key role in enabling consumers to access cross-border FS and products in the EU. They will also be central to enhancing the security of digital instant payments, supporting the fulfilment of Strong Customer Authentication (SCA) requirements under the Payment Services Directive (PSD2), and developing a safe Open Finance framework.
Instant payments – As e-commerce and digital payments continue to be rapidly adopted by consumers, the Commission wants to achieve the full uptake of instant payments in the EU. Availability of secure cross-border instant payments is important to provide alternatives to payments through card schemes, and make EU payments more resilient, competitive and autonomous. In November the Commission will review how many payment service providers (PSPs) are currently participating voluntarily in the SEPA Instant Credit Transfer Scheme. It will then consider whether to make participation for selected PSPs obligatory by the end of 2021 through new legislation. While this would benefit customers, it could have significant cost implications for smaller PSPs who may have so far struggled to justify the investment to join the Scheme.
The Commission will also review the Settlement Finality Directive to promote fair, open and transparent access to payment systems for payment institutions, including real-time gross settlement systems (RTGS). This would allow smaller and non-bank PSPs, including e-money institutions, to compete more easily with bigger banks. In the UK, the Bank of England extended direct access to its RTGS to FinTechs in 2017.
Harmonised licencing and passporting regime – To help FinTech firms to scale up across the EU more easily, the Commission will work with the European Supervisory Authorities (ESAs) to enhance and harmonise further EU licencing and passporting in key areas relevant to digital finance – e.g. non-bank lending, payments and RegTech. The Commission will also work with the European Forum of Innovation Facilitators  to develop a framework for cross-border sandbox testing and other mechanisms to facilitate firms’ interaction with supervisors from different Member States.
Priority 2 – An FS regulatory framework to support digital innovation
Making the EU FS regulatory framework fit for the digital age is at the heart of the digital finance and retail payments strategies. The key initiatives under this priority are: crypto-assets and DLT, operational resilience and Cloud, PSD2 review, Artificial Intelligence (AI) and ensuring a future- proof legislative framework.
Enabling EU markets in crypto-assets and tokenised financial instruments - The Commission published a separate legislative proposal on the regulation of crypto-assets that do not currently qualify as financial instruments, including stablecoins. The proposal is aimed at expanding the regulatory perimeter to capture a more diverse set of crypto-assets and sets out requirements around investor disclosure, pre and post trade transparency for crypto exchanges, and better controls and governance for cryptoservice providers.
The Commission also published draft regulation to establish a pilot regime for market infrastructures based on DLT. The pilot will use a “sandbox approach” and allow National Competent Authorities to exempt firms from specific regulatory requirements. However, it also puts in place additional safeguards to address any identified regulatory gaps (e.g. in relation to access and admission to the DLT). The Pilot will be important to promote the uptake of DLT by market infrastructures, improve efficiency in trading and post-trading, and allow supervisors to observe closely business models and associated risks.
Operational resilience and promoting the use of cloud computing infrastructure - Firms’ increased adoption of digital technologies, including as a result of COVID-19, has laid bare the importance of ensuring the digital operational resilience of FS firms and their key third parties. The Commission is proposing a separate oversight framework for critical third-party ICT providers, such as cloud service providers, to ensure EU firms can reap the benefits offered by technology without compromising on operational resilience. Please click here to read our in-depth analysis.
The Commission will also launch a European cloud services marketplace to facilitate access to alternative cloud service providers, and reduce concentration risk in a market currently dominated by non-EU BigTechs. As we have written before, in no other area of the EU digital strategy do the words “technological sovereignty” resonate as loudly as they do in relation to the proposed plans for cloud.
PSD2 review - the Commission will launch a comprehensive review of the application and impact of PSD2 at the end of 2021. Specific areas to be reviewed include barriers to the full development of open banking, consumer protection measures, and the impact of SCA on fraud levels. The Commission will also assess how any new risks posed by unregulated services and complex payments value chains should be mitigated. It will look in particular at whether technical services, ancillary to the provision of regulated payment or e-money services or outsourced entities, should be brought under direct supervision by extending the scope of PSD2. The recent Wirecard case has made these concerns more prominent, and a similar evaluation can be expected as part of the UK HM Treasury review of the payments landscape.
Promoting the use of AI and ensuring a future-proof legislative framework on an on-going basis - The Commission will invite the ESAs and the European Central Bank to develop regulatory and supervisory guidance on the use of AI in FS, and give firms clarity about how the existing FS legislative framework applies to AI. This guidance will take into account the proposal for a new cross-sector regulatory framework for AI expected in early 2021, which will address more general challenges such as compliance with the General Data Protection Regulation (GDPR). We believe FS guidance should also explicitly address the interaction between FS-specific rules and GDPR.
More generally, the Commission intends to make regular use of legislative reviews and interpretative guidance to reduce regulatory uncertainty and ensure that the EU regulatory framework for FS remains technologically neutral. This is a welcome step - we have long argued that timely regulatory guidance could help accelerate the regulatory process and give firms the confidence to innovate.
Priority 3 – Data-driven innovation in FS
The Commission plans to establish a common financial data space to facilitate access to data and data sharing in the financial sector. It will also facilitate the use of RegTech and SupTech tools for supervisory reporting, including setting out a strategy in 2021 to ensure that supervisory data and public disclosures are reported in machine-readable electronic formats. In the long-term this could have significant cost-benefits for both firms and regulators, and make supervisory and policy interventions more targeted and timely. It will also support other flagship EU initiatives such as the Capital Markets Union and sustainable finance.
The most ambitious initiative announced by the Commission’s strategy is the development of an Open Finance legislative framework by mid-2022. The framework would expand the scope of PSD2 to enable wider business-to-business sharing and use of customer data, both in FS and beyond.
Open Finance could lead to better and more accessible products and services for customers, as well as greater efficiency in business-to-business transactions. However the future framework will need to be balanced against individuals’ data protection rights. The development of the Open Finance framework will be aligned with the planned review of PSD2 in 2021, which will take stock of and address the remaining regulatory implementation issues that remain a hurdle to widespread adoption of Open Banking.
We believe that any Open Finance initiative should be fully embedded from the start in wider data-sharing framework that spans across-sectors. This is necessary to protect consumers and ensure fair competition as the boundaries between FS and other industries (such as BigTechs) continue to fray.
Priority 4 - “Same activity, same risk, same rules”
Technology companies are becoming an integral part of the financial ecosystem, both directly and indirectly. Many technology providers already offer payment services, and are expected to expand quickly into other FS offerings, e.g. loans or general insurance. Data-sharing initiatives, such as Open Banking and Open Finance, will only accelerate this trend.
Against this backdrop, by mid-2022 the Commission will review its conduct and prudential frameworks. Guided by the principle of “same activity, same risk, same rules”, it will propose the necessary policy changes to protect consumers, businesses, financial stability, the integrity of the EU financial sector, and ensure a level playing field with regulated FS firms.
The Commission’s legislative initiative on digital operational resilience and oversight of critical third-party ICT providers is also a fundamental part of this initiative.
Creating a resilient, fully operational, and competitive digital finance and payments ecosystem is necessary to ensure the EU’s future economic growth. The Commission’s plans are ambitious, and aim at setting new global standards that could reverberate well beyond EU borders.
These proposals set the direction of travel for the digital legislative agenda which will take shape over the next few years. Negotiations around the detail of the legal text and implementation will take time. But for EU policymakers and industry, the next four years provide a unique opportunity to shape the regulatory framework that will underpin technological innovation in FS for many years to come.
Firms should engage and collaborate with policy makers openly and proactively. This includes traditional EU FS firms, but also for firms currently on the periphery of the regulatory perimeter or headquartered in non-EU jurisdictions – such as Cloud providers or large technology firms.
 Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, OJ L 257, 28.8.2014, p. 73–114.
 The EFIF was established further to the January 2019 Joint ESA report on regulatory sandboxes and innovation hubs which identified a need for action to promote greater coordination and cooperation between innovation facilitators to support the scaling up of FinTech across the single market.