Cookie policy

By pursuing your navigation on our website, you allow us to place cookies on your device. These cookies are set in order to secure your browsing, improve your user experience and enable us to compile statistics. For further information, please report to our cookie policy.

Article (98/292)
Capital markets union in Europe and the fintech opportunity
Capital markets union in Europe and the fintech opportunity

Capital markets union in Europe and the fintech opportunity


Laurence Caron-Habib

Laurence Caron-Habib

Head of Strategy, Public Affairs and CSR

BNP Paribas Securities Services

View profile
Philippe Ruault

Philippe Ruault

Head of Digital Transformation

BNP Paribas Securities Services

View profile

The Fintech Action Plan was announced in March 2018 by the European Commission (EC), in an effort to support innovation in European fintech, while seeking to manage the risk that disruption can create. As supporting legislation to the Capital Markets Union action plan, it is intended to help harmonise the approach that national competent authorities (NCAs) take towards a range of fintech services and technologies.

Laurence Caron-Habib, Head of Strategy, Public Affairs and CSR and Philippe Ruault, Head of Digital Transformation, both at BNP Paribas Securities Services discuss their views on the fintech action plan, challenges to the plan and what’s next

What are your views on the approach that the European Union (EU) has taken with the Action Plan?

Laurence Caron-Habib: At this stage, the European Commission (EC) has decided not to regulate fintech. We consider this approach to be positive, as regulation at this stage would impede innovation, and both industry and public authorities still need to mature. At the same time the EC has clearly prioritised areas where progress can be made, without disrupting innovation, which we support.

The EC has addressed most of the topics we need to look at in fintech. There are recommendations and initiatives in particular around distributed ledger technology (DLT), crypto-assets and also on cloud technology which is a significant issue for many players and one of the trickiest today. It also has an approach on the issue of cybersecurity.So we can say it is a comprehensive action plan.

Philippe Ruault: I think the approach is good, especially the observatory on blockchain. The sandbox is interesting and mirrors what the Financial Conduct Authority (FCA) has done in the UK. It allows fintechs to start operating in a supervised but free environment. This is a good model.

Is having such a broad approach too much for a single framework?

PR: It sits in parallel to what we are doing, and what is top of the agenda for us and other banks. There is no way that we can look at transformation of the industry without tackling all these subjects, even if they are many.

LCH: Many of these topics are interconnected. If you look at DLT and crypto assets you need to have a global view. At this stage I think it is relevant to have a single action plan. In the future, as we adopt new measures it may be necessary to take a different approach.

Are the measures appropriate to the different maturity levels of these technologies and services?

PR: Crowdfunding is very mature. It has two to three years of economic activity and so there is a high priority to set a framework as there is a market in crowdfunding that needs to be addressed.

LCH: The crowdfunding use case is clearly defined, which is not the same for DLT, robotics or artificial intelligence (AI) for which we are still in the experimentation phase at best. For crowdfunding we have sufficient maturity to look at the best approaches to business and the right business cases.

What is the most impactful improvement?

PR: The sandbox will have the most impact. A successful fintech sector needs to be able to develop at a small scale, but reach a much bigger market quickly. A European sandbox will facilitate that.

Are there gaps?

PR: Around artificial intelligence, yes.

LCH: I think regulators globally- but also the industry – need more time to have a clear understanding of the risks associated with these technologies. Today we mainly focus on their potential in added value, how they can be included in existing processes or can change the customer journey and experience. The risk and the governance requirements associated with the use of these new technologies need to be understood as well. For example, should there be exams or certifications for some AI tools, how can we stress test them and what audit trail is needed – these are questions that should be asked.

PR: You need to have some supervision of AI and some skills at the local regulator level to audit use. Something not yet addressed is the extreme risk that might stem from dependency on technology, for example if there is an increased dependency on AI technology what might that mean in the event of a cyberattack or a power cut? We are working on this at a company level but some governance and direction from authorities for the wider industry would be welcome.

What would the European market for fintechs look like without this EC initiative?

LCH: We already see there are a lot of local initiatives. For example, in France the authorities have been very progressive on several issues. We have seen the launch of mini bonds that can be issued on blockchain. There are many discussions regarding initial coin offerings (ICOs). In Denmark and the Netherlands, they have launched sandbox schemes to enable fintech businesses to test new technologies and business models on customers in a safe environment.

If the European Union (EU) authorities bring in measures too late, this could disrupt the steady growth of the sector.

PR: By their nature fintechs are global, so their business model relies on reaching out to the wider world. Having different regulations in every country, followed by an attempt at harmonisation, might prove fatal to those initiatives aimed at building out a global business.

Compare that to the US or China. In those countries you can start a company with five people and scale up because they are single jurisdictions and so you have a single business model. By contrast if you have to work across several jurisdictions, each of which changes the way your business works, the additional administrative burden is an impediment for small businesses.

LCH: A positive point is that European Supervisory Authorities (ESAs) are associated with the various recommendations issued by the EC. That means from the start they are aware of the developments and have a key role to play in terms of convergence. This is true in regulatory aspects but it will be the case even more in the long term for supervisory aspects as well.

What are the existing obstacles to fintech adoption?

PR: The first obstacle is that they are many fintechs. Even when we are selective on a specific topic such as machine learning for email processing, there are many fintechs in scope and their emergence is very complex to manage.

We also have issues in terms of scale. For a group such as BNP Paribas, working with a fintech business of two to three people is difficult. It can create an economic dependency which has legal consequences. That is not easy to resolve.

Sharing data with fintechs can also be problematic. When working on cloud technology, for example, we need a high level of protection from cyberattacks. We are sometimes unable to work with fintechs whose security level is not the same as a G-Sifi organisation (global systemically important financial institution) such as BNP Paribas.

Has the EC approach struck the right tone on cybersecurity to ensure the integrity of the financial sector?

LCH: Cybersecurity is not an easy topic. It is more about sharing best practices today, which is positive. Everybody is aware that the sharing of information is needed because this is the best way to protect ourselves from these cyberattacks but at the same time, there is the confidentiality dimension to keep in mind. Today we have rules at a local level around cybersecurity. The next phase is to combine the best aspects of these local rules into a regional or global framework.

Certainly setting out a framework for reporting incidents and the timing of reporting to authorities are not punitive kinds of measures. A repository in which all potential attacks are recorded is the best way to alert potential victims to the dangers, and deter attackers from future attempts.

What areas should be focussed on next?

PR: The next areas will be compliance and regtech. Know your client (KYC), MiFID II reporting and fraud detection are among the next generation of fintech initiatives. The European cloud will also need to be part of the European discussion. Europe is looking to fund any initiatives that support cloud technology at a European level. An Amazon-like model is being considered.

LCH: There are currently local barriers in cloud use across jurisdictions, particularly on the regulatory side. The main request from the industry is to have a common European framework. There is a big demand from the industry and the EC is aware of that. We will see what recommendations it makes.

Download the brochure:


Read our series of tech memos

What is Smart data? What is Artificial Intelligence (AI) and robotics? What is Blockchain?

To know more

Link to the European CMU action plan: here

Link to the EC mid-term review of the Capital Markets Union Action Plan (June 2017): here

link to the EU Fintech action plan “For a more competitive and innovative European financial sector” (March 2018) : here

Follow us