Is having such a broad approach too much for a single framework?
PR: It sits in parallel to what we are doing, and what is top of the agenda for us and other banks. There is no way that we can look at transformation of the industry without tackling all these subjects, even if they are many.
LCH: Many of these topics are interconnected. If you look at DLT and crypto assets you need to have a global view. At this stage I think it is relevant to have a single action plan. In the future, as we adopt new measures it may be necessary to take a different approach.
Are the measures appropriate to the different maturity levels of these technologies and services? They are much more detailed about crowdfunding than Distributed Ledger Technology (DLT)
PR: Crowdfunding is very mature. It has two to three years of economic activity and so there is a high priority to set a framework as there is a market in crowdfunding that needs to be addressed.
LCH: The crowdfunding use case is clearly defined, which is not the same for DLT, robotics or artificial intelligence (AI) for which we are still in the experimentation phase at best. For crowdfunding we have sufficient maturity to look at the best approaches to business and the right business cases.
What is the most impactful improvement?
PR: The sandbox will have the most impact. A successful fintech sector needs to be able to develop at a small scale, but reach a much bigger market quickly. A European sandbox will facilitate that.
Are there gaps?
PR: Around artificial intelligence, yes.
LCH: I think regulators globally- but also the industry – need more time to have a clear understanding of the risks associated with these technologies. Today we mainly focus on their potential in added value, how they can be included in existing processes or can change the customer journey and experience. The risk and the governance requirements associated with the use of these new technologies need to be understood as well. For example, should there be exams or certifications for some AI tools, how can we stress test them and what audit trail is needed – these are questions that should be asked.
PR: You need to have some supervision of AI and some skills at the local regulator level to audit use. Something not yet addressed is the extreme risk that might stem from dependency on technology, for example if there is an increased dependency on AI technology what might that mean in the event of a cyberattack or a power cut? We are working on this at a company level but some governance and direction from authorities for the wider industry would be welcome.
What would the European market for fintechs look like without this EC initiative?
LCH: We already see there are a lot of local initiatives. For example, in France the authorities have been very progressive on several issues. We have seen the launch of mini bonds that can be issued on blockchain. There are many discussions regarding initial coin offerings (ICOs). In Denmark and the Netherlands, they have launched sandbox schemes to enable fintech businesses to test new technologies and business models on customers in a safe environment.
If the European Union (EU) authorities bring in measures too late, this could disrupt the steady growth of the sector.
PR: By their nature fintechs are global, so their business model relies on reaching out to the wider world. Having different regulations in every country, followed by an attempt at harmonisation, might prove fatal to those initiatives aimed at building out a global business.
Compare that to the US or China. In those countries you can start a company with five people and scale up because they are single jurisdictions and so you have a single business model. By contrast if you have to work across several jurisdictions, each of which changes the way your business works, the additional administrative burden is an impediment for small businesses.
LCH: A positive point is that European Supervisory Authorities (ESAs) are associated with the various recommendations issued by the EC. That means from the start they are aware of the developments and have a key role to play in terms of convergence. This is true in regulatory aspects but it will be the case even more in the long term for supervisory aspects as well.
What are the existing obstacles to fintech adoption?
PR: The first obstacle is that they are many fintechs. Even when we are selective on a specific topic such as machine learning for email processing, there are many fintechs in scope and their emergence is very complex to manage.
We also have issues in terms of scale. For a group such as BNP Paribas, working with a fintech business of two to three people is difficult. It can create an economic dependency which has legal consequences. That is not easy to resolve.
Sharing data with fintechs can also be problematic. When working on cloud technology, for example, we need a high level of protection from cyberattacks. We are sometimes unable to work with fintechs whose security level is not the same as a G-Sifi organisation (global systemically important financial institution) such as BNP Paribas.
Guidance on cybersecurity can be disproportionately harsh on major institutions. Has the EC approach struck the right tone to ensure the integrity of the financial sector?
LCH: Cybersecurity is not an easy topic. It is more about sharing best practices today, which is positive. Everybody is aware that the sharing of information is needed because this is the best way to protect ourselves from these cyberattacks but at the same time, there is the confidentiality dimension to keep in mind. Today we have rules at a local level around cybersecurity. The next phase is to combine the best aspects of these local rules into a regional or global framework.
Certainly setting out a framework for reporting incidents and the timing of reporting to authorities are not punitive kinds of measures. A repository in which all potential attacks are recorded is the best way to alert potential victims to the dangers, and deter attackers from future attempts.
What areas should be focussed on next?
PR: The next areas will be compliance and regtech. Know your client (KYC), MiFID II reporting and fraud detection are among the next generation of fintech initiatives. The European cloud will also need to be part of the European discussion. Europe is looking to fund any initiatives that support cloud technology at a European level. An Amazon-like model is being considered.
LCH: There are currently local barriers in cloud use across jurisdictions, particularly on the regulatory side. The main request from the industry is to have a common European framework. There is a big demand from the industry and the EC is aware of that. We will see what recommendations it makes.
Download the brochure:
Read our series of tech memos
What is Smart data? What is Artificial Intelligence (AI) and robotics? What is Blockchain?
To know more
Link to the European CMU action plan: here
Link to the EC mid-term review of the Capital Markets Union Action Plan (June 2017): here
link to the EU Fintech action plan “For a more competitive and innovative European financial sector” (March 2018) : here