Primary tabs

Smart Payment Association (SPA)

The six areas covered by this discussion paper are all relevant and rich enough and address the impact and challenges that FinTechs bring about for the banking system and the financial regulators.
The EBA analysis in section 4.2.1 is quite complete and elaborates in the risks of outsourcing of financial processing activities to FinTech. An additional risk is the higher probability of disruption of the service (business continuity) when operated by FinTech and lack of experience on for instance disaster recovery plans compared with incumbent credit institutions.
The SPA notes that in the past banks have shown up a great ability to pioneer and leverage their infrastructures with major IT breakthroughs. Many Fintech innovations have to do with back-office processes and it may represent an opportunity rather than a threat for banks. Thus, blockchain use cases rationalize processing by enabling cooperation between competitors. In the present context were bank direct investments are considered at risk, sharing efforts makes sense. This is one reason why many banks organized in consortiums fund Fintech research & development efforts.
Yet there are financial services (TPP payment services, crowdfunding) where Fintech might directly compete with banks, and the financial industry at large needs to monitor and control risks arising from financial services offered by Fintech incomers. New actors offering financial services, might also issue their own payment instruments. Card payments are by their own nature, bank and scheme centric, and in a way or another if the banks position is challenged by Fintech, the card industry will also do.
This challenge will be stronger if the bank industry appears weakened. With this respect, SPA notes that the European Banking Authority considers that after the financial crisis the EU’s banking sector is now consolidating. If the trend is confirmed there will be multiple opportunities for banks and Fintechs to collaborate in new services without substantial changes in the market structure.
They are quite complete. Yet, the business models of PIs and EMIs are quite different, due to the very specific nature of the electronic money issuance. In particular incumbent electronic money issuers are now facing the competition of all kinds of unregulated virtual currencies. With this respect, SPA notes that back in 2003 the European Central Bank released a specification setting out security requirements for e-money. It could ne purposeful that EBA takes it over and updates these requirements as a common baseline for FIAT digital currencies.
With this respect, SPA outlines that ISO TC68 has launched some preliminary work (US initiative) on the security requirements for FIAT virtual currencies. Because BIS has provided with some useful insight on virtual currencies, a common global policy coordinated with this ISO TC68 initiative could serve the objectives of the EBA.
Payment Institutions and e-Money institutions can be considered as the “first-wave” of what is now named FinTechs. But at that time Internet growth was in crisis and innovation was in mobile technology and the only financial service was payment: mobile for Payment Institutions (PI, typ Mobile Network Operators) and electronic money (EMI, Electronic Money Institutions) payments using pre-paid cards. Actually neither of them has proved to be disruptive and their business activities remained largely local. FinTech have both a broader scope of financial services and for the particular areas where PI and EMI business model overlap they will compete with them. On the other side, there’ll be alliances between PIs, EMIs and FinTech’s to enlarge the offer of financial services offered by each one. As for the credit institutions case, PIs and EMIs might benefit of more advanced technology platforms and advanced control methods. As mentioned, many Fintech innovations have to do with back-office processes and it may represent an opportunity rather than a threat for banks. Overall, the FinTech effect of opening the financial services market to new incomers, will also benefit PI and EMIs. Benefit amplified by the PSD2 impact on any payment service provider.
SPA suggests to further elaborate on 4.3.2 clause 96 , on the expansion of Fintech in a low profitability environment traditionally undeserved by the banking industry. That could represent an opportunity for credit institutions to elaborate a specific offer, or collaborate with FinTechs, in areas such as financial inclusion.
It’s easier to collaborate in areas where banks have not an obvious business interest that when a Fintech new service might represent a threat.
Banks have not traditionally invested in developing countries lack of business case. The several success stories in mobile payment systems have been driven by Telecom Operators. Because of the lack of legacy payment systems and with uncertain financial regulation ( but this is correcting now, as more citizens become banked) , this in a privileged area for technological and commercial collaboration for low cost innovation between Fintech and Banks… or even for Fintech alone: Mobile wallets, mobile remittances, virtual currencies, microcredit, peer-to-peer lending, bill mobile payments.
Financial inclusion is also a good case to prove new regulatory approaches: by facilitating access of Fintech to the financial services market… meaning rather removing Fintech entry barriers and considering that the best protection for the unbanked citizens is to facilitate their access to cheap money. In a second step, Banks could come into the playfield and collaborate with Fintech in the consolidation of emerging financial inclusion.
The Smart Payment Association (SPA) predicted that despite the Fintech buzz by 2020 the Banks will continue to hold the central role as retail payment intermediaries. Despite all the hype around new payment instruments and market incomers, the structure of the retail payment market is stable. In the last decade, only two new initiatives have actually proved successful: Paypal and Allipay in China. Yet neither of them can be considered as a Fintech.
Yet there are financial services (TPP payment services, crowdfunding) where Fintech might directly compete with banks, and the financial industry at large needs to monitor and control risks arising from financial services offered by Fintech incomers. New actors offering financial services, might also issue their own payment instruments. However, as mentioned there, the number of success histories is limited and a major threat for incumbent credit institutions can only come from those IT companies with global reach (GAFA), which are not certainly Fintechs.
This challenge will be stronger if the bank industry appears weakened. With this respect, SPA notes that the European Banking Authority considers that after the financial crisis the EU’s banking sector is now consolidating. If the trend is confirmed there will be multiple opportunities for banks and Fintechs to collaborate in new services without substantial changes in the market structure.
On the other hand one of the problems that FinTech’s will face is how to grant access to a large community of end-users. One obvious way is by negotiating with global technology platforms like Google and Facebook, but Fintech’s have limited deal power. With this respect, credit institutions might boost income and benefit from innovative payment and banking services provided by FinTech partners by deploying new platforms, with an end-user interface to manage the enrollment to FinTech partner services and offering an API enabling to connect FinTechs facilities to the bank platform. With such a model and by concentrating an offer of FinTech services, end-users, incumbent credit institutions and FinTechs might benefit from a range of economic and “legal” forces: economies of scale and scope, network effects, minimum switching costs, compliance with the regulatory framework guaranteed by the credit institution and financial product differentiation.
Further analysis is required on the coexistence of these dematerialized forms of money and whether or not both existing and new players may benefit from new technology ( blockchain) in a way consistent with the protection of the end-user and preventing the misuse for financial crime purposes.
Despite their limited success, Payment Institutions (PI) and Electronic Money Issuers (EMI) have a market and end-consumer experience lacking to FinTechs. As any other Payment Service Provider, both Pis and EMIs might benefit from technology innovation by FinTechs. The model above, where the PI and in a lesser extent the EMI, provides with a platform for access to partner FinTech services also might apply. It remains that for FinTech partnerships with PIs and EMIs is less appealing by the reduced scope of their payment activities, the legal uncertainty and limited reach. Overall we believe that partnerships of FinTechs with credit institutions may have a detrimental impact on the business models and revenue of incumbent PIs and EMIs, that may appear as legacy business. In that case, a possible strategy for PIs and EMIs is to move up and try to enlarge their offer by (1) concentrating at a cross-border and (2) granting licences as credit institutions, TPPs or a potential new legal status that new regulations ( Financial Service Directive ?) or (3) concentrating in a particular segment undeserved by FinTech and levering their existing technical infrastructures (mobile instant payments, brockering)
Yes. SPA believes that the section states clearly the main issues and how to address them properly.
The issues pointed out in the discussion document questions are certainly relevant. It remains that cross-border refers to transactions between members of the EU. FinTech services in lending and investement remains largely local. However overseas cross-border transactions ( eg, mobile remittances) we’ll be more complex to monitor, potentially undermining the level of protection of the end-user. The search of business volumes will drive the international cross-jurisdictions reach of local FinTechs creating legal uncertainty. In this context, the international cooperation between supervisors is essential.
NA for SPA members
SPA considers that at present, the Regulatory Technical Standards don’t solve completely the issue of how to implement from the technical point of view the legal requirements. .But that’s not an issue specific to FinTechs but to the overall payments industry (business domain of SPA members). A solution is that standardization bodies provide with technical provisions. Now, by their limited resources, FinTechs cannot be very influent in standards-setting bodies. On the other hand there is a concern, that a too prescriptive technical standard might exclude di-facto existing technical solutions and as such come in conflict with EU competition law and/or prevent innovation which is the real “raison d’être” of FinTechs. As the question suggests, that’s probably an area for further development by the EBA.
Yes. SPA believes that the section states clearly the main issues and how to address them properly.
Yes. SPA believes that the section states clearly the main issues and how to address them properly.
National Legislations for financial services in the EU countries where SPA members are located are the transposition of EU financial regulation and other cross-industry regulations (Articles 101 and 102 of the Treaty, Global Data Protection Regulation ). At present, we haven’t found any obstacle for FinTechs entering the market other than the compliance with the legal provisions set out by the existing laws themselves.Thus, requirements in terms of compliance with the Anti-Money Laundering legal framework, the compliance with the GDPR and Consumer Protection provisions as set out by the PSD2 are challenging for FinTechs unless they operate under the legal umbrella of a credit institution. Future regulation on resilience to cyberattacks will result in hard security certification requirements for payment service providers offering financial services to the end-user as most FinTechs ambition to do. This point is well explained in clause 4.2.1 of the discussion paper.
Yes. SPA believes that the section states clearly the main issues and how to address them properly.
Education ( what to do , what not to do) when accessing and using personal devices for access to financial services is no doubt necessary to overcome fears and also reduce the perimeter of attack by fraudsters.
Also education in terms of awareness of the legal consequences of contractual terms and conditions when enrolling to new financial services ( what you should pay attention to) could be useful.
The issues are clearly expressed. Now the real challenge is the huge level of complexity of those algorithms using big data to profile customers, which makes them in practice impossible to evaluate. Transparence is another issue there, because such algorithms are the cornerstone for competition and therefore constitute highly confidential IP information.
Yes. SPA believes that the section states clearly the main issues and how to address them properly.
Yes. We support and encourage the EBA initiative to create a framework to evaluate how vulnerable Fintech technology may be for misuse for money laundering and financial crime purposes.
FinTechs acting as TPPs and offering instant payments are more vulnerable to money laundering activities: more intermediaries in the transaction flow and fast execution times with payment finality are attractive characteristics for fraudsters. Payment Methods ( Instant Person-to-Person or Person-to Business Payments) with real-time availability of funds for the payee and subsequent transferability are more likely to be misused for financial crime purposes. It’s obvious that FinTechs operating in offshores or countries “at risk” or merely facilitating cross-border payments are more vulnerable to misuse by criminals. Credit lending platforms is another financial service at risk, specially if peer-to-peer lending services are supported.
By their own nature, Blockchain and Distributed Ledgers Systems present vulnerabilities not fully understood yet ( malware, denial of service) including potential for money laundering (specially if anonymous transactions may take place). If the DLS has no central authority, there is no legal entity accountable for compliance with AML laws.
Same rationale than for question 16. The real limitation is the very challenging operational constraints for compliance with the AML/CFT and the fact that incumbent credit institutions have all the necessary the policies, processes and systems to control AML/CFT risks that FinTech have to build.
If a Legal Sandboxing is needed as a trade-off to help Fintech to enter the financial/ payments market, security should be excluded from any exemption regime. With regards security, financial institutions and Fintech should be subject to the same requirements, including compliance with AML/CFT..
Lorenzo Gaston
+33622191713