Response to discussion on Approach on financial technology (Fintech)

Go back

Question 1: Are the issues identified by the EBA and the way forward proposed in section 4.1 relevant and complete? If not, please explain why.

Groupe BPCE pursues a full range of banking and insurance activities, working through its two major cooperative banking networks, Banque Populaire and Caisse d’Epargne, and through its different subsidiaries as well as credit institutions under CRD or payment institutions under PSD and electronic money institutions under EMD: https://www.groupebpce.fr/

1/ General comments

It is very timely that the EBA chose (as did the European Parliament, the Basel Committee on Banking supervision -BCBS- and the European Central Bank –ECB-) to align the definition of FinTech with the one given by the Financial Stability Board (i.e. ‘Technologically enabled financial innovation that could result in new business models, applications, processes, or products with an associated material effect on financial markets and institutions and the provision of financial services’).

The BCBS, in its consultative document,”Sound practices: Implications of FinTech developments for banks and bank supervisors”, aknowledges that “the term FinTech has exploded in popularity in recent years and is used variously to describe a wide array of innovations and actors in a rapidly evolving environment”.

In fact the term FinTech is most of the time used synonymously with ‘FinTech start-up companies’, thus ignoring that technology-enabled innovation in financial services does not depend on the size or legacy of a firm and that innovative financial technology based solutions and services are increasingly being developed by banks.

As acknowledged in the EBA discussion paper, the use of technologies by financial services firms is not new per se, financial services firms have long implemented internal technological solutions to support the provision of services to their customers and to ensure that they comply with their regulatory obligations.

In our view it is particularly important to agree on a common understanding:

- as, rightly pointed out in the BCBS’s survey, the definition can influence how supervisors approach FinTech ;
- Considering FinTech firms as different entities can lead to misjudgment in terms of defining a regulatory approach to FinTech activities.

Again it needs to be asserted that FinTech can be provided by either banks or new entities (BigTech, Startups) focusing on a specific activity in the supply chain that characterizes the financial sector.
The necessity of regulation should be assessed regarding the provision of FinTech-based services, independently of the type of entity offering them.

2/ Issues identified by the EBA:

Yes the issues identified by the EBA are relevant:

o Level playing field issues:

Divergences of treatment of FinTech across the EU seem obvious when it appears that 31% of FinTech are not subject to a regulatory regime under EU or national law and the regulatory status of 8% of FinTech firms is not identified while all FinTech Firms are providing the same financial services all covered by EU law.

It is worth noting that the BCBS, in its consultative document, recognizes that “changes to business models from emerging Fintech companies” “performing activities that are traditionally performed by regulated banks”, “can potentially result in gaps in traditional supervisory and regulatory frameworks”.

In this fast changing environment level playing field is key to assure not only fair competition but also consumer protection. The latter should remain the key priority. A level playing field has the role of ensuring that consumers are not put at risk and that financial stability is maintained, irrespective of the service provider.
The Digital Single Market is an opportunity for all operators willing to embrace the digital transformation. The same regulatory conditions and supervision should apply to all actors who seek to innovate and compete on FinTech: large digital players (Bigtech firms), financial institutions players (incumbent banks) and FinTech start-ups players.

Any regulatory framework must keep barriers to entry to a minimum, and should also not hinder incumbents’ ability to innovate and develop. The authorities must always apply the principle of “same services/activities, same risks, same rules and same supervision” in order to ensure consumer protection and market integrity.

We particularly support the EBA’s intention to further analyse national regulatory regimes as differences could potentially lead to level playing field issues and forum shopping.

We also fully agree with the call of the European Parliament to the European Commission “to deploy a cross-sectorial and holistic approach to its work on FinTech”, in order to break down supervisory silos. Otherwise, marketing new products/services of which the value chain includes different kind of actors will become complex. Fintech companies and credit institutions should go through the same process from designing steps to customer sales to avoid any regulatory arbitrage in responsibility-sharing.

It should be underlined that Fintech activities raise, by nature, an imperative necessity to appreciate level playing field issues in a worldwide approach.

o Innovation issues:

There is a need to facilitate the experimentation of new technologies solutions and business models to foster innovation. In that way, as underlined in the BCBS’s survey, in the past two years, several regulatory and supervisory bodies” have set up a variety of innovation facilitation mechanisms captured under labels such as innovation hubs, accelerators and regulatory sandboxes”.

As acknowledged by the BCBS, first “these terms should be approached with caution” as they could cover very different approaches and secondly “it’s too early to draw firm conclusions on the benefits and challenges of these initiatives and to identify best practices” in particular “concrete insights about the regulatory implications of the sandbox are still limited”.

It should be stressed that the sandbox should not lower regulatory standards as consumer protection is paramount. We indeed support the recommendation made in the BCBS’s survey that “sandbox participants must inform consumers and all relevant stakeholders that the company is providing the service under a sandbox regime”.

As identified in the Discussion Paper, an important question is the eligibility to these sandboxes. In our view sandboxes or other FinTech facilitators should focus all FinTech firms (including incumbent banks) as this is a question of level playing field first. In addition, there is an increasing cooperation and partnership among incumbent banks and FinTech start-ups to provide innovative products and services that they indeed would need to test commonly. As acknowledged in the EBA’s mapping exercise “most innovations appear to be applied by both regulated (EU and national) and non-regulated FinTech firms”.
In consequence we agree on the idea of the EBA to further assess the features of sandboxing regimes, innovation hubs and similar regimes.
In our opinion competition between national supervisors on the basis of regulatory arbitrage should be avoided at all costs.
The development of exchange of good practices and the establishment of European guidelines or high-level guiding principles at EU level could contribute to a convergence in domestic innovation policies across the EU, thereby facilitating the emergence of a single market for financial services.

o Authorisation and registration regimes :

In its consultation on FinTech the European Commission wonders if the EU should introduce new licensing categories for FinTech activities.
We believe that the European Commission and other relevant regulators must provide a clear and comprehensive regulatory and supervisory framework before introducing new licensing categories for FinTech activities. This European framework should be consistent with the ongoing building worldwide framework.

Question 2: Are the issues identified by the EBA and the way forward proposed in subsection 4.2.1 relevant and complete? If not, please explain why.

The analysis of the changes in the credit institutions’ profile risk, due to their involvement into the FinTech sector seems complete and relevant. It is understandable that the EBA intends to deepen its analysis in a context of increasing use of the technologies and a higher competitive pressure.

We would have several remarks:

- Credit and payment institutions are in a good position when it comes to detect and manage new risks involved in FinTech activities due to existing risk management frameworks and strategies ;

- To control the significant increase in overall operational risks, new entrants should be required to manage risk at the same level as credit and payment institutions. In particular, readiness in terms of cybersecurity capabilities and combating digital fraud should be emphasized.

European authorities should facilitate the digital transformation of European banks to help them to remain competitive on the global scene vis-à-vis new entrants and/or third parties. Competitive pressure may come not only from FinTech start-ups but also from global technology companies (such as Google, Apple, Facebook and Amazon, known as GAFAs). It is worth noting that, in its consultative document, the BCBS:
o Raises several times the issue of the concentration risk, “given that big tech firms” from West (GAFA) and East (Baidu, Alibaba, Tencent, known as a BAT) “could become systemically important;
o Stresses the fact that “third parties that provide critical services to large numbers of financial institutions may pose systemic risks to the financial sector”.

- Finally, we would suggest the following topics for scrutiny:

o FinTech start-ups companies are not only a major competitor but also partners for European banking sector. However, when a bank acquires a FinTech start-up, its main asset, the software, is automatically depreciated given the deductibility that has to be applied to calculating capital levels for banks. If the buyer would be a non-bank, the deductibility would not take effect. This is like assigning a zero value to the search engine of Google if this were bought by a bank. Thus, incumbent banks may be less open to financing Fintech start-ups;

o In addition, the prudential risks linked to the use of FinTech shouldn’t be only identified for established credit institutions (incumbent banks). It would be useful to also consider if any potential system-wide issues could arise because new entrants are less burdened by regulatory requirements. Some of these last tending to choose the optimum legal structure to avoid the heavy regulatory burden of the financial sector.

Concerning the approach to adopt we fully support the Commission’s stance on FinTech which relies on three core principles: technological neutrality, proportionality, and market integrity.

In our view,the EBA should, for any risk identified, check if any regulation, already in place with the aim to cover this risk, applies equally to all players. FinTechs start-ups and BigTech firms should have similar, if not the same, capital/liquidity /consumer requirements for a given activity as a financial institution.

We are a little bit surprised that the General Data Protection Regulation (GDPR) is not mentioned in the EBA Discussion Paper on FinTech while, in its recently issued report “on innovative uses of consumer data by financial institutions”, the EBA had acknowledged that “The GDPR, is one of the key pieces of legislation”.
Indeed the impact of the GDPR could be important: new entrants and third parties may not be equipped to meet the responsibility and liability requirements that an effective sharing of data demands.

With respect to PSD2 and the protracted debate over the finalization of the Regulatory Technical Standards on Strong Customer Authentication it appears that the Commission’s ambition to be innovative may at times relegate concerns about consumer protection to secondary ranks.

Question 3: What opportunities and threats arising from FinTech do you foresee for credit institutions?

Technology in and of itself is neither positive nor negative. Social benefit will only accrue from how technology is used by both regulated and non-regulated market players.

In our view the EBA has well evaluated the opportunities for all the stakeholders resulting from technological innovation.

Among the opportunities for credit institutions listed in the Discussion Paper, we welcome the EBA’s draft recommendations on the use of cloud services by credit institutions and investment firms. We believe that they represent a first step forward in ensuring a common approach by regulators/supervisors regarding procedures and methodologies applied to relevant stakeholders (including new entrants and third parties). Nevertheless, we would like to underline that these draft recommendations should be set within the context of the cloud industry.
The adoption of cloud is slowed down by the lack of clarity on the legal constraints to comply with when using cloud services.
The cloud computing leaders are mainly major US BigTech players. Banks, even major ones are currently fragile in the negotiation with those companies and struggle to impose their technical and regulatory constraints, with little success.
Moreover, by addressing the recommendations only to the Incumbent Banks the EBA designates them as the guardian of the technical and legal risks of the Cloud.
Therefore, in our view, a reference framework is required. Some initiatives should be taken to constrain Cloud Service Providers (CSP) to implement a main part of EBA Recommendations in order to ensure a Cloud’s secure framework non submitted to the uncertainties and imbalances of the negotiations due to the particularity of the Cloud’s actors described.
We would recommend, with the aim to allow banks to be confident that they have met their needs when adopting cloud services, that the CSPs shall provide cloud solutions certified as conforming to technical, legal and security standards defined by the banking authority or the European Commission.

With regards to the threats, as underlined in the discussion paper, in reason of the competitive pressure stemming from other operators entering their traditional markets, the business risk appears to remain one of the most important risks to manage for credit Institutions.
In that way, the differences in the regulatory treatment between incumbent credit institutions (all heavily regulated) facing the digital challenges in competition with emerging technological players (not or less regulated and in any case free of prudential regulations) could create distortions of competition that could unfairly exacerbate the competitive pressure.
In consequence we totally share the EBA’s view that the different regulatory treatment of FinTech firms offering similar financial services as traditional credit institutions definitely could benefit from further investigation.

In our view, in its consultative document, the BCBS has well summarized the situation suggesting that the rise of FinTech innovation has resulted in “a battle for the customer relationship and customer data”.
In this background, if we consider that one of the main aims of the regulator is to assure consumer protection, the same regulatory conditions and supervision should apply to all actors owning the relationship with the customers. Again, a level playing field has the role of ensuring that consumers are not put at risk.
Thus we strongly believe that in any foresee action or regulation the principle ‘same service, same risk, same rules’ should apply.

The regulatory issue should also be assessed globally with the question of the European sovereignty as a priority. European banks shouldn’t be weakened on the global scene. Regulation in Europe should facilitate the emergence of European digital leaders able to compete with US or chinese ones.

As underlined in the report issued in August 2017 by the World Economic Forum (WEF), ”Beyond Fintech: a pragmatic assessment of disruptive potential in financial services”, globally, there are differences in the regulatory priorities (notably between the US and EU) :

- It is given the example of “the strong regulatory impetus for open data and consumer protection” in Europe putting “incumbents under growing pressure” ;
- It is also underlined that, in Europe, the coming application of the Revised Payment Services Directive (PSD2) by January 2018 “will advance the development of new payment schemes in Europe but it is highly unlikely that changes to European payments will influence the regulation of US markets”.

It should be considered that “while regulators are curtailing financial institutions’ control over access to infrastructure, lowering market power and shifting profits away from firms that oversee infrastructure” (WEF report giving the example of PSD2 in Europe), some US actors are growing and could take advantage of the situation while they appear already in a strong position : in the BCBS consultative document it is recognized that given they “have established global operations and a large customer base, and that they “can use of a vast amount of information about their customers to provide them with tailored financial services” ”BigTech firms may have a considerable competitive advantage over their competitors, eg incumbent banks, in the provision of financial services”.
This poses considerable problems in terms of ensuring a level playing field and protecting the viability and innovation capacity of the European financial and industrial ecosystem.

Finally the key threat from Fintech for incumbent credit institutions will come from platforms (distribution, segment, data aggregation) including those characterized as GAFAs. This threat has not been identified by the EBA, and should be added.

Question 4: Are the issues identified by the EBA and the way forward proposed in subsection 4.2.2 relevant and complete? If not, please explain why.

Payments should be given particular attention because according to the EBA’s mapping study FinTech firms not subject to a regulatory regime under EU law mostly provide services in the context of payments.
In consequence for this activity the possibility of distortion of competition is even greater in case of differences in the regulatory treatment.

Question 5: What opportunities and threats arising from FinTech do you foresee for payment institutions and electronic money institutions?

We think it is important to put payment institutions and electronic money institutions into a global perspective and we would repeat our answer to Q3 taking reference of the WEF report:

- “Payments businesses are experiencing intense pressure on margins and a challenging regulatory environment”. The latter evolving very differently among jurisdictions which could lead to “regional distinctions between payments ecosystems”;
- In Europe the coming application of the PSD2 by January 2018 “will advance the development of new payment schemes in Europe but it is highly unlikely that changes to European payments will influence the regulation of US markets”.

Regulators and Supervisors in Europe should be cautious to protect the viability and innovation capacity of the European financial and industrial ecosystem.

Question 6: Are the issues identified by the EBA and the way forward proposed in subsection 4.3.1 relevant and complete? If not, please explain why.

It is particularly welcome that the EBA acknowledges that credit institutions are facing a very challenging period in an environment of low profitability and huge competition. Again, as suggested in the BCBS’s survey FinTech firms are engaged in “a battle for the customer relationship and customer data”.

Any framework developed in Europe should facilitate innovation counting on the strength of all FinTech firms (incumbent banks, non-banking FinTech/ FinTech start-ups).
In this context, it is important to ensure that the regulation, which represents another challenge in itself (with significant investments at stake), will not hinder incumbents’ ability to innovate and transform themselves or disadvantage them (distortion of competition).

As underlined in the Discussion Paper banks have legacy issues and have to constantly invest to modernize IT systems but also the banking infrastructure. A new round of investment is necessary in order in particular to fully support instant transactions.
In our view, if market incumbents must allow some degree of connectivity to newcomers, it is essential to ensure that all market participants contribute to the appropriate level of investment in infrastructure.

As already mentioned, in its report “A Pragmatic Assessment Of Disruptive Potential In Financial Services” the WEF underlines that “Regulators are curtailing financial institutions’ control over access to infrastructure, lowering market power and shifting profits away from firms that oversee infrastructure” giving the example of PSD2 in Europe.

The EBA consideration to further analyse the relationship between incumbent credit institutions and new players in the financial sector appears particularly relevant as we are likely to see increasing cooperation and partnership among banks and new FinTech start-ups providing innovative products and services to the market.

As noticed by the BCBS’s survey, “elements of the distributed bank scenario are playing out”. “In this scenario, banks and FinTech companies operate as joint ventures, partners or other structures where delivery of services is shared across parties”.
Again, the best way to foster innovation in Europe will be to rely on the strengths of all actors and their complementarities and not by favoring some of them.

It is important to, once again, restate that the European Commission and all other European institutions involved in the different political, legislative and supervisory steps must always apply the principle of “same services, same activities, same risks, same rules and same supervision” in order to ensure consumer protection and market integrity.

Among the open questions put forward in the WEF report as being able to shape the industry’s development, we believe the potential impact of the rise of digital identity and the capacity of the financial institution to monetize the data flows available to them will be particularly relevant.

At last, but not at least, it should be ensured that the European legislation framework is sufficiently competitive in an international environment.

Question 7: What are your views on the impact that the use of technology-enabled financial innovation and/or the growth in the number of FinTech providers and the volume of their business may have on the business model of incumbent credit institutions?

It should be first noticed that there are strong discrepancies in the reach and impact of FinTech according to customer segments (individual customers, business owners, public sector, corporates) and business lines (payments, commercial banking, wealth management, asset management, wholesale banking).

Considering the landscape, it should be considered that the advent of the internet and web-related technologies has generated strong advantages for a handful of firms with huge economies of scale, resulting in nearly monopolistic structures in parts of the e-business economy such as Amazon, Google, Facebook Alibaba or Tencent.
In the BCBS’s survey it is recognized the importance “to properly monitor and assess the concentration risk, given that BigTech firms” (GAFA and BAT) “could become systemically important”. Similarly, the WEF suggests, in its report, “that the regulators consider the risk of market dominance even more strongly” “as the dominance of large tech firms extends into finance”.
At the same time, the arrival of FinTech start-ups and the establishment of digital platforms has spurred innovation, accelerated the transformation of banks and opened a door to new win-win collaborations.
Although some degree of competition, the complementary strengths and weaknesses of all FinTech firms (banks, non-banking FinTech/ FinTech start-ups) mean that those entities will often do better by cooperating rather than by competing.
As mentioned in the answer to Q6, and as noticed in the BCBS’s consultative document, “banks and FinTech companies operate as joint ventures, partners or other structures where delivery of services is shared across parties”. While there are still good reasons for banks to rely on internal IT departments, there is considerable potential to create value (for themselves and the economy at large) by nurturing an ecosystem of start-ups and technology innovators that can assist banks in developing shared platforms thereby increasing resilience and cost effectiveness of banking and payment systems.
As acknowledged in the discussion paper there are complementarities among actors. Banks have a lot to offer to FinTech start-ups, in particular, specific financial expertise (risk assessment, evaluation and management), scalability owing to their large customer base, as well as many years of experience in providing clients with operational security in a highly regulated sector, not to speak of financing needs. The respective strengths of both banks and FinTech start-ups mean that both will often do better by cooperating rather than by competing.

As an example, Groupe BPCE has launch a retail banking transformation plan based on three defining initiatives:
- a program focused on its customer relationship model with a view to reasserting a promise of continuing close proximity while simultaneously offering greater consultancy services and high quality service both within the branch and remotely;
- an operational excellence plan designed to pool and simplify the Group’s structure, its IT services and processes;
- and an ambitious digital action plan with the aim of keeping it simple" for the Group’s customers, employees and stakeholder communities.

This transformation plan will go hand-in-hand with a cost-cutting drive targeting savings worth 1 billion euros in a full year by the end of 2020, including a new 750 million euro Group program (excluding Natixis the corporate financing, investment management, and financial services arm of Groupe BPCE) and a transformation and operational excellence plan for Natixis worth a total of 250 million euros. Implementing this plan will require an investment of 790 million euros, including 220 million euros for the Natixis plan.

Investments for an aggregate total of 750 million euros over the 2017-2020 period will also be devoted to speeding up and industrializing the digital developments pursued by Groupe BPCE.
The retail banking transformation plan is the subject of a comprehensive and detailed presentation that may be consulted via this link: https://www.groupebpce.fr/en/The-Group/Strategy/Transformation-of-retail-banking-activities"

Question 8: Are the issues identified by the EBA and the way forward proposed in subsection 4.3.2 relevant and complete? If not, please explain why.

It makes sense that the work foreseen on incumbent credit institutions should be expanded to include in its scope payment institutions and electronic money institutions because as well-noted in the EBA’s mapping exercise FinTech firms not subject to a regulatory regime under EU law mostly provide services in the context of payments.

Moreover, we think that the scope of the study should be broad enough to cover global development including the involvement of BigTech companies and their actual and possible future role in the market, since payment is even more global than banking.

Again, the best way to foster innovation in Europe will be to rely on the strengths of all actors and their complementarities and not by favoring some of them.

Question 9: What are your views on the impact that the use of technology-enabled financial innovation and/or the growth in the number of FinTech providers and the volume of their business may have on the business models of incumbent payment or electronic money institutions?

As expressed in Q7 the arrival of FinTech start-ups has spurred innovation, accelerated the transformation of banks and opened a door to new win-win collaborations. Fintech could bring solutions in the payments or securities space too:

- Distributed Ledgers Technology can provide for the development of more efficient trading platforms and payments systems. DLT is the innovation where collaboration with other market players will most be needed as no DLT system will be possible without global and far-reaching collaboration;

- Interoperability is highly beneficial provided it is developed in a way that ensures high levels of cybersecurity, data safety and customer protection. We are seeking collaboration with third parties in a win-win scenario in which banks and FinTechs startups develop customer centric products that are both secure, cost effective and innovative. To that effect, a wide adoption of Application Programming Interfaces (APIs) will pave the way for a secure, competitive and innovative environment for financial services as it is already the case today for many other online activities and interactions;

- Real time payments: A number of banks have been reviewing new blockchain-based payment protocols available on the market like Ripple and experimenting with a proof of concept platform based on Ethereum. These solutions take advantage of the capabilities of blockchain to execute payment obligations netting and enable real-time clearing without the involvement of correspondent banks on each transaction.

Question 10: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.1 relevant and complete? If not, please explain why.

We appreciate that the EBA acknowledges that the authorisation status of FinTech firms is crucial not only in terms of competition but also in terms of consumer protection.

It seems difficult to envisage that 53% of FinTech firms could remain outside the EU framework (without any regime or with an unidentified or national one) considering the imperatives of stability of the financial system and protection of the consumer. See our response to Q1.

This level playing field should guarantee that the necessary consumer protection measures are in place and that consumers are not put at risk, irrespective of who is the provider.
We find it important that regardless of the size, nature, scale or complexity, financial services providers (including FinTech start-ups and BigTech) comply with consumer protection standards.

Question 11: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.2 relevant and complete? If not, please explain why.

It should not be forgotten first that cross-border operations are still an exception and not the rule. According to the Eurobarometer 373 survey of 2012, as also confirmed by Eurobarometer 446 of 2016, the vast majority of financial products and services are purchased in the respondent’s own country because respondents feel they can buy everything they need in their own country. There is a very low demand for cross-border operations.

Moreover, as said in the BCBS’s paper and as shown by its survey, ‘There are few global providers for the fintech financial products and services reviewed and only limited examples of products and services being offered in more than one jurisdiction. It is difficult to determine whether this is driven by the complexity of managing across differing licensing and regulatory frameworks, or if the fintech business models have yet to achieve full penetration of domestic markets that would warrant the increased investment’.

As suggested in the EBA’s discussion paper, consumer protection laws are not harmonized within the member states in Europe. We agree with the conclusion of the EBA that “this could result in regulatory arbitrage and different levels of consumer protection across Member States”.
We would also warn that aggravating factors also exist: even maximum harmonisation of consumer-protection rules in retail financial services has not prevented a divergence in national legislations, particularly due to Member States’ growing tendency to gold-plate, either when transposing or in the extensive interpretations of the texts by national regulators, which prevents all European banks from being on a “level playing field”.

We would see a need to extend the regulation in place to non-regulated FinTech firms in order to address cross-border issues: as already suggested in previous answers, any foreseen action or regulation should apply the principle ‘same service, same risk, same rules’ in order to avoid non-regulated FinTechs from ‘cherry picking’ the jurisdiction with the most favourable regulatory regimes.

Question 12: As a FinTech firm, have you experienced any regulatory obstacles from a consumer protection perspective that might prevent you from providing or enabling the provision of financial services cross-border?

We could mention several obstacles:

- Again as stressed in the EBA’s discussion paper, consumer protection laws, which are a very important component to fulfil when selling products or services cross-borders, are not harmonized within the EU Member States. We believe that different consumer protection regimes act as a barrier to the provision of cross-border retail banking products and services, both for consumers and banks. Indeed it would be very costly for banks to adapt their contracts to each Member State’s market in order to comply with the rules of international private law (i.e. professionals must apply the consumer-protection rules of the consumer’s habitual country of residence when the professional directs his activities to a consumer from another Member State);

- Digital identity frameworks are currently not sufficiently developed and even if they were, regulatory fragmentation across Europe regarding digital identity remains a big obstacle for a harmonized European digital identity framework as eIDAS could be.
As acceptance of the means for identifying customers remains with the Member States it is necessary to harmonize the European framework regarding the prevention of money laundering and terrorism financing (AML/CFT), to ensure the 4th Anti-Money Laundering Directive is implemented in a consistent way. We are in favor of providing for a broad scope of possible methods to be used in the process of digital on boarding, ranging from those notified in line with the eIDAS Regulation to others. As different national requirements still apply to the remote identification of customers, in our view, as a first step, harmonization is required, notably to allow for digital onboarding including via video.

Question 13: Do you consider that further action is required on the part of the EBA to ensure that EU financial services legislation within the EBA’s scope of action is implemented consistently across the EU?

Concerning disclosure requirements, as acknowledged by the European Commission in its Green Paper on retail financial services and consequently in its Action Plan, several pieces of legislation at EU level have been adopted (e.g. MCD, CCD, PRIIPs, MIFID2, PAD, PSD2, IDD…) in recent years to ensure that information disclosure is effective, transparent and comparable.
The effects of this legislation have, however, not been measured yet because their implementation is not yet finished. In line with the principles of better regulation, it would be important to evaluate the impact of these measures before introducing new ones.

In our view, no new regulation is required at the moment as firstly these recently adopted legislations must be given time to produce their effects before undertaking new measures and secondly the impact and potential risks and benefits of new technologies are not well understood and need to be studied first before deciding on new regulations which may stifle innovation.
The accumulation and inflexibility of excessively detailed rules prevents the banks from developing their products and services in line with new technologies, which has the effect of distorting competition with new, less regulated players.

Question 14: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.3 relevant and complete? If not, please explain why.

Due to the increased cross-border nature of FinTech activities, having efficient, complete and consistent complaints handling procedures is key.
We agree that the findings of the EBA concerning non-regulated FinTech firms, which may have unsuitable or non-existent complaints handling procedures, should receive attention.
Currently regulations tend to assign to incumbent banks the role of “claim concentrator” without fair compensation (notably in PSD2).

As far as regulated FinTech firms (banks) are concerned the consumer protection is fulfilled:

- Thanks to the recent Directive on Alternative Dispute Resolution for consumer disputes (ADR), low-priced mediation and reconciliation mechanisms will be expanded further;

- The Directive on Unfair Commercial Pratices provides the consumer with sufficient protection from any abusive sale of financial products;

- To help consumers to find an adequate redress mechanism in cross-border situations the Financial Dispute Resolution Network (FIN-NET) was founded in 2001. The European Commission, in its Consumer Financial Services Action Plan, intends to prepare a campaign to raise consumer awareness of FIN-NET. We are in favour of measures for expanding the use of FIN-NET.

We think that issues identified by the EBA are relevant. In particular, we do appreciate the reference made to liability. We think that in a situation where there is an interaction of multiple firms providing a service (as per the example made in the discussion paper on the offering of automated financial advice), clarity on who is responsible is essential for both the customer and all the parties involved in the provision of the service.

Question 15: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.4 relevant and complete? If not, please explain why.

As acknowledged by the European Commission in its Green Paper on retail financial services, “technological developments and the expansion of new distribution channels may make it difficult to provide appropriate pre-contractual information to customers – for example, by supplying mandatory disclosure via mobile devices with small screens”.

As already recalled in our answer to Q13 a lot has been done over recent years to ensure that information disclosure is effective, transparent and comparable. Indeed, a number of EU measures have addressed the area of information disclosure (e.g. MCD, CCD, PRIIPs MIFID2, PAD, PSD2, IDD…).
The intention of the EBA to conduct an in-depth review of EU legislation requirements that may restrict digitalisation is the good option. In our view, the priority should be to adjust the already adopted measures to the new digital technologies. In that way the assessment how information should be presented in the digital ecosystem is essential and banks could help to provide some elements in that field.

Any new requirement on additional information to provide to the consumer should be considered with caution, particularly looking at the concrete impact on consumers.
It seems useful to recall at last, that in its Green Paper on retail financial services the European Commission underlines the need for “proportionate information on retail financial service products”.

Question 16: Are there any specific disclosure or transparency of information requirements in your national legislation that you consider to be an obstacle to digitalisation and/or that you believe may prevent FinTech firms from entering the market?

- Digital identity: as already mentioned in our answer to Q12 digital identity frameworks are currently not sufficiently developed and even if they were, regulatory fragmentation across Europe regarding digital identity remains a big obstacle for a harmonized European digital identity framework as eIDAS could be;

- Location of data: There is no legal provision in France for the location of data. However French authorities issued reports and recommendations on cloud access.

Question 17: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.5 relevant and complete? If not, please explain why.

Conscious of the importance of consumers’ financial literacy, in France, the banking profession produces educational material for all customer segments through dedicated programs and through banks individual initiatives.
For example Finances & Pédagogie is an association created in 1957 by the French Savings Banks to give public advice on money and household budgets and to improve general knowledge and understanding of personal finance through collective workshops.

We welcome the way forward suggested by the EBA to continue to coordinate and foster national initiatives on financial literacy as the financial instruction and education are everyone’s concern, specifically including the public authorities, as these are issues that go far beyond the framework of a mere banking relationship.

Question 18: Would you see the merit in having specific financial literacy programmes targeting consumers to enhance trust in digital services?

Yes, we believe that by increasing consumers’ knowledge and financial literacy it is possible to enhance trust in digital services and make them more comfortable when using services that are provided online in the digital form.
For example the association Finances & Pédagogie (mentioned in Q17), in some training programs, addresses both the issues of digital money and the digital relationship to the bank. It will also launch beginning 2018 a new program in cooperation with ‘Emmaüs Connect ‘ to assess the degree of digital fluency of its audiences in training.

Question 19: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.6 relevant and complete? If not, please explain why.

First it should be remembered that artificial intelligence (AI) is still in its initial growth phase and the technology continues to develop and evolve on a near constant basis. AI is an umbrella term to cover a confluence of multiple technologies, such as machine learning, which includes deep learning, cognitive computing, natural language processing, neural networks, etc.

It is also much too early to make any statistically significant measurements about the use of ‘automated financial advice’ today. Although ‘automated financial advice’ can produce more reactive, real-time solutions to customers, for the time being it remains a niche technology.
As a consequence it is too early to propose guidelines/recommendations. In principle, ‘automated financial advice’ is ‘financial advice’ and is covered by MiFiD2/MiFiR.

Secondly, with respect to consumer protection, the EBA has identified two main risks: namely a possible malfunctioning of the tool or exclusion (of customers) due to micro segmentation.
We would like to stress that human reasoning should always be more valued than machine reasoning and reasonable exceptions to machine-generated decisions should always be implemented.

Nevertheless new technologies and machine learning could reinforce risk management practices. There are current explanatory projects for credit models risks that develop hybrid approach binding the usual regression with machine learning algorithms under the internal ratings based (IRB) constraints. The EBA could promote such practices which result in potential high level performance gain and robustness.

Finally, it is also important to stress that although the characteristics of automated financial advice limit human intervention, an access to an operator (via an online chat, mail or telephone) may be provided to help the customer along the process. This issue is very important in particular where customer financial or digital knowledge is low. It may be sufficient that a human stands ‘at the end’ of every process. Of course AI and big data analytics can be used throughout, but human intervention must not be cut out completely.

Question 20: Are the issues identified by the EBA and the way forward proposed in section 4.5 relevant and complete? If not, please explain why.

Yes, we support the proposed EBA way forward.
The findings of the EBA study confirm the generally recognized statement that “a business is as strong as its weakest link”.
Thus, one should pay attention to the EBA’s finding that “resolution-related requirements on FinTech firms are not common” and that “divergent practices are emerging across jurisdictions in respect of the requirements for FinTech firms to have a resolution/recovery plan”.

Question 21: Do you agree with the issues identified by the EBA and the way forward proposed in section 4.6? Are there any other issues you think the EBA should consider?

We share the EBA’s view that it may be appropriate to explore the different national approaches for AML/CFT purposes.
Indeed the BCBS warns that “new financial players may be outside the scope of banking sector regulation and subject to less stringent AML/CFT rules than are banks” acknowledging that “these regulatory gaps or loopholes may lead to some distortion of competition, which may violate the level playing field principle and lead to increased potential for financial crime”.

Obliged entities: we believe that there is a huge issue for scrutiny with respect to EBA’s finding that, considering the EU’s AML/CFT framework, “not all FinTech firms have been designated as ‘obliged entities’ in all Member States, even where they provide similar services to firms that have been designated as such”.

Question 22: What do you think are the biggest money laundering and terrorist financing risks associated with FinTech firms? Please explain why.

Again, the BCBS warns that “new financial players may be outside the scope of the banking sector regulation and subject to less stringent AML/CFT rules that are banks” acknowledging that “these regulatory gaps or loopholes may lead to some distortion of competition, which may violate the level playing field principle and lead to increased potential for financial crimes”.

Question 23: Are there any obstacles present in your national AML/CFT legislation which would prevent (a) FinTech firms from entering the market, and (b) FinTech solutions to be used by obliged entities in their customer due diligence process? Please explain.

As underlined in the EBA’s Discussion Paper “neither the AMLD nor its predecessor sets out in detail how obliged entities should identify and verify the identity of their customers””giving the flexibility to Member States in imposing more stringent standards through their national legislation”.
In some cases this situation has made it difficult for financial institutions to employ innovative and/or FinTech solutions to fulfil their AML and customer due diligence obligations, which we think could not only – as suggested by the EBA –“potentially hamper the development of FinTech firms using innovative CDD solutions”, but also represent a big obstacle for a harmonised European digital identity framework such as eIDAS.

As expressed previously in our answers, we are in favour of providing for a broad scope of possible methods to be used in the process of digital on boarding, ranging from those notified in line with the eIDAS Regulation to others. As different national requirements still apply to the remote identification of customers, in our view, as a first step, harmonization is required, notably to allow for digital onboarding including via video.
The financial industry compliance obligations (i.e. KYC, AML, etc.) could be more efficient if there were a regulatory framework that allowed public/private institutions (indistinctly) to provide services related to KYC.

Name of organisation

Groupe BPCE