Association of Consumer Credit Information Suppliers (ACCIS)
The issues are all relevant but only partially complete. Moreover, we would like to introduce a categorisation among them in terms of importance and urgency.
ACCIS is supportive of the assessment of national regulatory regimes that govern the treatment of different FinTech firms offering similar financial services. As highlighted in the preliminary findings, regulatory regimes concerning FinTech vary consistently across different Member States, which is already creating a disparity between “FinTech firms” in terms of regulatory and supervisory requirements as well as divergences in terms of consumer protection (privacy and data protection). Even more worrying, from our point of view, is the high percentage of “FinTech firms” that are not subject to any regulatory regime, even though they are operating in the financial markets.
We, therefore, call for the urgent, effective and necessary harmonization of different national policies and regulatory regimes as well as for all market players – old (regulated) and new (unregulated) market players. To this end, the EBA should contribute to upholding the “same services, same risks, same rules” principle in order to avoid the emergence of competition and consumer protection issues and to ensure an effective harmonization in the implementation of national provisions and guidelines.
What EBA still considers as “potential consequences” - i.e. level playing field issues and forum shopping - is in our view already a reality, especially for those entities (both incumbent and new players) based in Member States that have not yet developed a regulatory / policy approach on Fintech and cannot, for example, benefit of the opportunities represented by sandboxing/innovation hubs in terms of innovation and experimentation. [For example, in Italy, both the Parliament and the Ministry of Economy and Monetary Affairs (MEF) have recently started a dialogue with market players interested/involved in the raising of Fintech. Public hearings have been taking place in front of the Finance Commission of the Chamber since the beginning of September. Meanwhile, the MEF organized a series of panel discussions to deepen its understanding of the existing regulatory and technical challenges to the development of Fintech in Italy]. For this reason, EBA should also conduct an assessment of the features of sandboxing regimes, innovation hubs and similar regimes. This would be a first, urgent step towards the achievement of an objective that is lacking in the Discussion Paper: the definition of either a European regulatory sandbox or a European approach to regulatory sandboxing. These regimes - that should be open to both, unregulated new market players and market players which are already subject to regulatory regimes - would be a very useful tool to foster innovation across the EU and to step up the competitive standing of European FinTech globally. It would also overcome the doubt of EBA concerning the alignment of national sandboxing regimes with EU directives and regulations.
We welcome the EBA’s willingness to conduct an in-depth analysis of the risks and opportunities for credit institutions resulting from technological innovations and to give them more detailed and updated guidance on the subject. However, the prudential risks listed in the discussion paper would not be completely tackled by adding prudential requirements only on traditional players, while leaving newcomers without them or subject to a less strict monitoring. This seems to be in line with the position of the European Central Bank (ECB) that has recently developed and opened to consultation the first “Guide to assessments of fintech licence applications” with the purpose of “introducing a consistent approach to the assessment of licence applications” and of “ensuring that risks specific to fintech banks are considered appropriately and proportionately”.
It is important that a level-playing field between market participants is ensured - also when it comes to prudential and operational risks - based on the “principle of same service, same risks, same rules”. Traditional players, like CRAs for example, are subject to strict regulation, whereas newcomers are often not in the scope of any specific regulation.
We do not oppose to the applicability of reasoned proportionality in specific circumstances.
The use of new technologies, such as big data analytics, artificial intelligence and machine learning could enable the distribution of customised services based on real and specific consumer needs. This should help credit institutions to effectively switch their business approach from “product-centric” to “consumer-centric”. At the same time, it can have a beneficial outcome for consumers in terms of financial inclusion.
Entities of all shapes and sizes (from start-ups through to long-established institutions in finance, retail, automotive, telecoms and utilities) are or will soon be making use of the above-mentioned technologies, either directly or through the collaboration with more innovative partners in order to satisfy new consumers’ needs. However, it is important to remember that financial services companies are subject to existing, strict, and sometimes, onerous regulatory compliance measures. Other non-regulated entities are not subject to these measures. This may create some distortion in the marketplace. In order to address this specific risk, ACCIS recalls the importance of a level-playing field between market participants and of the development of a regulatory and supervisory framework informed by the principle of 'same services, same risks: same rules'.
In terms of opportunities for credit institutions stemming from technology-based innovation applied to the financial sector, the credit referencing industry would like to underscore the importance of:
• Trusted e-identification (and e-signature). This technology is paramount for the development of the digital internal market as it facilitates access to distance products and services for consumers and the verification of customer identity. It also helps in the fight against money laundering and fraud, in particular, in connection to identity theft. This consumer-empowering technology also contributes to digital inclusion whilst it creates an interoperable system involving all sectors of economic activity. CRAs have a widespread experience in establishing digital identities, which places them in an ideal position to deliver digital identity services for business purposes.
• API technology. Through the introduction of Application Programming Interfaces, or APIs, or by upgrading existing companies’ interfaces, third-party service providers can have access to consumer account data in an open, secure, reliable and interoperable way. This process may allow credit institutions, among others, to build their own applications, to deliver an enhanced experience to consumers of financial services products.
A possible threat for established CRAs and financial institutions is that they are not able to develop business models as easily as new FinTechs can do, because they are subject to and comply with strict regulatory requirements. For this reason, we stress once again the importance to guarantee a fair level-playing field for all market participants.
We are supportive of EBA’s willingness to conduct an in-depth analysis of the risks and opportunities for payment / electronic money institutions resulting from technological innovations and to give them more detailed and updated guidance on the subject.
We welcome EBA’s willingness to assess the need to extend consumer protection law to FinTech firms in order to address cross-border issues. Traditional players bear much higher reputational risks and are subject to stricter regulation than (non-financial) newcomers in the industry.
Established CRAs and financial institutions are subject to and comply with strict regulatory requirements regarding the use of consumer data. Recent evidence shows [For example, National Bureau of Economic Research, Working Paper, “FinTech, regulatory arbitrage, and the rise of shadow banks”, Cambridge, March 2017] that traditional players have been suffering from an increased regulatory burden. This situation has led to newcomers enjoying a regulatory advantage and more freedom to develop new technologies and services. An example includes the limitations on the purpose of the use of such data and types of data that can be used under EU and national data protection rules. ACCIS, therefore, calls for:
• the extension of the existing regulation and supervisory practices to ALL market participants, based on the principle of “same services, same risks: same rules”, in order to provide a level playing field for both incumbents and newcomers that allows both groups to bring technological innovation to the market and consumers.
• proportionate enforcement of the regulatory framework upon all regulated market participants, reflective of size, business model, systemic significance, as well as complexity and cross-border activity.
Furthermore, a similar approach needs to be implemented with regards businesses based in third countries (usually non-traditional financial players) that provide financial services to European consumers.
The proposed way forward consists in further assessing the use of artificial intelligence and data-driven algorithms with a view to determining the need for guidelines/recommendations on the use of big data analytics, such as social media predictive analytics or prescriptive analytics, for the purpose among others of marketing financial products and services.
As expressed in our reply to the Joint Committee of the ESAs consultation on the potential impact of Big Data on financial services, ACCIS believes that risks connected to Big Data analytics should be assessed based on the definition of Big Data and on the use that is done of this tool. We believe that Big Data does not have a positive or negative connotation per se and that it should rather be seen as a tool that can be used with positive or negative results for financial institutions, depending on the purpose pursued by such a tool and the quality of the data used. Whenever personal data are concerned, the new GDPR has to be observed, especially the principles of transparency and accuracy.
To make an example of a positive outcome in terms of financial inclusion that stems from the use of innovative data analytics, Big Data could - in combination with ‘traditional data’ and under certain circumstances:
• enable better customer assessment in terms of creditworthiness. However, necessary prerequisites in this respect are the quality of the data (statistical validity) and how existing laws regulating data are applied and enforced.
• help financial service providers accelerate financial inclusion. Big Data, but also data of all shapes and sizes, can facilitate access to financial services, including quality savings, credit and payments.
In addition, it should be recalled that statistical tools are sensitive to the quality of input data: if the customer makes false or incomplete information available, whether through negligence or ill-intent, the outcomes of the data assessment may be invalid. The regulatory framework should ensure that there are adequate possibilities to obtain relevant information (i.e. credit histories) so that the need to rely on vague analysis is decreased.
We particularly appreciate the recognition by EBA of the differences in the ways in which AMLD III was transposed by Member States, especially in respect of financial institutions’ ability to carry out customer identification and verification remotely and through digital means. The transposition of its successor, AMLD IV is revealing a similar, worrying pattern. As a consequence, AMLD IV is impeding the development of innovative CDD solutions in some Members States and across the EU [To make an example, Italian anti-money laundering regulatory regime defining customer due diligence, require the obliged entities to identify the client by collecting, among other things, his/her national security number (c.d. “codice fiscal”), placing an additional burden on firms established on its territory].
The suggested way forward i.e. an ESAs joint opinion on the subject would only be effective if it really goes in the direction of harmonising the factors that national authorities and obliged subjects should take into consideration when deciding whether a particular solution is AML compliant.