Response to discussion on Approach on financial technology (Fintech)

Go back

Question 1: Are the issues identified by the EBA and the way forward proposed in section 4.1 relevant and complete? If not, please explain why.

The industry broadly supports the EBA’s assessment and proposed way forward. Our general principle is that there should be a risk-based and proportionate approach to regulation and that certain activities should carry the same regulatory obligations regardless of who is carrying them out, whether start-ups, technology companies or incumbent financial services providers, without inhibiting innovation. Some new disruptive business models are, in certain cases, challenging the current regulatory environment. It is thus highly important for policy makers to understand the functioning of these new technical applications, as well as their social, economic and regulatory implications. We support consistent, activities-based standards for new and emerging business models.

The industry welcomes work to ensure that there are no unintended regulatory gaps that can be exploited by new business models to offer banking activates outside the purview of the regulated environment. However, we would also like to emphasise that beyond the risk of regulatory gaps and potential barriers to entry, insufficient regulatory scrutiny of new firms raises the risk of damaging consumer trust in financial services delivered through digital channels. For example, if fraudsters exploit underdeveloped security systems at a firm offering financial services outside of regulation, consumers are likely to associate any harm they experience with digital financial services more generally and not the specific company through which they experienced the fraud. Trust is thus vital in the digital world and therefore it is essential for the future of these services that activities being conducted in this space are supervised by regulators to ensure positive outcomes for consumers.

It is interesting to note that the EBA’s research has concluded that a significant percentage of FinTech firms in the sample were subject to no regulatory regime or have an unidentified regime. Our understanding is that although firms may be operating outside of any regulatory regime, there in fact exists a perfectly functional regime for the activities they are conducting. We would not want to see the creation of a new category of regulation for FinTech activities (as carried out by start-ups, tech companies or financial service providers), but would prefer to see that the firms conducting those activities are compliant and monitored by regulators.

In terms of work to assess sandbox regimes, UK Finance members have been supportive and participated in the Financial Conduct Authority’s (FCA) initiative with the regulatory sandbox and we welcome the fact that the FCA has subsequently been invited to share their learnings with international regulators. We encourage greater international cooperation and coordination in the structures and principles applied in regulatory sandboxes, as we believe that a consistent approach to such regimes is most likely to yield the best outcomes for start-ups, customers and markets. In this regard, we support the EBA’s efforts to coordinate across the EU. To achieve this, the EBA should consider setting standards for EU sandboxes that comply with international standards like those from the G20 or IOSCO, and that the EBA could usefully lay out guidance for to ensure NCAs’ participation in FinTech bridges is coordinated across the EU.

However, to date regulatory sandboxes have been primarily focused on smaller firms. We appreciate the benefits that these regimes have brought to regulatory learning and facilitating market entry, but we believe these benefits could be amplified by better designing Sandboxes to support the participation of established firms. Doing so will help to encourage partnerships between start-ups and established firms, to date one of the most successful models for bringing innovation to the market at scale. To do this the primary focus should be on greater participation across the regulatory sector and not just in conduct regulators. In particular, the participation of data protection authorities will be increasingly important as financial services continue to become more digital in their delivery and design.

Finally, we note that in recent years there has been considerable legislative intervention and action (both direct and indirect) in the provision of payments and retail financial services. Our overarching message to the EBA, therefore, is that the changes that have been made are wide-ranging and will have a huge impact on the market, primarily as a result of PSD2, but will take some time to take full effect. We would therefore recommend that the EBA operates a monitoring brief, rather than at this stage seeking to implement new/additional measures.

Question 2: Are the issues identified by the EBA and the way forward proposed in subsection 4.2.1 relevant and complete? If not, please explain why.

We support the EBA’s comprehensive assessment of the FinTech landscape and the opportunities and risks it entails for credit institutions and payment institutions to ensure the best outcomes for the users, companies developing FinTech and credit institutions. In this regard, the EBA’s discussion paper has made a very creditable analysis. We note that the BCBS is also currently doing work on the risks associated with FinTech and encourage strong engagement between the two organisations.

Our members embrace innovation and seek to improve the management of prudential risks by leveraging new tools and technologies, such as improvements in data analytics. We are however cognisant of the prudential risks to institutions from emerging trends, combined with regulatory developments such as PSD2. For example, the ease with which customers are able to move deposits is likely to increase in both normal and stressed environments due to innovations such as algorithmic deposit optimisation or ‘sweeping’. This may make forecasting of retail cash flows more difficult, and may increase the likelihood of larger and faster stressed outflows. A balance will need to be struck such that sufficiently robust regulation is in place to protect innovative institutions from failure and consequent market disruption (e.g. if sweeping causes a smaller, newer institution to take on too many deposits too quickly, or they lose them very rapidly) without completely stifling innovation and competition.

One area that does warrant close attention is risk to the integrity of the financial ecosystem through increased cybersecurity exposure, particularly regarding the protection of consumer data. Over the last 20 years, traditional financial institutions have made considerable investments in security infrastructure and other controls to protect their customer’s data when they interact via Internet and mobile channels. For current and new firms undertaking FinTech activity it is critical that the risks are fully understood, and that firms have the cybersecurity expertise to design and implement the necessary protective layers to ensure that data breaches are prevented. As an example, through the use of Open Banking & PSD2 APIs, organisations have the ability to initiate payments direct from a customer’s accounts, yet there is no requirement to have their technical implementation assessed against any agreed standards. If we compare this to the obligations for merchants, acquirers and issuers of card based tokens under the Payment Card Industry Data Security Standard (PCIDSS), then there may be scope to consider ways of ensuring that the appropriate security considerations are being taken.

Question 3: What opportunities and threats arising from FinTech do you foresee for credit institutions?

Potential threats to cybersecurity and data breaches are of paramount concern to financial services firms. Although we welcome EU harmonisation in cooperation with ENISA, cyber risks are not geographically limited and so consideration of other developments in international regulation including efforts through the FSB as well as specific regulation in the US and APAC jurisdictions must be kept in mind.

Recommendation: The EBA should do everything it can to ensure that there is no conflict between requirements it puts in place and those of other jurisdictions.

Established credit institutions are acutely aware of the opportunities from FinTech to create new customer propositions as well as in delivering significant back-office efficiencies and operational cost reductions. Incumbents welcome fresh approaches, both from new market entrants and those created in-house, and recognise the importance of ensuring trust in emergent services. Sub-optimal delivery of new FinTech services carries the risk of undermining customer trust and this could be contagious to perception of all digital services, whether from new market entrants or established players.

Banks have developed and are continuing to improve their governance structures and risk management processes for new technologies. However, the variation in regulation across jurisdictions remains a major challenge for technology risk. For instance, diverging cloud computing requirements make it difficult to for banks to set a group policy that would more effectively allow them to control and monitor risk. The EBA should consider how it can encourage harmonisation of regulation and the promotion of industry standards in this area, including IT Risk, building on the EBA Cloud Guidelines.

Financial technology offers both opportunities and risks. These vary based on the market in which a company is operating, the technology being deployed, and the purpose for which it is being deployed. The level of variation means that there is no one-size-fits-all means for managing risk. The best approach will be proportional to the risk incurred.

In terms of other risks, as commented to the EBA recently in its consultation on the draft RTS on the EBA Register under PSD2, we think there are prudential risks to the ecosystem arising where firms may not have an accurate and up-to-date picture of the regulatory status of the firms they are engaging with (including new third- party firms offering FinTech services such as payment initiation or account information services). This risk exists to both the account servicing PSPs (ASPSPs) and, ultimately, the end customer and does not provide the necessary consumer protection in line with the spirit of PSD2. Third party provider (TPP) services have been brought into scope of the Directive and this has been driven by the development of the FinTech market and the growth in internet and mobile payments. Our recommendation (as noted in our response to the RTS consultation) is that the EBA should provide a mechanism for ASPSPs to be able to validate TPP regulatory status and permissions electronically and in near real-time.

The EBA has an important part to play in encouraging harmonisation across the EU, for example as with the EBA Register under PSD2. The EBA needs to set an example by ensuring that its own services are available in time with functionality enabled that can support and promote a reliable, 24x7x365, automated and fully interoperable environment. The EBA Register under PSD2 needs to support a highly sophisticated and largely machine-driven communication layer between competent authorities and a range of firms. This is an essential building block for a thriving FinTech sector across the European Union and is a key enabler for the success of PSD2. We feel the EBA should encourage the highest common denominator, as the harmonised standard across the EU, and not the lowest which will ultimately help both ASPSPs and other firms offering FinTech activities alike.

We also refer the EBA to review our earlier submissions for detailed comments. Please see:
• UK Finance Response to EBA consultation on Guidelines on Security Measures under PSD2
• Payments UK response to EBA consultation on draft guidelines on major incidents reporting under PSD2.
• Joint payments UK, FFA UK & UK cards association response – EBA consultation on draft regulatory technical standards (RTS) on strong customer authentication (SCA) and secure communication under PSD2.

Question 4: Are the issues identified by the EBA and the way forward proposed in subsection 4.2.2 relevant and complete? If not, please explain why.

We agree that, as well as the work mandated on the EBA in support of the implementation of PSD2, further work should be conducted on identifying prudential risks and opportunities arising from FinTech.

Question 5: What opportunities and threats arising from FinTech do you foresee for payment institutions and electronic money institutions?

As we stated in our response to the European Commission consultation on FinTech earlier this year, Distributed Ledger Technology (DLT)/blockchain could be a technology which assists processes where information is exchanged, particularly where no central dedicated infrastructures exist; however, DLT is at an early stage of development and deployment. DLT-based technologies could also help banks to streamline their processes and achieve substantial back-office cost savings. In the same way that SWIFT does, there are opportunities in financial services infrastructure for close collaboration to create economies of scale and better processes through automation. There are a number of projects currently underway in which the various industry players cooperate on industry-wide solutions, these include consortia as well as looser alliances.

There has been significant body of work on the issue of DLT undertaken by both regulators and the industry. EBA’s consideration of the DLT should consider how regulators engage with the technologies and applications using it. An example of this approach comes from a Discussion Paper by the FCA which seeks to identify specific risks and opportunities. UK Finance’s response to the FCA’s Discussion Paper, addressing specific risks and opportunities can be found on our website (2017/09/UK-Finance-response-to-the-FCA-DLT-discussion-paper.pdf).

Question 6: Are the issues identified by the EBA and the way forward proposed in subsection 4.3.1 relevant and complete? If not, please explain why.

We do note that there is a tendency to assume that FinTech is the preserve of new ‘start-ups’ (the terms are often used interchangeably) and is something being ‘done to’ incumbent institutions. In fact, banks and credit institutions have been the main channel of technological innovation in financial services for several decades. Over the course of that time numerous developments, which today would be called FinTech, have been rolled out to consumers and other users of banking services. Examples of this range from the use of contactless payment cards to the various features developed for online and mobile banking including the ability to make mobile payments. Some of these developments would have been obvious to consumers, but others like the development of private cloud computing networks or the use of data to offer more tailored products, which have been underway for some time, remain less visible, all the while benefitting consumers and strengthening markets.

However, these technologies are not always developed exclusively by incumbent firms. Thus, while there are good reasons for banks to rely on internal IT departments, there is also considerable potential to create value — both for themselves and the economy at large — by nurturing an ecosystem of start-ups and technology innovators that can assist banks in developing shared platforms that increase the resilience and cost effectiveness of banking and payment systems. For example: payment solutions that combine digital payment with real life payment (e.g. smart phone as debit card), or financial service providers using robo-advisory tools to offer investment advice at lower costs and fees than traditional advisory programs, giving consumers more choice in how they manage their investments and receive advice by offering a wider range of products and services.

A high percentage of banks view the possibility of partnerships with companies (large and small) providing FinTech services with great interest. The objective of these partnerships is primarily to obtain concrete benefits that enhance specific key business areas, products and/or services by leveraging:
a) solutions focused on either cost reduction via improvement to processes or replacement of platforms / IT solutions with either new business models or technologies;
b) solutions enabling banks to attract new customers, to improve customer relationships or to increase the offer of new and innovative products/services.
c) access to highly specific skills and talent

Banks, in turn, have a lot to offer start-ups undertaking FinTech activities:
• specific financial and markets expertise (risk assessment, evaluation and management)
• scalability owing to their large customer base
• experience operating across regulatory regimes
• the ability to address financing needs.

The advantage of both banks and start-ups undertaking FinTech activities is that both will often do better by working in partnership. Banks are thus seeking to collaborate with technology companies, including start-ups, wherever beneficial. Bringing outside innovation into the bank can be an ideal way to enable the deployment of better technologies which ultimately make the market more competitive and improve outcomes for consumers.

Banks are always looking for opportunities to improve customer experience and efficiency. For example, at present firms are exploring opportunities to offer new and innovative services through the use of open access to data and payments. This is an area of financial services that is undergoing rapid change and the market is experiencing new levels of competition and the emergence of new business models. For some incumbent organisations, strategic choices are likely to be made regarding the parts of the value chain within which they wish to compete. The options are not mutually exclusive and are likely to include:
• Distributor - Maintain the consumer relationship by owning the distribution through a marketplace interface, including products and services of Third Parties.
• Manufacturer - Provide innovative products and services through Third Party interfaces to end consumers, including the potential to monetise APIs.
• Utility - Leverage a low cost-to-serve to provide the infrastructure and non-customer-facing banking functions (e.g. payment processing, mortgage originations) to other firms.

UK Finance is supportive of the EBA’s approach in building a deeper understanding of the impact of FinTech activities on the business models of credit institutions and payment and electronic money institutions. As a trade body representing nearly 300 of the leading firms providing finance, banking, markets and payments-related services in or from the UK, we are in an ideal position to facilitate EBA’s research in this area and help, for example, in the coordination of research interviews with our members.

Question 7: What are your views on the impact that the use of technology-enabled financial innovation and/or the growth in the number of FinTech providers and the volume of their business may have on the business model of incumbent credit institutions?

Business models will continue to change rapidly as the result of technology. Regulators will need to respond by adapting supervision models. However, one potential challenge to this will be for supervisors to have access to the correct skills. Given the competitive landscape for expertise in FinTech activities this may not be easy for even the largest and most well-resourced regulators to accomplish, therefore effort should be spent on developing skills and talent among existing staff or offering training as a way to make the regulator a more desirable place for those looking to develop relevant skills in this area.

In addition, regulators should be prepared for business models to not simply change to a new model as the result of FinTech, but for business models to become more fluid across the market. Therefore, principle based regulation focused on outcomes will be increasingly important to allow regulators to exercise effective oversight across a range of services.

Whist a number of incumbent credit institutions are actively pursuing an innovation agenda, some aspects of existing regulatory requirements restrain their ability to innovate. In addition, banks and FinTech start-ups/non-banking FinTech companies are seeking to test out new technologies, solutions and business models, but are also sometimes constrained by the existing regulatory framework.

For example, the current regulatory capital framework for credit institutions does not recognize the value of software for capital purposes. The fact that every euro that an EU bank invests in an IT development needs to be backed with one euro of the most expensive category of funding is perceived as a significant disincentive for investments in innovation.

Further, companies undertaking FinTech activities are both competitors and partners for the European banking sector. However, when a bank acquires a FinTech company, its main asset - the software - is automatically depreciated given the deductibility that has to be applied to calculate capital levels for banks. If the buyer is a non-bank, the deduction would not be required. This is like assigning a zero value to the search engine of Google if this were bought by a bank. Because of this, banks may be less open to financing these companies.

The outcome of such constraints may be a less rather than a more competitive financial industry dominated by a small number of firms. Existing financial services providers are facing competition from established technological players that often do not have to face the heavy regulatory burden imposed on the banking sector and are free of prudential regulation altogether.

Question 8: Are the issues identified by the EBA and the way forward proposed in subsection 4.3.2 relevant and complete? If not, please explain why.

We refer to our response to question 6 above.

Question 9: What are your views on the impact that the use of technology-enabled financial innovation and/or the growth in the number of FinTech providers and the volume of their business may have on the business models of incumbent payment or electronic money institutions?

We refer to our response to question 7 above.

Question 10: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.1 relevant and complete? If not, please explain why.

As we previously stated, customer trust is vital in the digital financial world and therefore it is essential for the future of these services that activities being conducted in this space are appropriately supervised by regulators to ensure positive outcomes for customers.

The industry would also welcome greater cooperation between NCAs in this area. There is a risk that in the effort to encourage innovation some jurisdictions will create the opportunity for regulatory arbitrage. We welcome the connections currently being formed between regulators that aim to facilitate the movement of firms or regulatory ideas between jurisdictions. We believe the framework for referrals built into some of these regulatory co-operation agreements* could potentially encourage the growth of FinTech, both in the form of start-ups active in this area, but also new products and services provided by banks and other financial institutions. The output from various FinTech bridges will inform the development in this space.
We agree that there are risks for users where it is not clear what regulatory regime applies to a firm and therefore what their rights and protections are.

We also re-emphasise here the possible risks that arise for customers as a result of an unclear or inaccurate view of the regulatory status of firms. For customers that wish to use firms offering FinTech activities, there needs to be an accurate and up-to-date source of information that makes clear whether that firm is regulated and in what way. This is particularly important when cross-border services are being used.

Improving the level of financial education will undoubtedly be an invaluable trigger to increase consumer awareness about the services and products provided. Consumers need not only to access the information, but also to be able to understand it. Awareness campaigns on financial education and financial literacy is a key instrument for consumers to obtain knowledge and have a better understanding of financial concepts and risks, and to develop skills, in order to make informed decisions and to enable participation in economic life.
Consideration should also be offered to the channels through which consumer messaging and communication is offered. Even if the use of digital systems for information purposes by customers tend to increase, we witness that a large part of them still prefer face-to-face relationship, especially when contracting products.
We would also include uncertainty around consumers rights with respect to complaints handling, including the right to alternative dispute resolution.
* https://www.fca.org.uk/publication/mou/fca-monetary-authority-of-singapore-co-operation-agreement.pdf

Question 11: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.2 relevant and complete? If not, please explain why.

Given the cross-border nature of technology and that many of the benefits of deploying technology can only be achieved at scale, we consider that this is a particularly important area for regulatory cooperation and ultimately harmonisation. We welcome the EBA as a forum for the sharing of information on the consumer rights in the case of cross-border provision.

We would highlight the UK regulator’s approach towards consumers, which places an expectation upon all regulated firms and by extension the third parties they collaborate with, to identify consumers of reduced capability or in vulnerable circumstances. The expectation to identify and adjust the product or service provision in light of a vulnerable customer is embedded as a legal obligation in the UK with respect to mental capacity and other protected characteristics (Mental Capacity Act, Equality Act), and as a regulatory requirement with respect to consumer credit,

We would consider consumer vulnerability as a further cross-sectoral issue, for which clarity around responsibility and liability when things go wrong for consumers is necessary. Similar to complaints handling (see also our response under Q12), any cross-border liability model for FinTech should seek to follow and align with existing cross-border schemes and the respective regulation governing these (PSD2, ADR, ODR etc.).

As noted earlier in our response, we also re-emphasise here the possible risks that arise for customers as a result of an unclear or inaccurate view of the regulatory status of firms. For customers that wish to use firms offering FinTech activities, there needs to be an accurate and up-to-date source of information that makes clear whether that firm is regulated and in what way. This is particularly important when cross-border services are being used.

Question 12: As a FinTech firm, have you experienced any regulatory obstacles from a consumer protection perspective that might prevent you from providing or enabling the provision of financial services cross-border?

No response

Question 13: Do you consider that further action is required on the part of the EBA to ensure that EU financial services legislation within the EBA’s scope of action is implemented consistently across the EU?

While further detail would be required on any future proposal from the EBA, we would note the following general points which will aid in making clear the supervisory regime and customer rights:

• We believe that relevant regulators must provide a clear and comprehensive regulatory and supervisory framework before the introducing new licensing categories for FinTech activities.
• There should be the same, capital/liquidity/consumer requirements for a given FinTech activity whether undertaken by a financial institution, start up or technology company.
• Regulators must establish a fair and level competitive playing field to address the concern that specially licensed or unlicensed firms carrying out FinTech activities would be able to offer financial services and products without being subject to the appropriate rules and regulatory regime.
• Issues of consumer protection and financial inclusion must be the subject of consistent, rigorous, and transparent application across FinTech activities regardless of who is carrying them out.

There are specific activities that do warrant careful attention by regulators, regardless of who is engaging in the activity – namely payments, lending activities, and data storage – as the risks associated with these activities have far reaching impacts to consumers and the broader financial system (i.e. money laundering, terrorist financing, disparate impact, fraud, identity theft, unauthorized transfers, etc.).

Question 14: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.3 relevant and complete? If not, please explain why.

We believe that customer trust is integral to the effective functioning of financial services. Customers should feel confident that should they have a complaint, they have access to a clear, managed and appropriate complaint handling process. Customers should have consistent user experience in complaints handling across financial services.

Financial services firms fully support and recognise the need to manage complaints, and (in the UK) comply with the FCA’s Dispute Resolution rules. To ensure ongoing compliance and to respond to ever changing customer behaviour and expectations many institutions have invested in complaints handling processes and staff training. These investments have resulted in an improved customer journey. Examples include:
• Centralisation of all complaints functions within the institutions
• Deployment of complaints management software solutions
• Enhanced customer communication strategy including popular digital and social media
• Channels such as webchat and in app chat
• Proactive complaint tracking through push notifications
• Use of video conferencing facilities

However, there are a wide range of rules covering complaints handling and in some cases these are not always consistent, making it hard for firm to design effective procedures. Where possible procedures should be harmonised, while of course making the necessary allowances for areas where some differences of approach may be needed, for example, services where more time is necessary when investigating complex issues, or where several firms may be involved.

We believe that customer trust in their banking and payment services is integral to the functioning of financial services. Customers should feel confident that, should they have a complaint, they have equal access to clear, managed and transparent complaint handling processes and that they will be treated fairly.

While we broadly agree with the principles set out by the EBA in paragraph 118 (i.e. that consumers should receive consistent levels of service for their complaints and that non-regulated firms should also adhere to same standards and regulation to deliver complaints handling), but we would like to highlight to the EBA that there are already exiting measures at a European level which provide the necessary legislative basis for alignment of Member States in complaints handling requirements, including consumer rights for alternative dispute resolution and consumer awareness about how and where to complain.

We would encourage the EBA to focus efforts on considering how existing measures can be extended to incorporate presently non-regulated entities and/or practices to avoid new legislation negatively or disproportionately affecting national complaints handling regimes for regulated firms. Relevant measures include:
• PSD2 introduces, from January 2018, new complaints handling requirements for all PSPs, including standards, communications, consumer awareness, and timelines for resolution. These requirements have required substantial changes to complaints handling systems already in place (at significant cost) and in some cases to complaints handling models.
• In 2013, the European Commission's Communication Towards a European Horizontal Framework for Collective Redress" and Recommendation on common principles for collective redress was published. The Recommendation sets out a series of common, non-binding principles for collective redress mechanisms in the Member States so that citizens and companies can enforce the rights granted to them under EU law where these have been infringed. The Recommendation aims to ensure a coherent horizontal approach to collective redress in the EU without harmonising Member States' systems.
• The Alternative Dispute Resolution (ADR) Directive seeks to promote ADR in the consumer sphere in the EU by encouraging the use of approved ADR entities that ensure minimum quality standards. In particular, it requires Member States to ensure that their approved ADR entities are impartial and provide transparent information about their services, offer their services at no or nominal cost to the consumer, and hear and determine complaints within 90 days of referral. The Directive applies to domestic and cross-border disputes concerning complaints by a consumer resident in the EU against a trader established in the EU. Notably, it does not apply to traders’ complaints against consumers (such as claims for payment) or to trader-to-trader grievances.
• The Online Dispute Resolution (ODR) Regulation provides for the EU Commission to establish a free, interactive website through which parties can initiate ADR in relation to disputes concerning online transactions (offline transactions are excluded). National ADR entities will receive the complaint electronically and seek to resolve the dispute through ADR, using the ODR platform exclusively if they wish.
• Article 14 of of Directive 2013/11/EU requires (from 15 February 2016) all online traders who provide goods or services to consumers, including online marketplaces, to provide consumers with the following information:
• a link on their website to the Online Dispute Resolution (ODR) platform, irrespective of whether they currently market their products or services to consumers in other member states.
• an email addresses on their website so that consumers have a first contact point. This could be the email address of an individual or a shared mailbox that has been set up to deal with complaints.
 Traders who are required to use an approved ADR provider either by legislation or through membership of a trade association, must provide the information above in addition to giving details, on their website, of the approved ADR provider that they are obliged to use.
 The ADR Directive and ODR Regulation allow consumers and traders to solve their disputes without going to court, in a quick, low cost and simple way. They also enable them to monitor the progress of the claim and proceed with the necessary steps.

We would further draw your attention to the following points:
In the EBA’s Discussion Paper, 117.c. The principle is that the service provider is responsible to the consumer who is using a service. These providers are typically regulated. Where liability may be considered to rest with a third party (e.g. FinTech) with who the regulated service provider is in contract, the settling of any financial liability is specific to their contractual relationship. 117.e. We are unclear as to how Big Data could negatively contribute to complaints handling."

Question 15: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.4 relevant and complete? If not, please explain why.

The development of multiple points of interaction between customers and financial services providers will provide customer choice, support innovation and enhance competition. Banks are seeking to ensure that obligations around disclosure are being delivered in a way that allows customers to read and understand them. There is a risk of different approaches to disclosure which could act against the customers’ ability to compare propositions and any ‘hidden’ costs associated with the services on offer. We believe a consistent approach to disclosure will promote customers’ ability to make well informed, relevant choices.
An additional consideration is how to find the right balance regarding the quantity of information sent to and received by regulators which will only grow and is a potential barrier to good supervision and burden for regulatory compliance, and which may risk slowing the pace of innovation.

Question 16: Are there any specific disclosure or transparency of information requirements in your national legislation that you consider to be an obstacle to digitalisation and/or that you believe may prevent FinTech firms from entering the market?

We also welcome a review of requirements on firms that restrict opportunities for digitisation, where this can benefit customers.

Question 17: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.5 relevant and complete? If not, please explain why.

Banks are becoming increasingly customer focused and many have initiatives in place to improve financial literacy. Examples of this include simplified comparison tables for products, a number of education videos on banking and simplification of language used to describe products and T&Cs.

We also note that financial literacy and digital literacy can be linked and therefore policy-makers need to further consider how to do more to encourage the expansion of digital skills and understanding amongst consumers.

Banks are becoming increasingly customer focused and many have initiatives in place to improve financial literacy. Examples of this include simplified comparison tables for products, a number of education videos on banking and simplification of language used to describe products and T&Cs.

We also note that financial literacy and digital literacy can be linked and therefore policy-makers need to further consider how to do more to encourage the expansion of digital skills and understanding amongst consumers.

Please refer to our response under Q10.

Question 18: Would you see the merit in having specific financial literacy programmes targeting consumers to enhance trust in digital services?

Improving the level of financial education will undoubtedly be an invaluable trigger to increase consumer awareness about the services and products provided. Consumers need not only to access the information, but also to be able to understand it. Awareness campaigns on financial education and financial literacy is a key instrument for consumers to obtain knowledge and have a better understanding of financial concepts and risks, to develop skills, in order to make informed decisions and to enable participation in economic life.
Consideration should also be offered to the channels through which consumer messaging and communication is offered. Even if the use of digital systems for information purposes by customers tend to increase, we witness that a large part of them still prefer face-to-face relationship, especially when contracting products.

Question 19: Are the issues identified by the EBA and the way forward proposed in subsection 4.4.6 relevant and complete? If not, please explain why.

UK Finance, formerly Payments UK and BBA, submitted responses to the European Commission in their FinTech consultation earlier this year and provided comments on Artificial Intelligence (AI) and machine learning. We refer you to that submission for more information, which is available from our website* . Artificial Intelligence and data driven algorithms are potentially powerful technologies that can deliver significant customer benefits. As with other technological innovation, it is important that any future rule-making or regulation is based on customer outcomes rather than the specific technology. This way firms will be required to monitor the outcomes of any technology that they employ to ensure that it does not produce negative customer outcomes. We explore this point in further detail below.

* https://www.ukfinance.org.uk/uk-finance-response-to-the-fcas-discussion-paper-on-distributed-ledger-technology-dlt/


Advantages of expanding robo advice and artificial intelligence
In terms of evidence about whether automated financial advice reaches more customers, as banks have worked to improve their product offerings it has become clear that automated financial advice could result in significant consumer benefits including enabling greater financial inclusion and simplifying the investment process for the mass market. For both investments and other forms of regulated financial advice, automation will bring services to client groups who previously had little or no access to it, including customers with smaller savings. We consider this will particularly be the case when robo-advice is employed by incumbent banks whose customer base allows them to reach a large number of customers. The benefits of robo-advice which allow this are:
• Decreased price for advice and execution services
• A wider range of choices in terms of services offered and customization capabilities;
• Greater ubiquity/geographic scope of financial advice availability.
• More streamlined and efficient customer journeys.
• More effective customer risk-profiling and personal recommendations.
• Improvements to asset allocation and ongoing portfolio optimisation.
• Improved audit trail to support dispute resolution.
As the pace of technology change increases and customers correspondingly grow more comfortable using technology to conduct financial business we expect this area to experience sustained growth. Though of course the increased automation will not mean that customers will cease having the possibility for a personal contact with financial advisors. Banks will continue to cater for both the digital savvy and its traditional client demographics. Complex financial needs will still require access to human advisors to assess the best approaches to meet the customer’s financial needs. Banks recognise the important strides AI has made, and the difference it can make to their customers, and are conscious that financial services must be accessible to all. Banks are continuing to gain a better understanding of AI and its potential to improve customer and business impacts.
Increased use of automated decision-making provides a range of benefits, as outlined above in respect of robo advice. These are particularly evident in terms of efficiencies, with lending decisions able to be made quickly online, rather than needing to engage large teams of individuals to laboriously assess applications. Furthermore, automation enables firms to put in place a consistent approach, minimising the risk that individual bias may unfairly impact a customer.

Possible disadvantages robo advice and artificial intelligence
At the same time, there is a risk that algorithms might inadvertently discriminate or exclude certain groups from access to certain products and services. This could happen by design, or as an unintended consequence or design flaw. But there are ways of managing this risk appropriately. For example, firms should have robust testing of algorithms. Firms should consider their existing obligations under anti-discrimination law, as well as general regulatory obligations to treat customers fairly.
Despite the possible challenges there are ways to mitigate against the risks. Furthermore, it is important to note that protections have been put in place under data protection law. There are some interpretative uncertainties in relation to the General Data Protection Regulation (GDPR), as guidance is (at time of writing) yet to be published by Data Protection Authorities. Nonetheless, under Articles 13, 14 and 21 broadly speaking firms employing automated decision-making that ‘significantly affects’ customers (data subjects) will need to:
• inform customers of the use of automated decision-making, the ‘logic’ involved in those decisions and the likely consequences,
• allow customers to seek instead a human assessment.
These are effective and appropriate safeguards to protect customers. So overall it is unclear that additional rules for financial services are required at this time. The GDPR should be allowed to settle so that industry and regulators can identify any genuine regulatory gaps. We recommend that the ESAs discuss these protections with the Article 29 Working Party.
Consumer Vulnerability
There is great potential for AI and other FinTech to contribute to the remote identification of mental capacity or other decision-making limitations which consumers may have, during the sale and use of a product or service. Identification of vulnerability in the digital space currently lags behind and AI is a promising proposition which would potential benefit consumers in in vulnerable circumstances.

Question 20: Are the issues identified by the EBA and the way forward proposed in section 4.5 relevant and complete? If not, please explain why.

As noted in our response to question 1 our general principle is that there should be a risk-based and proportionate approach to regulation and that certain activities should carry the same regulatory obligations regardless of who is carrying them out, whether start-ups, technology companies or incumbent financial services providers, without inhibiting innovation. As we previously stated, trust is vital in the digital financial world and therefore it is essential for the future of these services that activities being conducted in this space are appropriately supervised by regulators to ensure positive outcomes for consumers.
The industry would also welcome greater cooperation between NCAs in this area. There is a risk that in the effort to encourage innovation some jurisdictions will create the opportunity for regulatory arbitrage.
With regard to the implementation of instant payments, it is the European Payments Council (EPC) that has published the SCT Inst scheme. This will launch in November 2017, a world first for a region as large as the Single Euro Payments Area (SEPA). There are a number of ways for firms to fulfil their obligations under the SEPA schemes, in other words to connect to the SEPA schemes. This is a competitive market through which PSPs can connect via:
• An Automated Clearing House (ACH) that is compliant with the SCTinst scheme.
• A decentralised bi- or multilateral clearing and settlement arrangement (i.e. not via an ACH) that is compliant with the SCTinst scheme.
• An intra-and/or intra-group clearing and settlement arrangement that is compliant with the SCTinst scheme.
The EBA can see further detail in regard to the interoperability and mechanisms ACHs will offer through the European Automated Clearing House Association instant payments interoperability framework * . Separately the ECB have decided to develop a new service for the settlement of instant payments, TARGET Instant Payment Settlement (TIPS). It is still not clear how ACHs and TIPS will interact and clarity in this regard would be incredibly helpful for the industry as uptake of the new scheme requires certainty from a risk perspective. Changes to market offerings which affect the whole of SEPA must maintain or enhance the robustness and resilience of the EU’s payment systems. The importance of payment systems and ACH’s to the broader financial system necessitates high standards and certainty for PSPs participating.
We agree with the EBA that there are risks from the perspective of an outflow of funds as the SEPA schemes are cross border, however the underlying systems here are complex and we believe it would be helpful for the EBA to engage further with the market if they wish to address perceived issues in relation to resolution aspects of SEPA. We would be happy to discuss this with the EBA directly or to facilitate a conversation with our members in this regard. UK Finance believe that giving as much clarity to PSPs in regards connections and relationships between competitive ACHs and the ECB’s TIPS proposals will be fundamental to the stability of instant payments across SEPA.
We note that in the UK the Bank of England is extending direct access to Real Time Gross Settlement (RTGS) accounts to non-bank payment service providers**.
* http://www.eacha.org/form_download.php?doc=EACHA%20Instant%20Payments%20Interoperability%20Framework%20-%20October%202017).
** : http://www.bankofengland.co.uk/publications/Pages/news/2017/048.aspx

Question 21: Do you agree with the issues identified by the EBA and the way forward proposed in section 4.6? Are there any other issues you think the EBA should consider?

We concur with the main challenges and issues identified by the EBA. Specifically, we believe that some inconsistency arises through some Member States exceeding the requirements in Anti Money Laundering Directive (AMLD), through the use of Article 4(1) of AMLD. The proposed EBA opinion on the use of FinTech solutions for AML/CFT compliance purposes could go some way in identifying the factors competent authorities and financial institutions should consider when deciding whether or not a particular FinTech solution adequately meets one or more CDD requirements.
We also support the inclusion of the eIDAS references in AMLD, currently discussed in the provisions of amending AMLD. However, we believe that for digital innovation to be taken up widely thereby providing better customer experiences, and reduce on-boarding resource so it can be redirected elsewhere to address ML/TF risk, there should be a re-evaluation of where responsibility sits when using an identification and verification FinTech solution.

Question 22: What do you think are the biggest money laundering and terrorist financing risks associated with FinTech firms? Please explain why.

Whilst there are a number of risks our main concern is that, as identified by the EBA survey, a number of new market entrants may currently operate outside a regulated regime. There is a risk that they could inadvertently become a weak point in the protection of the financial system. For example, it is noteworthy that Article 26 of AMLD ensures reliance can only be on those under AMLD or an equivalent standard. There should also be a requirement to ensure that senior management and decision makers adhere to approval and conduct regimes to ensure individual accountability.

Question 23: Are there any obstacles present in your national AML/CFT legislation which would prevent (a) FinTech firms from entering the market, and (b) FinTech solutions to be used by obliged entities in their customer due diligence process? Please explain.

Our comments are restricted to the context of AML/CFT legislation and we observe that the obstacles arise through the absence of certain provisions in AMLD and the inclusion of other provisions in AMLD. These obstacles are set out in the answers to questions 21 and 22 above, namely, new market entrants are not all regulated because they are absent from AMLD and the ultimate responsibility remains with the obliged entity. These entities rely on the third party as this is included in AMLD. Whilst we acknowledge these AMLD issues may well arise from the Financial Action Task Force Standards, at least insofar as liability is concerned, for the industry to meet ambitions in this space, new market entrants should be required to meet the identification and verification criteria. We believe that there are adequate regulatory requirements but that the competent authorities may need to take a greater supervisory role to ensure compliance.
The industry recognises that technology raises risks in AML/CTF compliance. However, we believe the benefits that technology can bring to this area exceed the risks. Automation and technology solutions to AML/CTF compliance as well as to other areas of regulatory reporting and monitoring have the potential to make processes more efficient and effective for both regulators and firms. The industry fully supports and recognises the need for strong AML and countering the financing of terrorism. Numerous investments have been made to ensure that obligations around these key areas are being delivered in a way that allows customers to benefit, whilst meeting the needs of regulation.
We believe there is an urgent need to ensure coordination across regulatory bodies, particularly between financial regulators and data protection authorities. This is necessary to help to manage risk, but also to ensure that firms are able to bring forward technology enabled innovation which, as identified, will increasingly touch on regulations outside of the traditional scope of financial services regulators.

Name of organisation

UK Finance