The Game-Changing EU Digitalisation Strategy For The Financial Services Sector Is Put To The Test!

With the recent demise of a major US regional bank funding roughly a tenth of all venture debts issued over 2023 and behind 60% of all deals this year in the venture debt market, and in Europe, the collapse of a major Swiss investment bank, we are reminded just how swift bank runs can occur in our digital age.

These developments will reinforce the EU’s efforts to make the digital banking environment a safer place for depositors, retail investors and tech venture debt entrepreneurs, via the EU Digital Strategy for financial services legislative framework.

When the European Commission launched an international benchmark-fixing EU Digital Strategy in 2021, it was designed to embrace digital finance in contributing to the overall digital transformation of the EU economy and society.  Four priorities were envisaged: 

- To enable EU citizens to benefit from digitalised access to cross-border financial services, and facilitate Fintech firms in scaling-up their digital operations;

- To ensure that the EU regulatory framework facilitated digital innovation in the citizens interest, ie DLT and AI tools;

- To create a EU financial data space to promote data-driven innovation enabling access to data and date sharing within the financial sector, and critically,

- To address the new challenges and risks associated with the digital transformation in the financial services sector.

But these objectives, ambitiously developed to adapt the financial regulatory and supervisory framework to the increasing digitalisation of the EU financial sector – have been eclipsed by fast-evolving ITC and digitalised environment – faster than the legislators and regulators can sometimes react.

Regulators have long conceded that the new technologies may present challenges of exposure to cyber-risk, dependency on third-party providers, accountability and may trigger issues regarding appropriate data use, sharing and sovereignty.  At the same time, existing regulatory obstacles may also hinder the digitalisation of financial services and their deployment on a cross-border basis.

VIEW ALL COURSES BY THE AUTHOR DAVID DOYLE (EU Financial Services Regulatory Expert)

The EU digital strategy encompasses some key flagship legislative proposals aimed at supporting the digitalisation of EU financial services: MiCA (regulation on markets in crypto-assets), the DLT pilot regime, DORA (the Digital Operational Resilience Act) and version 3 of the European payments services directive (PSD3).

Another important dimension in the strategy is the rolling out of the EU-wide inter-operable use of AML-mitigating digital identities, and the introduction of EU digital finance licensing and an EU-wide passport.

It is expected that ESMA itself will be seen taking an assertive role in certain aspects of the digital transformation of the financial services sector, with a blend of proposed legislative and non-legislative measures.

One promising technology providing a diverse range of use cases in the financial services space is Distributed Ledger Technology (DLT), which is capable of making settlement cycles quicker, more efficient and more transparent. On 23rd March ESMA launched the application of the DLT Pilot Regime.   The Pilot is built around the development of the trading and settlement scheme of DLT-based financial instruments, providing a controlled environment for multilateral trading facilities (MTFs) and central securities depositories (CSDs) using DLT. ESMA believes that by ensuring that the systems are operationally reliable, “such projects have the scope to benefit markets and, ultimately, investors”.

Under the scope of this DLT pilot, national supervisors authorise and supervise firms, with ESMA retaining a coordination and convergence role. ESMA will issue guidance on several aspects of this Pilot and intends to be provide guidance to the national authorisations.

 Crypto-Asset regime (MICA)

An immediate priority of this EU Digital Strategy was the legislative initiatives to regulate the crypto-assets markets and accompanied by a regulatory regime covering the resilience of IT systems within financial institutions.

As an important milestone in the EU Digital Strategy is the Regulation on Market Infrastructures in Crypto-Assets (MiCA), introducing a comprehensive framework for crypto- assets, crypto-assets issuers, service providers, trading platforms, custodian wallet providers, CA exchanges, etc.   A detailed set of rules will apply to the issuance of asset-referenced token, e-money tokens and other crypto-assets. The different types of service providers will be subject to tailored prudential requirements, liquidity rules, suitability of the management board and governance arrangements, and proven security of the IT structure.

With the EU taking the lead in comparison to other major trade regions, Crypto Asset Service Providers will be subject to authorisation and supervision by national supervisors, with ESMA deploying new product intervention powers, analogous to those under the MiFIR regime. MICA is expected to be applicable mid-2024.

VIEW ALL COURSES BY THE AUTHOR DAVID DOYLE (EU Financial Services Regulatory Expert)

Central to the MICA orthodoxy is the focus on the dual objectives of investor protection and financial stability.  MICA applies a broader definition of the scope compared to other regions in the world: trading, advice, transmitting orders, custody, crypto-to-crypto, crypto-to-fiat exchange etc. MICA comes with two important additional requirements: it imposes liability on CASPs for custody losses, i.e., cyber attacks on digital wallets, and the emergence of a robust anti-money laundering dimension:  i.e., due diligence on transfer of funds (Transfer Rule).  

Coming up in the future will be the review by the EC and the EBA of the contentious issue of a potential capital prudential regime on banks with exposures to crypto-assets. Last year, the Basel Committee on Banking Supervision (BCBS) issued to final report on the prudential treatment of crypto-assets exposures, with potential implementation in all jurisdictions by January 2025. BCBS differentiates between two groups of Crypto-assets:

- Group 1 – covers less volatile crypto-assets that are either (a) tokenized traditional assets or (b) have effective stabilization mechanisms, i.e., regulated and backed stable coins.

- Group 2 – covers crypto-assets that are classified as either (a) having limited level of authorized hedging or (b) contain cases of non-recognized hedging.

- Group 1 assets would be subject to the present Basle prudential framework, whereas Group 2 assets, considered more risky, would have a 100% capital charge, where hedging is authorized. In the case of        non-authorized/recognized hedging, a capital charge of 1250% of risk-weighted assets is proposed.

Another far-reaching legislative package, the Digital Operational Resilience Act (DORA), now in force, is designed to addresses another risk factor in the EU digital space: cyberattacks and ICT disruptions in the EU financial sector.  These risks have had a concern for Europe’s bank and securities regulators for many years, notably the ECB, the EBA and ESMA.

This long overdue piece of legislation has sensibly consolidated a patchwork of existing sectoral rules on ICT risk management, incident handling and resilience testing. Critically, and core to the thrust of DORA, is the explicit recognition on the reliance by financial services entities on third party ICT service providers. Going forward, the ESA’s (EBA, ESMA and EIOPA) will oversee their activities. 

ESMA is currently drafting technical standards, following DORA’s entry into force on 16 January 2023, with application scheduled for 17th January 2025.

 What else is coming down the pipeline?

The EC is pursuing an EU Electronic Identification, Authentication and Trust Services (eIDAS) Regulation that sets the foundations for a cross-border electronic identification and authentication system. Yet another initiative to provide reassurances to EU citizens when using cheaper, faster and more reliable investment, payment and transfer opportunities across the 27 EU.

The EC believe that some 60% of EU citizens already benefit from the current system, however, usage remains low and the application across the private sector is limited.

The EC has set out to create an EU-wide interoperable digital identity solution which enable customers to access financial services quickly and easily (on-boarding), and thus to reduce divergences – and costs – between countries.

A new proposal for a Regulation on digital identity issued by the European Commission builds upon eIDAS and extends the scope to the private sector as well. It should enable customer data to be reused subject to informed customer consent, based on full transparency regarding the consequences and implications of such reuse.

Ultimately, Member States will be in a position to offer citizens and businesses digital wallets that will allow them to use the benefits of their national digital identities. Access to services online directly by EU citizen, and EU enterprises, without their sharing personal data, whist retaining full control of the data they share, remains the raison d’ être of the regime.