The report called on the Commission to draw up a comprehensive FinTech Action Plan in the framework of its CMU and Digital Single Market strategies, which can contribute to achieving an efficient and competitive, deeper and more integrated and stable and sustainable European financial system.
Data
22. Recalls that the collection and analysis of data play a central role for FinTech, and therefore stresses the need for consistent, technology-neutral application of existing data legislation, including the General Data Protection Regulation (GDPR), the Revised Payment Service Directive (PSD2), the Electronic Identification and Authentication Services (eIDAS) Regulation, the Fourth Anti-Money Laundering Directive (AMLD4) and the Network and Information Security (NIS) Directive; stresses that in order to scale up innovative finance in Europe a free flow of data within the Union is needed; calls on the Commission to take measures to ensure that only objective and relevant data elements are used in the context of the provision of financial services; welcomes the Commission’s public consultation of 10 January 2017 on the ‘data economy’ (COM(2017)0009), which should provide evidence and establish whether or not barriers exist to the free flow of data across the Union;
23. Emphasises the need for clear rules on data ownership, access and transfer; highlights that increasing amounts of data are generated by machines or processes based on emerging technologies, such as machine learning; stresses that the GDPR provides a clear legal framework on personal data but that more legal certainty is needed regarding other categories of data; believes, in this regard, that a clear distinction should be made between raw data and data resulting from further processing;
24. Stresses that open banking and data sharing contribute to ensuring that all FinTech business models can grow together, for the benefit of consumers; underlines, in this regard, the recent achievements of the PSD2 regarding payment initiations and access to account data;
25. Highlights the benefits that cloud computing can have for consumers and providers of financial services, in terms of cost efficiency, decreased time to market and a better use of ICT resources; notes that there are no clear, comprehensive European rules or guidelines for outsourcing data to the cloud with regard to the financial sector; stresses the need for the development of such guidelines and for a common approach to the use of cloud computing across national competent authorities (NCAs); stresses that such rules or guidelines are necessary to bring agility and speed to cloud adoption; underlines that high standards of data security and consumer protection should be a part of those guidelines; calls on the Commission and the ESAs to study different possibilities in this regard, such as pre-approved contracts between cloud service providers and financial institutions;
26. Notes the necessity of creating more awareness among consumers as regards the value of their personal data; notes that consumers can enter into contracts to share digital content in exchange of the payment of a fee; underlines that this may lead to economic benefits but can also be used in a discriminatory way; calls on the Commission to investigate the possibility of a European data sharing strategy with the aim of putting consumers in control of their data; believes that a clear, consumer-centred approach will increase trust in cloud-based services and stimulate new innovative services offered by diverse actors in the financial value chain, e.g. by using application programming interfaces (APIs) or facilitating direct access to data for electronic payment services; asks the Commission to investigate the future potential of Personal Information Management Systems (PIMS) as technical tools for consumers to manage their personal data;
27. Recalls, in the context of the increased use of customer data or big data by financial institutions, Article 71 of the GDPR, which grants the data subject the right to obtain an explanation of a decision reached by automated processing and to challenge this decision; stresses the need to guarantee that incorrect data can be changed and that only verifiable and relevant data are used; calls on all stakeholders to increase efforts to guarantee the enforcement of these rights; is of the opinion that consent given to the use of personal data needs to be dynamic and that data subjects must be able to alter and adapt their consent;
28. Notes that the increased use of customer data or big data by financial institutions may lead to benefits to consumers, such as the development of more tailored, segmented and cheaper offers based on more efficient allocation of risk and capital; notes, on the other hand, the development of dynamic pricing and its potential to lead to the opposite, which could be detrimental to comparability of offers and effective competition and to risk pooling and mutualisation, in the insurance sector for example;
29. Acknowledges the increasing combination of personal data and algorithms in order to provide services such as robo-advice; emphasises the efficiency potential of robo-advice and its potential positive effects on financial inclusiveness; stresses that, potentially, errors or biases in algorithms or in the underlying data can cause systemic risk and harm consumers, for example through increasing exclusion; asks the Commission and the ESAs to monitor these risks in order to ensure that automation in financial advice can really generate better, transparent, accessible and cost-efficient advice, and to address the increasing difficulty of tracing responsibility for damages caused by such risks in the current legal liability framework for data use; underlines that the same consumer protection requirements should apply to robo-advice as to face-to-face advice;
Cyber security and ICT risks
30. Emphasises the need for end-to-end security across the whole financial services value chain; points to the large and diverse risks posed by cyberattacks, targeting our financial markets infrastructure, the Internet of Things, currencies and data; calls on the Commission to make cybersecurity the number one priority in the FinTech Action Plan, and on the ESAs and the ECB in its banking supervision role to make it a key element of their regulatory and supervisory programmes;
31. Calls on the ESAs, in cooperation with national regulators, to regularly review existing operational standards covering ICT risks of financial institutions; calls furthermore, in view of the varying level of protection in the cybersecurity strategies of Member States, for ESA guidelines on the supervision of these risks; stresses the importance of technological know-how in the ESAs in enabling them to fulfil their tasks; encourages more research in this area;
32. Highlights the need for exchange of information and best practices between supervisors, as well as regulators and governments at their respective levels, between researchers and market participants and between market participants themselves; calls on the Commission, the Member States, market participants and the EU Agency for Network and Information Security (ENISA) to explore the potential of transparency and information sharing as tools against cyberattacks; suggests exploring the potential benefits of a single point of contact for market participants in this regard, as well as considering more coordinated approach in cybercrime investigation in the area of financial services, given their increasingly cross-border character;
33. Underlines that regulation on the provision of financial services infrastructure needs to provide for appropriate incentive structures for providers to invest adequately in cybersecurity;
34. Calls on the Member States to ensure the timely transposition of the directive on security of network and information systems (NIS Directive); welcomes the new public-private partnership on cybersecurity recently launched by the Commission with the participation of the industry; asks the Commission to develop a series of new and concrete initiatives to strengthen the resilience of FinTech businesses in this sector against cyberattacks, especially SMEs and start-ups;
35. Notes that public confidence in the technologies concerned is vital for the future growth of FinTech, and flags the need for better education and awareness regarding the positive impact of FinTech on day-to-day activities, but also regarding network and information security risks for citizens and businesses, in particular SMEs;
36. Welcomes the continuous efforts in the field of standardisation which make connected devices safer; underlines, however, that safety needs to be granted beyond a minimum level of standardisation, especially because uniform standardised security precautions increase the risk of large security breaches due to a possible domino effect; strongly encourages companies to develop heterogeneous own responses to secure their devices and operations;
Blockchains
37. Underlines the potential of blockchain applications for cash and securities transfer, as well as for facilitating ‘smart contracts’, which open up a wide range of possibilities for both sides of financial contracts, in particular trade finance and business lending arrangements, which have the possibility to simplify complex commercial and financial contractual relationships at business-to-business (B2B) and business-to-consumer (B2C) levels; stresses that blockchain platforms are also suitable for the simplification of complex B2B and B2C transactions;
38. Recalls the benefits and risks of unpermissioned blockchain applications; invites the Commission to organise an annual multi-stakeholder conference on this subject; is concerned by the increased use of unpermissioned blockchain applications for criminal activities, tax evasion, tax avoidance and money laundering; calls on the Commission to closely monitor these issues, including the role of mixers/tumblers in this process, and to address them in a report;
Interoperability
39. Acknowledges the importance of APIs, as a complement to other tools that can be used by the consumer, in providing new actors with access to financial infrastructure; recommends the creation of a set of standardised APIs that vendors can use, for example in the area of open banking, in parallel with the possibility for such vendors to design their own software;
40. Considers that interoperability of FinTech services, both within Europe and through engagement with third-country jurisdictions and with other economic sectors, is a key condition for the future development of the European FinTech sector and the full materialisation of the opportunities that it can generate; encourages standardising data formats where possible, as is the case in PSD2, in order to facilitate this;
41. Calls on the Commission to coordinate the work of the Member States and market participants in order to ensure interoperability among the different national e-identification schemes; stresses that the use of these schemes should be open to the private sector; believes that remote identification means that are not set out in the e-IDAS regulation should also be acceptable, as long as they are of a security level equivalent to the substantial assurance level of e-IDAS, and are thus both safe and interoperable;
42. Stresses the importance of interoperability of traditional and new payments solutions in order to achieve an integrated and innovative European payment market;
43. Asks the ESAs to identify in which cases targeted or risk-based authentication can be an alternative to strong authentication; further asks the Commission to investigate whether the strong authentication processes can also be executed by other entities than banks;
44. Calls on the ESAs, in cooperation with national regulators, to develop technology-neutral standards and licences both for know-your-customer and remote identification techniques, for example based on biometric criteria, which respect the privacy of users;
Financial stability and consumer and investor protection
45. Calls on the Commission to pay specific attention, in designing its FinTech action plan, to the needs of retail consumers and investors and the risks to which they might be vulnerable, in the light of growing expansion of FinTech in services to non-professional clients, for example in crowdfunding and peer-to-peer lending; stresses that the same consumer protection standards apply to FinTech services as to other financial services, irrespective of the channel of distribution or the location of the customer;
46. Calls on the ESAs to continue and accelerate their ongoing work on monitoring technological developments and analysing their benefits and potential risks, in particular as regards consumer and investor protection and financial inclusion;
47. Calls on the Commission to investigate to what extent FinTech can help provide consumers with better-quality financial advice and whether the fragmented EU regulatory framework dealing with advice is sufficient to accommodate this;
48. Considers that there is still considerable regulatory uncertainty around InsurTech, and stresses that this needs to be addressed so as to ensure security, privacy, fair competition, and financial stability; emphasises that greater legal certainty will help to ensure that consumers of poorly regulated InsurTech firms do not fall victim to losses or mis-selling, and will help both companies and consumers to better utilise InsurTech solutions;
49. Stresses the need to ensure that financial stability is enhanced alongside the development of FinTech solutions; encourages the examination of open-source, peer-reviewed technology as a means of achieving this goal; calls on the ESAs to partner with private-sector players in developing and evaluating innovative technologies that have the potential to safeguard financial stability and increase consumer protection, for instance by mitigating bias in algorithms or by increasing consumer awareness of cyberthreats;
50. Notes that diversity and competition among market participants are critical factors contributing to financial stability; calls on regulators and supervisors to monitor the impact of digitisation on the competitive situation across all relevant segments of the financial sector, and to design and deploy tools to prevent or remedy anti-competitive behaviour or distortions of competition;
Financial education and IT skills
51. Emphasises that both financial literacy and digital literacy are crucial factors for the efficient use of Fintech and for lower levels of risk in the Fintech environment;
52. Stresses that proper financial education of retail consumers and investors is necessary for FinTech to become a real tool for financial inclusion and to enable those consumers and investors who are ever more directly exposed to immediately accessible personalised financial investment products and services to make sound financial decisions autonomously on those offers and to understand all the risks stemming from using these innovative technologies; calls on the Commission and the ESAs to increase their support for initiatives to improve financial education; stresses that vocational training and information on consumer and investor rights should be easily accessible;
53. Recalls the Commission's forecast that by 2020 Europe might be facing a shortage of up to 825 000 ICT professionals; believes that more computer scientists are needed, and encourages the Member States to prepare for changes in the labour market that may occur faster than we might expect today;
54. Underlines the need for increased digital education and skills within the financial sector, within regulatory bodies and within society as a whole, including vocational training; calls on the Commission to present best practices in the context of its Digital Skills and Jobs Coalition;
Full report
© European Parliament