The European Commission adopted a digital finance package, on 24 September 2020, including a digital finance strategy and legislative proposals on crypto-assets and digital operational resilience, for a competitive EU financial sector that gives consumers access to innovative financial products, while ensuring consumer protection and financial stability. The aim of having rules which are more digital-friendly and safe for consumers, is to leverage synergies between high innovative start-ups and established firms in the financial sector while addressing associated risks.

Digital Finance Strategy

The Digital Finance Strategy sets out a general European position on the digital transformation of financing in the coming years, while regulating its risks. While digital technologies are key for modernising the European economy across sectors, users of financial services must be protected against risks stemming from increased reliance on digital finance.

The Digital Finance Strategy sets out four main priorities that promote digital transformation:

1. Tackles fragmentation in the Digital Single Market for financial services, thereby enabling European consumers to access cross-border services and help European financial firms’ scale up their digital operations.
2. Ensures that the EU regulatory framework facilitates digital innovation in the interest of consumers and market efficiency.
3. Creates a European financial data space to promote data-driven innovation, building on the European data strategy, including enhanced access to data and data sharing within the financial sector.
4. Addresses new challenges and risks associated with digital transformation.

Banks should be aware that such a strategy will bring about expectations of new technologies required to deliver financial services, enhanced data sharing that leads to expected better offerings by firms and enhancements of skills to navigate in this new financial eco-system.

Particular initiatives which form part of the Digital Finance Strategy include:

• Enabling EU-wide interoperable use of digital identities
• Facilitating the scaling up of digital financial services across the Single Market
• Promoting cooperation and the use of cloud computing infrastructure
• Promoting the uptake of artificial intelligence tools
• Promoting innovative IT tools to facilitate reporting and supervision

Markets In Crypto Assets (MiCA)

The European Commission is also proposing a framework on crypto-assets to allow for innovation in a way that preserves financial stability and protects investors. Crypto-assets are digital representations of values or rights, which are transferred and stored electronically. They can serve as an access key to a service, could facilitate payments, or could be designed as financial instruments.

Crypto-assets qualifying as financial instruments under the Markets in Financial Instruments Directive (MiFID) II Framework will remain subject to existing European legislation whilst other crypto-assets will be treated differently under MiCA.

MiCA’s proposed regulation identifies three sub-categories of crypto-assets: utility tokens; asset-referenced tokens, and e-money-tokens.

MiCA lays down uniform rules for:

1. transparency and disclosure requirements for the issuance and admission to trading of crypto-assets;
2. the authorisation and supervision of crypto-asset service providers and issuers of asset-referenced tokens and issuers of electronic money tokens;
3. the operation, organisation and governance of issuers of asset-referenced tokens, issuers of electronic money tokens and crypto-asset service providers;
4. consumer protection rules for the issuance, trading, exchange and custody of crypto-assets;
5. prevention of market abuse, ensuring the integrity of crypto-asset markets.

Banks should be aware that the proposed regulation sets strict requirements for issuers of crypto-assets in Europe and crypto-asset service providers wishing to apply for an authorisation to provide their services in the single market. Furthermore, under the MiCA framework, credit institutions will be allowed to issue so called stablecoins, known as e-money tokens and asset referenced tokens, and also provide crypto-asset services such as custody, subject to adherence with the requirements set out in MiCA.  The safeguards include capital requirements, custody of assets, a mandatory complaint handling procedure available to investors, and rights of the investor against the issuer. The issuers of significant asset referenced and e-money tokens would be subject to more stringent capital requirements, liquidity management and interoperability requirements.

Digital Operational Resilience (DORA)

Part of the Digital Finance Package issued by the Commission, the legislative proposal on digital operational resilience (DORA proposal), augments existing ICT risk requirements allowing an IT landscape which is expected to be safe and fit for the future.   The proposal tackles various elements and includes: ICT risk management requirements; ICT-related incident reporting; digital operational resilience testing; ICT third-party risk and information sharing.

The proposal aims to address: fragmentation in the requirements on financial entities in the area of ICT risk, inconsistencies in incident reporting requirements within and across financial services sectors as well as threat information sharing, limited and uncoordinated digital operational resilience testing, and the increasing relevance of ICT third party risk. Financial entities are expected to maintain resilient ICT systems and tools that minimise ICT risk with effective business continuity policies in place.  Moreover, institutions are required to have processes to monitor, classify and report major ICT-related incidents, with the ability to periodically test the system operational resilience.  ICT third party risk is given greater emphasis with critical ICT third-party service providers subject to a Union Oversight Framework.

In the context of the proposal, banks are expected to undertake a holistic exercise, assessing their ICT framework and plan for the expected changes. Moreover, and in the spirit of the proposal, the Authority emphasises that banks should continuously monitor all sources of ICT risk whilst having adequate protection and prevention measures in place. Banks should build the necessary expertise and have adequate resources to be compliant with requirements emanating from such proposals.

Retail Payments Strategy

The Digital Finance Package includes also a dedicated Retail Payments Strategy.  This strategy encompasses a new medium-to-long term policy framework that aims to enhance the development of retail payments within the evolving digital world. The four pillars of this strategy are;

1. increasingly digital and instant payment solutions with pan-European reach;
2. innovative and competitive retail payments markets;
3. efficient and interoperable retail payment systems and other support infrastructures; and
4. efficient international payments, including remittances

Amongst others, the strategy aims to broaden the acceptance network for digital payments, with the Commission also supporting the work towards the issuance of a digital euro.  Moreover, the Commission wants to ensure that the surrounding payments legal framework covers all important players with also a high degree of consumer protection in place.  With the aim of having a better payments infrastructure, it is also interesting to highlight that the Commission wants to ensure access by non-bank players to all payment systems even if this would require amending existing legislation, for example to improve access to Target2.

It is essential that banks undertake a cost-benefit analysis and establish where they wish to position themselves in the payment services they offer.  Amongst the initiatives being mentioned, the Commission is indicating that possible legislation could be enacted to make instant payments mandatory and position such payments as the new norm. This and other initiatives contained in the strategy, would require enhancements in the current infrastructures and the adoption of newer technologies.  It is the Authority’s view that institutions should embrace newer technologies, however, it seems fit to emphasize that this should be adequately planned and managed. This not only ensures the integrity and survival of the institution but also prevents customers from being exposed to undue risks.