Close panel

Close panel

Close panel

Close panel

Financial regulations Updated: 04 Oct 2017

Fintech and cybersecurity: regulatory priorities for Europe

The European Commission has unveiled a plan to bolster the development of financial technology (fintech) and he creation of new tools to combat cybercrime.  According to a commission report, "European consumers, investors and businesses will benefit from stronger and more integrated financial markets."

Following EC President Jean-Claude Juncker’s State of the Union speech on September 13, focusing on the importance of creating a Capital Markets Union, the Commission has now put forth concrete proposals.   It has unveiled two packages of measures, one aimed at reforming the EU's financial supervision architecture and strengthening the economic policy and monetary union; and another, to increase protection against cyber-attacks.

This new regulatory roadmap proposes improving the mandates, governance and funding of the European Supervisory Authorities (ESAs). In banking, this means the European Banking Authority (EBA) which recently published its priorities in financial technology; in the securities and financial markets, the European Securities and Markets Authority (ESMA); and for insurance and pensions, the European Insurance and Occupational Pensions Authority (EIOPA).

The impact of Brexit on european fintech

According to the EC, these reforms will promote greater capital market integration and bolster the development of the 'fintech' sector in Europe, in the wake of the United Kingdom’s departure from the EU.  According to Reuters, over 80% of the European 'fintech' market is based in the UK and part of this market could relocate to other European countries once the Brexit process concludes.  In fact, as Business Insider points out, France and Sweden are on their way to become Europe’s next big tech hubs.  A common regulation within the EU would definitely promote growth among 'fintech' firms.

With the passing of new Payment Service Directive, PSD2 and the General Data Protection Regulation (GDPR), the European Commission has taken another step in the regulation of 'fintech' companies.  The European Supervisory Authorities will be responsible for coordinating national initiatives to promote innovation and strengthen cybersecurity.  For example, they will coordinate technological innovation instruments - such as innovation incubators or 'sandboxes' - created by the national regulators.

The new proposals are based on the feedback obtained by the EC through the public consultations it launched in the autumn of 2016 and in the spring of 2017. The European Parliament and the Council will now discuss the proposals for developing a core regulation and amendments to a number of industry-specific directives.

Objective: Preventing cyberattacks

The Commission also unveiled a cyber security package aimed at providing Europe with the appropriate tools to deal with cyber-attacks.

According to the Commission, recent figures show that digital threats are evolving rapidly: more than 4,000 ransomware attacks have occurred every day since the beginning of 2016, a 300% increase from 2015 - and 80% of European companies were affected last year.  Studies note that the economic impact of cybercrime increased fivefold from 2013 to 2017, and some predict it could quadruple by 2019.

European Commission

But this problem is not exclusively a European one.  Ransomware cyberattacks, in which payments are extorted from the victims, increased 50 percent last year. They mostly affected financial institutions, medical service providers and public entities, according to Verizon's annual study on data breaches, as reported by the Financial Times.

As a result, the Commission intends to strengthen the EU Network and Information Security Agency (ENISA), create an EU-wide cybersecurity certification framework and develop a contingency plan to respond to large-scale cybersecurity incidents and crises. A European Cybersecurity Research and Competence Centre is also planned.  The Commission aims to strengthen international cooperation on cybersecurity and strengthen the EU's cyber-defense capabilities.

The EC has also set forth a draft directive on fraud and counterfeiting in non-cash payment methods, to increase the efficiency and consistency across the EU when responding to these crimes.

Fostering data economy

In order to exploit the full potential of the EU’s data economy, the Commission has also proposed a new set of rules to regulate the free movement of non-personal data across member states.  These new rules will allow – together with existing standards – storing and processing of non-personal data to increase the competitiveness of European companies and modernize public services in an efficient, single European data services market.

The EC estimates that removing data location constraints could double the value of the data economy to 4% of European GDP by 2020.