REPORT ON FINTECH REGULATORY PERIMETER, REGULATORY STATUS AND AUTHORISATION APPROACHES IN RELATION TO FINTECH ACTIVITIES 1 EBA Report 18 July 2019 EBA Report on Regulatory perimeter, regulatory status and authorisation approaches in relation to FinTech activities REPORT ON FINTECH REGULATORY PERIMETER, REGULATORY STATUS AND AUTHORISATION APPROACHES IN RELATION TO FINTECH ACTIVITIES 2 Contents Abbreviations 3 Executive summary 4 Background information 6 1. The regulatory perimeter and the regulatory status of FinTech firms 8 1.1 Competent authorities regulatory perimeter 8 1.2 FinTech firms regulatory status 10 1.2.1 Introduction: follow-up to the 2017 FinTech Discussion Paper 10 1.2.2 FinTech firms subject to authorisation under national law 11 1.2.3 FinTech firms subject to registration under national law 11 1.2.4 FinTech firms not subject to any regulatory regime under national law 12 1.2.5 Key findings of the analysis of regulatory status 16 1.3 Challenges posed by innovative business models and/or delivery mechanisms to the current EU framework 17 2. Authorisation approaches and application of the principle of proportionality 18 2.1 Introduction 18 2.2 Authorisation process 18 2.2.1 Guidance on the authorisation process for credit institutions 18 2.2.2 Guidance on the authorisation process for payment institutions and e-money institutions 19 2.3 Attachment of conditions, limitations and restrictions to the authorisation 20 2.3.1 Empowerment to impose conditions, limitations and restrictions on authorisation as a credit institution and related examples 20 2.3.2 Empowerment to impose conditions, limitations and restrictions on authorisation as a payment and e-money institution and related examples 22 2.4 Application of the principle of proportionality in granting authorisation as a credit institution 23 2.5 Application of the principle of proportionality and flexibility to the assessment of elements set out in Article 5 of PSD2 26 2.5.1 General considerations 26 2.5.2 Examples of the application of the principles of proportionality and flexibility to specific elements 27 2.5.3 Application of the principle of proportionality to the evidence required from applicants under PSD2 28 2.5.4 Key findings from the analysis of the application of the principle of proportionality to authorisation approaches under PSD2 29 3. Conclusions and next steps 31 REPORT ON FINTECH REGULATORY PERIMETER, REGULATORY STATUS AND AUTHORISATION APPROACHES IN RELATION TO FINTECH ACTIVITIES 3 Abbreviations AI artificial intelligence AIFMD Alternative Investment Fund Managers Directive (Directive 2011/61/EU) AML anti-money laundering AMLD5 Anti-Money Laundering Directive 5 (Directive (EU) 2018/843) CA competent authority CFT combating the financing of terrorism CRD IV Capital Requirements Directive IV (Directive 2013/36/EU) DLT distributed ledger technology EBA European Banking Authority ECB European Central Bank EIOPA European Insurance and Occupational Pensions Authority ESA European supervisory authority ESMA European Securities and Markets Authority Forex foreign exchange FinTech financial technology EMD2 Electronic Money Directive 2 (Directive 2009/110/EC) ICO initial coin offering IT information technology KYC know-your-customer MCD Mortgage Credit Directive (Directive 2014/17/EU) MiFID II Market in Financial Instruments Directive II (Directive 2014/65/EU) NFC non-financial counterparty NPL non-performing loan PSD2 Payment Services Directive 2 (Directive (EU) 2015/2366) POS point-of-sale SME small or medium-sized enterprise REPORT ON FINTECH REGULATORY PERIMETER, REGULATORY STATUS AND AUTHORISATION APPROACHES IN RELATION TO FINTECH ACTIVITIES 4 Executive summary 1. This Report illustrates the findings of an analysis carried out by the EBA on issues related to access to the market for financial firms with innovative business models and/or delivery mechanisms, referred to as FinTech firms. The analysis focused on (a) the monitoring of national developments on the regulatory perimeter; (b) the national regulatory status of FinTech firms; and (c) the approaches followed by CAs when granting authorisation under CRD IV, PSD2 and EMD2 and in particular the application of the principles of proportionality and flexibility. 2. The results of the monitoring exercise conducted in relation to the regulatory perimeter for activities and services relating to FinTech innovative business models or delivery mechanisms show a steady scenario with very little national legislative activity affecting the regulatory perimeter of the CAs under the EBAs remit. 3. The analysis of the national regulatory status of FinTech firms with innovative business models or delivery mechanisms shows two developments: (a) the move of certain activities notably payment initiation services and account information services from not being subject to any regulatory regime to being subject to PSD2 after its transposition into national law; and (b) with the exception of crowdfunding and to some extent activities related to crypto-assets, the ancillary/non-financial nature of the services and activities provided by FinTech firms not subject to any regulatory regime. 4. In the light of the above findings on the regulatory perimeter and regulatory status, the Report takes note of the current state of play. The EBAs view at this stage is to continue observing the activities in the market as part of its mandate to monitor innovation and the regulatory perimeter, the EBA also considers that it is not necessary to put forward any specific recommendation. In this latter regard, the EBA observes that significant issues relating to regulatory perimeter and regulatory status - like crowdfunding and crypto-assets - referred to in this Report are being considered in the context of on-going European work streams. In particular, as to crowdfunding, the European Commission submitted a Proposal for Regulation in 20181 which is under consideration of the European Parliament and of the Council; as to crypto-assets, the EBA published a Report on crypto assets in January 20192 and the follow-up actions set out therein are in the process of being implemented. 5. With regard to authorisation approaches under the current EU legal framework, the findings on the application of the principles of proportionality and flexibility under CRD IV and PSD2 suggest that there is consensus on considering the principle of proportionality to be embedded in the current EU legislative and regulatory framework. Similarly, there is consensus that the 1 European Commission Proposal of Regulation on European crowdfunding service providers, COM(2018)0113. 2 eba.europa.eu/-/eba-reports-on-crypto-assets REPORT ON FINTECH REGULATORY PERIMETER, REGULATORY STATUS AND AUTHORISATION APPROACHES IN RELATION TO FINTECH ACTIVITIES 5 principles of proportionality and flexibility are applied in the same way irrespective of whether the applicant presents a traditional or innovative business model and/or delivery mechanism. 6. With specific regard to PSD2, flexibility and proportionality are also expressly embedded in that legal act, for instance in (i) the national option under Article 32 for smaller payment institutions, (ii) the exemption for the providers of account information services offering solely that payment service and (iii) the specification of different levels of capital requirements depending on the particular services provided. With regard to supervisory practices, CAs apply the proportionality principle following a risk based approach and taking into account the nature, scale and complexity of the services (payment and/or e-money services), the size of the institution and the organisational structure (including the use of agents, outsource providers, foreign branches, number of employees). The EBA will continue its monitoring activity with regard to the application of the principle of proportionality, in particular to assess whether it is used to fast track applications from FinTech firms for authorisation as a payment or an e-money institution. 7. With respect to the attachment of conditions, limitations and restrictions to the authorisation, the findings show the existence of various practices consisting in the imposition of conditions precedent - such as amendment of the applicants legal structure or articles of association - or of supervisory requirements to be met on an ongoing basis - such as limit on deposit taking, limitations regarding granting credits and loans to related parties etc . Further work may therefore be needed to ensure a fully level playing field in this area, work that the EBA could carry out in the context of the mandate conferred by Directive (EU) 2019/878 amending the CRDIV, for the development of Guidelines to specify a common assessment methodology for granting authorisations under that Directive. 8. With regard to authorisation as a credit institution, additional monitoring and analysis may be carried out with regard to the national option relating to the special regime envisaged in Article 12(4) of the CRDIV allowing a lower initial capital of at least EUR 1 million, and its use in the context of applications by FinTech credit institutions. Based on the EBA findings, in the last 5 years in the whole EU, a total of 6 FinTech applicant credit institutions have been granted the authorisation based on such special regimes. REPORT ON FINTECH REGULATORY PERIMETER, REGULATORY STATUS AND AUTHORISATION APPROACHES IN RELATION TO FINTECH ACTIVITIES 6 Background information 1. With a view to promoting a more competitive and innovative financial sector in the European Union, the European Commission adopted in March 2018 the FinTech Action Plan inviting the European Supervisory Authorities (ESAs) to map current authorising and licensing approaches for innovative FinTech business models. In particular, they should explore how proportionality and flexibility in the financial services legislation are applied by national authorities. The Action Plan also indicates that where appropriate, the ESAs should issue guidelines on approaches and procedures or present recommendations to the Commission on the need to adapt EU financial services legislation3. 2. The EBAs FinTech Roadmap4 in line with the Commissions FinTech Action Plan specifies monitoring the regulatory perimeter, including assessing current authorisation and licensing approaches to FinTech firms, as one of the EBAs priorities for 2018/2019. In particular, the EBAs FinTech Roadmap, building on the findings of the Discussion Paper on the EBAs approach to financial technology (FinTech) (2017 FinTech Discussion Paper)5 , refers to the need to analyse in further detail the nature of the services being provided by FinTech firms pursuant to national regimes/no identified regime and to assess prudential requirements and conduct of business requirements 6 . It also entrusted the EBA with the task of mapping the authorisation and licensing approaches and procedures applied by competent authorities when authorising firms adopting innovative FinTech business models, in particular with a view to assessing how proportionality and flexibility are applied in the context of existing EU and national law7. 3. This Report on the regulatory perimeter, regulatory status and authorisation approaches in relation to FinTech activities (Report) is intended to fulfil the tasks described above. 4. The Report has been developed based on the results of two surveys addressed to CAs within the EBAs remit pursuant to CRD IV, PSD2, EMD2 and the MCD, on further discussions of the relevant issues with the CAs and on the EBAs research. 5. In line with the mandate received, the surveys focused on the following three areas: 3 The European Commissions FinTech Action Plan (COM)2018) 109 final, page 7); available at eur-lex.europa.eu/resource.html?uri=cellar:6793c578-22e6-11e8-ac73-01aa75ed71a1.0001.02/DOC_1 analysis of the regulatory status and actual activities and/or services provided by FinTech firms with innovative business models or delivery mechanisms that are subject to national authorisation or registration with a view to assessing a potential unlevel playing field across the EU, or that are not subject to any regulatory regime (under either EU or national law and regulation), with a view to assessing whether they are actually not of a financial nature and therefore keeping them outside the regulatory perimeter is justified; application of the principles of proportionality and flexibility in the authorisation and licensing practices of credit institutions, payment institutions and e-money institutions, with a view to analysing how the EU regime is applied in practice and whether it is adequate with respect to market access for firms with FinTech innovative business models or delivery mechanisms. 6. Responses to the surveys were submitted by 27 CAs (AT, BE, BG, CZ, DE, DK, EE, EL, ES, FI, FR, HR, HU, IE, IT, LT, LU, LV, MT, NL, PL, PT, RO, SE, SI, SK and UK) and the ECB (only to the section on authorisation of credit institutions), thus providing a representative picture of the state of play in the EU. The responses are updated as of 22 March 2019. REPORT ON FINTECH REGULATORY PERIMETER, REGULATORY STATUS AND AUTHORISATION APPROACHES IN RELATION TO FINTECH ACTIVITIES 8 1. The regulatory perimeter and the regulatory status of FinTech firms 1.1 Competent authorities regulatory perimeter 1. As part of its tasks relating to ensuring a level playing field across the EU and the development of a Single Rulebook, the EBA regularly monitors the regulatory perimeter of the authorities under its remit. Previous reports have dealt with the regulatory perimeter in accordance with CRD IV8 and in relation to investment firms9. 2. In accordance with the mandate set out in the Commissions FinTech Action Plan, the EBA has performed a monitoring exercise in relation to the regulatory perimeter of the CAs under the EBAs remit that are competent under CRD IV, PSD2, EMD2 and the MCD. The objective of this exercise was to identify any adopted national law or regulation having the effect of extending the CAs scope of competence to FinTech services and/or activities with innovative business models or delivery mechanisms. In order to capture forward-looking developments, the exercise also enquired about any proposed but not yet adopted change to the regulatory perimeter having the effect of creating a new activity within the scope of the CAs remit. 3. The monitoring of the regulatory perimeter was conducted by addressing specific questions contained in a survey to CAs, covering the period between 1 September 2017 and 22 March 2019. 4. Changes to the CAs regulatory perimeter deriving from the implementation of European directives, such as PSD2 and MiFID II, were outside the scope of the monitoring exercise, since they reflect changes that ha