What’s next on the EU digital finance agenda?


FOR 2000

The Digital Agenda is a core priority for the current European Commission. The global pandemic has only strengthened this resolve, as more EU citizens and businesses are relying on digital transactions, and cyber risk has increased. Meanwhile, digital platforms have solidified their already strong market positions and made inroads into the financial services sector.

In 2021, multiple proposals central to Digital Finance will be negotiated, and possibly agreed upon, by the EU institutions. Others still will be proposed. The seeds of these initiatives were sown in 2020, when the European Commission decided its strategies for re-charting the rules for digital services, digital finance, and data in the EU.

A ‘digital sovereignty’ agenda and the objectives of reducing platforms’ ability to lock consumers in and regulating the “same risks” with the “same rules” drive the EU thinking in these areas.

Against this background, we have outlined the top 13 issues likely to dominate the EU’s digital finance agenda over the 12 months of 2021.

1. Advancing Digital Payments

In 2020, the European Commission launched its EU retail payments strategy. In the second half of 2021, it will launch a review of the Second Payments Services Directive (PSD2), which we expect to be far-reaching. In parallel, there is a political push to promote the Euro as an international currency and to develop a European payment solution. The ECB has announced that it is exploring the adoption and launch of a Central Bank Digital Currency (CBDC). The final go-ahead decision on the development of the Digital Euro is expected by mid-2021 – the project has influential supporters.

Potential impact? The strategic importance attached to the payments sector could present obstacles or barriers to companies outside the EU. At the same time, it could open commercial opportunities for EU companies and FinTechs to collaborate and engage with EU institutions. The Digital Euro may create potential commercial opportunities, and further increase the digitalization of the banking sector. However, its final design and use will determine the potential impact on financial service companies and European citizens.

2. Regulating Crypto Markets

EU negotiations on the new regulatory regime markets for crypto-assets (MiCA) will advance and may conclude by end 2021. Member States and MEPs have called for tougher rules on stablecoins; 2021 will show what those rules might be. Consensus hinges on resolving how crypto-assets are to be defined, how to differentiate between stablecoins used for payments, and those that are not, and more generally how crypto market rules will fit with other EU regulation Developments outside the EU could lay the groundwork for some regulatory convergence. Separately, we are also looking at a possible agreement on a proposed ‘Pilot Regime’ which will create an EU ‘regulatory sandbox’ for building certain capital market infrastructure on the blockchain technology.

Potential impact? Crypto-asset markets grow quickly, while the blockchain technology and operational models are still evolving. The reason to hold some crypto-assets has changed over time.  All of this requires that MiCA is flexible and ‘future proof. Yet, the risks stemming from one or two recent stablecoin projects have had an enormous influence on policymakers. Getting it right is important – MiCA is set to impact the EU’s competitiveness in the crypto-assets space.

3. Introducing Open Finance

The European Commission will open a consultation on open finance, laying the groundwork for a legislative proposal in 2022. Under the open finance framework, we expect the expansion of the requirements to share product- and transactional data with third parties, which PSD2 introduced, into sectors beyond payments. Other legislative proposals will also affect data access for financial services companies. These are the Data Act, the Digital Services Act, and the review of PSD2 itself.

Potential impact? Restricting the ability of one institution or platform to control access to consumer data can fundamentally change the competitive landscape of financial services. Learning from PSD2, we expect to see new business models, from both market entrants or market incumbents, around the processing of the data or driving insights from it. In 2021, companies looking to either maintain their competitive positioning or advance it should become active on this policy matter.

4. Accessing Encrypted Data

At the end of 2020, the Council declared an interest in working with law enforcement to enable access to encrypted information. Both the European Commission and the European Parliament supported this declaration. The declaration was non-binding – leaving it to the European Commission to act and develop EU legislation on this matter. If not, Member States may choose to introduce their own national provisions.

Potential impact? Many digital services, financial or otherwise, make use of encrypted data to protect the information of their customers under GDPR. New ways of encrypting data are at the core of the blockchain solution, including reliance on the so-called ‘zero-knowledge proof’ method where data is not only encrypted, but it need not be transferred at all because of this specific innovation.  If provisions that weaken encryption are implemented, the security or efficiency that some operational set ups provide could be compromised. 

5. Improving Digital Operational Resilience

Negotiations on the proposed regulation for Digital Operational Resilience (DORA) will move to the final stage of negotiations in 2021 – that stage involves all three EU institutions. Agreement is possible. Big open issues remain, such as overall proportionality, alignment of risk reporting requirements, and the stringency of requirements for third party providers.

Potential impact? DORA introduces cybersecurity requirements to a much broader set of financial services providers and toughens the scrutiny of the so-called ICT third-party service providers (e.g. cloud service providers). This includes giving EU Supervisory Authorities the power to supervise the ‘critical’ providers. DORA will result in heightened cybersecurity risk management and reporting. Ultimately, the cost of implementation could be high.

6. Driving Digital Identity

The way that financial service providers verify identities and perform due diligence will come under review in 2021. Most notably, the European Commission will review the eIDAS Regulation – the rules on how individuals and businesses can be verified online. We expect a proposal in Q1 2021, which is likely to extend the scope of the eID regulation to the private sector, introduce data protection requirements for digital identity providers, and introduce a European Digital Identity scheme (EUid), which would enable citizens to access online public and private services when identification is necessary.

Potential impact? The financial services sector is one of the biggest potential beneficiaries of eID and trust services, as they can enable significant business opportunities for improved services across borders. Companies looking to either provide identity services or use them to grow their financial product clients have an interest in ensuring that the legislative proposals are fit for purpose.

7. Updating Data Governance

Two key proposals which will change how data moves in the EU – the Data Governance Act (DGA) and the Data Act. The DGA, already in negotiations, covers four main areas: data sharing among businesses; re-use of public sector data; re-use of personal data; and making data reusable on altruistic grounds. Notably, data localisation was left out of the DGA proposal. The Data Act – proposal expected in Q3 2021 – aims to foster business-to-government data sharing in the public interest, and addresses issues related to usage rights for co-generated data (such as IoT in industrial settings). The debate is expected to centre around potential forced data-sharing.

Potential impact? The Data Governance Act and Data Act will determine how any EU entity shares and co-owns public data. For financial services, it will be the basis for more specialised rules. In parallel to the DGA negotiations, the European Commission will set up Common Data Spaces to support the availability of publicly disclosed information in standardised and machine-readable formats. The European Commission will also set up an EU-funded infrastructure for public disclosure. While finance is one of the 10 areas for which a Common Data Space will be established, we expect that Common Data Spaces for medical data and ESG data will be first in line.

8. Adopting RegTech

The EU wants to enable the use of innovative technologies, the so-called RegTech and SupTech, for supervisory reporting and supervision. A key step towards this in 2021 will be the development of a strategy by the European Commission, together with the ESAs, to ensure that reporting requirements allow that supervisory data can be  reported in machine-readable formats – for example, via data-feeds rather than forms.

Potential impact? RegTech and SupTech are catch-phrases for technologies used for compliance and supervision. These represent the most heavily invested verticals in business-to-business (as opposing to business-to-consumer) FinTech. Harmonizing this market across the EU is an opportunity for growth with little global parallel. However, getting ready for machine-readable supervisory data will require investments and standardisation across banks and other supervisors with very different capabilities. As with other regulation on data flows, details on standards will matter significantly.

9. Harmonizing AML Rules

In 2020, the European Commission presented its Action Plan for EU Policy on Preventing Money Laundering and Terrorism Financing. This action plan is significant – it seeks to establish a single EU rule book and implement an EU-wide supervisory authority. It also aims to increase cooperation and sharing of information between Financial Intelligence Units (FIU). The European Commission will propose a legislative package based on the plan in early 2021. We expect that it will address the implications of technological innovations in finance as well as addressing some new entities that have been deemed risky.  

Potential impact? 

The new AML framework will replace the previously piecemeal EU approach. It will be a Regulation, i.e. binding for every Member State, thereby reducing national divergences.  The EU policy approach will be heavily influenced by, and will look to influence, developments in other markets (e.g. US) and the Financial Action Task Force at the international level. It will be of key importance that industry engages with regulators and lawmakers to help build solutions that merge combatting AML with technological advancements without hampering either. 

10. Addressing Artificial Intelligence

In Q1 2021, the European Commission will propose an AI framework which will apply to ‘high-risk’ AI applications. We expect that ‘high risk’ will be defined in a list of sectors, together with an abstract definition of what constitutes ‘high-risk’ use of AI (e.g. remote biometric identification, intrusive surveillance technologies). Also in 2021, the European Commission will establish a new public-private partnership in AI, data, and robotics, which will require securing the commitment of the top management of companies.

Potential impact? 

AI-powered financial service products or third-party services on which they rely could fall in the category of a ‘high-risk’ application if for example retail investments are concerned and there is a demonstrable risk to consumer rights. The merit of adopting AI will affect both how high-risk applications are defined within financial services and the requirements on those applications.

11. Introducing Digital Tax

Regulators are increasingly looking to the digital finance space to increase transparency for regulators and tax its activities accordingly. At an international level, the OECD/G20 negotiations on a framework for digital taxation are set to conclude in July 2021. Although financial services is expected to be excluded from its scope, these negotiations will shape taxation policy for any internationally or digitally operating company far into the future. At an EU level, the European Commission is looking to increase transparency by putting forward a proposal to tax the crypto-assets and digital payments spaces more effectively by amending the Directive on Administrative Cooperation (DAC). A Public Consultation will be launched in Q1 2021, with the aim to present a proposal for a directive in Q3 2021.

Potential impact? Reforms of tax regulation can be positive. If well-drafted, regulation can make it easier to operate across borders or alleviate reporting burdens. However, new rules can also mean additional reporting requirements and undue additional operating costs on firms. The key is to engage early with regulators and avoid any unintended consequences.

12. Promoting Sustainable Finance

Sustainable Finance will be a core priority for the EU in 2021. Key priorities for the sector were established in the European Green Deal (EGD) — the European Commission’s environmentally friendly growth strategy until 2024. The financial sector is crucial for steering capital to green investment opportunities. Therefore, work is currently ongoing on multiple initiatives that aim to achieve better standards of ESG data to prevent companies from ‘greenwashing’. The Non-Financial Reporting Directive (NFRD), which evaluates the non-financial performance of large companies, is scheduled for review in Q1 2021. New disclosure-related requirements for financial market participants will apply as of 10 March 2021, due to the Sustainable Finance Disclosure Regulation (SFDR).

Potential impact? Getting better and more homogeneous ESG data is a key aim of these policy developments. Besides creating a business opportunity for data analytics products, these developments will impact the entire EU economy as they will increase pressure to move into greener business models. Eventually, investments could be redirected solely towards green investments, drying out unsustainable businesses. 

13. Getting Tougher on Platforms

In 2020, the European Commission proposed the Digital Services Act (DSA) and Digital Markets Acts (DMA). The DSA proposal is an ambitious attempt to update the rules governing the online world by introducing due diligence obligations for i.a. online intermediaries. The DMA will levy more rules on the so-called gatekeepers i.e. large platforms that are active in the EU market. In 2021, the DSA and DMA will be negotiated by the EU institutions, but a final agreement is not expected this year.

Potential impact? The DSA and DMA affect the competitive online landscape, and with it, add-on activities such as payments or identity services. For instance, the DMA will require gatekeepers to ensure that ad-on services can interoperate with the gatekeeper’s operating system or hardware. This can change business models and opportunities in digital finance.

Contact Thea Utoft to find out more about how FTI Consulting can help you.

Meet our experts on www.getready4.eu


This factsheet only addresses a selection of the key files impacting digital companies The views expressed are those of the author and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates or its other professionals

© 2021 FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm. All Rights Reserved

About FTI Consulting: FTI Consulting is an independent global business advisory firm dedicated to helping organisations manage change, mitigate risk and resolve disputes: financial, legal, operational, political & regulatory, reputational and transactional. FTI Consulting professionals, located in all major business centres throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and opportunities. Connect with us at www.fticonsulting.com or on Twitter (@FTIConsulting), Facebook and LinkedIn. The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc. its management, its subsidiaries, its affiliates, or its other professionals, members of employees.