Last month, Vice-President of the European Commission Valdis Dombrovskis made a speech in which he leant support to the FinTech sector amid their concerns that the proposed implementation of Directive 2015/2366 (PSD2) would restrict innovation and competition. Here, we look at the context of Dombrovskis' pronouncement and the broader issues affecting the integration of FinTech services in the industry as a whole.
1. The EBA's proposed ban on "screen scraping"
"Screen scraping" or "direct access" is a way in which third parties may have access to a consumer's account information. It means that the third parties are able to see the account information how the consumer would see it, for example, if they checked their bank accounts online. In order to do so, third parties use technology which has been specifically developed for this purpose.
Currently, a significant proportion of FinTech providers rely on such practices as part of their services offered to clients. However, the European Banking Authority (EBA) has proposed that such access should no longer be allowed under PSD2.
The EBA confirmed this view when it published its finalised draft regulatory technical standards (RTS) in respect of strong customer authentication processes and common and secure communication methods. Essentially, the EBA will require those holding the account information, such as banks, to have in place a communication interface to enable third parties to have access to consumer information. However, this access will not be achieved in the same way and the interface will be in the control of those holding the account information, ie the banks.
2. Response from the FinTech sector
This proposal has not been well received by the users of "screen scraping" or "direct access" technology, which includes a significant number of FinTechs. They argue that the RTS do not reflect the principles laid down in PSD2 and specifically that the current technology is part of what makes FinTechs so successful, because direct access to consumer information means they can provide a better and more consistent service.
These arguments are set out in an 8-page manifesto put together by a coalition of financial services providers operating across the EU. The manifesto's position is that the RTS go against PSD2's objectives of promoting competition and ensuring technological neutrality in the FinTech space, and that the information holder's control over the interface will have a negative impact on competition. The manifesto also challenges the EBA's concerns that this type of technology has increased security risks, noting that secure authenticated direct access (which would be the current "screen scraping" technology plus third party identification) "has an outstanding security record".
3. The Commission's view
On 19 May 2017 Vice-President Dombrovskis, gave a speech in which he acknowledged that the draft RTS could be more neutral. He also confirmed that, in order to find the right balance, the Commission would ask the EBA to reconsider its position.
4. The challenge of integration of FinTechs
We commented in our contribution to the Q2 commercial forecast (link here) on how the industry is looking forward to seeing how the more traditional world of banking and the younger FinTech industry manage their differences.
The drafting of the RTS shows that there may be a certain amount of reluctance to embrace FinTech. While the Commission in this instance have prioritised innovation and competition, here are a number of reasons why we can expect more of this type of conflict in future. First, FinTech inevitably brings with it a greater risk of cybersecurity. As more competitors enter the market and more data changes hands, the sector's increased reliance on technology will provide more opportunities for financial crime. The FCA business plan 2017/8 also noted that market integrity is threatened by the increasing terrorist activity.
Secondly, with more market participants and varying types of services on offer, there is increased pressure to ensure rules and regulations are fit for purpose. If regulatory authorities take the safest approach, this may block innovation; if rules are too flexible there is a risk that they will not adequately protect consumers.
Thirdly, if barriers to entry are not qualitatively sufficient, this could allow material numbers of inexperienced service providers into the sector. This again would present challenges to regulatory authorities in ensuring firms understand the rules and how they apply. In addition, if firms are not aware of their obligations and take a more relaxed approach, this could have implications for the broader stability of the financial system.
Finally, longstanding institutions with legacy infrastructure may need to invest in both their technological systems and their culture. In order for PSD2's objectives to be achieved in a holistic way, not only do the practical and technological steps need to be taken, but firms' attitudes to the newer opportunities of FinTech may need to be addressed.
In what appears to be an inevitable clash in the FinTech world between the requirements of cybersecurity and the ability for new entrepreneurial FinTech firms to access the information they need to provide services to tech savvy customers, it appears that in this clash the Commission is backing the young pretenders.
The industry will have to wait and see how the EBA considers and possibly revises the RTS. In light of Dombrovski's pronouncement, we would expect some movement on the EBA's part. This instance evidences the practical impact of the broader debate on how best to integrate FinTech into the current industry sector and provide an outcome that benefits all stakeholders and consumers. We would not expect this to be the last example of this kind of negotiation and we will continue to monitor the developing regulatory environment closely.
If you require further information on anything covered in this briefing please contact Louise Bralsford ([email protected]) or your usual contact at the firm on 020 3375 7000.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, June 2017