Schlagwort: EBA

EBA’s Action Plan on Sustainable Finance

Veröffentlicht am von Charlotte Dreisigacker-Sartor

Climate change and the response to it by the public sector and society in general have led to an increasing relevance of environmental, social and governance (ESG) factors for financial markets. It is, therefore, essential that financial institutions are able to measure and monitor the ESG risks in order to deal with risks stemming from climate change (learn more about climate change related risks in our previous Blogpost.

To support this, on 6 December 2019, the European Banking Authority (EBA) published its Action Plan on Sustainable Finance outlining its approach and timeline for delivering mandates related to ESG factors. The Action Plan explains the legal bases of the EBA mandates and EBA´s sequenced approach to fulfil these mandates.

Why is EBA in charge ? EBA mandates on sustainable finance

The EBA´s remit and mandates on ESG factors and ESG risks are set out in the following legislative acts:

  • the amended EBA Regulation;
  • the revised Capital Requirements Regulation (CRR II) and Capital Requirements Directive (CRD V);
  • the new Investment Firms Regulation (IFR) and Investment Firms Directive (IFD) and
  • the EU the Commission´s Action Plan: Financing Sustainable Growth and related legislative packages.

These legislatives acts reflect a sequenced approach, starting with the mandates providing for the EBA to oblige institutions to incorporate ESG factors into their risk management as well as delivering key metrics in order to ensure market discipline. The national supervisory authorities are invited to gain an overview of existing ESG-related market risks. In a second step, the EBA will develop a dedicated climate change stress test that institutions should use to test the impact of climate change related risks on their risk-bearing capacity and to take appropriate precautions. The third step of the work will look into the evidence around the prudential treatment of “green” exposures.

The rationale for this sequencing is the need firstly to understand institutions´ current business mix from a sustainability perspective in order to measure and manage it in relation to their chosen strategy, which can then be used for scenario analysis and alter for the assessment of an appropriate prudential treatment.

Strategy and risk management

With regard to ESG strategy and risk management, the EBA already included references to green lending and ESG factors in its Consultation paper on draft guidelines on loan origination and monitoring which will apply to internal governance and procedures in relation to credit granting processes and risk management. Based on the guidelines the institutions will be required to include the ESG factors in their risk management policies, including credit risk policies and procedures. The guidelines also set out the expectation that institutions that provide green lending should develop specific green lending policies and procedures covering granting and monitoring of such credit facilities.

In addition, based on the mandate included in the CRD V, the EBA will asses the development of a uniform definition of ESG risks and the development of criteria and methods for understanding the impact of ESG risks on institutions to evaluate and manage the ESG risks.

It is envisaged that the EBA will first publish a discussion paper in Q2-Q3/2020 seeking stakeholder feedback before completing a final report. As provided for in the CRD V, based on the outcome of this report, the EBA may issue guidelines regarding the uniform inclusion of ESG risks in the supervisory review and evaluation process performed by competent authorities, and potentially also amend or extend other policies products including provisions for internal governance, loan origination and outsourcing agreements.

Until EBA has delivered its mandates on strategy and risk management, it encourages institutions to act proactively in incorporating ESG considerations into their business strategy and risk management as well as integrate ESG risks into their business plans, risk management, internal control framework and decision-making process.

Key metrics and disclosures

Institutions disclosures constitute an important tool to promote market discipline. The provision of meaningful information on common key metrics also distributes to making market participants aware of market risks. The disclosure of common and consistent information also facilitates comparability of risks and risks management between institutions, and helps market participants to make informed decisions.

To support this, CRR II requires large institutions with publicly listed issuances to disclose information on ESG risks and climate change related risks. In this context, CRR II includes a mandate to the EBA according to which it shall develop a technical standard implementing the disclosure requirements. Following this mandate, EBA will specify ESG risks´ disclosures as part of the comprehensive technical standard on Basel´s framework Pillar 3.

Similar mandates are contained in the IFR and IFD package. The IFD mandate for example requires EBA to report on the introduction of technical criteria related to exposures to activities associated substantially with ESG objectives for the supervisory review and evaluation process of risks, with a view to assessing the possible sources and effects of such risks on investment firms.

Until EBA has delivered its mandates, it encourages institutions to continue their work on existing disclosure requirements such as provided for in the Non-Financial Reporting Directive (NFRD) as well as participation in other initiatives. EBA also encourages institutions to prioritise the identification of some simple metrics (such as green asset ratio) that provide transparency on how climate change-related risks are embedded into their business strategies, decision-making process, and risk management.

Stress testing and scenario analysis

The EBA Regulation includes a specific reference to the potential environmental-related systemic risk to be reflected in the stress-testing regime. Therefore, the EBA should develop common methodologies assessing the effect of economic scenarios on an institutions´ financial position, taking into account, inter alia, risks stemming from adverse environmental developments and the impact of transition risk stemming from environmental political changes.

Also the CRD V mandate requires EBA to develop appropriate qualitative and quantitative criteria, such as stress testing processes and scenario analysis, to asses the impact of ESG risks under scenarios with different severities. Hence, EBA will develop a dedicated climate stress test with the main objective of identifying banks´ vulnerabilities to climate-related risks and quantifying the relevance of the exposures that could potentially hit by climate change related risks.

Until delivering its mandates, EBA encourages institutions to adopt climate change related scenarios and use scenario analysis as an explorative tool to understand the relevance of the exposures affected by and the potential magnitude of climate change related risks.

Prudential treatment

The mandate in the CRR II asks EBA to assess if a dedicated prudential treatment of exposures to assets or activities associated with environmental or social objectives would be justified. The findings should be summarised in a report based on the input of a first to be published discussion paper.

Upshot

Between 2019 and 2025, the EBA will deliver a significant amount of work on ESG and climate change related risks. The obligations for institutions with regard to a sustainable financial economy and a more conscious handling of climate change related risks are becoming increasingly concrete. Institutions should take the EBA’s encouragement seriously and consider applying the measures recommended by the EBA prior to the publication of any guidelines, reports or technical standards.

Die fünfte Geldwäscherichtlinie: Was ist neu?

Veröffentlicht am von Dr. Verena Ritter-Döring and Charlotte Dreisigacker-Sartor

Die fünfte Geldwäscherichtlinie („5. AMLD“) trat bereits im Juli 2018 in Kraft. Damit wird die vierte Geldwäscherichtlinie, die von den Mitgliedsstaaten bis zum 26. Juni 2017 in nationales Recht umzusetzen war, bereits überarbeitet. Die neuerlichen Änderungen sind die Reaktion der EU auf die Enthüllungen der „Panama Papers“ und der terroristischen Anschläge von Paris und Brüssel.

Zeitplan

Die 5. AMLD wurde am 10. Juni 2018 im Amtsblatt der Europäischen Union veröffentlicht und trat am 09. Juli 2018 in Kraft. Den Mitgliedstaaten bleibt bis zum 10. Januar 2020 Zeit, die Regelungen der 5. AMLD in nationales Recht umzusetzen. Zur dadurch erforderlich werdenden Anpassung des deutschen Geldwäschegesetzes liegt momentan noch kein Referenten- oder Regierungsentwurf vor.

Die wichtigsten Änderungen im Überblick

  • Umtauschplattformen für virtuelle Währungen und Anbieter elektronischer Geldbörsen werden in den Geltungsbereich der Geldwäscherichtlinie einbezogen
  • Mehr Transparenz bzgl. des wirtschaftlichen Eigentümers
  • Harmonisierung der verstärkten Sorgfaltspflichten bei Hochrisikoländern
  • Ausweitung des Transparenzregisters

Verpflichtung von Umtauschplattformen für virtuelle Währungen und Anbieter elektronischer Geldbörsen

Umtauschplattformen für virtuelle Währungen und Anbieter von elektronischen Geldbörsen werden zukünftig in den Kreis der geldwäscherechtlich Verpflichteten aufgenommen. Ziel ist es vor allem zu verhindern, dass terroristische Gruppen Gelder in das EU Finanzsystem oder zwischen Netzen virtueller Währungen transferieren und dabei den Transfer ganz verbergen oder sich zumindest die Anonymität, die durch die Umtauschplattformen grundsätzlich ermöglicht wird, zu Nutze zu machen. Sind Umtauschplattformen für virtuelle Währungen und Anbieter elektronischer Geldbörsen geldwäscherechtlich verpflichtet, müssen sie ihre Kunden u.a. identifizieren, was die anonyme Nutzung deutlich erschweren wird.

Harmonisierung der verstärkten Sorgfaltspflichten bei Geschäftsbeziehungen mit Bezug zu Hochrisikoländern

Nach wie vor wird die EU Kommission ermächtigt, durch eine Delegierte Verordnung festzulegen, welche Länder ein hohes Risiko für Geldwäsche und Terrorismusfinanzierung aufweisen. Die vierte Geldwäscherichtlinie schrieb den Mitgliedsstaaten zwar vor, dass Regelungen zu treffen sind, die vorsehen, dass die Verpflichteten verstärkte Sorgfaltspflichten anzuwenden haben, wenn ihr Geschäftspartner in einem Drittland mit hohem Risiko sitzt. Keine Vorgaben gab es indes, welche verstärkten Sorgfaltspflichten konkret anzuwenden sind. Nunmehr ist eine Harmonisierung vorgesehen. Zukünftig müssen Verpflichtete zusätzliche Informationen einholen über

  • den Kunden und den wirtschaftlichen Eigentümer,
  • die Art der angestrebten Geschäftsbeziehung,
  • die Herkunft der Gelder, des Vermögens des Kunden und des wirtschaftlichen Eigentümers und
  • über die Gründe der Transaktion.

Zusätzlich muss die Zustimmung der Führungsebene zu der Geschäftsbeziehung eingeholt werden und diese u.a. durch häufigere und zeitlich besser geplante Kontrollen stärker überwacht werden. Gegebenenfalls sind auch noch weitere risikomindernde Maßnahmen zu ergreifen, wie z.B. die Beschränkung der geschäftlichen Beziehung.

Mehr Transparenz bzgl. des wirtschaftlichen Eigentümers

Zur Verbesserung der Transparenz bzgl. des wirtschaftlichen Eigentümers sind nunmehr auch Trusts und ähnliche Rechtsgestaltungen – wie etwa die französische „fiducie“ und die deutsche Treuhand – zur Registrierung im Transparenzregister verpflichtet. Sie müssen in diesem Rahmen Angaben zu dem wirtschaftlichen Eigentümer zu machen. Diese umfassen die Identität des Settlors (entspricht im deutschen Recht dem Treugeber), des Trustees (entspricht im deutschen Recht dem Treuhänder), des Protektors (sofern vorhanden), den Begünstigten sowie jede andere natürliche Person, unter deren tatsächlicher Kontrolle der Trust steht.

Mehr Transparenz soll auch die Pflicht bringen, bei Beginn einer neuen Geschäftsbeziehung mit einem Geschäftspartner, über dessen wirtschaftlichen Eigentümer Angaben registriert werden müssen, gegebenenfalls den Nachweis der Registrierung oder einen Auszug aus dem Register einholen.

Ausweitung des Transparenzregisters

In Zukunft verpflichtet die 5. AMLD die wirtschaftlichen Eigentümer von Gesellschaften und anderen juristischen Personen, den Verpflichteten alle notwendigen Informationen zur Verfügung zu stellen, damit diese ihre Identifikationspflichten hinsichtlich des wirtschaftlichen Eigentümers erfüllen können. Die Verpflichteten sollen zudem Unstimmigkeiten, die sich zwischen den Angaben über die wirtschaftlichen Eigentümer durch den Geschäftspartner und den Informationen, die im Transparenzregister gespeichert sind, ergeben, den zuständigen Behörden mitteilen.

Die Einsicht in das Transparenzregister, in dem die Informationen über den wirtschaftlich Berechtigten gespeichert sind, soll in Zukunft für Jedermann möglich sein. Dazu führt die 5. AMLD für jedes Mitglied der Öffentlichkeit ein Einsichtsrecht ein. Schließlich sollen die nationalen zentralen Register bis zum 10. März 2020 über die zentrale Europäische Plattform vernetzt sein.

Regulatorischer Ausblick

Die EU Kommission hat am 12. September 2018 einen Vorschlag zur Stärkung der Befugnisse der European Banking Authority („EBA“) im Bereich der Geldwäsche veröffentlich. Dazu soll die EBA-Verordnung angepasst und durch eine noch strengere Überwachung der Geldwäschebekämpfung ein stabiler Banken- und Finanzsektor sichergestellt werden. Nach dem Vorschlag der Kommission soll die EBA ein Anordnungsrecht gegenüber den nationalen mit der Geldwäschebekämpfung befassten Behörden haben. So soll die EBA die nationalen Behörden auffordern können, mutmaßlichen wesentlichen Verstößen nachzugehen und Sanktionen in Betracht zu ziehen. Die EBA soll außerdem die Tätigkeit der nationalen Behörden überwachen und im Falle eines nicht ausreichenden Tätigwerdens der nationalen Behörden gegenüber einzelnen Unternehmen selbst direkte Anordnungen treffen können. Der Vorschlag der Kommission wird nun vom Europäischen Parlament und vom Rat erörtert werden.

Who is Who? European Supervisory Authorities – How they Cooperate and Interact

Veröffentlicht am von Dr. Verena Ritter-Döring

If you are looking for guidance from national and European supervisory authorities, it is not easy to see at first glance how they work together and whose guidance is most relevant. We want to shed some light on the ‘Who is Who?’ of German and European regulators.

Financial market supervision in Germany

The first go-to regulator in Germany is the Federal Financial Supervisory Authority (BaFin), which is entrusted with the tasks of banking, insurance and securities supervision and acts as a universal financial supervisory authority. BaFin is also responsible for ensuring that financial services, banking and insurance transactions are not conducted without a license and can also sanction any violations against the regulatory regime – and does so regularly. One of the newest additions to the list of tasks of BaFin is supervising compliance with consumer protection rules within the financial market. This primarily concerns cases in which regulated institutions violate regulatory provisions that protect consumers. If these infringements go beyond individual cases, they are pursued in the public interest by BaFin. BaFin, together with criminal enforcement authorities, is also responsible for pursuing money laundering and terrorist financing and supervising compliance with AML requirements. BaFin’s banking and insurance supervisory office is based in Bonn, the office responsible for securities supervision, asset management and bank resolution is based in Frankfurt am Main.

In Germany, the task of banking supervision is shared by BaFin and the German Central Bank (Deutsche Bundesbank). BaFin and Deutsche Bundesbank, e.g., oversee whether the banks have sufficient financial resources and whether business operations are properly organised. BaFin and Bundesbank receive the necessary information from the banks themselves or obtain it through on-site audits. The Bundesbank is responsible for the majority of operational banking supervision, namely the reporting and evaluation of audit reports submitted by the institutions and the performance of special audits. Guidelines for ongoing supervision and interpretation of legal requirements are mainly issued by BaFin.

The supervision of insurance policies by BaFin is intended to ensure that the insurance companies are capable of providing the benefits to which they are obliged. To this end, BaFin checks, for e.g., whether the insurance companies have sufficient financial resources and assess risks correctly.

BaFin’s supervision of securities serves the purpose of ensuring the availability of sufficient information and transparency for all market participants by monitoring the proper publication of relevant information. BaFin also monitors insider trading and price manipulation.

European financial market supervisory regime

BaFin and Deutsche Bundesbank are not the only regulators you have to keep up with when you are a regulated institution. At the European level, the European Securities and Markets Authority (ESMA), the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) have their say and the European Central Bank (ECB) is also responsible for financial market supervision within the Eurozone.

The Single Supervisory Mechanism (SSM) has entrusted the ECB with the direct supervision of significant financial institutions in the Eurozone. These are about 120 banks and banking groups. To fall within the ECB’s responsibility, a bank must either have a balance sheet total of more than €30 billion or more than 20% of its home country’s GDP. If these thresholds are not met, the ECB monitors the 3 largest banks in each of the countries participating in the SSM (which are 19 countries in the Eurozone). All other banks will continue to be supervised by the national supervisory authorities.

If the ECB is in charge, the ECB cooperates with the national supervisory authorities of the banks‘ home countries. Joint Supervisory Teams (JSTs) are set up by the ECB for coordination. These are composed of staff from the ECB and the national supervisory authorities. In Germany JSTs consist of members of the ECB, BaFin and Deutsche Bundesbank. A consistent supervisory practice can be established through the JSTs, taking into account national standards and a uniform standard within the Eurozone.

In contrast to the day-to-day supervision of the national regulators and the ECB, the European supervisory authorities EBA, ESMA and EIOPA (together ESAs) generally do not act directly vis-à-vis individual financial institutions, but ensure uniform standards within the EU. They also monitor the application of EU law by national supervisory authorities and the market. For this purpose, they use convergence instruments such as guidelines and Q&As (Questions and Answers), which aim at a consistent application of EU law by the national supervisory authorities. In practice, however, European directives are not always implemented equally in each Member State since the directives also leave a scope of interpretation for the national legislator on certain aspects of regulatory law.

The guidelines issued by EBA, ESMA and EIOPA are binding for the national regulators in Europe. They are not directly binding for the institutions but become directly binding when adopted by the national regulators. BaFin publishes on its homepage whenever it adopts guidelines, and also when guidelines are specifically not integrated within the German administrative practice. The advantage of the ESA’s approach of having a single rulebook and consistent rules throughout the EU for the market is that the provision of cross-border services becomes easier if just one set of rules apply.

EBA, ESMA and EIOPA are also actively involved in the European legislative process by supporting the European Commission in drafting legislative proposals based on their knowledge of the European financial market and its supervisory mechanisms.

Although the ESAs do not act directly vis-à-vis the majority of the regulated institutions, it is worth monitoring their publications to get an early grip on regulatory developments. The European administrative practice is essentially formed through the ESAs. It is also worth noting that the ESAs usually publish drafts of their envisaged guidelines for consultation purposes. For lobbying purposes it is essential to participate in such consultations.

FinTech Action Plan versus Global Financial Innovation Network

Veröffentlicht am von Dr. Verena Ritter-Döring

As outlined in Part 3 of this series of posts giving updates on the European FinTech regulation agenda, the envisaged harmonized regulatory framework for financial innovation within the Single Market will be based on a comprehensive understanding of the innovative landscape within the financial market. Building the knowledge takes time and effort. It took EBA three and a half months after laying out its FinTech Road Map to publish the first analyses which form part of the FinTech Knowledge Hub.

The Knowledge Hub aims at fostering a better understanding of the innovative landscape within the financial market through facilitating the exchange of information between European and national regulators, innovators and technology providers. On this basis, a regulatory framework can be built that will fit the market’s demands and will support new innovative business models.

In contrast to the European approach, the Financial Conduct Authority (FCA) in London approaches the support for FinTechs in what seems to be at a first glance a more rapid way. Already in February 2018 the UK regulator encouraged the idea of a “global sandbox.” A regulatory sandbox allows the provider of innovative technology to offer his or her idea to a certain number of potential clients within the financial market for a limited period of time without the application of the full set of compliance, license and capital requirements. During this time the provider can assess if his or her innovative approach is worth the investment of full regulatory compliance. In the UK the possibility for FinTechs to approach the market via a regulatory sandbox has been successfully established in 2016.

Driven by the understanding that major emerging innovation trends (such as big data, artificial intelligence and blockchain based solutions) are increasingly global, rather than domestic, in nature, in February 2018 the FCA started an international dialogue with firms doing business, or looking to do business, in the UK or overseas, regulators, consumers, or any other interested party to assess what a global sandbox could look like. The FCA received 50 responses to their call in February with an overall positive feedback. Key themes to emerge in the feedback were:

Regulatory co-operation: Respondents were supportive of the idea of providing a setting for regulators to collaborate on common challenges or policy questions that firms face in different jurisdictions.

Speed to market: Respondents saw as one of the main advantages for the global sandbox that it could be reducing the time it takes to bring ideas to new international markets.

Governance: Feedback highlighted the importance of the project being transparent and fair to those potential firms wishing to apply for cross-border testing.

Emerging technologies/business models: A wide range of topics and subject matters were highlighted in the feedback, particularly those with notable cross-border application. Among the issues highlighted were artificial intelligence, distributed ledger technology, data protection, regulation of securities and Initial Coin Offerings (ICOs), know your customer (KYC) and anti-money laundering (AML).

Building on the FCA’s proposal to create a global sandbox, on 7 August 2018 the FCA has, in collaboration with 11 financial regulators and related organisations, announced the creation of the Global Financial Innovation Network (GFIN). The FCA is the only European regulator within GFIN. The other members are the Abu Dhabi Global Market (ADGM), the Autorité des marchés financiers (AMF, Canada), the Australian Securities & Investments Commission (ASIC), the Central Bank of Bahrain (CBB), the Bureau of Consumer Financial Protection (BCFP, USA), the Dubai Financial Services Authority (DFSA), the Guernsey Financial Services Commission (GFSC), the Hong Kong Monetary Authority (HKMA), the Monetary Authority of Singapore (MAS), the Ontario Securities Commission (OSC, Canada) and the Consultative Group to Assist the Poor (CGAP).

The idea of GFIN is to:

  1. act as a network of regulators to collaborate, share experience of innovation in respective markets, including emerging technologies and business models, and communicate to firms;
  2. provide a forum for joint policy work and discussions; and
  3. provide firms with an environment in which to trial cross-border solutions (business-to-consumer (B2C) or business-to-business (B2B)).

With the announcement of the creation of GFIN, the FCA also published a consultation document laying out a mission statement for GFIN and the idea of a global sandbox which is still based on the FCA’s concept thereof published in February. The consultation is addressed to innovative financial services firms, financial services regulators, technology companies, technology providers, trade bodies, accelerators, academia, consumer groups and other stakeholders keen on being part of the development of GFIN and will be running until 14 October 2018.

Although the knowledge centered approach of the EU for a regulatory framework for FinTechs within the Single Market surely is a reasonable approach, an international approach could have the advantage of providing speedier solutions and create a competitive advantage. With Brexit on the horizon, the FCA’s approach seems sensible and certainly a good move to keep their financial market up to date.

EBA konsultiert ein harmonisiertes Auslagerungsregime – Was erwartet den deutschen Markt?

Veröffentlicht am von Dr. Verena Ritter-Döring

Seit 22. Juni und noch bis 24. September 2018 konsultiert die EBA Richtlinien für ein harmonisiertes Auslagerungsregime. Anknüpfend an die Leitlinien zum Outsourcing des Commitee of European Banking Supervisors (CEBS) aus dem Jahr 2006, die nur für Kreditinstitute Anwendung finden, möchte die EBA nun einen gemeinsamen europäischen Rahmen für Kreditinstitute und Finanzdienstleistungsunternehmen, Zahlungs- und E-Geld-Institute schaffen. Erfasst sind von dem neuen Vorstoß damit Institute, die der CRR und der PSD2 unterliegen. Nach wie vor nicht erfasst sind Fondsmanager. Grund dafür ist einfach, dass die EBA für diesen Bereich nicht zuständig ist. Hier wäre eine Zusammenarbeit mit der ESMA, die für den Fondsbereich Leitlinien erlassen kann, wünschenswert gewesen.

Zu begrüßen ist der Vorstoß der EBA dennoch vor dem Hintergrund, dass gerade für die FinTech-Szene Auslagerungen ein wichtiges Thema sind. Etablierte Institute, die intern keine eigenen Innovationen entwickeln, suchen häufig Kooperationspartner aus der FinTech-Szene. Im Rahmen solcher Kooperationen werden innovative Ideen von den etablierten Instituten angeboten, aber die (IT-)Leistungen erbringen oft die FinTechs im Rahmen einer Auslagerung. Es ist sicher sinnvoll, auf europäischer Ebene einen gemeinsamen Rahmen für Auslagerungen zu schaffen, damit auch FinTech-Unternehmen, die grenzüberschreitend tätig sein wollen, nicht mehrere nationale Standards einhalten müssen, was wiederum Kosten verursacht. Die Empfehlungen der EBA zur Auslagerung an Cloud-Anbieter,die bereits im März 2018 veröffentlicht wurden, sind in die Konsultation integriert worden.

Nach dem Vorschlag der EBA werden die Anforderungen an das Auslagerungsmanagement und an Auslagerungsverträge für CRR-Institute und Zahlungsinstitute angeglichen. Die Vorgaben des Zahlungsdiensteaufsichtsgesetzes (ZAG), das für Zahlungs- und E-Geld-Institute gilt, waren bislang weniger streng als die des Kreditwesengesetzes (KWG), das für Kreditinstitute und Finanzdienstleistungsunternehmen Anwendung findet. In der Praxis orientierten sich aber auch Zahlungsdienstleister bereits an der Verwaltungspraxis der BaFin zum Outsourcing für Kreditinstitute. Ein neuer einheitlicher Rahmen verschafft hier Klarheit. Da der Proportionalitätsgrundsatz auch nach den konsultierten Auslagerungsleitlinien erhalten bleiben soll, können Institute und Zahlungsinstitute künftig weiterhin abhängig von ihrem Geschäftsmodell ihr Auslagerungsmanagement in angemessener Weise gestalten.

Zentrale Punkte bleiben weiterhin, dass Auslagerungen im Risikomanagement abgebildet werden müssen, dass interne Kontrollmechanismen etabliert werden, dass die Datensicherheit in jedem Fall gewährleistet bleibt und dass das Institutsmanagement die letzte Verantwortung für ausgelagerte Prozesse behält. Die Vorgaben an Auslagerungsverträge bringen ebenfalls keine Neuerungen. Festgeschrieben ist nun, dass Serviceleistungen, die eine Erlaubnis einer Aufsichtsbehörde erfordern, nur von lizensierten Dienstleistern erbracht werden dürfen. Jedes Institut soll künftig eine schriftlich festgehaltene Auslagerungs-Policy vorhalten, deren Vorgaben etwas ausführlicher sind, als das bisher der Fall ist. Eine recht aufwändige Neuerung ist, dass geplante Auslagerungen von kritischen oder wichtigen Funktionen, inklusive wesentlicher Auslagerungen an Cloud-Servicedienstleister, nach dem Entwurf der EBA künftig vorher der zuständigen Behörde angezeigt werden sollen. Auch wesentliche Änderungen in einem solchen Auslagerungsverhältnis sollen der Behörde zeitnah mitgeteilt werden. Hier wird abzuwarten sein, wie sich die Verwaltungspraxis entwickelt.

Der Vorschlag der EBA enthält auch Vorgaben zu Auslagerungen an Drittstaaten-Servicedienstleister. Ein Anwendungsfall für solche Drittstaaten-Auslagerungen kann laut EBA etwa sein, dass ein Drittstaateninstitut, das Zugang zum europäischen Markt hat oder sucht, nicht seine gesamte Infrastruktur neu aufbauen muss, sondern bestehende, im Drittstaat bereits vorhandene Infrastruktur (etwa in der eigenen Gruppe) im Rahmen einer Auslagerung auch für die innereuropäische Einheit nutzen kann. Damit ist die Konsultation der EBA auch für den bevorstehenden Brexit relevant. Sofern UK im Fall eines harten Brexits zum Drittstaat würde und UK-Institute Geschäftsbereich in die EU verlagern, kann so in einem gewissen Rahmen auch vorhandene Infrastruktur grenzüberschreitend genutzt werden. Es ist nun ausdrücklich geregelt, was bislang bereits galt, nämlich dass Bankgeschäfte und Zahlungsdienste nur an Dienstleister in Drittstaaten ausgelagert werden dürfen, wenn diese in dem Drittstatt beaufsichtigt sind und es eine geregelte Zusammenarbeit zwischen der Drittstaatenaufsicht und der zuständigen Aufsichtsbehörde in dem jeweiligen EU-Staat gibt.

Insgesamt handelt es sich bei der Konsultation um einen weitgesteckten Rahmen, der die derzeitige deutsche Auslagerungspraxis nicht wesentlich verändern wird.

FinTech Action Plan and EBA Road Map: Part 3

Veröffentlicht am von Dr. Verena Ritter-Döring

As outlined in Part 1 and Part 2 of this series of posts giving updates on the European FinTech regulation agenda, there is a political will to create a comprehensive and harmonized regulatory framework for financial innovation within the Single Market. Part of the Road Map to a regulatory framework is a FinTech Knowledge Hub, which is meant to facilitate the exchange of information between European and national regulators, innovators and technology providers. The Knowledge Hub will foster a better understanding of the innovative landscape within the financial market.

Three and a half months after laying out its FinTech Road Map, EBA delivers first products that form part of the FinTech Knowledge Hub.

The two documents published on 3 July 2018 are reports on the impact of FinTech on incumbent credit institutions’ business models  and on the prudential risks and opportunities arising for institutions from FinTech . Both reports contain an analysis of the impact of FinTechs on the current financial landscape and aim to raise awareness within the supervisory community and the financial industry of potential prudential risks and opportunities from current and potential FinTech applications. EBA wants to convey an understanding of the main trends that could impact incumbents‘ business models and pose potential challenges to their sustainability.

The first report, on the impact of FinTech on incumbent credit institutions’ business models, is an overview of the current market situation. It identifies four drivers for changes in current business models which are i. customer expectations and behaviour, ii. profitability concerns in the current low interest rate environment, iii. increasing competition and iv. regulatory changes such as PSD2 and GDPR. EBA identifies two main trends among the different digitalisation projects of the established institutions, namely digital transformation of internal processes and digital disruption by use of innovative technologies that aim to enhance customer experience. In the current FinTech ecosystem the prevailing model of interaction between FinTechs and incumbent institutions is one of collaboration and establishment of new relationships. In this way FinTechs can provide knowledge and ideas incumbent institutions have yet been too reluctant or too slow to establish themselves.

The second report, on prudential risks and opportunities arising for institutions from FinTech, is intended to raise awareness of and to share information on current and potential FinTech applications. The report focuses on seven use cases without making recommendations. The seven use cases are:

  1. Biometric authentication using fingerprint recognition,
  2. Use of robo-advisors for investment advice,
  3. Use of big data and machine learning for credit scoring,
  4. Use of Distributed Ledger Technology (DLT) and smart contracts for trade finance,
  5. Use of DLT to streamline Customer Due Diligence processes,
  6. Mobile wallet with the use of Near Field Communication (NFC),
  7. Outsourcing core banking/payment systems to a public cloud.

EBA focuses mainly on operational risk aspects, but also considers opportunities that may arise from the seven applications. The report is informative and provides a good overview for competent authorities and institutions alike of the current landscape and the inherent prudential risks that the market should be aware of.

FinTech Action Plan and EBA Road Map: Part 2

Veröffentlicht am von Dr. Verena Ritter-DöringSchreib einen Kommentar

Part 2: Further Guidance through EBA’s FinTech Roadmap

On 15 March 2018 EBA published its FinTech Roadmap which bridges the dichotomy between consumer protection and stability of the financial system through cybersecurity on the one hand and the support for financial innovation on the other hand. It becomes clear that EBA recognises the benefits of the innovative developments for the Single Market, which include enhancing consumer experience, cost efficiency for consumers and service providers and the need to support growth.

A harmonised regulatory framework for new technologies in the financial markets is needed. A provider of an innovative idea using new financial technologies might want to test his idea in the market. He will face different challenges in countries with regulatory sandboxes compared to countries where a inflexible regulatory regime applies. A regulatory sandbox would allow the provider to offer his idea to a certain amount of potential clients for a limited period of time without the application of the whole compliance, license and capital requirements. During this time he can assess if his innovative approach is worth the investment of full regulatory compliance. In countries where the regulatory regime applies from day one when the first client is approached and on boarded, the investment of the provider is much higher. This might in turn prevent financial innovations since the hurdle to become a (regulated) market player is quite high.

EBA did not provide a practical briefing for establishing consistent regulatory sandboxes in its Roadmap. It only announced that further analysis of already established sandboxes (as e.g. in the UK, in Singapore and in Australia) will be undertaken. EBA figures that by the end of 2018 best practice guidelines for regulatory sandboxes will be issued.

Until then the German regulator BaFin will impose the classical regulatory regime drafted for traditional players on the innovative developers of the financial markets, paired with a warning to consumers regarding the risk of buying virtual currency due to a lack of statutory consumer protection. So far BaFin published some generic guidance on its regulatory assessment of ICOs, but emphasised that a case-by-case evaluation will be inevitable. For other financial innovations such as for example crowd-funding platforms, it took more than two years until regulation on a national level complemented by BaFin’s administrative practice was established.

A comprehensive and harmonised regulatory framework which leaves room for innovation is essential for a growing and competitive Single Market. Hopefully, EBA’s planned FinTech Knowledge Hub, which will facilitate the exchange of information between regulators, innovators and technology providers, will add to this understanding. Up to now EBA did not provide concrete guidance for new market players. To be fair on the national regulators, without any leeway by the legislators there is not much room to ease the burden of the current regulation for new technologies through an administrative practice alone. Throughout 2018 at least, FinTechs will thrive in countries with a flexible regulatory approach that is backed by the relevant regulator.