EU Fintech Update

A reminder the Digital Finance Strategy is another key part of the EC’s Capital Markets Union (alongside the RIS); it is a comprehensive Financial Technology (FinTech) action plan now being applied across the various EU financial services regimes. Here is a summary of recent key updates.

1. ESMA: 5-year data strategy includes AI plans to bolster ‘data hub’ role

ESMA recently published their new five-year data strategy, driven by many factors now facing the industry:

• “Evolving EU supervisory activities”
  • Sustainable Finance (e.g. SFDR) and Digital Finance (e.g. DORA, MiCA, DLT Pilot Regime)
  • The pending European Single Access Point (ESAP)
  • EC’s Strategy on supervisory data in EU financial services

• “Technological developments & digitalisation”
  • ‘Fast-evolving’ digital developments: Big Data, Artificial Intelligence, Cybersecurity, Cloud computing
  • Rapid growth of new technologies: suited for supervision, reporting, data collection or data use
  • ESMA and the NCAs currently lack sufficient resources and required expertise.

ESMA’s Data Strategy includes six objectives, targeted for delivery during 2023-8.

1. ‘Enhanced data hub’: ESMA to focus on “improved data, information accessibility, interoperability and usability, data harmonisation and standardisation”;
2. ‘Access to data of public interest’: they will assist “easily accessible and usable information” to all market participants, “in machine readable formats, via user-friendly search and analytical interfaces”;
3. ‘Data-driven supervision’: ESMA will enable “cutting-edge, smart and effective data-driven supervision by joint developments and use of novel technologies”;
4. ‘Data collaboration & thought leadership’: ESMA will also help “achieve better data standardisation, quality and reusability and promote the adoption of innovative technologies”;
5. ‘Efficient data policy’: cut the “compliance burden” of EU firms by “reducing duplicative and inconsistent requirements, optimising reporting flows, efficient data sharing, exploiting emerging technologies”
6. ‘Systematic data use’: finally, ESMA will establish “processes, methodologies and tools enabling systematic use of data for evidence-based policy development, supervision and risk assessment”

ESMA’s Roadmap (p.18-20) includes the design and implementation of an ‘integrated data reporting system’.

This will be applied to UCITS and AIFMD regimes, starting with an initial study / draft RTS, during 2023-2026.

2. ESAs: launch first batch of DORA consultations

The Digital Operational Resilience Act (DORA) regulation entered into force on 16 January 2023.

It is a new regulatory framework to mitigate risks linked to Information Communication Technology (ICT) third-party service providers engaged by EU financial firms. In due course, all fund managers and investment firms need to demonstrate they can withstand and recover from technological disruption and cyber-attack threats faced by their appointed critical ICT third-party service providers.

DORA will legally apply from 17 January 2025. Meanwhile, the European Supervisory Authorities (ESAs) are now required to produce fourteen sets of technical standards and reports.  The ESAs recently started a public consultation on their first ‘batch’ of draft DORA technical specifications, covering:

• ICT risk management frameworks
• Criteria for the classification of ICT-related incidents
• Templates for the register of information
• Policy on ICT services performed by ICT third-party providers.

This consultation ends on 11 September 2023.

3. EU’s Landmark Crypto Law MiCA Published in Official Journal

The EU’s Markets in Crypto-assets (MiCA) Regulation entered into force on 29 June 2023.

MiCA introduces uniform EU market rules for specific digital assets previously excluded from financial market regimes. This new legal framework aims to support market integrity and financial stability by regulating public offers of crypto-assets, ensuring consumers are better informed about their associated risks.

Key provisions apply to those issuing and trading crypto-assets (e.g. asset-reference & e-money tokens), including transaction transparency, disclosure, and supervision rules, alongside use of distributed ledger technology (DLT).

UCITS and AIF firms are able to provide specific crypto-asset services if they give advance notice to their home NCA.

Similar to DORA, although MiCA has now entered into force, the regime now depends on a substantial number of implementing measures to be developed and finalised before the regulation legally applies in the next 12-18 months.

ESMA recently published their overview of the interim MiCA Consultation Process; alongside the ESAs and the European Central Bank, ESMA plan three public consultations on separate packages of MiCA technical standards.

These are planned for July 2023, October 2023 and Q1-2024, with details on the duration of each to be confirmed.

In the meantime, ESMA’s MICA implementation timetable is available for reference.