More EU-wide supervision

The Commission’s plans, if implemented, will change the way financial firms and other ‘obliged entities’ are supervised. For example, the European Commission wants to:

• have the European Banking Authority regulate ‘significant’ issuers of stablecoins and e-money; and
• introduce the ‘lead overseer’ concept for third-party service providers of critical information and communications technology.

Separate to the digital finance strategy, in July 2021, the Commission announced proposed reforms to the EU's anti-money-laundering regime, which include the creation a single EU AML supervisor.

The broader regulatory picture

While the above initiatives are aimed squarely at financial services, the sector will also be affected by broader EU policy and legislation.

• In April 2021, the Commission published its proposals to regulate AI (including banning certain AI practices and improving the transparency of AI systems) and promote the development and use of ethical and trustworthy AI within the EU.
• The EU is using competition policy to restrain the perceived over-reliance of tech companies based outside the EU. For example, the Commission wants platforms to open up access to their data, which, it believes, may lower switching costs, stimulate innovation, and drive market entry and competition.
• The Commission is aiming for ‘open strategic autonomy’. While the EU will continue to work with its partners (eg by making it easier to share data with countries and entities outside the EU), it will not hesitate to go it alone (eg by boosting its tech sovereignty).

The direction of travel for EU policy and regulation suggests that big technology companies’ growing role in the financial services sector is going to face greater scrutiny. For example, the EU may subject the companies to antitrust investigations based on the ‘same activity, same risk, same rules’ principle. The companies could even be included in financial regulatory frameworks and supervisory mechanisms.

Cross-border digital IDs

In June 2021, the Commission published its proposed amendments to the 2014 digital identity regulation.

The new rules will require member states to develop a national digital ID system. This will give EU citizens access to a European digital wallet linked to their national ID documents. The wallet should:

• make it easier to access public and commercial online services across the EU;
• reduce the need to share personal data; and
• make it easier for financial firms to check the identity of new customers.

The Commission wants member states to establish, by September 2022, a common toolbox that will include technical architecture, standards and best-practice guidelines. It will also work with member states and the private sector on the technical aspects of the European digital identity.

Levelling the international playing field?

Like the GDPR, which has driven global regulatory convergence, many of these initiatives are expected to set the tone at an international level.

However, the EU – when developing expansive new rules – must be sensitive to the realities of doing business both in Europe and elsewhere. This means establishing minimum legal standards that don’t stifle EU growth and recognising the regulatory and enforcement landscape in prominent export markets.

This will be a difficult balance to strike. But the ‘success’ of the GDPR suggests that it is achievable.