Digital Finance and Innovation

As part of the broader review of the European Supervisory Authorities, the review of ESMA’s founding regulation strengthened ESMA’s role in relation to innovation by requiring the Authority to take into account innovation in its work.

Crypto-assets (CAs) are one of the major applications of blockchain technology, or Distributed Technology (DLT) in finance. CAs can be defined as a type of private asset that depends primarily on cryptography and DLT. There are a wide variety of CAs, including so-called cryptocurrencies or virtual currencies, stablecoins and digital tokens. The market for CAs is still relatively new but has grown quickly from a low base. ESMA is actively monitoring developments around CAs, as this is an area that is constantly evolving.

In February 2017, ESMA highlighted the opportunities as well as the challenges brought by DLT applied to financial securities markets in its DLT report.

In November 2017 and February 2018, ESMA issued two Statements on Initial Coin Offerings and a Joint ESA’s Warning on Virtual Currencies to alert investors to the high risks of these instruments.

In January 2019, considering that a full CA ecosystem was starting to emerge, ESMA undertook a comprehensive assessment of the applicability of the existing EU financial securities rules to this phenomenon, the outcomes of which were published in the form of an Advice to the EU Institutions. The Advice clarifies the rules that apply to those CAs that qualify as financial instruments and highlights the important risks that remain unaddressed where CAs fall outside of the regulated space.

Following on the ESMA Advice, in September 2020, the European Commission put forward two legislative proposals on CAs, namely a proposal for a regulation for a pilot regime for DLT market infrastructures (pilot regime) and a proposal for a regulation on Markets in CAs (MiCA). The two proposals distinguish between those CAs already governed by EU legislation and other CAs. For the former, the pilot regime is intended to allow market participants and regulators to gain experience with DLT in a controlled environment. For previously unregulated CAs, MiCA regulation sets strict requirements for issuers of CAs and CAs service providers.

ESMA continues to work closely with international authorities on the topic and stands ready to support the work of the European Commission as needed.

ICT risks, including cybersecurity risks, undermine confidence and represent a threat to the stability of the financial system. Furthermore, cyber-attacks are a growing concern because of their increasing frequency and potential impact.

In response to a request in the European Commission’s 2018 FinTech Action Plan, ESMA and the other ESAs published joint Advice in April 2019 on two cybersecurity-related topics: Advice on legislative improvements relating to ICT risk management requirements in the EU financial sector; and Advice on the case for a coherent EU-wide cyber resilience testing framework for significant market participants and infrastructures within the whole EU financial sector.

In September 2020, the Commission proposed a Digital Operational Resilience Act (DORA). The proposed DORA regulation aims to strengthen information security and cybersecurity in the financial sector. It sets out requirements for financial entities regarding Information and Communication Technology (ICT) risk management, contractual arrangements between ICT third-party service providers and financial entities, and an oversight framework for critical third-party service providers and rules on cooperation among competent authorities. In addition, consistent with our 2019 ESAs advice, the proposal attempts to harmonise the requirements across all financial sectors, amending relevant Regulations appropriately.

On a related topic, in December 2020, and consistent with the guidelines already published by the other ESAs, ESMA published Guidelines on outsourcing to cloud service providers. The guidelines are intended to help firms and competent authorities identify, manage and monitor the risks that arise from cloud outsourcing arrangements.

Crowdfunding is a means of raising finance for projects from ‘the crowd’ often by means of an internet-based platform through which project owners ‘pitch’ their idea to potential backers, who are typically not professional investors. It takes many forms, not all of which involve the potential for a financial return. ESMA’s focus is on crowdfunding which involves investment, as distinct from donation, non-monetary reward or loan agreement

ESMA published an Opinion to NCAs and Advice to the EU Parliament, Council and Commission in December 2014. Following the Advice, the European Commission presented a proposal for a regulation on crowdfunding service providers, which was adopted by the European Parliament and Council in October 2020. The new regulation will allow platforms to apply for an EU passport based on a single set of rules.

ESMA is increasingly involved in topics related to RegTech and SupTech, in line with its mandates under the ESMA Regulation. RegTech describes technology used in the context of regulatory compliance, including tasks such as risk management. SupTech is technology used by supervisory authorities.

As a policymaker and standard setter, ESMA is closely following EU and national discussions with respect to actions to support and facilitate RegTech solutions. This includes the EU Fitness Check exercise, as well as supporting the European Commission’s Digital Finance Strategy.

From a supervisory convergence perspective, ESMA also seeks to bring National Competent Authorities together, with the aim of sharing best practices on applied SupTech analyses. This takes the form of technical workshops, collaboration on projects of common interest, and also via dedicated topic committees and supervisory convergence fora. ESMA also conducts its own analyses in this respect, an example of which can be found here. 

ESMA also makes use of SupTech-related tools and techniques for its own supervisory mandates, such as for CRAs, CCPs, trade repositories, and securitisation repositories.

In terms of wider market trends, ESMA considers that, on the demand side, regulatory pressure and budget limitations are pushing the market towards an increased use of automated software to replace human decision-making activities. This trend is reinforced by supply drivers, such as increasing computing capacity and improved data architecture. Market participants are increasingly using new automated tools in areas such as fraud detection, regulatory reporting and risk management, while potential applications of new tools for regulators include greater surveillance capacity and improved data collection and management.

With these new tools come challenges and risks, notably operational risk. However, with appropriate implementation and safeguards, RegTech and SupTech may help improve a financial institution’s ability to meet regulatory demands in a cost-efficient manner and help regulators to analyse increasingly large and complex datasets. More analysis is available in a dedicated TRV article.

As part of its mandate to monitor and assess trends in innovative financial services, ESMA continues to monitor the use of AI and Big Data in the financial sector. One area in which these tools are applied is in RegTech/SupTech, as explored in a 2019 article in ESMA’s Trends, Risks and Vulnerabilities Report. In this context, the AI tools are increasingly used to analyse vast datasets for risk management, fraud detection/prevention and other compliance-related activities. 

More broadly, ESMA monitors developments in the use of AI for investment strategies. Some firms are using machine learning algorithms to devise trading strategies. Another example is the use of natural language processing to gauge market sentiment and synthesis published analysis and reports. Finally, a recent development is the emergence of AI- and technology-themed retail investment funds.

The EFIF provides a platform for supervisors to meet regularly to share experiences from their regulatory sandboxes and innovation hubs on engaging with firms and to exchange technological expertise, and to reach common views on the regulatory treatment of innovative products, services and business models, overall boosting bilateral and multilateral coordination.

The EFIF was established further to the January 2019 Joint ESA report on regulatory sandboxes and innovation hubs which identified a need for action to promote greater cooperation between innovation facilitators to support the scaling up of FinTech across the single market and cross-border activities in Europe.