The financial services landscape continues to undergo widespread digitalisation, marked by an influx of borderless and data-based products and services. The internet now theoretically allows firms to sell financial services to consumers anywhere in the world and this transformation has prompted regulators to ramp up efforts towards formalising co-operation — both across jurisdictions and across industries. As a result, firms should prepare themselves for increased guidance and regulatory expectations.
In response to the digitalisation of financial services, regulators have been looking to step up co-operation with their international counterparts and with bodies outside the industry's traditional perimeter (including competition authorities, consumer protection authorities, and data governance regulators). As things stand, such cooperation remains somewhat inhibited by practical, regulatory and legal challenges including data protection rules or a lack of information exchange structures.
In early 2022, the FSB published a report (PDF 567 KB) assessing the risks posed by the expanding crypto-asset market — noting, in particular, how the rapid evolution and international nature of these arrangements raises the potential for regulatory gaps, fragmentation or arbitrage. The FSB consequently urged global authorities to prioritise cross-border and cross-sectoral cooperation. It also described how it plans to support this work by monitoring supervisory approaches and facilitating information sharing.
In regards to cyber and digital resilience, the EU's Digital Operational Resilience Act (DORA) also requires an unprecedented level of cooperation between authorities. The European Commission proposed DORA as part of its wider digital finance package to harmonise the EU's currently disjointed regulatory landscape (where rules are often overlapping, inconsistent and/or duplicative). Recognising the fluidity of cyber threats, DORA intends to establish several mechanisms through which authorities will have to exchange information and work together, not only within the financial sector, but also with the cybersecurity authorities in the ecosystem.
Decentralised Finance (DeFi) is another focus area. In March, IOSCO published a report (PDF 959 KB) describing how the majority of DeFi's new services are emerging to replicate more traditional financial services and relevant activities, but with weaker regulation and increased risks for investors. At the BIS's recent Innovation Summit, Andrew Bailey (Governor of the Bank of England), stressed the need for international co-operation (particularly around the increasing use of artificial intelligence in DeFi) to prevent companies from using modern technology to circumvent national rules.
To address these (and similar) challenges, the three European Supervisory Authorities (EBA, EIOPA and ESMA) recently published a response (PDF 2.56 MB) to the European Commission's (EC) call for Advice on Digital Finance. Within this, they recommended improving international supervisory coordination by:
- Producing additional guidance on notification requirements for cross-border provision — currently, passporting notifications are typically given on an EU-wide basis (rather than specific to the jurisdictions in which services are actually carried out) and have insufficient information regarding the modalities of provision (e.g., the use of digital platforms)
- Enhancing cross-border information exchange — e.g., by establishing supervisory forums to discuss practical use cases (such as the allocation of responsibilities between home and host authorities, coordinating the collection of data etc)
- Introducing processes and measures to address rule infringement
Enhancing coordination with third-country authorities in the form of a review of existing Memoranda of Understanding (MoUs) to ensure they reflect specific issues related to digital finance
The ESAs also propose potential frameworks to introduce structured cooperation between financial, data, cyber, consumer protection and competition authorities. The report describes how this would be beneficial (i) to maintain awareness of policy developments happening across relevant sectors, (ii) to better identify and monitor market developments and emerging risks on a horizontal basis, and (iii) in the context of the growing platformisation of financial services and the development of mixed activity groups. [For more information, see our recent article on the expansion of Big Tech platforms into financial services]. Some initial improvements have already been seen as a result of the ESA's 2019 review, which resulted in a mandate for cooperation between the ESAs and the European Data Protection Board and a request for bilateral/multilateral information exchange between regulatory authorities. However, at the ESAs own admission, the steps taken remain limited in scope.
In the wake of Brexit, the UK has been working to establish its own cooperation structures. HMT published a report (PDF 2.60 MB) in July 2021 outlining its plan to remain an 'open and global financial hub' and to create a 'sector at the forefront of technology and innovation'.
In April 2021, the FCA became a full member of the UK Digital Regulation Cooperation Forum (DRCF), having previously been an observer member — a move which demonstrates the growing importance of data across sectors and regulatory disciplines. The DRCF was established in July 2020 by the Competition and Markets Authority (CMA), the Information Commissioner's Office (ICO) and the Office of Communications (Ofcom), to ensure a greater level of cooperation over the regulation of online platforms. Its member regulators have committed to launching joint projects on “complex cross-cutting issues” including AI, digital advertising technologies and end-to-end encryption.
A few months later, the Department for Business, Energy & Industrial Strategy (BEIS) published its Spring 2021 report on the Smart Data Working Group. The report describes the potential benefits, challenges and use cases of Smart Data in banking, finance and other industries, and sets out practical proposals for cross-sector coordination to inform future policy development.
And finally, the Department for Digital, Media, Culture and Sport (DCMS) recently closed a consultation on the legislation and governance required to enable the use of digital identity across the economy — including in financial services. This consultation builds on previous government activity including a Call for Evidence in 2019 and the launch of the digital identity and attributes trust framework in February 2021 (setting out what rules and standards are needed to protect sensitive identity data when used digitally).
Taken together, these developments demonstrate how, in response to increasing digitalisation, financial services regulators are seeking to establish 'more concrete' frameworks to structure cross-border and cross-industry co-operation. Firms should continue to track developments, in order to best prepare themselves for when these regulatory expectations become final.