On Friday the 1st of September, Holland FinTech, Dutch Authority for the Financial Markets (AFM), the Netherlands Authority for Consumers and Markets (ACM) and the Dutch Central Bank (DNB) hosted Fintech Meets the Regulators at the DNB’s premises in Amsterdam. This event provided an opportunity for Dutch regulators and The event brought together approximately 100 attendees, three keynote speakers, and roundtables covering eight different topics including PSD2, cryptocurrencies, artificial intelligence, regtech, and MiFID II.
Fintech Meets the Regulators provided a valuable opportunity for regulators and companies working in financial technology to discuss the problems they face implementing up-and-coming regulation. 2018 is set to be the year of regulation, with three important pieces of legislation coming into effect: the second Payment Services Directive (PSD2), the General Data Protection Regulation (GDPR), and the second Markets in Financial Instruments Directive (MiFID II). In response, much of the event focused on how industry can comply with the new regulations and take advantage of the possibilities they provide.
Introduction and keynotes
Klaas Knot, president of the Dutch Central Bank (DNB), opened the event. Knot stressed that fintech is international and that Europe should also be looking to the US and China for both big innovations (such as seamless payments) and the problems they can generate. Supervisors need to balance innovation with control, and the DNB plans to tackle this through initiatives such as: 1) its innovation hub; 2) tailor-made supervision (maatwerk voor innovatie) that aligns with policy goals; 3) Increasing its employee’s knowledge and attracting talent, and 4) increasing dialogue with the sector.
The first keynote speaker was Thomas Bunnik of Pritle, recently acquired by Binckbank. Bunnik began his keynote by stating his belief that there are better financial solutions out there than those provided by the incumbents. For regulators, working with new players is challenging as new players and business models mean that there are new risks to consider. But at the end of the day, Bunnik stated, supervision is about trust. If a supervisory body beliefs there is an appropriate team working on the right solutions, then change and innovation are plausible.
Cora van Nieuwenhuizen, Member of the European Parliament, delivered the second keynote speech. Van Nieuwenhuizen pointed out that we are only at the beginning of innovation in fintech, which makes it all the more important for conversations between regulators and industry to be on-going and collaborative. Part of the challenge is to decide what is right for European Union residents, as no single approach to regulation will work around the globe. Take cryptocurrency, for example: in Japan, it is being regulated, but in India it is being prohibited.
However, there is one trend that appears to be growing everywhere, and that is a shift from a demand side economy to a supply side economy. Van Nieuwenhuizen echoed Klaas Knot in stating that innovation should benefit consumers. Finally, she stressed that the EU has three top priorities when it comes to financial services: Cybersecurity, cybersecurity, and cybersecurity. This is driven by increased data capability and connectivity. Consumers, companies and public sector should make this a priority.
The third and final keynote was given by Wilbert Tomesen from the Dutch Data Protection Authority (AP). Tomesen pointed out that nowadays there is a significant overlap between privacy and cybersecurity. He suggested that, besides health data, financial data might be the most important data set for consumers. The GDPR steers the regulatory approach away from a universal solution towards “privacy by design” or “privacy by default.” This approach tries to give consumers more power over their data, while protecting people who do not have the time, interest, or knowledge necessary to put thought into who they want to share their data with and why.
Tomesen stressed that innovation and privacy should not be at odds with each other: instead, privacy and protection can drive innovations that benefit consumers. For consumers, data portability is the big issue, whereas for companies, privacy assessment will become more important. The AP will work on both developing new supervision instruments, and reaching out to companies and consumers with better education.
The roundtables presented a chance for breakaway discussion on specific topics: blockchain, GDPR, regtech, PSD2, cryptocurrencies, instant payments, MiFID II, and artificial intelligence. Here we recap two of them.
General Data Protection Regulation (GDPR)
This roundtable was lead by a representative from the Dutch Data Protection Authority (AP). It focused on how to comply with the GDPR, which was approved by the EU Parliament on the 14th April 2016, and it comes into effect on the 25th May 2018. According to the EU’s GDPR website, it is “designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” While promising, it is presenting challenges for industry, who are not clear how the regulations apply to them or how to properly comply. Roundtable attendees explained that the uncertainty largely stems from interpretation issues.
First, it is not entirely clear what regulators intend the legislation to say. Second, once the regulation comes into force, not all legal jurisdictions may interpret it in the same way. This makes it difficult for businesses to plan long-term, since they may find their efforts to comply have not gone far enough.
The DPA advised the attendees that they should think in terms of best practices: so long as they can demonstrate that they have thoroughly thought through compliance issues and put appropriate measures in place, then authorities will work with them to address any shortfall in their interpretations. Although this appeared to mitigate attendees’ concerns to some extent, attendees expressed their desire for more guidance, whether from the regulators themselves, the opportunity to go through a certification process, or via expert advice from consultancies.
Payment Services Directive 2 (PSD2)
PSD2 was the most popular topic at the event, with four roundtables being held to meet demand. They were lead by representatives from the DNB and the Consumers & Markets Authority (ACM). The leader asked attendees three questions: 1) will we see a big shift in the market on 1 January? 2)What challenges are market parties facing with PSD2? 3) What is the state of implementation of PSD2 in Dutch law? When is it in or out of scope?
As with the GDPR roundtable, there was a lot of concern with compliance, especially on the part of SMEs, for whom compliance is more difficult and costly. But conversation also covered a range of issues concerning changing consumer behaviours, market innovations, and consumer consent.
One attendee expressed her belief that consumers will profit a lot from PSD2—and not always in ways we expect. She feels that PSD2 will make consumers more aware of how their data is being used, and prompt them to think about who they give consent to use their data and why. Accidents will happen, she said, and while they are undesirable overall, they will raise public awareness.
One of the roundtable’s leaders asked, “What will PSD2 do? If we’re all sitting at this table again in two years, what will we be discussing?” There was very little agreement among the attendees as to what the future will look like.
One attendee proclaimed that store loyalty apps will be used far more often two years from now. Another objected, claiming that customers will choose to pay via the app whose interface they like the most. A third attendee pointed out that there’s no reason to expect people will stick with just one service or provider: even in the Netherlands, where people tend to use just one bank, people are beginning to pay through non-financial institution providers, such as Facebook.
Some of these may offer more financial services in the future. There won’t be a question of whether consumers will be willing to switch providers, because they will already be using them.
Meeting with the regulators, regularly
Two key messages emerged from Fintech Meets the Regulators. The first is that there is a great deal of uncertainty in the market, especially regarding compliance and future consumer behaviour. The second is that regulation is too important to be left up to the regulators: as with SEPA, industry needs to be on the front food to ensure best practices are followed and regulators are kept informed about market preferences and changes. The spirit is one of collaboration, rather than a top-down approach emerging from the ivory tower. Especially the growing concerns about privacy and the upcoming regulations on that topic, like GDPR, pose quite some challenges for both regulators and financial innovators.
Regulation in fintech is not a problem to be solved, but a matter to be discussed on an on-going basis. Holland Fintech provides regular encounters between the Fintech ecosystem and the relevant regulators and keeps both sides well informed. But, besides this, how can we create even more points of connection between regulators and industry? Please feel free to share your ideas with us in the comments section below.]]>