knowledge | 9 October 2020 |

The EU’s Brand New Digital Finance Package

Towards the end of September 2020, the European Commission adopted a digital finance package, which included digital finance and retail payments strategies as well as concrete legislative proposals on crypto-assets and digital resilience. If adopted, these measures and proposals will impact on existing financial providers as well as bringing new entities into the regulatory net.

The Digital Finance Package

The Digital Finance Package is a “package of measures to further enable and support the potential of digital finance in terms of innovation and competition while mitigating the risks arising from it.”  As set out above, the Digital Finance Package comprises two strategies, the Digital Finance Strategy and the Retail Payments Strategy.

The Digital Finance Strategy sets out the European Commission’s overarching strategy on digital finance, and includes the following four legislative proposals:

  • Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets and amending Directive (EU) 2019/1937 (the “MICA Proposal”);
  • Proposal for a Regulation of the European Parliament and of the Council on a pilot regime for market infrastructures based on distributed ledger technology, (the “Pilot Regime Proposal”);
  • Proposal for a Regulation of the European Parliament and the Council on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 (the “DORA Proposal”); and
  • Proposal for a Directive of the European Parliament and of the Council amending Directives 2006/43/EC, 2009/65/EC, 2009/138/EU, 2011/61/EU, EU/2013/36, 2014/65/EU, (EU) 2015/2366 and EU/2016/2341 (the “Amending Proposal”).

The Retail Payments Strategy is a subset of the Digital Finance Strategy and sets out a number of specific and targeted policy measures for payments which go beyond the horizontal scope of the Digital Finance Strategy, taking into account the pace and scale of technological change in the payments sector.

While each of the strategies in the Digital Finance Package set out a number of different types of measures including but not limited to legislative and regulatory measures, this briefing focuses on the latter.

The Digital Finance Strategy

The Digital Finance Strategy seeks to make financial services more digital-friendly and to stimulate responsible innovation and competition among EU financial service providers. It sets out four key priorities and the measures that the Commission intends to take to achieve those priorities.  In addition to the proposals mentioned above, these measures include:

  • implementing a sound legal framework to facilitate customer on-boarding through interoperable digital identity solutions which will be based on more harmonised anti-money laundering and counter-terrorism financing rules and a revised framework for electronic identification and trust services;
  • clarifying supervisory expectations about how the legislative framework on financial services should apply to artificial intelligence (AI) applications;
  • enabling the use of RegTech and SupTech solutions and proposing legislation on a broad open finance framework promoting business-to-business data sharing in the EU financial sector and beyond;
  • ensuring that the prudential supervisory perimeter is broad enough to capture risks arising from platforms’ and technology firms’ financial services provision and from techno-financial conglomerates and groups; and
  • considering the need for legislative proposals addressing the potential risks stemming from large-scale lending operations by firms outside the banking perimeter.

The Legislative Proposals

The four legislative proposals accompanying the Digital Finance Strategy are as follows:

The MICA Proposal

The MICA Proposal applies to all crypto-assets not currently covered under existing financial services legislation and establishes uniform rules for issuers of such crypto-assets as well as for crypto-asset service providers. It also prohibits market abuse in the secondary markets for crypto-assets.

An issuer of a crypto-asset is any legal person who offers to the public any type of crypto-assets or seeks the admission of such crypto-assets to a trading platform for crypto-assets.

The term “crypto-asset” is defined broadly1, and MICA applies to general crypto-assets (such as bitcoin and ethereum,) utility tokens, asset-referenced tokens and e-money tokens, with the latter two capturing the “stablecoin” universe.  Asset referenced tokens are crypto-assets that reference either multiple currencies, commodities, other crypto-assets or a combination of these. E-money tokens are defined as crypto-assets that reference a single currency.

While all inscope crypto-asset issuers will be required to publish a white payer including all relevant information on the specific crypto-assets, more stringent requirements apply to issuers of asset-referenced and e-money tokens.

Issuers of asset-referenced tokens will be required to be authorised and subject to requirements on governance, conflicts of interests, disclosure of stabilisation mechanisms, investment rules and additional white paper requirements. Issuers of significant asset-referenced tokens will be subject to additional requirements and will be directly supervised by the EBA.

Only credit institutions or e-money institutions will be allowed issue e-money tokens and will be subject to both the requirements of the E-Money Directive and the MICA Proposal. Among other things, holders of e-money tokens must be provided with a claim on the issuer of the e-money tokens concerned as well as be granted a redemption right at par value with the fiat currency that the e-money token is referencing and at any moment. Issuers of significant e-money tokens are subject to more stringent requirements and will be subject to dual supervision by the EBA and national competent authorities.

Crypto-asset service providers will be required to have a physical presence in the EU and will require authorisation by the relevant national competent authority, which will allow them to passport throughout the EU. They will also be subject to prudential requirements, organisational requirements, rules on safekeeping of clients’ funds, rules on complaint handling procedures and on conflicts of interests. Additional requirements will apply according to the type of service provided.

The Pilot Regime Proposal

This proposal would establish a pilot regime for market infrastructures that trade and settle transactions in financial instruments in crypto-asset form to allow such infrastructures to be temporarily exempted from some specific requirements under the EU’s financial services legislation. Its objective is to remove regulatory hurdles to the issuance, trading and post-trading of financial instruments in crypto-asset form and for regulators to gain experience on the application of distributed ledger technology (“DLT”) in market infrastructures.

The Pilot Regime Proposal establishes the conditions for acquiring permission to operate a DLT market infrastructure, sets limitations on the transferable securities that can be admitted to trading, and frames the cooperation between the DLT market infrastructure, competent authorities and ESMA. Permission to operate the pilot is temporary and will be periodically reviewed by supervisors. It will be subject to strict requirements, so that market operators who no longer meet the relevant criteria can no longer run the pilot.

The DORA Proposal

The DORA Proposal is designed to consolidate and upgrade Information Communication Technologies (“ICT”) risk requirements throughout the financial sector to ensure that all participants of the financial system are subject to a common set of standards to mitigate ICT risks for their operations. As such, it covers a broad range of financial entities – from credit institutions and investment funds to crypto-asset service providers – in order to ensure that ICT risks are managed in a homogenous and coherent way.

The DORA proposal requires inscope financial entities to put in place:

  • dedicated ICT risk management capabilities;
  • a management process to monitor, classify and report major ICT-related incidents to competent authorities;
  • digital operational resilience testing; and
  • procedures to monitor and manage ICT third-party risk.

The proposal also allows for information sharing among financial entities regarding cyber-threat information and intelligence.

As regards critical ICT third-party service provides, the DORA Proposal provides for an Oversight Framework at EU level in which the European Supervisory Authorities (ESAs) will operate as Lead Overseers, and the national supervisors as enforcers.

The Amending Proposal

The Amending Proposal complements the DORA Proposal by amending various legislative provisions to include cross references to the DORA Proposal.

The Retail Payments Strategy

The Retail Payments Strategy sets out the Commission’s vision for the payments sector and provides a single, coherent and overarching framework for future actions. Like the Digital Finance Strategy, the Retail Payments Strategy is based on four key priorities and the measures the Commission intends to take to support those priorities.

Several of the measures in the Retail Payments Strategy relate to the upcoming review of the application and impact of the revised Payment Services Directive (“PSD2”), which the Commission intends to launch at the end of 2021. These include:

  • assessing the extent to which the EU’s existing consumer protection measures (e.g. rights to refunds) can provide consumers making instant payments with the high level of protection offered by other payment instruments;
  • assessing the impact of charges levied on consumers for instant payments and, if relevant, requiring that they are no higher than those levied for regular credit transfers;
  • taking stock of strong customer authentication’s impact on the level of payment fraud in the EU and exploring whether additional measures should be considered to address new types of fraud, in particular with regard to instant payments;
  • re-examining the existing legal limits on contactless payments, with a view to striking a balance between convenience and fraud risks;
  • enhancing transparency for retail payments users;
  • evaluating any new risks stemming from unregulated services, especially technical services ancillary to the provision of regulated payment or e-money services, and assessing whether and how these risks can best be mitigated, including by bringing certain activities under the scope of PSD2 where justified;
  • assessing the adequacy of the exemptions listed in PSD2 and evaluating the need for changes in prudential, operational and consumer protection requirements;
  • aligning the PSD2 and E-Money Directive frameworks by including the issuance of e-money as a payment service in PSD2;
  • assessing whether transparency of cross-border international transactions needs further improvements; and
  • assessing whether the appropriateness of requiring that the maximum execution time in ‘two-leg’ transactions also applies to ‘one-leg’ transactions (where one of the payment service providers is outside the EU).

Other measures set out Retail Payments Strategy include:

  • considering whether to propose legislation requiring payment service providers’ adherence to the SEPA Credit Transfer Inst Scheme by the end of 2021. Such a proposal, if decided, would lay down the criteria for determining which payment service providers should be subject to obligatory participation;
  • examining whether specific measures should be taken to enhance the effectiveness of the crisis management of payment systems and to ensure sound mitigation measures on the liquidity risk for financial institutions resulting from the rapid, low-friction outflow of funds via instant payments, in particular when taking place outside normal office hours;
  • exploring ways to promote the use of electronic identity and solutions based on trust services, building on the further enhancement of eIDAS, to support the fulfilment of Strong Customer Authentication requirements under PSD2 for account login and initiation of payment transactions;
  • where necessary, ensure proper linkages between the supervision of payment services and the oversight of payment systems, schemes and instruments;
  • considering extending the scope of the Settlement Finality Directive (SFD) review to include e-money and payment institutions, subject to appropriate supervision and risk mitigation; and
  • examining whether to propose legislation aimed at securing a right of access under fair, reasonable and non-discriminatory conditions, to technical infrastructures considered necessary to support the provision of payment services.

Comment

The Digital Finance Package comprises a wide range of measures across a very broad spectrum. Its overall purpose is very much policy driven with its ultimate goal being to ensure that the EU can reap the benefits of, and become leaders in, the digital age within safe and ethical boundaries.

Given that legislation/regulation frequently tends to be reactive, it is exciting to see the Commission take such a pro-active approach and attempt to respond to an already fast changing market by introducing regulation designed to facilitate developments in that market in a responsible way. According to the Commission, many of those who responded to the various consultations which predated the Digital Finance Package stressed that the creation of a bespoke regime for crypto-assets not currently covered by the EU financial services legislation would be beneficial for the establishment of a sustainable crypto-asset ecosystem in the EU.  The Commission has clearly listened to those respondents in introducing its Digital Finance Strategy and hopefully the MICA Proposal and other measures set out in that strategy will allow EU entities to become market leaders in the FinTech world.

It is also worth noting that the push to promote digital finance is not confined to the Commission but is evident across the EU institutions. In particular, on 2 October 2020, the European Central Bank published a comprehensive report on the possible issuance of a digital euro, prepared by the Eurosystem High-Level Task Force on central bank digital currency (CBDC) and approved by the Governing Council.  While the Governing Council has not yet decided to introduce a digital euro, according to the ECB President, Christine Lagarde, the ECB should be prepared to issue one, should the need arise.  In short, if the future is not yet here, it appears to be fast approaching.


  1. According to Article 3(2) of MICA, “crypto-asset’ means a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology.

This briefing is for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.

Key contacts