The European Banking Authority (EBA) has a long-standing interest in the application of innovative technologies in the financial sector, including distributed ledger technology (DLT) and asset-tokenisation technologies, and was one of the first regulatory authorities to comment publicly on the phenomena.
In this article, we explore how the EBA’s approach has evolved, taking into account the application of the principle of technological neutrality and changes in the use of the technologies, and we set out the case for coordinated initiatives to enable opportunities to be leveraged whilst mitigating risk effectively, including in the context of the European Commission’s (EC’s) upcoming legislative proposal regarding markets in crypto-assets.
Technological neutrality and an adaptive approach to crypto-assets
The EBA’s stated policy of technological neutrality[i] means that the EBA aims:
- to not inadvertently prefer or prevent the adoption of a specific technology;
- to neither prefer nor prejudice a specific business model or service provider, and
- to maintain inter-temporal neutrality, which means, in practice, continuous monitoring of developments and, if needed, to adjust regulatory and supervisory approaches to ensure they are “tech-ready” to enable opportunities to be realised.
At all times, the EBA works to ensure that regulatory objectives—such as consumer protection, prudential robustness and financial stability—continue to be fully met.
The EBA’s track record on crypto-assets
The EBA’s commitment to technological neutrality can be seen at work in its evolving regulatory approach to crypto-assets.
Whilst crypto-assets have a lineage dating back to 1983 when “ecash” was conceived by David Chaum, it was the development of the decentralised bitcoin in 2008 that caught the public’s imagination and led to increasing consumer interest—as illustrated by the price of bitcoin, which went from 10,000 bitcoins for two pizzas in its first commercial use in 2010 (around $30 at the time) to first passing the $1,000 mark, albeit briefly, in November 2013.[ii]
This public’s initial interest in crypto-assets was focused largely on its potentially speculative value and use as a means of (sometimes illicit) payment. This led the EBA to issue a public warning on December 13, 2013,[iii] to emphasise to consumers the risks of what we described at that time as virtual currencies, pointing out their value volatility and absence of consumer-protection measures due to their unregulated status.
This emphasis on risks to consumers was repeated in an opinion in July 2014.[iv] Nonetheless, in keeping with the desire to ensure the regulatory framework remains fit for purpose and taking into account technological developments, this opinion also explored issues around crypto-assets in more detail, identifying the role of intermediaries in the form of virtual-currency exchanges and custodian wallet providers and recognising some theoretical benefits from the application of the technology behind crypto-assets, such as lower transaction costs, faster speed and possible financial inclusion. However, at that stage of development, the emphasis remained on the manifold risks, concluding that: the EBA’s warning to consumers remained valid; financial institutions should be discouraged from buying, selling or holding virtual currencies; and recommending the appropriate extension of the AML/CFT (anti-money laundering/combating the financing of terrorism) regime to mitigate risks of financial crime.[v]
An inflection point
By 2018, the use of DLT and crypto-assets within the European Union (EU) financial sector was fast evolving. Financial institutions and technology companies, recognising the potential for the streamlining of transaction processes and other efficiency gains, were starting to experiment meaningfully.
DLT was increasingly being adapted to a wide range of potential applications in relation to financial services, such as trade finance and the issuance of green bonds. Meanwhile, security tokens were increasingly being used as a mechanism for capital raising, and utility tokens were being employed to facilitate advance purchases and, in particular, permit access to particular technologies. And virtual currencies remained still present in the popular imagination. So although the EBA, jointly with the other European Supervisory Authorities, repeated its warning about virtual currencies,[vi] the EBA took steps to enhance its wider monitoring of crypto-asset activities and promote supervisory awareness of the opportunities and risks presented.
Further and more rapid evolutions in the application of DLT and crypto-assets in the EU financial sector led the EBA to publish a report in January 2019 with advice for the European Commission on the subject.[vii] The 2019 report identified that the use of crypto-assets and associated technologies was still not sufficiently widespread to raise financial-stability concerns. However, the report identified the changes in the application of the technologies as meriting further consideration in light of the increasing use within the financial sector (for example, for the purposes of payments, bond issuance and trade finance and in the context of trade and post-trade activities).
Specifically, the EBA recommended that the European Commission carry out a detailed analysis of the costs and benefits of adapting the regulatory regime both to address emerging risks—whether in relation to consumer protection, operational resilience, market integrity or level-playing-field issues—and to ensure that any benefits could be properly harnessed within an appropriate regulatory framework. Indeed, the EBA highlighted that if DLT and crypto-assets were becoming in any sense part of the fabric of the financial sector, consideration should be given to:
- the challenges posed by a range of differing national approaches and the converse benefits of scalability across the EU single market;
- the need for consistency in regulatory approaches to provide certainty about rights and obligations and address risks effectively.
Scalability across the single market: not only a question of infrastructure
Pilots involving the issuance of bonds and other securities, cross-border payments and trade finance have demonstrated the potential for efficiency gains and proven the technical viability of DLT and crypto-asset applications within the financial sector, but significant scaling across borders is still not being observed. The reasons seem to be twofold: The first is a practical problem—namely, how to integrate new technologies with existing processes and systems and with those of counterparts (the infrastructure interoperability challenge). The second is a problem arising from national jurisdictional divergences on the permissibility, regulation and supervision of crypto-asset activities.[viii]
For market participants, a key challenge is fragmentation. Within the EU, questions arise as to whether activities may be carried out and, if so, under what conditions (for example, regarding governance, consumer-protection requirements and operational resilience). Some crypto-asset activities may involve activities regulated under EU law—in particular, pursuant to the second Electronic Money Directive (Directive 2009/110/EC) and the Markets in Financial Instruments Directive (Directive 2014/65/EU)—in which case, the problem (largely[ix]) falls away. However, as the majority of crypto-asset activities fall outside the scope of existing EU law, considerable uncertainties remain.[x] Depending on where the activities are being carried out, bespoke national law may apply (e.g., in the absence of a common European approach, some member states—for example, Malta[xi]—have implemented domestic regimes to regulate crypto-asset activities), but in many cases, no specific regulatory framework exists, leaving firms exposed to uncertainties about supervisory acceptance and expectations regarding DLT and crypto-asset applications.
Additionally, unless the activities are within the scope of EU financial-services law, the ability to provide cross-border services is not afforded without the need for separate authorisation or registration in each Member State in which a firm may wish to operate, resulting in a patchwork of national regulatory requirements and sometimes considerable additional compliance costs.
For supervisors, this patchwork of approaches also poses challenges. Notably, supervisors face challenges in monitoring risks, overseeing crypto-assets ecosystems (for example, involving issuers, wallets and exchanges) and coordinating supervisory actions absent a common EU regulatory framework for crypto-asset activities. Different levels of regulation also leave scope for forum shopping, regulatory arbitrage and vulnerabilities to financial crime across the single market. Finally, consumers face differential standards of protection depending on where they engage crypto-asset services and are often left confused by a lack of clarity and consistency concerning their rights (e.g., in the event of a complaint or the need for redress).
Consistency in regulatory approaches can further regulatory objectives and facilitate use
Just as fragmentation of the single market poses challenges to the effective rollout and oversight of products and services involving DLT and crypto-assets, so diverging approaches to regulation can have a limiting effect on use. This is because firms and consumers may face, respectively, different rights and obligations depending on local regimes—an outcome that can undermine the confidence to utilise these technologies and associated products and services.
Aside from the general question of whether the regulatory perimeter extends to the relevant activities, examples include differences across insurance, securities, banking and payment sectors on ICT (information and communications technology) risk management (a risk partially addressed by the EBA’s recent “Guidelines on ICT and security risk management”[xii] applied to both credit and payments institutions), differences across jurisdictions in terms of acceptability of smart contracts and rules for determining governing law, and differing expectations on consumer protection, including client-funds safeguarding requirements, conflicts-of-interest management, disclosure requirements and complaints-handling arrangements based on both sectoral and jurisdictional differences.
Of course, divergences in requirements also lead to inconsistent levels of risk mitigation. In a worst-case scenario, detriment may occur at a local level, but the ramifications may be wider—with consumers elsewhere becoming more reluctant to engage similar products and services, even if, locally, they benefit from higher standards of protection. Initial coin offerings are a case in point: widespread media accounts of fraudulent activity and vulnerabilities to cyber-attacks have been shown to correlate with a dampening of investor appetite.[xiii]
The way forward
Recognising these issues, EU and international regulatory bodies are taking forward actions to effectively mitigate risk and facilitate the application of DLT and crypto-assets through more consistent regulatory requirements.
Notably, the European Commission, following its consultation[xiv] and the advice of the EBA and the ESMA (European Securities and Markets Authority), will publish in autumn 2020 a legislative proposal for EU markets in crypto-assets.
The new EU framework looks set to include measures to:
- regulate crypto-asset activities not already covered by EU financial-services law and create new bespoke systems of regulation for specific activities, including activities involving so-called stablecoins;
- ensure the technological neutrality of existing EU law toward DLT and crypto-asset applications by clarifying and, where necessary, amending law to remove inadvertent barriers;
- provide greater scope for experimentation with blockchain solutions, particularly in the securities and markets context.[xv]
Each of these elements will help to secure effective consumer protection and address any emerging financial-stability issues whilst facilitating the use of DLT and crypto-asset applications in the EU. This should also have the effect of instilling higher standards of confidence for firms to invest in these technologies and for wholesale and retail clients to engage in crypto-asset products and services, including on a cross-border basis. And the EBA stands ready to play its role in ensuring that these objectives are met.
However, to achieve the European Commission’s stated objectives of promoting the prudent use of DLT and the benefits of some tokenisation in the EU whilst effectively mitigating risk, current gaps in the EU framework will need to be addressed to ensure a level playing field by establishing not only new types of regulated activity but also new approaches to supervision.
DLT and crypto-asset applications—for example, in payments and securities and markets contexts—typically involve a number of entities, each of which may perform a specific role (e.g., issuer, exchanger, custodian), may be based in a different jurisdiction and may be subject to oversight by different supervisors in relation to different financial or non-financial activities. However, risks in one part of the ecosystem could impact the overall operational resilience of, and confidence in, the ecosystem taken as a whole.
Indeed, as a more general point, new business models leveraging innovative technologies and access to data and combining different forms of financial and non-financial activity are increasingly challenging the traditional approach of supervisory silos based on activities and geographic presence, and a suitable regulatory response is vital.
As a result, adaptive thinking is required toward new schemes of supervision and supervisory-oversight coordination mechanisms involving not only financial regulators but, as appropriate, consumer-protection authorities, data-protection authorities and central banks. And clarity will help market participants invest and plan.
With key players alive to these issues, coordinated initiatives are underway at the international level. So-called stablecoins are a particular area of focus, with G20 finance ministers and central bank governors anticipated to discuss, in October 2020, the outcome of the Financial Stability Board’s (FSB’s) stocktake of supervisory and regulatory approaches[xvi] and the Financial Action Task Force (FATF) report on money-laundering and terrorist-financing risks in relation to stablecoins.[xvii] Additionally, targeted regulatory initiatives are underway. For example, the Basel Committee on Banking Supervision (BCBS) has initiated work on the prudential treatment of crypto-assets[xviii], and the FATF has completed its 12-month review of the risk-based approach to virtual assets and virtual-asset service providers.[xix]
The EBA’s approach to the application of the principle of technological neutrality shows how a cautious but adaptive approach is possible and can keep pace with the increasing importance of the underlying technology and varying forms of tokenisation to financial services.
As DLT and asset tokenisation is embraced more widely—with the likes of exchanges (including Borsa Italiana, CME Group, Deutsche Börse, London Stock Exchange, NASDAQ, SIX Digital Exchange), payment and settlement infrastructures (such as Fnality International) and banks (for example, BBVA-Banco Bilbao Vizcaya Argentaria, BNP Paribas, Commerzbank AG, ING Group and JPMorgan Chase) continuing to experiment—and as new tokens emerge aiming for more mainstream use (e.g., Libra), further adaptions to the regulatory regime may need to be considered. Central bank digital currency initiatives are also likely to add further impetus to the regulatory debate.
Continuous dialogue between industry, supervisors and regulators will help ensure that the regulatory framework remains fit for purpose, technology neutral and future-proof.
References and explanatory comments:[i] For further information about the EBA’s work in relation to the application of technologies within the financial sector, see the EBA’s FinTech Knowledge Hub: https://eba.europa.eu/financial-innovation-and-fintech/fintech-knowledge-hub [ii] As at the date of writing this article, bitcoin is now trading around $11,000. [iii] https://eba.europa.eu/sites/default/documents/files/documents/10180/598344/b99b0dd0-f253-47ee-82a5-c547e408948c/EBA%20Warning%20on%20Virtual%20Currencies.pdf?retry=1. [iv] https://eba.europa.eu/sites/default/documents/files/documents/10180/598344/b99b0dd0-f253-47ee-82a5-c547e408948c/EBA%20Warning%20on%20Virtual%20Currencies.pdf?retry=1. [v] Legislative amendments to this effect were ultimately agreed in the context of the AMLD5 (Anti-Money Laundering Directive 5) negotiations such that providers engaged in exchange services between virtual currencies and fiat currencies as well as custodian wallet providers are now listed among the “obliged entities” within the scope of the Anti-Money Laundering Directive (Directive (EU) 2015/849). [vi] https://eba.europa.eu/sites/default/documents/files/documents/10180/2139750/313b7318-2fec-4d5e-9628-3fb007fe8a2a/Joint%20ESAs%20Warning%20on%20Virtual%20Currencies.pdf?retry=1. [vii] https://eba.europa.eu/sites/default/documents/files/documents/10180/2545547/67493daa-85a8-4429-aa91-e9a5ed880684/EBA%20Report%20on%20crypto%20assets.pdf?retry=1. [viii] Divergences in accounting and tax treatment and potential conflicts of law issues (e.g., in the event of dispute or insolvency proceedings) are also very relevant issues but are not explored in this article [ix] Some divergences in the interpretation of current EU law and application to crypto-assets give rise to residual uncertainties, particularly as regards the application of the MiFID (Markets in Financial Instruments Directive), on which see the ESMA’s January 2019 report on initial coin offerings and crypto-assets: https://www.esma.europa.eu/sites/default/files/library/esma50-157-1391_crypto_advice.pdf [x] For further discussion about the regulatory classification of crypto-asset activities, see the EBA’s January 2019 report with advice for the European Commission: https://eba.europa.eu/eba-reports-on-crypto-assets [xi] The Malta Virtual Financial Assets Act: http://www.justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=12872&l=1 [xii] https://eba.europa.eu/regulation-and-policy/internal-governance/guidelines-on-ict-and-security-risk-management. [xiii] http://www.oecd.org/finance/ICOs-for-SME-Financing.pdf [xiv] https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12089-Directive-regulation-establishing-a-European-framework-for-markets-in-crypto-assets/public-consultation [xv] As confirmed by European Commission Executive Vice-President Valdis Dombrovskis in June 2020: https://ec.europa.eu/commission/commissioners/2019-2024/dombrovskis/announcements/speech-executive-vice-president-valdis-dombrovskis-digital-finance-outreach-2020-closing-conference_en [xvi] https://www.fsb.org/2020/07/public-responses-to-consultation-on-addressing-the-regulatory-supervisory-and-oversight-challenges-raised-by-global-stablecoin-arrangements/ [xvii] https://www.fatf-gafi.org/publications/fatfgeneral/documents/report-g20-so-called-stablecoins-june-2020.html [xviii] https://www.bis.org/bcbs/publ/d490.htm [xix] https://www.fatf-gafi.org/publications/fatfrecommendations/documents/12-month-review-virtual-assets-vasps.html