Finansinspektionen s response at the webb-survey, to the Commission Consultation on FinTech

Similar documents
Public consultation on FinTech: a more competitive and innovative European financial sector

to the EC Consultation Document on Fintech: a more competitive and innovative European Financial Sector

Response to the Basel Committees Sound Practices: Implication of fintech

Olivier Guersent. Introduction. Hello.

Closing keynote speech

SUPERVISORY CONVERGENCE PLAN How the European Insurance and Occupational Pensions Authority is building supervisory convergence

Futures Industry Association IDX Conference, London

EBA/CP/2013/12 21 May Consultation Paper

EPFSF Lunch Discussion 27 January 2016 European Parliament, Brussels

ISDA s response to the CEER consultation on the introduction of a European-wide Energy wholesale trading passport

Template for comments

The EU and its Partners: Banks and Investors in a Digital World

On the Way to a Europe-wide FinTech Regulatory Sandbox?

Review of the European Supervisory Authorities

6 Portability of non- personal data, Interoperability and standards

HSBC submission to the BCBS consultative document Sound Practices: Implications of fintech development for banks and bank supervisors

KEYNOTE SPEECH Olivier Guersent. Making financial services deliver for consumers

ESMA response to the Commission Green Paper on retail financial services

AMENDMENTS EN United in diversity EN. European Parliament 2017/0230(COD)

EBA/RTS/2017/ December Final Report. Draft regulatory technical standards. on central contact points under Directive (EU) 2015/2366 (PSD2)

Consultation Paper. Draft Regulatory Technical Standards

CEIOPS-SEC-182/10. December CEIOPS 1 response to European Commission Green Paper on Audit Policy: Lessons from the Crisis

Re: Consultative Document Sound Practices: Implications of fintech developments for banks and bank supervisors

Gabriel Bernardino Chairman of EIOPA. Insurance distribution in a challenging environment

June PUBLIC OVERSIGHT OF THE AUDIT PROFESSION: Enhancing Credibility and Supporting Cooperation

Towards a genuine single European financial market the role of regulation and supervision

(Legislative acts) DIRECTIVE 2014/55/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 April 2014 on electronic invoicing in public procurement

JC May Joint Committee Final Report on guidelines for complaints-handling for the securities (ESMA) and banking (EBA) sectors

JC June Joint Committee Final Report on guidelines for complaints-handling for the securities (ESMA) and banking (EBA) sectors

DRAFT REPORT. EN United in diversity EN. European Parliament 2017/2253(INI)

Summary of contributions to the. Green Paper on retail financial services:

TOOL #47. EVALUATION CRITERIA AND QUESTIONS

FinTech and cloud in banking

Committee on Industry, Research and Energy Committee on the Internal Market and Consumer Protection

August THE APPOINTMENT OF THE AUDITOR AND THE DURATION OF THE AUDIT ENGAGEMENT: Striving for a Workable Single Market in the EU

The future auditing framework for Ireland

FINANCIAL CONSUMER PROTECTION IN AN INCREASINGLY DIGITAL WORLD

Cefic Response to EC Consultation on the Review of Directive 2012/27/EU on Energy Efficiency

Appendix 2 JFSA s views on the comments submitted in English

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Final report Technical advice on third country regulatory equivalence under EMIR Australia

CEIOPS-DOC-04/06. May 2006

Final report. Guidelines on triggers for use of early intervention measures pursuant to Article 27(4) of Directive 2014/59/EU EBA/GL/2015/03

(Legislative acts) REGULATIONS

EBA/CP/2016/ December Consultation Paper. Draft Guidelines on supervision of significant branches

ELEC. Amsterdam, 6 March Challenges for supervisors in responding to the financial crisis. Kerstin af Jochnick, Chair of CEBS

THE 2017 REVIEW OF THE EUROPEAN SUPERVISORY AUTHORITIES

Subject: Public consultation on the operations of the European Supervisory Authorities

THE ESTONIAN MINISTRY OF FINANCE, THE BANK OF ESTONIA AND THE ESTONIAN FINANCIAL SUPERVISION AUTHORITY

EACH feedback on the European Commission proposal for a regulation on Further amendments to the European Market Infrastructure Regulation (EMIR)

to the EU Commission Green Paper on Retail Financial Services (COM 2015(630))

COMMENTS ON THE EUROPEAN COMMISSION'S GREEN PAPER ON FINANCIAL SERVICES POLICY ( )

Final Report. ESMA Guidelines on enforcement of financial information. 10 July 2014 ESMA/2014/807

Description of the phenomenon

Response of the Netherlands AFM to the green paper corporate governance July 2011

Report to the European Commission on the Application of Group Supervision under the Solvency II Directive

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

DRAFT REPORT. EN United in diversity EN. European Parliament 2015/2221(INI) on the Banking Union Annual Report 2015 (2015/2221(INI))

MiFID II - Product Governance

Comments on Chapter IV Part I Controller and processor 25/08/2015 Page 1

1 CORPORATE GOVERNANCE AND BUSINESS ACTIVITY REGULATORY OUTLINE. Objectives, background and legal basis

TRAINEESHIP POSITIONS Ref. 1804TRN01

Council of the European Union Brussels, 19 February 2015 (OR. en)

CAN GDPR WORK FOR HEALTH SCIENTIFIC RESEARCH? BRUSSELS OCTOBER 22 ND CIPL EFPIA FPF EXECUTIVE SUMMARY

Parliament of Romania Chamber of Deputies Committee for information technologies and communications

Public consultation on the operations of the European Supervisory Authorities (ESA)

Opportunities and challenges for banking regulation and supervision in the digital age

Input to Members of the European Parliament on the PSD2 RTS proposal covering banks obligations

Joint Opinion. on the risks of money laundering and terrorist financing affecting the Union s financial sector JC/2017/07.

EUROPEAN CENTRAL BANK

BEREC views on the European Parliament first reading legislative resolution on the European Commission s proposal for a Connected Continent Regulation

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 25 July 2014

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Union of the Electricity Industry - EURELECTRIC comments to the ERGEG discussion paper Roadmap for a competitive single gas market in Europe

Public Hearing on the Draft EBA Guidelines on Authorisation and Registration under the PSD2. Public Hearing, EBA, London, 12 December 2016

THE EBA S FINTECH ROADMAP

European Commission Public Consultation on Green Paper on Corporate governance in financial institutions and remuneration policies

a) Certain issues would be better dealt with in national law than at Community level:

Jean-Claude Trichet: Towards the review of the Lamfalussy approach market developments, supervisory challenges and institutional arrangements

DGE 2 EUROPEAN UNION. Brussels, 21 March 2018 (OR. en) 2016/0149 (COD) PE-CONS 69/17

European System of Financial Supervisors (ESFS): Frequently Asked Questions (see IP/09/1347 and MEMO/09/405)

National Association of Manufacturers Washington, DC. Public Comment on Promoting U.S. and European Commission Regulatory Compatibility

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

Ecommerce Europe. European in cross-border e-commerce. November 2015

CONSUMER PROTECTION CHALLENGES FROM THE DIGITALISATION OF FINANCIAL SERVICES

AFME comments on the ECB s draft TRIM guide to internal models General topics chapter

General Comments and Replies to Questions

practised is causing overregulation and contains constitutional deficits. It has to be restricted to technical details.

on supervision of significant branches

GUIDELINES ON MEASURES TO REDUCE OR REMOVE IMPEDIMENTS TO RESOLVABILITY EBA/GL/2014/ December Guidelines

Finnish Financial Services' (FFI) response to the European Commission's public consultation on the operations of the European Supervisory Authorities

The Future of the Banking Industry Dialogue with the Banking Industry on ESCB Statistics

Open Banking: the technology revolution sweeping across the banking industry. Policy Pulse June 2018 compendium

ENA Future Worlds Consultation

WHITE PAPER EU General Data Protection Regulation Compliance

CGMA Competency Framework

EU Commission Consultation on the Role of Online Platforms 1

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 11 April on a proposal for a regulation of the European Parliament and of the Council

Sharing the future Industrial Data Economy

A CER Statement on Brexit

Transcription:

FI dnr 17-4481 Finansinspektionen Box 7821 SE-103 97 Stockholm [Brunnsgatan 3] Tel +46 8 408 980 00 Fax +46 8 24 13 35 finansinspektionen@fi.se www.fi.se Finansinspektionen s response at the webb-survey, to the Commission Consultation on FinTech 1.3 Is enhanced oversight of the use of artificial intelligence (and its underpinning algorithmic infrastructure) required? For instance, should a system of initial and ongoing review of the technological architecture, including transparency and reliability of the algorithms, be put in place? What could be effective alternatives to such a system? The need for enhanced oversight is very likely. The use of artificial intelligence raises obvious concerns about operational risks, and, as is the case with FinTech in general, this may result in changes in how financial intermediation is structured as well as changes in how financial risks are distributed between the various stakeholders. It may also raise macroprudential issues, e.g. concerning procyclicality. When it comes to consumer protection, we believe in general that financial actors should comply with the same regulatory requirements whether or not they use FinTech elements in connection with consumer-related activities. This is the case for businesses in Sweden that offer automated financial advice. However, in our role as the NCA, we must follow the technological development in order to understand associated risks. The complexity of the technological applications and AI when placed into a context of ordinary consumers disadvantaged position in financial industry indicates a need for a more thorough process for licencing and supervision. In this process, the NCA functions as a sort of fourth line of defence against unattended consumer risks. As a minimum, the level of the main assumptions and constraints (e.g. preventing customers who express an interest in low-risk products from being offered high-risk products) must be reviewed. A related issue is that supervisors need to continuously enhance their own 1(10)

understanding of the FinTech business models, risks, new technologies and associated risks in order to be able to conduct risk-based supervision and avoid crucial gaps due to the lack of competence and skills. NCAs may need to develop new supervisory techniques to supervise algorithms and artificial intelligence, and ESAs could play an important role in this development as knowledge centers. 1.4 What minimum characteristics and amount of information about the service user and the product portfolio (if any) should be included in algorithms used by the service providers (e.g. as regards risk profile)? Finansinspektionen would like to emphasise how important it is that regulation is technology-neutral. Our answer to this question is therefore that the minimum characteristics and amount of information should be the same, regardless of whether or not AI is used. 1.6 Are national regulatory regimes for crowdfunding in Europe impacting on the development of crowdfunding? In what way? What are the critical components of those regimes? The lack of a common European regulatory regime for crowdfunding creates barriers for cross border expansions of successful crowdfunding services. What is considered a regulated activity in one country cannot be passported to another country without burdensome legal requirements, if at all due to prohibitions. Crowdfunding provides new ways of providing financial services and challenges the traditional financial market. However, like traditional financial businesses, crowdfunding also introduces risks for consumers, other users and the society. This raises concerns for financial regulators, and in the absence of a common European regulatory regime countries must take their own steps to manage these risks. Because crowdfunding has the potential to grow fast in terms of volume, there is an understandable urgency to get control over it. Work is currently underway in Sweden in this area. A government inquiry will present recommendations for a national crowdfunding regulation later this year. However, national regulation means that there will be barriers to crossborder expansion of successful services. 1.7 How can the Commission support further development of FinTech solutions in the field of non-bank financing, i.e. peer-to-peer/marketplace lending, crowdfunding, invoice and supply chain finance? Finansinspektionen supports the continued initiatives by the Commission to identify and assess the benefits and risks associated with crowdfunding. By efficiently linking investors to projects that need capital, crowdfunding has the 2

potential to make it both easier and cheaper for new and small companies to raise capital. However, the regulatory frameworks are currently divergent across the EU and often not adapted to the many crowdfunding models that enter the market. This impedes crowdfunding from realizing its full potential and creates unnecessary risks for consumers. In order to enable further growth of the crowdfunding sector while at the same time ensuring appropriate consumer protection, we believe there to be a need for a clear and harmonized regulatory framework in the EU. Such a legal framework would support convergence. However, such a legal framework must also give sufficient flexibility to address jurisdiction-specific risks. Additional jurisdiction-specific requirements must be accompanied by an appropriate degree of transparency to simplify cross-border provision of financial services. Because national financial markets differ, we do not believe that it is the ESAs that should license and supervise crowdfunding. Licencing and supervision should stay within the scope of the NCAs since they have greater possibilities than the ESAs to fine-tune licencing and supervision to the circumstances surrounding the crowdfunding undertaking. The role of the ESAs should instead be to foster a common level of supervisory practice. We believe this would stimulate both market growth and cross-border activity. 2.2. What measures (if any) should be taken at EU level to facilitate the development and implementation of the most promising use cases? How can the EU play its role in developing the infrastructure underpinning FinTech innovation for the public good in Europe, be it through cloud computing infrastructure, distributed ledger technology, social media, mobile or security technology? Finansinspektionen supports the continued initiatives by the Commission to identify and assess the benefits and risks associated with FinTech. However, the regulatory frameworks are currently divergent across the EU, which impedes FinTech from realizing its full potential and creates unnecessary risks for consumers. In order to reap the benefits from FinTech while at the same time ensuring appropriate consumer protection, we believe there to be a need for a clear and harmonised regulatory framework in the EU. Finansinspektionen therefore takes a positive stance on the harmonisation of legislation and supervisory practices at the EU level to further support convergence. However, the legal framework must also give sufficient flexibility to address jurisdiction-specific risks. Additional, jurisdiction-specific requirements must be accompanied by an appropriate degree of transparency in order to simplify cross-border provision of financial services. We consider one important risk to be the supervisory race to the bottom, which needs to be addressed by the 3

tools in the possession of the ESAs. Some issues that are highly relevant to the FinTech development will be addressed in the context of the Brexit preparations (e.g. agreeing on a single approach and common requirements to outsourcing). This would stimulate both market growth and cross-border activity. The EU can encourage NCAs to exchange information and experiences with new regulatory tools aimed at supporting innovation at the EU and national levels. The ESAs can contribute by establishing a common regulatory view on what the challenges are with FinTech-related innovations. This could encompass privacy requirements and other consumer protection areas. In general, the ESAs could take a coordinating role and spread good examples from countries, both within and outside the Union, that have interesting experience from working with FinTech issues. Cloud services as a driver of innovation and the increasing interest for the use of cloud outsourcing solutions within the banking industry are growing in importance. However, there is considerable uncertainty surrounding the supervisory expectations within the EU on outsourcing to cloud service providers, and this uncertainty has to some extent been considered a barrier to institutions using cloud services. In light of this development, Finansinspektionen takes a positive stance on the upcoming EBA recommendations on outsourcing to cloud service providers. These recommendations will provide the clarity needed for institutions that are in the process of adopting cloud computing, while ensuring that risks are appropriately identified and managed. The recommendations will also foster supervisory convergence regarding applicable expectations and processes for the cloud. Cyber-attacks in the financial sector pose a growing threat to institutions and the financial system. Supervisory authorities are seeing a need for greater sharing of expertise when it comes to the supervision of cyber security. Finansinspektionen take a positive stance on the ongoing work within the EBA to analyse current supervisory cyber security practices and put forward proposals for further work to align these practices, where applicable, across EU Member States. The role of the ESAs in creating a coherent supervisory practice within the union is crucial. 2.5 What are the regulatory or supervisory obstacles preventing financial services firms from using cloud computing services? Does this warrant measures at EU level? Overall, Finansinspektionen does not distinguish between the outsourcing of IT operations to cloud service providers and other outsourcing of IT operations. To date, Finansinspektionen has noted that many providers of cloud services often use standard contracts to regulate rights and obligations between the customer and the provider. These standard contracts have contained limitations 4

on the institution s, the auditor s and Finansinspektionen s possibilities to gain access to the provider s premises and obtain information about the outsourced operations. It is therefore positive that the EBA recommendations on outsourcing to cloud service providers will provide the clarity needed for institutions that are in the process of adopting cloud computing, while ensuring that risks are appropriately identified and managed. 2.6 Do commercially available cloud solutions meet the minimum requirements that financial service providers need to comply with? Should commercially available cloud solutions include any specific contractual obligations to this end? During 2016 and 2017, Finansinspektionen has noted a positive shift from a compliance perspective in how contractual arrangements are agreed between institutions and cloud service providers as relates to the regulatory requirements with which institutions need to comply. As mentioned under 2.5, the upcoming EBA recommendations on outsourcing to cloud service providers will provide the clarity needed on the EU level. 2.10 Is the current regulatory and supervisory framework governing outsourcing an obstacle to taking full advantage of any such opportunities? In respect of outsourcing, we do not think that legislative changes are of primary importance, and we do not see any evidence that the existing rules on outsourcing are excessively hindering innovation in financial services. Priority should be given to harmonisation of supervisory practices. ESAs can take the lead in this work by applying their existing convergence tools (opinions, peer reviews, focused studies, recommendations). 2.11 Are the existing outsourcing requirements in financial services legislation sufficient? Who is responsible for the activity of external providers and how are they supervised? Please specify, in which areas further action is needed and what such action should be. As mentioned under 2.10, Finansinspektionen considers the existing outsourcing requirements in the financial regulation to be sufficient. What should be prioritised is the work to harmonise supervisory practices. Here, the ESAs play a central role. Financial institutions are ultimately responsible for managing their risks, including risks related to outsourced activities provided by external providers. It is a fundamental prerequisite for institutions not to enter into contractual obligations that would limit the possibilities of the institutions, auditors and national authorities to exercise any needed risk management, control practices and supervision. 5

3.1 Which specific pieces of existing EU and/or Member State financial services legislation or supervisory practices (if any), and how (if at all), need to be adapted to facilitate implementation of FinTech solutions? Finansinspektionen takes a positive stance on the harmonisation of legislation and supervisory practices at the EU level to further support convergence. One relevant topic is crowdfunding. The legal framework must also give sufficient flexibility to address jurisdiction-specific risks. Additional, jurisdiction-specific requirements must be accompanied by an appropriate degree of transparency to simplify cross-border provision of financial services. The overall approach to facilitating financial innovation should rest on the same pillars as any other policies which favour development, but stop short of protectionism or industrial support measures (picking and supporting national champions ). Such an approach should be based on predictable supervisory policies and processes, an open dialogue, public supervisory methodologies and rulebooks, legal certainty (well-reasoned and consistent decisions over time) and reasonable response times. By doing this, we will per definition enable innovation and the use of new technologies. The approach when regulating FinTech should be technology-neutral. It means, for instance, that lower standards should not apply in cases where the same services are outsourced, compared to when they are delivered by the firm itself. The same applies to the use of the technology: identical regulatory requirements should apply to the provision of services irrespective of the technological platform. It is the provided financial service that should be regulated and not the method providing it. If certain platforms are associated with idiosyncratic risks, these risks need to be assessed as well and may imply changes to supervisory practices. Given this background, we are skeptical about having a separate supervisory category for Fintech Activities. Furthermore, there is a need to explore the application of the principle of proportionality so the regulatory burden on smaller or niched players is proportionate. In some cases, it may be sufficient to change the supervisory approach, but in other cases the legal requirements may need to be changed. Simple business models and uncomplicated new services may warrant shorter licensing periods. ESAs may play important roles toward supervisory convergence. 3.2 What is the most efficient path for FinTech innovation and uptake in the EU? Is active involvement of regulators and/or supervisors desirable to foster competition or collaboration, as appropriate, between different market actors and new entrants. If so, at what level? 6

The development of FinTech raises a broad range of policy issues and will probably require action from different parts of the public sector, of which the financial regulation and supervision is one important component. However, financial regulation and supervision should stick to the fundamental goals of financial stability and consumer protection and avoid being drawn into industrial policy, e.g. actively promoting innovation, etc., if there is no clear link to financial stability and consumer issues. There may be good arguments for public support of technical innovation, but authorities other than financial supervisors should take the lead on this matter. The preferred path in this case would be collaboration between EU countries. This would ensure equal treatment of innovators, both smaller tech-companies and established insurance undertakings and equal treatment of undertakings with domicile in different EU countries, and it would hinder regulatory arbitrage within the EU. At the same time, it is important not to hinder the development of methods to support the FinTech industry at the national level by assigning all development in this area to the EU level. Setting up regulatory sandboxes could be one way for regulators to better understand FinTech and increase the opportunities to reap the benefits. However, we stress that such sandboxes should not be restricted to FinTech, but enable a playing field for all types of new innovations. Since the financial markets differ between Member States, this sandbox exercise is best done at the national level. A more harmonised regulatory environment minimises compliance costs, thus enabling more resources to be spent on business development and innovation. Future legislation should be designed in such a manner as to prevent innovation and development of new business models and entrepreneurship in this field (i.e. be technology neutral). The development of innovative services is desirable, but it is also important to monitor this development to prevent the emergence of new FinTech-related risks. The role of regulators should be to offer neutral tools without compromising financial stability and consumer protection. These tools should also be applied in proportion to the business models, size and systemic significance of the various institutions. However, enabling innovation is an important starting-point. 3.4 Should the EU introduce new licensing categories for FinTech activities with harmonised and proportionate regulatory and supervisory requirements, including passporting of such activities across the EU Single Market? If yes, please specify in which specific areas you think this should happen and what role the ESAs should play in this. For instance, should the ESAs play a role in pan-eu registration and supervision of FinTech firms? No. 7

3.5 Do you consider that further action is required from the Commission to make the regulatory framework more proportionate so that it can support innovation in financial services within the Single Market? If so, please explain in which areas and how should the Commission intervene. There is potential to further explore the application of the principle of proportionality so that the regulatory burden on smaller or niched players is proportionate. In some cases it may be sufficient to change the supervisory approach, but in other cases the legal requirements may need to be changed. Simple business models and new, uncomplicated services may warrant a shorter licensing period. 3.6 Are there issues specific to the needs of financial services to be taken into account when implementing free flow of data in the Digital Single Market? To what extent regulations on data localisation or restrictions on data movement constitute an obstacle to cross-border financial transactions? Finansinspektionen takes a positive stance on the paradigm shift in relation to consumer financial data, so that consumers and not firms have full ownership of the data about a particular consumer. This means that consumers can allow other financial services providers to have access to their data. This shift should improve competition on the financial market. However, it is important for consumers to be appropriately informed and aware of the consequences of their choices. It is also important to ensure that the liability for the use of data is clearly regulated by law, and that rights and responsibilities of financial firms (accessing, processing and storing data) in relation to consumer data under the new paradigm are clarified. 3.7 Are the three principles of technological neutrality, proportionality and integrity appropriate to guide the regulatory approach to the FinTech activities? The Commission s stance on the three principles is good, but there may be room for enhancements regarding equal treatment and harmonisation between Member States in order to prevent regulatory arbitrage. Here, the ESAs play a central role in fostering convergence. It is important not to use proportionality as an excuse for being exempt from regulation or supervision, and any tendencies toward a national supervisory race to the bottom should be avoided. 3.8 How can the Commission or the European Supervisory Authorities best coordinate, complement or combine the various practices and initiatives taken by national authorities in support of FinTech (e.g. innovation hubs, 8

accelerators or sandboxes) and make the EU as a whole a hub for FinTech innovation? Would there be merits in pooling expertise in the ESAs? Ensuring that the NCAs and ESAs use the same terminology for what we mean with, for example, sandboxes, hubs and accelerators, is a good reason to start pooling resources. The ESAs could take a coordinating role and spread good examples from countries, both within and outside the Union, that have interesting experiences from working with FinTech issues. Going further, ensuring similar practices in this area could be another reason to start pooling resources. Here, the ESAs can take an active role in fostering convergence. We consider there to be risks associated with centralising licensing, sandboxes, and supervision to the ESAs. For example, this could prolong the time-tomarket for many products, thereby hindering competition in the EU. 3.10 Are guidelines or regulation needed at the European level to harmonise regulatory sandbox approaches in the MS? Would you see merits in developing a European regulatory sandbox targeted specifically at FinTechs wanting to operate cross-border? If so, who should run the sandbox and what should be its main objective? In order to ensure equal treatment of insurance companies and other FinTech companies operating across national borders, it would be beneficial to harmonise the regulations related to the use of sandboxes in each MS. Because the financial markets differ between the Member States, sandboxes should be administered at the national level. 4.1 How important is the free flow of data for the development of a Digital Single Market in financial services? Should service users (i.e. consumers and businesses generating the data) be entitled to fair compensation when their data is processed by service providers for commercial purposes that go beyond their direct relationship? Finansinspektionen takes a positive stance on the paradigm shift in relation to consumer financial data, so that consumers and not the firms have full ownership of the data about a particular consumer. This means that consumers can allow other financial services providers to have access to their data. This shift emphasizes the importance of consumers being appropriately informed and aware of the consequences of their choices. It is also important for the regulation to clearly outline the liability related to the storage and use of data, and that the rights and responsibilities of financial 9

firms (accessing, processing and storing data) in relation to consumer data are clarified. 4.7 What additional (minimum) cybersecurity requirements for financial service providers and market infrastructures should be included as a complement to the existing requirements (if any)? What kind of proportionality should apply to this regime? The regulation could be supplemented by principle-based guidance in order to improve flexibility and preventive management of this risk. Finansinspektionen takes a positive stance on the work currently underway within the EBA to analyse existing supervisory cyber security practices and propose further work to align these practices, where applicable, across EU Member States. 10

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback