Speech by Yves Mersch, Member of the Executive Board of the ECB, at the Second Annual Conference on “Fintech and Digital Innovation: Regulation at the European level and beyond”, Brussels, 27 February 2018

The payments industry is currently experiencing considerable transformation driven by innovation. I welcome such innovation as it will increase both efficiency and competitiveness, and this will ultimately benefit society. We are seeing the emergence of new players, new channels to access payment services and new means of payment, all of which will significantly change the payments market. These developments are largely driven by digitalisation and the opportunities it brings. But there are also challenges, some of which I will explore here today.

Opportunities

One of the objectives of the revised Payment Services Directive (PSD2) is to foster innovation and enhance competition. We are already seeing numerous innovative solutions that make use of the opportunities created by PSD2, including services such as payment initiation services (PIS) or account information services (AIS). These were initially provided by new entrants to the market or fintech companies, but I understand that some banks are also preparing to provide these services and become third-party providers (TPPs) themselves. There are opportunities here for all players; each institution must find the right business model and strategy to be competitive in providing these services, an approach which will benefit their customers.

In order to provide PIS and AIS, a third-party provider will need access to the relevant information from banks, and this will need to be communicated securely, via an adapted customer interface or via a dedicated interface. While access via the former is possible in principle, it would create fragmentation, as providers would have to develop and maintain a huge number of connections to all the different banks they communicate with. The plethora of technical solutions required would be an obstacle for new entrants. I therefore reiterate that only a dedicated and standardised technical interface – an application programming interface, or API – constitutes an efficient access solution that serves the needs of an integrated European payments market. I also believe that there should only be one – or at most a few – technical API specifications so that competition takes place at the service level and not at the technical specification level. We need to ensure that innovative services are built on harmonised and standardised technical foundations so that they can be made available across Europe.

Let me add some more general remarks in this context. We are in the process of building Europe’s financial market infrastructure for tomorrow. Building it on individual or national solutions is anachronistic as these will no longer meet the needs of the market. Europeans demand services that are safe and efficient and give them pan-European access. We therefore need to apply common standards that work on a pan-European basis. The same principle was agreed when we built the Single Euro Payments Area – SEPA – and that is why SEPA uses the global standard ISO 20022. The Eurosystem also uses this standard for the infrastructures it operates – be it T2S^[1] or TIPS^[2], as well as upgrades to TARGET2 or its new collateral management system. Looking at the digital transformation and innovation under way, I urge all market participants to plan their investments based on common and future-oriented standards that ensure pan-European accessibility.

The regulatory level playing field

In order to increase competition in the area of payments, EU legislators introduced “payment institutions”, a new category of payment service providers, in the first Payment Services Directive. These institutions are allowed to provide payment services, and PSD2 states that PIS and AIS fall under the definition of payment services. Providers of such services have to be duly authorised and supervised.

I heard from some bankers occasionally that there was an issue of level playing field between new TPP entrants and incumbent banks. TPPs, they claim, face a lighter regulatory regime than do banks. In this context, let me just say that PSD2 as well as banking legislation govern the respective activities and that an institutional licence is required to conduct them, which implies that the entities will be supervised in line with the risks involved. Payment institutions are only allowed to provide a limited set of services, i.e. payment services. They are not allowed to take deposits and are only allowed to hold funds for the provision of payments. Credit institutions, by contrast, have a much wider scope of activities than payment institutions; they can engage in the whole spectrum of banking activities, including the holding of deposits and the granting of loans. Thus, while banks and payment institutions are indeed subject to different authorisation and supervisory criteria, this does not per se mean that there is an unlevel playing field. I have the feeling that those bankers who complain about the playing field forget that some of their colleagues in the bank perform activities that go far beyond the provision of payment services. So I believe that there is indeed a level playing field and that the legislator has taken into consideration a risk-based approach.

Another request I sometimes hear is for regulatory sandboxes for fintechs. This is an area where, I would suggest, we exercise caution. It raises a lot of questions – where to start and where to stop, who to involve (or not) and which activities to include – to name just a few of the challenges. I’m not sure we have the right answers yet, but this is ultimately a matter for the legislators.

Challenges

Before concluding, I would like to mention cyber risks and the challenges of digitalisation. A virtue of central bankers is that they are, by nature, worried about risks and security. And one concern that is very closely linked to innovation and digitalisation is that of cyber risks. Increasing digitalisation exposes the entire ecosystem to increased cyber risks because of a greater reliance on the internet and thus a broader attack surface, which can be exploited by hackers using increasingly sophisticated techniques. As a result, financial market actors and infrastructures become susceptible to cyberattacks. Central banks and other authorities have identified those risks and issued guidance in that respect. The G7 published its “Fundamental elements of cybersecurity for the financial sector” and the CPMI/IOSCO issued its “Guidance on cyber resilience for financial market infrastructures” – to name just the most important publications. I strongly encourage all market players to consider cyber risks as critical to their institution and to draw up a fully fledged cyber strategy and response plan.

Conclusion

Innovation and digitalisation in payment services will significantly change the payments market. They offer opportunities for efficiency gains and improve the competitiveness of actors that embrace them. The legislative framework established by PSD2 supports such innovation and enhances competition. It offers a legislative basis for a level playing field between new entrant TPPs (fintechs) and incumbent banks. Regulatory requirements for TPPs and banks obviously differ but so does the spectrum of services that they provide and the level of risk that they encounter and need to protect against. I welcome if both fintech TPPs and banks were to make use of the opportunities granted by law and to compete for the most innovative and efficient provision of payment initiation services and account information services. They should build their services on common technical standards with a pan-European reach to benefit their customers and the Europen citizens in general. But they should pay careful attention to the cyber risks that accompany digitalisation and prepare their cyber strategies thoroughly.

On 26 February 2018 the Council reached an agreement with the European Parliament on how to incorporate into EU legislation measures adopted by the South Pacific Regional Fisheries Management Organisation (SPRFMO).

The agreed regulation laying down management, conservation and control measures applicable in the convention area of SPRFMO applies to EU fishing vessels fishing in the SPRFMO convention area or, in the case of transhipments, to the species caught in the SPRFMO convention area. It also applies to third country fishing vessels that access EU ports and that carry fishery products harvested in the convention area.

The active role of the EU in international fisheries management organisations and today’s agreement are evidence of Europe’s commitment to the long-term conservation and sustainable use of fishery resources around the world.

Rumen Porodzanov, Minister of agriculture, food and forestry of the Republic of Bulgaria and President of the Council

The agreed regulation fully takes into account the latest decision taken at the sixth meeting of the SPRFMO Commission (COMM6) in Lima, Peru, from 30 January to 3 February 2018.

The SPRFMO is an inter-governmental organisation that is committed to the long-term conservation and sustainable use of the fishery resources of the South Pacific Ocean. The European Union is a contracting party. Currently, the main commercial resources fished in the SPRFMO area are Jack mackerel and jumbo flying squid in the Southeast Pacific and, to a much lesser degree, deep-sea species often associated with seamounts in the Southwest Pacific.

The agreement still needs to be approved by EU ambassadors sitting in the Council’s Permanent Representatives Committee (Coreper). After formal endorsement by the Council, the new legislation will be submitted to the European Parliament for a vote at first reading and to the Council for final adoption.

The regulation will then enter into force on the third day following that of its publication in the Official Journal of the European Union.

Download as pdf

DECISION n°171 of the Management Board of the European Union Agency for Railways on the opt-out from Commission Decision C(2017) 6760 – employment of contract staff employed by the Commission under the terms of Articles 3a and 3b of CEOS Reference: 171/2018 Publication Date : 26/02/2018 Published by: Management Board Document Types: Decision Keywords: Opt-out, Commission Decision C(2017) 6760, Article 79 § 2 CEOS, employment contract staff, Articles 3a-3b CEOS Description: Adopted by Written Procedure – 26 February 2018 Related documents:

Ladies and gentlemen

The internet has been an open, fair and neutral platform from the start.

Its online freedom brings endless innovation and a dynamic digital economy.

But so much has changed in a relatively short time:

• quality and speed of access.
• platforms and website sophistication.
• sharing files in the cloud.
• an exponential growth in social media.
• and of course, 24/7 online shopping.

 It was as long ago as 2000 that the EU’s e-commerce Directive came into force.

This sets the basic legal environment for online services in the single market.

It sets liability limits for digital platforms.

It guarantees freedom of expression online.

Both are vital for an open internet.

Europe’s rules on net neutrality are the other side of the same coin:

• end-users gain the right to access and distribute the content, applications, services and information of their choice.
• internet providers must treat all traffic equally. No blocking, throttling or discrimination.
  

For me, the idea that all legal internet traffic should be treated equally is the vehicle for innovation that sparked the digital economy in the first place.

It is vital for consumers, business customers and content providers.

Our liability regime and net neutrality rules are two principles that have guaranteed an open internet.

They work, and they should remain.

I think Europe and the United States can agree on the need to preserve the freedom of the internet economy. Where we may differ is how to do it.

I mentioned change. Today, platforms have more influence and market power than anyone could have imagined.

It is only natural that in this position they will need to become more transparent in their dealings.

Most of them are already.

The same goes for illegal material posted online that promotes terrorism, violent extremism, hate speech. Online platforms have taken measures to combat this.

In a couple of days, the Commission will issue a recommendation dealing with illegal content, in particular terrorism.

It will complement our earlier guidance on detection, take-down and stay-down. It will help platforms to act proactively, urgently and decisively.

If the internet is to remain open – and I believe that it should – then illegal content must be blocked at the source, not in the network. This is also more effective and proportionate.

This recommendation will be built on the e-commerce liability regime, which we will not change. Not today. Not tomorrow.

Why? Because I do not want Europe to become a ‘big brother’ society in online monitoring.

George Orwell aside, I believe everyone has the right to access an open internet, where all traffic should in principle be treated equally. EU law has protected these principles for almost two years.

Since our experiences are positive so far, I will continue to protect and defend net neutrality and an open internet in Europe.

These rules allow space for everybody, for innovation and experimentation. Space for specialised services that come with a certain quality, where necessary.

But this cannot be at the expense of other internet users. I do not want a digital motorway for the lucky few, while others use a digital dirt-track.

Access to the internet is a basic right. It has to stay open for everybody. No discrimination.

I know that you will all have views as well – and that some will be very different to mine. I look forward to the discussion.