Plans to support digital identification (ID) in banking were set out by the Commission in a new consumer financial services action plan (15-page / 326KB PDF). It said the plans will build on electronic ID (e-ID) and electronic signature (e-signature) schemes provided for under EU rules on e-ID and trust services (eIDAS).
"The use of electronic identity schemes, as set out in eIDAS, would make it possible to open a bank account on-line while meeting the strong requirements for customer identity proofing and verification for know-your-customer or customer due diligence purposes," the Commission said. "The legal certainty and validity of qualified e-signatures, as provided for under eIDAS, could also enhance the security of electronic transactions. This should work across borders and across sectors, and it should have the same legal effect as traditional paper based processes."
The Commission said that new EU anti-money laundering (AML) laws allow firms to use "electronic identification means under eIDAS as tools to meet customer due diligence requirements". It said the national e-ID schemes which eIDAS provides for are expected to be set out this summer and that each EU country should ensure those schemes are "interoperable and available also for private sector use".
The new AML laws could see different innovative tools for digital ID purposes emerge across the EU, but the Commission said it would set up an expert group to "develop common guidelines" to ensure the tools "are safe and secure, do not introduce new risks to consumers or the system and comply with EU data protection laws".
The Commission said it is also currently reviewing regulations and best practice on remote identification and customer due diligence across the EU and that banks will soon be able to engage in EU testing of "the cross-border use … of electronic identification means".
Fintech expert Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said: "It is good to see the European Commission intervene on this occasion in a positive way in order to lessen frictions caused by local rules and guidance that are holding banks and others back from offering digital IDs on a more uniform basis, including across a range of products and services and in the initial interaction they have with their customers."
"This is particularly positive as there are a number of industry discussions taking place in the UK and in other jurisdictions about the level of assurance a bank or other financial account provider would need to have in order to offer a wholly digital ID," he said.
"The more thought and research that is put into the security and the level of trust that consumers will have in a process than is end-to-end digital on the one hand, and the convenience it can offer on the other, is essential if this development in technology, which has been around for some time now, is to take the next step and move beyond a conversation many people in fintech are having to genuinely enabling the delivery of innovative online financial services," Scanlon said.
The new action plan also set out the Commission's plans to review how financial services firms approach disclosures in a digital context to determine whether changes need to be made to existing laws and regulations.
"Disclosure requirements are included in several directives and regulations, including those on mortgage and consumer credit, on payment accounts, on markets in financial instruments, packaged retail and insurance-based investment products and collective investments in transferable securities," it said. "The Commission will monitor how these disclosure requirements will be applied by digital providers before suggesting any amendments to these laws. The Commission also invites the industry to present appropriate new solutions that could help consumers gain a better understanding of financial products or services and make informed decisions."
The Commission's action plan also includes further measures to "support the development of an innovative digital world". It said it wants to "create a regulatory and supervisory environment across the EU that supports digital innovation".
The Commission has opened a consultation on financial technology (fintech) (22-page / 751KB PDF) to help it shape its future approach to "technological innovation in financial services". It said it wants to foster access to financial services for consumers and businesses, bring down operational costs and increase efficiency for the industry, lower barriers to entry in the EU single market, and promote greater data sharing and transparency at the same time as ensuring data security and protection.
In the consultation paper, the Commission also asked industry to outline what steps should be taken at EU level to address regulatory barriers to the use of cloud computing services by financial services firms. Recently, Pinsent Masons, together with UK industry body the BBA, published a report which highlighted the seven main regulatory hurdles banks have to clear to take advantage of cloud-based services.
Industry has also been encouraged to outline what they see as the main challenges around implementation of distributed ledger technology, and to share their views on issues such as the reach of robo advice tools, oversight of the use of artificial intelligence, and risks around using big data analytics. Further questions also seek views on the regulation of crowdfunding and the impact of telematics and other "sensor data analytics" on the provision of insurance.
The Commission also said it was keen to hear what it can do to support the most promising fintech innovations, and to identify the challenges industry is facing in using technologies for compliance purposes (regtech).
Among the other questions posed, the Commission asked industry to highlight any regulatory barriers that prevent fintech companies from "scaling up and providing services across Europe".
The Commission also stressed the importance of data sharing to the future of financial services, but asked respondents for their view on whether consumers and businesses generating data should be entitled to "fair compensation" if their data is "processed by service providers for commercial purposes that go beyond their direct relationship".