Following the publication on 29 September 2016 of the EFR position papers on E-identity & digital on-boarding and Regulatory Sandboxes, on 21 October 2016 of the EFR position papers on Cyber-security and Data usage & protection and on 19 December 2016 of the EFR policy note on Fintech, the European Financial Services Round Table (EFR) has issued two further papers regarding Cloud Computing and Blockchain.
With those papers, the EFR specifies the initial reflections on Digital Financial Services issued in March 2016, and deepens various key topics for financial services in the DSM.
The two papers on Cloud Computing and Blockchain summarise the main issues impacting the financial sector in these areas, and the key challenges that should be addressed to ensure that the regulatory framework for digital financial services is fit for purpose.
As for Blockchain/ Distributed Ledger Technology (DLT), the main issue is to ensure the proper functioning of each individual use-case, without impinging on innovation. Above all, a proactive dialogue (regulators-supervisors-industry) should be coordinated across the EU (and ideally globally), to avoid fragmentation in regulatory and supervisory approaches to DLT. To facilitate this, regulators should consider the creation of regulatory sandboxes to pilot potential use-cases. Regulators should be open to reviewing and evolving existing regulations, to make sure they are technologically neutral and guarantee a level playing field.
With regards to Cloud-Computing, the EFR sees an urgent need for a better understanding by financial supervisors of the benefits of cloud technology, such as risk-reduction, efficiency, scalability and cost reduction of IT processes, which all will hugely contribute to the competitiveness of digitally transformed European financial services. In order to facilitate the adoption of this enabling technology, the EU policy-makers should provide regulatory guidance, so as to simplify compliance, to clarify issues about the control of data and data location, and in particular, to ensure that outsourcing contracts accommodate the rights of financial regulators and other supervisory authorities to access and audit relevant data in the cloud. Pre-approved contracts with (certified) providers for specific types of cloud initiatives would be preferable to the current case-by-case and non-harmonized notification requirements.