Home PrintSearch
Resize Text
European Financial Services Round Table

Friday, October 21, 2016
EFR papers on Cyber-Security and Data Usage & Protection.
Following the publication on 29 September 2016 of the two first EFR position papers on E-identity & digital on-boarding and Regulatory Sandboxes, the European Financial Services Round Table (EFR) has issued two further papers regarding Cyber-Security and Data Usage & Protection.

Herewith the EFR specifies the initial reflections on Digital Financial Services issued in March 2016, and deepens 4 key topics for financial services in the DSM:
  1. E-identity & digital on-boarding
  2. Regulatory Sandboxes
  3. Cyber-security
  4. Data usage & protection
The two latter topics on Cyber-Security and Data summarise the main issues impacting the financial sector in these areas, and the key challenges that should be addressed to ensure that the regulatory framework for digital financial services is fit for purpose:

  • Concerning Cyber-security, regulatory approaches should be coordinated globally, setting principles-based rules and standards and promoting good cyber risk management in close cooperation between regulators, supervisors and the industry. Furthermore a better cyber risk data collection and information sharing should be encouraged between the industry and the institutions, as well among the financial services companies themselves.
  • With regards to Data usage & protection, the EFR envisions improved information for both consumers and companies based on better data quality. New technologies and data sources, as well as algorithm-based decision-making can enhance financial inclusion and simplify the control and clarify the transparency of data itself, its usage and its storage. Additionally, data analytics and sharing in an anonymous aggregated way could contribute to tackle key societal challenges such as climate change, road safety, etc. In this context, legal certainty is needed for the wider use of data.

    As for competition and the data portability considered in the GDPR, raw data needs to be differentiated from managed data and machine-readable sharing of platform data should be considered in order to re-level the playing field for financial services companies in the global digital competition. Finally, the notification of data breaches should be clearly limited to confirmed data breaches with 'high risks' for data subjects