Annexes to COM(2018)109 - FinTech Action plan: For a more competitive and innovative European financial sector

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2018)109 - FinTech Action plan: For a more competitive and innovative European financial sector.
document COM(2018)109 EN
date March  8, 2018
agreement in December 2017 will reduce anonymity and increase the traceability of transactions by requiring crypto-asset exchanges and custodial wallet providers in the European Union to carry out customer identification and to exercise due diligence.

An assessment of the suitability of the current EU regulatory framework with regard to Initial Coin Offerings and cry pto-assets more generally is necessary. On the one hand, the aim should be to make sure, that EU firms, investors and consumers can take advantage of this technical innovation within a fair and transparent framework in order to make Europe a leading player in developing new ways to rapidly fund growing businesses. On the other hand, potential financial stability, market integrity, investor and consumer protection, personal data protection and money laundering and terro ri st financi ng - rel ated risks should be appropriately addressed. As crypto-assets are a worldwide phenomenon, international coordination and consistency, for example within the G20, the Financial Stability Board (FSB) and international financial standard setters, will be essential. T he Commission will

24       https://www.esma.europa.eu/press-news/esma-news/esma-highlights-ico-risks-investors-and-firms,        13 November 2017

25  ESMA, EBA and EIOPA warn consumers on the risks of Virtual Currencies – 12 February 2018 -

https://www.eba.europa.eu/documents/10180/2120596/Joint+ESAs+Warning+on+Virtual+Currencies.pdf

work with supervisors, regulators, industry and civil society, both within the EU and with partners internationally, to determine any further appropriate course of action.

Box 1

1.

Together with this Communication, the Commission is presenting a proposal for an EU Regulation on investment-based and lending-based crowdfunding service providers (ECSP) for business. The proposal aims to ensure an appropriate and proportionate regulatory framework that allows crowdfunding platforms that want to operate cross-border to do so with a comprehensive passporting regime under unified supervision.

2. The Commission invites the European Supervisory Authorities, by Q1 2019, to map current authorising and licensing approaches for innovative FinTech business models. In particular,      they should explore how proportionality and flexibility in the financial services legislation are applied by national authorities. Where appropriate, the ESAs should issue guidelines on approaches and procedures or present recommendations to the Commission on the need to adapt EU financial services legislation.

3. In the course of 2018, the Commission will continue monitoring the developments of crypto-assets and Initial Coin Offerings with the ESAs, the European Central Bank and the FSB as well as other international standard setters. Based on the assessment of risks, opportunities and the suitability of the applicable regulatory framework, the Commission will assess whether regulatory action at EU level is required.

1.2.     Increasing competition and cooperation between market players through

common standards and interoperable solutions

The production and delivery of financial services requires different operators in the value chain to cooperate and interact. An EU-wide FinTech market will not reach its full potential without the development of open standards that increase competition, enhance interoperability and simplify the exchange of and access to data between market players.

There are different ways to implement interoperability. Companies or technology providers may develop ad hoc interfaces to which other parties need to adapt. Another approach is to reach consensus on interoperability standards for the whole market, reducing the efforts required for service providers to exchange data with different platforms. Standard-setting processes should be based on the principles of openness, transparency and consensus, in accordance with Regulation (EU) No 1025/2012 on European standardisation. For standards to be pro-competitive, participation should be unrestricted and the procedure for adopting the standard should be transparent, allowing stakeholders to effectively inform themselves of standardisation work. Effective access to the standard should be provided on fair, reasonable and non-discriminatory terms.

Most respondents to the FinTech consultation stressed that it is a priority to develop standards, promote their adoption, and ensure interoperability between systems. The preferred approach would be led by industry and market participants, developing global standards as


in blockchain/distributed ledger technologies, application programming interfaces and identity management. The revised Payment Services Directive, in application since January 2018, is an interesting test case: banks are required to open appropriate communication channels for FinTechs to provide their services based on access to payment accounts. The development of standardised application programming interfaces would create a level playing field to enable new and improved services in a truly open environment, while maintaining high standards of protection of personal data and consumer protection.

Box 2

1. The Commission will help to develop more coordinated approaches standards for FinTech by Q4 2018 by liaising and working with major standard-setting bodies, such as European Committee for Standardisation

International Organisation for Standardisation including blockchain area.

2. The Commission encourages and will support joint efforts by market players to develop, by mid-2019, standardised application programming interfaces that are compliant with the Payment Services Directive and the General Data Protection Regulation as a basis for a European open banking eco-system covering payment and other accounts.

1.3.     Facilitating the emergence of innovative business models across the EU

through innovation facilitators

Innovative companies bring new products to the market or provide ways to provide well-known services in innovative forms or at more competitive prices. Innovators need to be able to extend their services to as wide a base of users as possible, leveraging economies of scale. In order to fully benefit from the single market, innovators should be able to use a European passport. This requires meeting regulatory requirements that may be difficult to fulfil. This is particularly the case for newly established businesses and for those employing innovative technologies or models that may differ from standard practices in place at the time rules were adopted.

Innovative approaches and technologies also challenge financial supervisors when deciding to authorise or not a firm or activity and determining how to fulfil their supervisory obligations. Responses to the Commission’s public consultation suggest there is a strong appetite among supervisors to better understand the latest FinTech trends and to strengthen contacts with firms and other technology providers.

In the EU, 13 Member States have established what are called ‘FinTech facilitators’ (innovation hubs26 or regulatory sandboxes27) to provide general guidance to firms during the

26 See EBA/DP/2017/02 — ‘Innovation hub’ means an institutional arrangement where regulated or unregulated entities (i.e. unauthorised firms) engage with the competent authority to discuss FinTech-related issues (share information and views, etc.) and seek clarification on the conformity of business models with the regulatory framework or on regulatory/licensing requirements (i.e. individual guidance to a firm on the interpretation of applicable rules).

authorisation process. This enables such firms to gain quicker access to the market and better understand the rules and supervisory expectations. The facilitators may also provide guidance to established financial institutions. From the supervisors’ perspective, such approaches provide an important source of information, helping them acquire a better understanding of innovative business models and market developments at an early stage.

Regulatory sandboxes take the idea of innovation hubs a step further by creating an environment where supervision is tailored to innovative firms or services. National competent authorities must apply relevant EU financial services legislation. However, these rules include a margin of discretion with regard to the application of the proportionality and flexibility principles embedded in these rules. This can be particularly useful in the context of technological innovation.

The sandbox approach by has been supported by industry respondents to the public consultation. National authorities expressed mixed views: some supervisors consider that such initiatives are not part of their mandate; supervisors that are open to sandboxes, by contrast, consider that others should take similar initiatives. A consistent approach among supervisors would foster the roll out innovation across the EU single market.

Recently, both EBA, EIOPA and ESMA mapped the existing innovation facilitators across the EU. The Commission would welcome further efforts to identify best practices across the EU and set up common principles and criteria for innovation hubs and regulatory sandboxes. Other follow-up actions could include promoting the setting-up of innovation hubs in all Member States and coordinating their operations. This could lead to considering an EU experimentation framework for adopting and adapting to new technologies.

Box 3

1. Building on recent work by the ESAs to map FinTech facilitators set up by national supervisory authorities, the Commission invites the ESAs to conduct further analysis and identify best practices by Q4 2018 and, where appropriate, to issue guidelines on these facilitators.

2. The Commission invites competent authorities at Member State and EU level to take initiatives to facilitate innovation on the basis of these best practices and invites the ESAs to facilitate supervisory cooperation, including coordination and dissemination of information regarding the innovative technologies, establishment and operation of innovation hubs and regulatory sandboxes, and consistency of supervisory practices.

3. Based on the work of the ESAs, the Commission will present a report with best practices for regulatory sandboxes by Q1 2019.

27 See EBA/DP/2017/02 — Regulatory ‘sandboxes’ provide financial institutions and non-financial firms with a controlled space in which they can test innovative FinTech solutions with the support of an authority for a limited period of time, allowing them to validate and test their business model in a safe environment.

2. Supporting the uptake of technological innovation in the financial

sector

2.1.           Reviewing the suitability of our rules and ensure safeguards for new

technologies in the financial sect or

Technology neutrality is one of the guiding principles of the Commission’s policies.

Nevertheless, EU rules that pre-date the emergence of innovative technologies may in practice not always be te chno lo gy - neutral towards these innovations. Respondents to the public consultation have, for example, pointed to requirements or preferences for paper-based disclosures, or the need for physical presence. T he absence of clear and harmonised processes to identify consumers and businesses online, in full compliance with anti-money laundering and data protection rules, was also considered a challenge for FinTech solutions. In the same vein, respondents expressed concerns that software investment is less attractive under current prudential rules for banks where investments in software made by EU banks must be deducted from their regulatory capital, in contrast to the more favourable treatment enjoyed by banks in the United States.

The Commission has already given consideration to some of these issues. In the Consumer Financial Services Action Plan28, the Commission announced its intention to facilitate the cross-border acceptance of e- ide nti fication and remote know-your-custo m er processes. The aim is to enable banks to identify consumers digitally in compliance with anti-money laundering and data protection requirements, making full use of the electronic identification and authentication tools provided under eIDAS. To facilitate the use of electronic identification and authentication, the Commission set up         a dedicated expert group on

electronic identification and remote know-your-custom er processes. The uptake of disruptive technologies, such as distributed ledger technologies and artificial intelligence, may pose additional regulatory challenges. Requirements for paper-based disclosure should be addressed. Responses to the public consultation raise concerns that the use of such technologies may be prevented or constrained by the existing rules, for example in the following ways:

blockcha in-based applications may ra ise ju ri sd ictional issues about the law applicable and l iability issues;

the legal validity and enforceability of s m art contracts may need clarification;

there are uncertainties surrounding the legal status of ICOs and the rules applicable to them, as set out already under point 1.1. above;

Further analysis is necessary to assess the extent to which the legal framework for financial services is technology neutral and able to accommodate FinTech innovation, or whether it needs to be adapted to this end. At the same time, it is necessary to ensure that financial stability, consumer and investor protection, anti-money laundering requirements and law enforcement are respected.

28

COM(2017)139 final.

29 Commission Decision C(2017)8405 of 14 December 2017.

Box 4

The Commission will set up an expert group to assess by Q2 2019 whethe r ther e are

unjustified regulatory obstacles to financial innovation in the financial services regulatory framework.

2.2.     Removing obstacles to cloud services

Cloud computing can increase the efficiency of the digital infrastructure which underpins financial services. Outsourcing data processing and storage capacity to cloud service providers reduces the cost of hosting, infrastructure and software for firms and can help streamline IT expenditure. At the same time, it can ensure greater performance, flexibility and adaptability.

Regulated firms that outsource activities to a cloud service provider must comply with all legal requirements (e.g. in terms of proper risks management, data protection and appropriate oversight by supervisors). Stakeholders responding to the Commission consultation raised concerns that uncertainties over financial supervisory authorities' expectations were limiting the use of cloud computing services. Such uncertainties are due in particular to the absence of harmonisation of national rules and different interpretations of outsourcing rules30.

The EBA recently published recommendations on outsourcing to cloud services31. ESMA, in its role as direct supervisor for credit rating agencies and trade repositories, is exploring these issues and in 2018 intends to clarify which requirements these firms have to comply with when outsourcing to cloud services. Outsourcing to cloud services is also part of EIOPA's mandate in the InsurTech area. Nevertheless, the issue deserves attention beyond the scope of these existing initiatives. Additional certainty could be achieved if supervisory expectations were expressed in the form of formal guidelines of the ESAs.32

The Commission’s proposal for a Regulation establishing a framework for the free flow of non-personal data in the EU aims to remove unjustified data localisation restrictions and thus tackle one of the main problems identified. The proposal also addresses additional cloud-related issues, such as preventing vendor lock-in by cloud service providers. To facilitate the implementation of the proposed Regulation specifically in relation to the use of cloud services, the Commission will in 2018 gather relevant stakeholders, consisting of cloud users, cloud providers and regulatory authorities.

30 Respondents to the FinTech consultation proposed that standardised contractual agreements between cloud and financial service providers could better reflect their sectoral regulatory constraints (such as audit obligations, or requirements for onsite inspections). Data localisation restrictions by public authorities constituted another important obstacle identified by respondents. In the context of a highly concentrated market for cloud services, financial institutions and supervisors also raised the risk of high dependency on a handful of non-EU providers and the need to prevent European financial institutions from becoming locked-in with suppliers.

31 EBA/REC/2017/03, Recommendations on outsourcing to cloud service providers, December 2017, available

here.

32 As regard requirements of the personal data protection legislation, the coordination of the approaches taken by

Data Protection supervisorsis already regulated under GDPR.

Box 5

1. The Commission invites the ESAs to explore the need for guidelines on

outsourcing to cloud service providers by Ql 2019.

2. In the context of the Communication on Building the European Data Economy, the Commission invites cloud stakeholders to develop cross-sectoral self-regulatory codes of conduct to facilitate switching between cloud service providers. The Commission will also invite representatives from the financial sector to enable easier data porting also for financial institutions.

3. In this context, the Commission shall encourage and facilitate the devel opment of standar d contractual clauses for cloud outsourcing by financial institutions, building on the cross-sectori a l cloud stakeholder efforts already facilitated by the Commission, and ensuring financial sector involvement to this process. This work should be undertaken by a balanced mix of companies from the financial sector and cloud service providers, and should address in particular audit requirements, reporting requirements or the determination of materiality of the activities to be outsourced.

2.3.     Enabling FinTech applications with the EU

blockchain initiative

Blockchain and distributed ledger technologies will likely lead to a major breakthrough that will transform the way information or assets are exchanged, validated, shared and accessed through digital networks. They are likely to continue to develop in the coming years and become a key component of the digital economy and society.

It is important to avoid confusion between blockchain technologies and crypto-assets (mentioned above), which represent just one type of application of blockchain. Blockchain can underpin a wide range of applications in various sectors, which may not be limited to crypto-assets or even FinTech at all.

The financial sector has been leading the exploration of the potential of blockchain with many proofs of concept and pilot projects in a wide range of areas such as payments, securities, deposits and lending, capital raising, investment management, market provisioning, trading and post-Trade as well as trade finance and reporting (e.g. RegTech).

Distributed ledger technologies and blockchain have great potential to drive simplicity and efficiency through the establishment of new infrastructure and processes. These technologies may become central to future financial services infrastructure. The most impactful applications will require deep collaboration between incumbents, innovators and regulators to have a successful and beneficial implementation path. The scope of potential applications is very broad and should be monitored closely.

Even though blockchain technologies are still at an early stage, a number of challenges and risks need to be addressed.The EU Blockchain Observatory and Forum33, which was launched in February 2018 for a period of 2 years, aims to monitor trends and developments, pooling expertise to address sectoral and cross-sectoral issues and exploring joint solutions and crossborder cases of blockchain use. The European Parliament also supported the launch of the European Financial Transparency Gateway (EFTG), a pilot project using distributed ledger technology to facilitate access to information about all listed companies on EU securities regulated markets in the context of the Transparency Directive34. This initiative aims to increase transparency of EU regulated markets, fostering both market integration and market liquidity, in line with the objectives of the capital markets union. The European Commission also initiated, for example, blockchain for industrial transformations (#Blockchain4EU) and the proof of concept to use blockchain to facilitate the collection of excise duties.

Considering the cross-cutting nature of blockchain, which goes beyond financial services and potentially encompasses all sectors of the economy and society, the Commission has already taken steps to set up an EU blockchain initiative with the launch of the EU Blockchain Observatory and Forum. The initiative will propose actions, funding measures and a framework to enable scalability, develop governance and standards, and to support interoperability. It is a cross-sectoral initiative expected to enable early adoption of this technology in the financial sector and increase Europe’s competitiveness and technological leadership, in collaboration with other actions in this action plan (notably, the suitability check of EU financial legislation). It will rely also on pilot actions supported through the Horizon 2020 programme, which will be expanded during 2018-2020. The Commission has also developed links with the International Standards Organisation Technical Committee 307 on blockchain and distributed ledger technologies. European Standardisation Organisations35 have been invited to take on a leadership role to identify specific EU features for blockchain.

Box 6

33 https://ec.europa.eu/digital-single-market/en/news/pre-information-notice-eu-blockchain-observatory-forum.

34 Directive 2013/50/EU.

35 CEN, CENELEC and ETSI.

1. The Commission will consult publicly on further digitisation of regulated

information about companies listed on EU regulated markets in Q2 2018,

including the possible implementation of a European Financial Transparency Gateway based on distributed ledg er technology.

2. The Commission will continue to work on a comprehensive strategy, considering all relevant legal implications, on distributed ledger technology and blockchain addressing all sectors of the economy, including enabling FinTech and RegTech applications in the EU.

3. The Commission launched an EU Blockchain Observatory and Forum in February 2018, as well as a study on the feasibility of an EU public blockchain infrastructure to develop cross-border services. It will be assessed whether block chain can be deployed as a digital services infrastructure under the Connecting Europe Facility.With the support of the EU Observatory and Forum and the European Standardisation Organisations, the Commission will continue to appraise legal, governance and scalability issues and support interoperability and standardisation efforts, including further evaluating cases of blockchain use and its applications in the context of the Next Generation Internet.

2.4.           Building capability and knowledge among regulators and supervisors in an

EU FinTech Lab

Major hurdles preventing the financial industry from taking up new technology include a lack of certainty and guidance on how to use it, fragmentation and a lack of common approaches between national regulators and supervisors.

Some technology providers already make efforts to inform regulators and supervisors about the nature of their technologies and how they are applied in the financial sector. However, many authorities are reluctant to receive training or engage in discussions when hosted by selected vendors.

The Commission will establish an EU FinTech Lab to raise the level of regulatory and supervisory capacity and knowledge about new technologies. It will do this through demonstrations and expert discussion in a no n - comm erci al, neutral financial technology Laboratory. The Lab will bring together multiple vendors, in particular from the EU, with regulators and supervisors so they can raise and discuss regulatory and supervisory concerns.

The technologies addressed could include:

authentication and identification technologies,

specific cases for using distributed ledger technology, cloud technology, machine learning and artificial intelligence,

application programming interfaces and open banking standards and

RegTech.

Box 7

The Commission will host an EU FinTech Lab where European and national authorities will be invited to engage with technology solution providers in a neutral, no n - com mercial space during targeted sessions on specific innovations starting in Q2 2018.

2.5.     Leveraging technology to support distribution of retail investment products

across the Single Market

Today, retail investors engaging with capital markets are overwhelmed by the sheer complexity, the cost and the uncertainty associated with investment products. Significant progress has been made in improving the comparability of retail investment products notably through disclosure requirements. While this should improve the quality of products, retail investors still face substantial search costs in selecting the most suitable investment product.

Increased transparency to stimulate competition and widen the choices for retail investors in capital markets should therefore be underpinned by data-driven solutions that would use new, more effective technologies ensuring that information is complete, comparable and easily accessible. Such tools could be based on publicly available disclosures and provide a user-friendly interface linking existing databases or digital tools such as online calculators, comparison tools, automated-advisors or fund supermarkets. To this end, substantial work is needed for ensuring the interoperability of datasets and the development of appropriate algorithms, whilst making sure that results are presented in a fair and easy to understand way. The Commission will therefore examine the current landscape and situation of technology-driven digital interfaces that help individuals to find suitable and cost-effective retail investment products across the EU's capital markets.

3. Enhancing security and integrity of the financial sector

Cybersecurity remains at the centre of EU policy action and making the EU financial sector more cyber resilience is a policy priority for the Commission Nonetheless, high-profile cyber-attacks focus attention on the continued need to ensure the resilience and integrity of systems. The cross-border nature of cyber-threats requires a high degree of alignment of national regulatory and supervisory requirements and expectations. As the financial sector becomes increasingly dependent on digital technology, ensuring that the financial sector is safe and resilient is essential. In this respect, the Commission aknowledges the importance for digital services to incorporate a 'security by design approach' and, in this respect, has already put forward a proposal36 to create an EU certification framework for ICT security products and services.

While the financial sector is better prepared than other sectors, it is also the sector most under attack. Operational and cyber risks pose a mounting threat to the stability of the financial system and undermine the confidence that is vital for our financial markets. Recognising the

36 Proposal for a Regulation of the European Parliament and of the Council on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'')

potential threat to the financial sector’s stability, the European Parliament has called on the Commission ‘to make cybersecurity the number one priority in the FinTech action plan’37. Repeated cyber incidents triggered by the exploitation of basic security flaws in systems and organisations underscore the critical importance of practising fundamental cyber hygiene38 within any organisation. Stricter cyber hygiene measures and requirements is crucial to ensure integrity. However, the degree to which firms are subject to and strengthen their cyber hygiene standards varies across the EU, depending largely on industry and national practices. At EU level, current financial services legislation, in particular covering financial market infrastructures and payments, already contains specific requirements on the integrity of IT resources and systems and their governance. In other areas, requirements are more general, for example in the case of business continuity or general operational risk requirements.

The transposition by Member States of the directive on security of network and information systems39 (NIS) provisions on security requirements in other financial services is on-going. Gaps may, however, remain in EU financial sector legislation that should be filled to improve the sector’s resilience. Before taking such action, supervisory requirements and practices40 should be studied carefully. This way, best practices in applying general requirements can be identified.

Access to threat intelligence and information sharing are also fundamental to improving cybersecurity. Closer cooperation and coordination of threat intelligence sharing across the EU financial sector will help to prevent and mitigate cyber threats. Some respondents to the FinTech consultation expressed concern that information sharing on cyber threats could be constrained by legislation. It might for example not be compatible with the General Data Protection Regulation. This Regulation, however, recognises that the processing of personal data necessary and proportionate for the purpose of ensuring network and information security constitutes a legitimate interest.

Supervisors are increasingly conducting penetration and resilience testing to assess the effectiveness of cyber defences and security requirements. Rigorous testing is already an industry best practice, and increasingly tests and testing modalities are mandated by authorities. As financial institutions and financial market infrastructures operate on a crossborder basis, the multiplication of testing frameworks is perceived as increasing the costs unnecessarily and increasing potentially the risks. Stakeholders stressed the need for more regulatory and supervisory coordination at European level. They stated this should be combined with stronger cooperation between jurisdictions and mutual reliance between authorities on test results whose sensitive nature had to be protected. In this context, the Commission considers the efforts that the ECB, the ESAs and national supervisors are making for example to develop an EU-wide Threat Intelligence Based Ethical Red Teaming (TIBER-EU) testing framework as promising. Assessing cyber resilience of significant financial

37  ‘Report on FinTech: the influence of technology on the future of the financial sector’, Committee on

Economic and Monetary Affairs, Rapporteur: Cora van Nieuwenhuizen, 2016/2243(INI), 28 April 2017.

38 ENISA, Review of the Cyber Hygiene practices, December 2016, p.14, available here.

Cyber hygiene is a fundamental principle relating to information security […],is the equivalent of establishing simple routine measures to minimise the risks from cyber threats. The underlying assumption is that good cyber hygiene practices can drive increased immunity across businesses reducing the risk that one vulnerable organisation will be used to either mount attacks or compromise a supply chain.

39 Directive (EU) 2016/1148.

40 Financial Stability Board, Stocktake of publicly released cybersecurity regulations, guidance and supervisory

practices,

October 2017, pp. 65-70, available here (tbc).

market players across the EU financial sector has the potential to efficiently and effectively identify vulnerabilities of the stability and integrity of the entire EU financial system.

Strong cyber resilience requires a collective and wide-ranging approach as well as effective training and awareness-raising activities. For this, the Commission has recently adopted its Digital Education Action Plan to improve digital skills throughout Europe, including for cybersecurity41. The inherent global nature of cyber threats has made clear that international cooperation is crucial to address such risks: for this reason, the Commission is actively involved in the G20 and G7 work on cyber security in financial services.

Box 8

1. The Commission

will organise a

pubic private workshop in Q2 2018 to

explore and assess barriers limiting information sharing on cyber threats between financial market participants and to identify potential solutions while ensuring data protection standards are met.

2. The Commission invites the ESAs to map, by Q1 2019, the existing supervisory practices across financial sectors around ICT security and governance requirements, and where appropriate: a) to consider issuing guidelines aimed at supervisory convergence and enforcement of ICT risk management and mitigation requirements in the EU financial sector and, b) if necessary, provide the Commission with technical advice on the need for legislative improvements.

3. The Commission invites the ESAs to evaluate, by Q4 2018, the costs and benefits of developing a coherent cyber resilience testing framework for significant market participants and infrastructures within the whole EU financial sector.

CONCLUSIONS

The rapid advance of FinTech is driving structural changes in the financial sector. In such a fast-moving environment, overly prescriptive and precipitous regulation carries the risk of undesired outcomes. However, there are also risks that refraining from updating policy and regulatory frameworks may place EU financial service providers at a disadvantage in an increasingly global market. There is also the possibility, for example in the case of cyber security, that key risks remain unaddressed.

Action 7 in the digital education action plan is aimed at tackling the challenges of digital transformation by launching: (i) an EU-wide awareness campaign targeting educators, parents and learners to foster online safety, cyber hygiene and media literacy; and (ii) a cyber-security teaching initiative building on the digital competence framework for citizens, to empower people to use technology confidently and responsibly.

4

This FinTech action plan combines both supportive measures to help introduce FinTech solutions and proactive measures to foster and stimulate new solutions and address in a determined way the emerging risks and challenges. The Commission has set out its plans for further work on enabling, accommodating and, where possible, encouraging innovation in the financial sector, while ensuring at all times the preservation of financial stability and high levels of investor and consumer protection. It is one important pillar of a broader strategic approach to regulation in the post-crisis environment. The goals are threefold: to harness rapid advances in technology for the benefit of the EU economy, citizens and industry, to foster a more competitive and innovative European financial sector, and to ensure the integrity of the EU financial system.