Procedure : 2020/2034(INL)
Document stages in plenary
Document selected : A9-0161/2020

Texts tabled :


Debates :

PV 07/10/2020 - 15
CRE 07/10/2020 - 15

Votes :

Texts adopted :


PDF 253kWORD 93k


<Titre>with recommendations to the Commission on Digital Finance: emerging risks in crypto-assets - regulatory and supervisory challenges in the area of financial services, institutions and markets</Titre>


<Commission>{ECON}Committee on Economic and Monetary Affairs</Commission>

Rapporteur: <Depute>Ondřej Kovařík</Depute>

(Initiative – Rule 47 of the Rules of Procedure)



with recommendations to the Commission on Digital Finance: emerging risks in crypto-assets - regulatory and supervisory challenges in the area of financial services, institutions and markets


The European Parliament,

 having regard to Article 225 of the Treaty on the Functioning of the European Union,

 having regard to Articles 7 and 8 of the Charter of Fundamental Rights of the European Union,

 having regard to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)[1],

 having regard to Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC[2],

 having regard to Directive (EU) 2015/849 of the European Parliament and the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC[3],

 having regard to the Communication from the Commission of 19 February 2020 entitled ‘A European Strategy for Data’[4],

 having regard to the Communication from the Commission of 8 March 2018 entitled ʻFinTech Action plan: For a more competitive and innovative European financial sectorʼ[5],

 having regard to the Commission and High Representative of the Union for Foreign Affairs and Security policy’s Joint Communication of 6 April 2016 entitled ‘Joint Framework on countering hybrid threats - a European Union response’[6],

 having regard to the White Paper of the Commission of 19 February 2020 entitled  ʻArtificial Intelligence - A European approach to excellence and trust’[7],

 having regard to the answer given by Vice-President Dombrovskis on behalf of the Commission TO E-001130/2017 of 10 April 2017,

 having regard to the Final report of the Directorate-General for Financial Stability, Financial Services and Capital Markets Union of the Commission of October 2019 entitled ‘Governance for a DLT/ Blockchain enabled European electronic Access Point (EEAP)’[8],

 having regard to the study of the Commission on the application of the Interchange Fee Regulation[9],

 having regard to the public consultation of the Commission of 17 February 2020 on the ‘Review of the regulatory framework for investment firms and market operators’,

 having regard to the Final Report of the High Level Forum on the Capital Markets Union of the Commission of 10 June 2020 entitled ‘A New Vision for Europe’s Capital Markets’[10],

 having regard to the Final report of the Commission’s Expert Group on Regulatory Obstacles to Financial Innovation: 30 recommendations on regulation, innovation and finance of 13 December 2019,

 having regard to the Joint Advice of the European Supervisory Authorities to the European Commission on the need for legislative improvements relating to ICT risk management requirements in the EU financial sector of 10 April 2019,

 having regard to the Joint Advice of the European Supervisory Authorities to the European Commission on the costs and benefits of developing a coherent cyber resilience testing framework for significant market participants and infrastructures within the whole EU financial sector of 10 April 2019,

 having regard to the joint report of the European Supervisory Authorities entitled ‘FinTech: Regulatory sandboxes and innovation hubs’ of 7 January 2019[11],

 having regard to the European Banking Authorities’ Guidelines on ICT and security risk management of 29 November 2019,

 having regard to the European Banking Authority Report with advice for the European Commission on crypto-assets of 9 January 2019,

 having regard to the advice of the European Securities and Markets Authority to the Commission on Initial Coin Offerings and Crypto-Assets of 9 January 2019,

 having regard to the European Commission’s Consultation Paper on an EU framework for markets in crypto-assets of December 2019,

 having regard to its legislative resolution of 27 March 2019 on the proposal for a regulation of the European Parliament and of the Council on European Crowdfunding Service Providers (ECSP) for Business  [12],

 having regard to its resolution of 3 October 2018 on distributed ledger technologies and blockchains: building trust with disintermediation[13],

 having regard to its resolution of 17 May 2017 on FinTech: the influence of technology on the future of the financial sector[14],

 having regard to its resolution of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics[15],

 having regard to the study requested by the European Parliament's Committee on Economic and Monetary Affairs entitled ‘Crypto-assets: Key developments, regulatory concerns and responses’ of April 2020,

 having regard to the study requested by the European Parliament's Committee on Internal Market and Consumer Protection ‘Consumer Protection: Aspects of Financial Services’ of February 2014,

 having regard to the report of the European Central Bank on implications of digitalization in retail payments for the Eurosystem’s catalyst role of July 2019,

 having regard to Benoît Coeure’s keynote speech ‘FinTech for the People’ of 31 January 2019,

 having regard to Yves Mersch’s keynote speech ‘Lending and payment systems in upheaval: the FinTech challenge’ of 26 February 2019, at the 3rd Annual Conference on FinTech and Digital Innovation,

 having regard to the report by the Financial Stability Board ‘Decentralized financial technologies: Report on financial stability, regulatory and governance implications’ of 6 June 2019,

 having regard to the report by the Financial Stability Board on ‘FinTech and market structure in financial services: Market developments and potential financial stability implications’ of 14 February 2019,

 having regard to the report by the Financial Stability Board ‘Crypto-assets: Report to the G20 on work by the FSB and standard-setting bodies’ of 16 July 2018,

 having regard to the report by the Financial Stability Board on ‘Financial Stability Implications from FinTech, Supervisory and Regulatory Issues that Merit Authorities’ Attention of 27 June 2017,

 having regard to the consultative document by the Financial Stability Board 'Addressing the regulatory, supervisory and oversight challenges raised by “global stablecoin” arrangements' of 14 April 2020,

 having regard to the investigation of the G7 Working Group on Stablecoins on the impact of global stablecoins of October 2019,

 having regard to the Financial Action Task Force’s ‘Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers’ of June 2019,

 having regard to the Financial Action Task Force’s Recommendations as updated in June 2019, in particular Recommendation 16 on wire transfers,

 having regard to the analysis of the Bank for International Settlements ‘Policy responses to FinTech: a cross-country overview’ of January 2020,

 having regard to Fernando Restoy’s intervention ‘Regulating FinTech: what is going on, and where are the challenges?’ of 16 October 2019, at the ASBA-BID-FELABAN XVI Banking public-private sector regional policy dialogue,

 having regard to Rules 47 and 54 of its Rules of Procedure,

 having regard to the report of the Committee on Economic and Monetary Affairs (A9-0161/2020),


A. whereas digital finance is a consistently evolving area of the financial sector which deserves ongoing monitoring and consideration both on an industry and regulatory level;

B. whereas the Union's internal market is characterised by open competition and aims to create a level playing field through a harmonised regulatory framework, reliance on international standards, supervisory convergence and supervisory cooperation; whereas the Union’s digital finance strategy should therefore be based on the same principles;

C. whereas there is a need for a balanced approach in regulating FinTechs in encouraging innovation and ensuring a high degree of investor protection and financial stability;

D. whereas the term ‘crypto-assets’ is used to refer to a wide variety of digital assets, including but not limited to virtual currencies and tokens, but sometimes excluding certain forms of stablecoins or certain tokens such as security tokens;

E. whereas the two most common components of crypto-assets adopted are (i) the private nature of the entitlement regarding the underlying asset, claim or right, and (ii) the use of cryptography and distributed ledger technology (DLT) or similar technology to underpin exchanges of the asset and its inherent or perceived value;

F. whereas, at present, crypto-assets are neither issued nor guaranteed by a central bank or public authority in the Union, and can have a variety of uses, including as a means of exchange, for investment purposes, and in order to access a good or service;

G. whereas stablecoins exhibit similar features to crypto-assets and do not take the form of any specific currency, but rely on a set of tools which aim to minimise fluctuations of their price as denominated in a currency; whereas some crypto-assets, including stablecoins and their associated technologies, have the potential to increase efficiencies, competition and transparency and to bring substantial opportunities and benefits to society, since some of them could lead to cheaper and faster payments and offer new funding sources for small and medium-sized enterprises (SMEs); whereas the set of tools aiming to minimise price fluctuations has not been tested in situations where significant numbers of transactions are being carried out with stablecoins;

H. whereas public debate about privately launched stablecoins may be related to certain shortcomings of the Union's payments landscape;

I. whereas stablecoins might become a widely used means of payment, which should trigger appropriate regulatory and supervisory action;

J. whereas a Central Bank Digital Currency (CBDC) is based on the concept of a stable asset, is sovereign in nature and therefore distinct to crypto-assets; whereas the People’s Bank of China is trialling a central bank digital currency (the DCEP); highlights that the potential global use of the DCEP could have implications for international trade and consumer protection;

K. whereas possible initiatives for implementing CBDCs are under consideration, both within the Union and on a global level;

L. whereas digital finance has a strong cross-border element, which goes beyond the Union level and therefore international cooperation and standard-setting as well as an efficient and effective Union supervision in this field is essential;

M. whereas the development of digital finance tools can have a strong capital flows element which attracts cross-border investments; stresses that therefore digital finance can contribute to Union competitiveness on global markets;

N. whereas, according to market data[16], as of June 2020, over 5,600 crypto-assets exist globally, with a total market capitalisation exceeding USD 260 billion[17], 65% of which is made up of Bitcoin alone;


O. whereas, according to market data, stablecoins have reached a total market capitalisation of EUR 10 billion in June 2020 from 1.5 billion in January 2018 and, despite their still limited reach compared to other cryptocurrencies, have the potential to rapidly reach a global scale and a wide mass user base, especially if adopted by BigTech companies exploiting their networks;


P. whereas experts of the European Central Bank (ECB) noted in their publication of 2019[18], that even though crypto-assets are highly speculative, they do not represent an immediate threat to financial stability; whereas that view has been shared by both the European Securities and Markets Authority (ESMA)[19] and the European Banking Authority (EBA)[20]; whereas the International Monetary Fund (IMF), in its 2018 global financial stability report, and the Financial Stability Board (FSB), in its July 2018 report, reached the same conclusions, although in the FSB’s opinion the situation should still be monitored, given how quickly changes occur on these markets;


Q. whereas, as pointed out in the EBA report, financial institutions are currently engaging in relatively limited crypto-assets related activities, but their interest is likely to grow particularly in the context of the increasing use of DLT-based solutions; whereas such activities include holding or gaining exposure to crypto-assets, underwriting initial coin offerings (ICOs), or offering services in relation to crypto-assets such as providing custody wallet or exchanges; whereas the current prudential rules are not well suited to capturing the high volatility and high risks of crypto-assets;


R. whereas recent research suggests that crypto-assets are mainly used as a speculative investment, rather than as a means of payment for goods or services offered by a legal merchant; whereas the ESAs have highlighted that crypto-assets which do not qualify as financial instruments within the scope of Union financial regulation pose specific risks, namely in terms of investor and consumer protection as well as to market integrity; whereas crypto-assets may increase the risks of money laundering, fraudulent practices, tax evasion and external attacks;


S. whereas the adoption of new technologies can make a significant contribution to allowing financial services companies to meet their ongoing supervisory and compliance obligations;

T. whereas within the range of crypto-assets which qualify as financial instruments under Union law, their classification as such relies on the national competent authorities applying the national implementation of Union law, which creates discrepancies in the supervisory and regulatory approach, harming consistency and a level playing field in the Union; whereas such classification and integration within the Union legislative framework is not without difficulties, since different crypto-assets present different features, which may change over time;

U. whereas ICOs could provide an alternative source of funding for innovative businesses and start-ups at the early phase of their development, but they also expose investors to high risks of losses due to their highly speculative nature and vulnerability to fraud; whereas the Bank for International Settlements’ Annual Economic Report 2018 found that at least 22,5% of ICOs have turned out to be fraudulent Ponzi schemes;

V. whereas crypto-assets have the potential to reduce transactions costs in a safe manner in an increasingly digitally surveyed world if subject to a stringent, fit for purpose and risk-based regulatory regime;

W. whereas digital finance can contribute in a number of ways to tackling the economic effects of the COVID-19 outbreak as regards consequences for citizens, SMEs and other businesses and financial services; whereas the COVID-19 outbreak has, to a varying extent across Member States, demonstrated the potential that digital finance offers to both consumers and the economy;

X. whereas large technology firms and global digital platforms are increasingly offering financial services; whereas those large operators in the digital sector benefit from competitive advantages such as economies of scale, vast cross-border user networks, easy access to financing and the ability to harvest large swaths of data provided by users through data processing technologies such as ‘big data analytics’, which generate tremendous added value in a variety of ways; whereas the presence of ‘BigTech’ firms in the FinTech markets has the potential to harm fair competition and innovation;

Y. whereas recently discovered fraudulent activity related to firms in the FinTech industry highlights the need for a holistic perspective of the risks for consumer and investor protection associated with failures in financial reporting, fraud and insolvency procedures;

Z. whereas the share of non-cash-based payments has increased significantly over the past years; whereas an improved framework for cashless transactions should not undermine the ability to use cash as a means of payment;

AA. whereas the financial sector is the largest user of information and communications technology (ICT) in the world, accounting for about a fifth of all ICT expenditure;

AB. whereas the application of new technologies in the financial sector may create new risks that need to be regulated and monitored in order to safeguard financial stability, the integrity of the internal market and consumer protection;

AC. whereas the increased use of artificial intelligence in financial services will lead to a need for stronger operational resilience and the appropriate corresponding supervision as well as data protection as provided by Union law;

AD. whereas new operational problems, particularly ICT and security risks, can generate systemic risks for the financial sector; such new risks should be addressed by appropriate measures, as pointed out by the European Systemic Risk Board[21];


AE. whereas the current EU rulebook for financial services takes a piecemeal approach to the issue of operational risk provisions;

AF. whereas the ICT and security risks faced by the financial sector, and its level of integration at the Union level, warrant specific and more advanced actions that build on but go beyond Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union[22] ;

AG. whereas cyber resilience is an integral part of the work on the operational resilience of financial institutions carried out by authorities on a global level;

AH. whereas a functioning, sustainable and resilient Union financial market should have strong allocative efficiency of capital and risk and the widest financial inclusion of citizens within financial services;

AI. whereas the use of cloud computing services can offer significant advantages regarding operational resilience and efficiency for financial services providers compared to legacy on-site solution, but comes with additional challenges in relation to security of data and processes, business continuity in case of outages and general vulnerability in relation to cyber crimes;

AJ. whereas a level playing field between financial services firms and technology firms is needed to ensure all firms compete on equal footing, following the principle of ‘same risk, same activity, same regulation’;

AK. whereas the introduction of digital financial services should neither lead to regulatory arbitrage, nor to lower customer protection, reduced safety or financial stability risks;

AL. whereas many large Union financial institutions rely on third-country providers for cloud computing services;

AM. whereas the European Data Protection Board has an important role to play in helping companies understand their GDPR compliance obligations;

AN. whereas crypto-assets do not have usually a known originator and they do not create financial claim to an underlying asset, contrary to stablecoins, security tokens and commodity tokens that all have a known originator;

AO. whereas although the tokens issued by entrepreneurs in the form of claims to a cash-flow, an equity claim or a future product/service claim, can be classified in alternative ways, their classification in Union law should give regulatory predictability and homogeneity in the European markets; whereas a technologically relevant and functional regulation of the tokens should take into account potential hybrid designs and provide definitions that maximise consumer and investor protection, increase legal certainty and leverage the strong potential of these instruments in funding risky entrepreneurial projects; whereas the underlying economic function of the tokens is a significant indicator for their classification;

AP. whereas the Financial Action Task Force (FATF) adopted a broad definition of virtual currency and recommended incorporating within the scope of the anti-money laundering/combating the financing of terrorism (AML/CFT) obligations any natural or legal person who conducts activities including exchange between crypto-assets, transfer of crypto-assets and participation in and provision of financial services related to initial coin offerings;


AQ. whereas money laundering is a critical danger which must be prevented in the area of digital finance; whereas even if digital finance may improve financial inclusion, a comprehensive regime of know your customer (KYC) and AML compliance, as provided by Union law, should still be in place; whereas although crypto-assets can be used for illegal activities, their regulatory status as means of payment, instead of means of exchange, can improve the monitoring and prevention of financial crime;


AR. whereas increased connectivity, the Internet of Things and the interaction of humans and machines can create better financial service experiences but also entail new risks regarding the privacy and protection of personal data, quality of the interaction, the operational risk management and cyber-security challenges;



General Considerations

1. Welcomes the commitment of the Commission to finalising an Action Plan on FinTech by Q3 of 2020; considers that a Commission proposal on crypto-assets, as well as a cross-sectoral financial services act on operational and cyber resilience, are timely, useful and necessary due to recent developments in Union and global markets; requests that the Commission submit on the basis of Article 114, a respective legislative proposal following the recommendations set out in the Annex hereto;

2. Considers that digital finance, which plays a key role in developing financial activities, will be integral to the success of the Capital Markets Union (CMU) through increasing financing options for companies and citizens, as well as investment options, and encourages the Commission to consider how to empower innovators and therefore harness the benefits of digital finance in driving forward capital market integration and retail investor participation in the Union and elevating its magnitude globally;

3. Emphasises the increased importance of monitoring and reviewing measures relating to the regulation of digital finance, particularly bearing in mind the increasing relevance of the sector as the world deals with the COVID-19 pandemic; further highlights the need to address the specific risks that digital finance poses at regulatory and supervisory level through an appropriate legislative framework and consumer protection provisions;

4. Highlights the importance for the Commission to closely align its work with international fora and regulatory bodies in developing international standards given the cross-jurisdictional nature of digital finance, without prejudice to the Union’s prerogative to adopt regulatory and supervisory provisions relevant to the Union’s circumstances; recalls in particular the need to ensure interoperability of the Union’s regulatory framework with internationally agreed principles;

5. Notes that the development of many technologies related to digital finance is still in its infancy; emphasises that any new legislative measures must therefore be subject to a thorough and future-facing assessment of risks and benefits to consumers and financial stability; calls on the Commission to deploy a proportionate, risk-based, cross-sectorial holistic and outcome focused approach to its work on digital finance;

6. Calls on the Commission to draw upon the knowledge and experience derived from the European Forum for Innovation Facilitators to act as first mover in order to create a favourable and sustainable environment for European FinTech hubs and firms, as well as the established financial industry using digital finance, to scale up, attract foreign investment and increase the Union’s presence in global markets;

7. Considers in this respect that digital finance should be considered as an essential and effective tool for European SMEs, with the ability to provide real-time and rapid solutions adapted to their financing needs; believes that digital finance has the potential to help close the SME financing gap;

8. Stresses that any measures taken at Union level should ensure that market participants, from small to large, have the regulatory space to innovate and that any new or updated legislation and supervision in the area of digital finance should reflect the following principles:

a. the same activities and services and their associated similar risks should be subject to the same rules;

b. proportionality and technology neutrality;

c. an approach based on risk, transparency and accountability;

d. respect for the fundamental rights, specifically the protection of privacy and personal data, as guaranteed by Articles 7 and 8 of the Charter of Fundamental Rights of the European Union;

e. high levels of consumer and investor protection;

f. a level playing field;

g.  an innovation-friendly approach;

9. Points out that any new or updated measures adopted at Union level should take into account the rapid developments in the expanding markets of crypto-assets and ICOs; emphasises that a level playing field must be ensured across the internal market, avoiding forum shopping and regulatory arbitrage; cautions that such measures should not stifle opportunities for businesses, particularly SMEs, to grow and should offer a sustainable ecosystem for digital finance to develop within the internal market, while ensuring financial stability, market integrity and investor and consumer protection;

10. Points out that regulatory sandboxes and innovation hubs have the potential to be useful tools for digital finance companies to test out innovative financial products, financial services or business models in a controlled environment, and to allow competent authorities to gain a better understanding of such activities and develop regulatory expertise in emerging technologies, thereby facilitating dialogue between companies and regulators; highlights however that they may also pose significant risks to consumer and investor protection and enable financial fraud, while creating risks of supervisory fragmentation and regulatory arbitrage;

11. Underlines that any sandbox, including a pan-European sandbox, should seek to strike a balance between the objectives of fostering innovation and financial stability, investor and consumer protection, while taking into account the size, systemic significance and cross-border activity of the firms involved; calls on the Commission to establish a common Union framework for a pan-European sandbox for digital financial services, as it would provide additional benefits for financial innovation and stability, and reduced supervisory fragmentation;


12. Highlights the importance of the triangle of trust, identity verification and data in order to ensure that operators, investors, consumers and supervisors are able to have confidence in digital finance;

13. Considers it appropriate to further analyse initiatives for implementing CBDCs both within the Union and on a global level; invites the ECB to consider undertaking a comprehensive impact assessment with a view to presenting perspective options on CBDCs, including an analysis of the opportunities and risks of the establishment of a digital euro; believes this assessment should also consider the role of underlying technologies; further calls on the Union supervisory authorities to promote further research in this field, and calls on the Commission and the ECB to engage in dialogue at the international level, assessing potential benefits and implications of broader use of CBDCs globally;


14. Believes that parameters and principles for the impact assessment and subsequent analysis should rely on the role of CBDCs in supplementing the decline in cash use, ensuring trust in the financial system, providing for greater financial inclusion and access to a public means of payment, while guaranteeing financial and monetary stability;


15. Stresses the need for stronger regulatory and supervisory convergence, with the aim of developing a common Union framework; highlights the crucial role of the European Supervisory Authorities (ESAs) in facilitating this; calls for a structured dialogue between the ESAs and national competent authorities (NCA) which should focus on current supervisory challenges and convergence of practices towards seamless supervision on all levels, namely with regards to digital finance, anti-money laundering, protection of privacy and data protection and cyber-security challenges and opportunities; considers that this structured dialogue should focus, in the field of digital finance, on reducing arbitrage and supervisory competition, and other existing obstacles to cross-border operations;

16. Express its agreement with the ECB’s position on the importance of physical money as legal tender; stresses that progress in the field of virtual currencies and digital payments must not lead to restrictions on retail cash payments or to the abolition of cash;

17. Highlights its concerns about the environmental impact of crypto-mining; stresses the need for solutions aimed at mitigating the ecological footprint of mainstream crypto-assets; calls on the Commission to take this into account in any forthcoming regulatory initiative, having in mind the EU’s commitment to the Sustainable Development Goals and to the necessary transition to a climate-neutral society by 2050 at the latest;


Defining a Framework for Crypto-Assets

18. Considers that developing a comprehensive pan-European taxonomy for new products such as crypto-assets is a necessary step towards fostering a common understanding, facilitating collaboration across jurisdictions and providing greater legal certainty for market participants operating cross border; recommends taking into account existing national regulatory and supervisory frameworks; notes the importance of international cooperation and global initiatives as regards a Union framework for crypto-assets, bearing in mind in particular their borderless nature;

19. Considers that developing an open-ended taxonomy template at Union level may be more appropriate taking into account that this is an evolving market segment and such a taxonomy should serve as a basis for appropriate legislative or regulatory actions; believes, however, that there is no ‘one size fits all’ solution when it comes to legal qualification of crypto-assets and therefore a framework which allows for monitoring and adaption by supervisors is important;

20. Emphasises that consumer-focused start-ups are often building innovative financial services to the benefit of Union citizens and companies, and that any legislative framework should be designed with a view to empowering further innovation and consumer choice in financial services;

21. Notes that in the absence of a common EU regulatory approach for crypto-assets, Member States have already started adopting unilateral legislative and supervisory actions and face increasing pressure to act due to consumer protection concerns; points out that divergent interpretations and an uncoordinated approach across Member States can lead to market fragmentation, increase legal uncertainty, undermine the level playing field and provide opportunities for regulatory arbitrage;

22. Believes, therefore, that any further categorisation should be balanced and flexible in order to adapt to evolving business models and risks and to give space for innovation and competitiveness in the sector while, at the same time, ensuring that risks can be identified and mitigated at an early stage;

23. Further stresses that clarification of guidance on the applicable regulatory and prudential processes is needed in order to provide regulatory certainty and outline adequate supervision and prudential treatment of crypto-assets; subscribes to the view of the Basel committee and EBA that banks acquiring crypto-assets should apply a conservative prudential treatment of crypto-assets, particularly those that are high risk;

24. Considers that regulated financial institutions, in particular credit institutions, payment institutions and pension funds, shall be subject to specific maximum exposure limits in light of the potential risks to consumer and investor protection and to financial stability associated with high levels of crypto-assets activity; shares furthermore the view that strong due diligence, robust governance and risk management, full disclosure of any exposure and a solid dialogue with the supervisors are all of paramount importance; believes the forthcoming revision of the capital requirements framework should include amendments in this respect;


25. Considers that all agents and participants engaging in crypto-assets related activity should be subject to the standards of the existing financial regulatory framework, as applicable; underlines further the need to establish legal provisions and mechanisms to ensure that the regulatory standards for crypto-assets related activities, in particular regarding consumer protection and AML/CFT, are also enforced when such activities or services are provided or operated from outside the Union; underlines furthermore that specific rules on market transparency and integrity at least equivalent to those of Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU[23] (MiFID II) for all issuers or sponsors of crypto-assets, establishing stringent rules regarding information to potential clients, which should be clear and not misleading, as well as suitability assessments requirements; 


26. Considers that some crypto-assets, those used largely in illegal channels, should not be legitimised by bringing them under the existing regulatory regime; highlights that any unwanted legitimisation would risk consumer protection and undermine market integrity; calls on the Commission, therefore, to establish stringent rules regarding warnings to potential clients and to make sure that competent authorities are attributed the necessary intervention powers to restrict or prohibit operations and activities in those crypto-assets that are predominantly used for illegal purposes; 

27. Stresses that risks related to holdings and exposures to crypto-assets should be fully integrated in the supervisory review and evaluation process once the taxonomy is available; highlights in this regard the need for adequate and standardised disclosure requirements of any material exposures or services related to crypto-assets;

28. Points out that addressing regulatory gaps in existing Union law through targeted changes will be necessary, as will creating bespoke regulatory regimes for new and evolving crypto-asset activities, such as ICOs or initial exchange offerings (IEOs); notes that certain types of crypto-assets could fit into the existing regulatory framework, such as, for example, ‘transferable securities’ as defined by MiFID II; believes that those crypto-assets which could fall under MiFID II should be treated in the same manner as other transferable securities falling under that regime, and as such would not require a bespoke legislative framework, but rather targeted changes to the relevant MiFID II provisions;

29. Stresses the necessity of regulating certain crypto-assets which would not fall under MiFID II provisions in a harmonised manner at the Union level;


30. Notes that stablecoins represent a unique category of crypto-asset; points out that, at this stage, the use of stablecoins is not yet prominent within the Union; calls therefore on the Commission to develop a legislative framework that, inter alia, ensures that there is a stable conversion rate between stablecoins and fiat currencies and that the respective stablecoin is re-convertible into fiat currency at par value at any time;


31. Highlights that ICOs and IEOs have the potential to increase access to funding for SMEs, innovative start-ups and scale-ups, can accelerate technology transfer, and can be an essential part of the CMU; notes, however, that various supervisory authorities have issued warnings regarding ICOs due to their lack of transparency and disclosure requirements, which have the potential to cause risks to investors and consumers;


32. Calls on the Commission, therefore, to assess the advantages of proposing a legislative framework for ICOs and IEOs with the aim of increasing transparency, legal certainty, investor and consumer protection, and reduce risks stemming from asymmetric information, fraudulent behaviour and illegal activities; insists that supervision and monitoring of this framework be coordinated at the Union level;


33. Highlights that a common Union framework on crypto-assets should help safeguard a high level of consumer and investor protection, market integrity and financial stability, enforce the application of AML provisions, such as KYC obligations with regards to agents engaged in crypto-assets related transactions, with exemptions only for occasional transactions below a minimum threshold, and improve oversight of the underlying technology so as to ensure that authorities investigating crime are able to identify the ultimate beneficiaries of payment transactions reliably and with limited effort;

34. Is concerned about the findings of a recent research[24] demonstrating that half of the crypto-assets transactions is linked to illegal activities, like the buying or selling of illegal goods or services, money laundering and, payments in ransomware attacks; highlights recent findings which suggests that 76 billion dollars of illegal activity per year involves Bitcoins;

35. Reiterates the need to effectively address the AML/CTF risks arising from cross-border activities and new technologies, in particular those posed by crypto-assets;


36. Underlines that existing gaps in the AML framework for crypto-assets such as in the application of the KYC principle, lead to an uneven playing field between different types of financial activity; considers that AML/CTF provisions for providers of services related to crypto-assets should be enforced also for foreign providers offering their services in the Union; highlights that a comprehensive definition of ‘virtual assets’ is needed to better reflect the nature and function of crypto-assets for the purpose of AML/CTF; points out that the definition of terrorist financing shall also be updated to ensure that crypto-assets are adequately covered;

37. Notes the update of the existing Recommendation 16 of the FATF regarding the Traveling Rule for the Virtual Asset Service Providers (VASPs) and calls on the Commission to explore its implications for the crypto-exchange and e-wallet providers within the framework of the Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC[25];


38. Calls further on the Commission to expand the scope of obliged entities under the AML/CTF framework, in line with the recommendations of the FATF and ESMA, to ensure that all activities involving crypto-assets, with regards to providers of virtual-to-virtual exchanges, other categories of wallet providers and ICOs, are subject to the same AML/CTF obligations;


39.  Takes the view that the proliferation of digital finance should leave no-one behind and that the availability of digital finance solutions for consumers and non-professional investors must go hand in hand with greater efforts to ensure transparency, public awareness and access to information; calls on the Commission and Member States to invest in programmes to enhance digital and financial literacy;

40. Notes that the introduction of any central bank developed digital currency goes along with significant challenges and risks (e.g. financial stability risks, deposit protection, implications for transmission of monetary policy, implication on credit intermediation, substitution of other means of payments, crowding out of private market participants etc.) that could easily outweigh the perceived benefits of CBDCs;

41. Notes that some of the perceived shortcomings of the European payment system, could be remedied with gradual improvements of the existing regime such as an increased roll-out of cost-efficient instant payments;

A common approach to cyber resilience of the financial sector

42. Points out that with the increasing digitalisation of financial services, as well as outsourcing to external IT solution or maintenance providers, such as cloud providers, can help in particular start-ups to innovate and have access to technology that they would otherwise not have; cautions, however, that the exposure of financial institutions and markets to disruption caused by internal failures, external attacks or as a consequence of financial distress is becoming more pronounced and therefore operational risks need to be thoroughly assessed in light of this evolving landscape; considers that the guiding objectives of any proposed legislation in this regard should therefore be security, resiliency and efficiency;

43. Takes note of the fact that while the total costs of cyber incidents are notoriously hard to establish, industry estimates range from USD 45 billion to USD 654 billion for the global economy in 2018;

44. Highlights that the financial sector has traditionally been a key target for cybercriminals looking for financial gain;

45. Is concerned by the ESRB analysis which shows that it is indeed conceivable that a cyber-incident could evolve into a systemic cyber crisis that threatens financial stability[26];

46. Points out that some sectoral pieces of Union financial services legislation already contain specific requirements in relation to information security management, while this is not the case for other areas of Union financial services legislation; recalls that supervisory authorities have issued consumer warnings regarding ICOs, as the lack of appropriate transparency and disclosure requirements can cause potential and serious risks for investors;

47. Calls on the Commission to propose legislative changes in the area of ICT and cyber security requirements for the Union financial sector, taking into account international standards, in order to address any inconsistencies, gaps and loopholes that are found to exist in relevant law; in this regard, calls on the Commission to consider the need to have a supervisory overview of ICT providers, noting the concentration and contagion risks that can be posed by heavy reliance on a small number of ICT and cloud computing providers by the financial services sector;

48. Considers that these changes should focus on four key areas:

a. modernisation of ICT governance and risk management, and compliance with international standards;

b. alignment of reporting rules as regards ICT incidents;

c. a common framework for penetration and operational resilience testing across all financial sectors;

d. oversight and minimum standards for critical ICT third-party providers;

49. Stresses the need for further information sharing, in particular on incidents, and enhanced coordination between relevant regulatory and supervisory authorities, taking into account that building resilience and preparedness to deal with large scale cyber and operational incidents requires effective cooperation not only cross-border but also across various sectors; takes the view that this should be done by granting certain powers to supervisors to supervise more effectively the activities provided by third parties, namely enhanced inspection rights, audit rights and sanctioning rights;

50. Calls on the Commission to enhance cooperation at international fora in order to facilitate the development of international standards as regards cloud computing and outsourcing; further calls for an analysis on the need for Union-specific measures in order to bring oversight of cloud computing and outsourcing into line with the level of oversight of legacy systems; points out that there is also a need for international standards to be developed in these areas; takes the view that, while responsibility for compliance lies with financial operators, the oversight of critical third party providers should be aimed towards monitoring concentration risk, financial stability risks and ensuring cooperation between relevant authorities; takes the view that this should be done by granting certain powers to supervisors to supervise more effectively the activities provided by third parties, namely enhanced inspection rights, audit rights and sanctioning rights;

51. Stresses that the resilience of the financial system requires a strong technological framework for the supervision of advanced technological applications in financial services; underscores the need for a concrete strategy that enhances the use of regulatory technology (RegTech) and supervisory technology (SupTech);

52. Calls on the Commission and supervisors to put in pace non-legislative actions to bolster the operational preparedness in the financial sector to deal with large-scale cyber and operational incidents, through joint exercises, operational protocols (“playbooks”), secure collaboration tools and investments in reinforcements of critical infrastructures and European redundancy capacities; highlights the need for supervisors to have in-house expertise and adequate resources to carry out such exercises and supervisory actions;

53. Calls on the Commission to assess and monitor the risk of trading opportunities on the ‘black market’ emerging, and of money laundering, the financing of terrorism, tax fraud and evasion and other criminal activities;


54. Recalls that the collection and analysis of data play a central role for digital finance, and therefore highlights the need for consistent technology-neutral application of existing data legislation; highlights that artificial intelligence is one of the key technologies as regards enhancing the Union's competitiveness on a global level;

55. Points out that the Union is the global standard setter as regards personal data protection; highlights that the transfer and use of personal and non-personal data in the financial services sector should be done in accordance with all relevant Union law and international agreements while allowing for the lawful and secure flow of data needed to scale up innovative finance initiatives;

56. Stresses that the free flow of data within the Union is needed to scale up innovative finance; points out that cross-border data flows, including to and from third countries, must be monitored and governed under Union law on privacy and data protection;

57. Requests, in this regard, that the Commission ensures that digital finance entities can access on an equitable basis relevant, reliable and useful data in accordance with the GDPR by creating more customer value, fostering the potential of digital finance and providing innovative FinTech businesses with opportunities to grow within the Union and beyond; highlights the importance of respecting competition rules in the internal market and of ensuring that the interests of consumers and innovation are not harmed; calls on the Commission to monitor the offering of financial services by ‘BigTech’ firms, and also how the competitive advantages inherent to these operators may distort competition in the market, harm the interests of consumers and innovation;

58. Highlights the need for the Commission to strike a balance between ensuring data security and consumer protection with maintaining the consumer experience and service efficiency;

59. Requests that the Commission consider, based on the existing Union standard under Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC[27], an infrastructure for digital onboarding and the use of digital financial identities, which would aim to harmonise the existing regulatory requirements across the Union insofar as necessary and facilitate their use to provide for less fragmented operations within the internal market and compliance with the relevant anti-money laundering provisions; highlights the importance and potential benefits of the use of digital financial identities across all sectors and Member States, while ensuring that they comply with data protection and privacy norms and by guaranteeing appropriate and proportionate measures to avoid data or identity incidents;

60. Points out that for KYC processes legal requirements for retail onboarding by financial institutions are different in every Member State and therefore cross border onboarding with existing data sets are often not possible, which is also valid for onboarding of corporate clients and its related KYC/KYB (know your business) process; calls on the Commission to address this issue and foster the harmonisation of the KYC data required by Member States;

61. Acknowledges that interoperability between digital entities on national and Union level is key in order to reach the desired market acceptance;

62. Points out that customer data or “big data”, key for creating additional customer value and maintaining competitiveness, is being increasingly used by financial institutions; reiterates the conclusions and recommendations from its resolution of 14 March 2017 on fundamental rights implications of big data: recalls the legislative framework for processing of personal data provided by the GDPR and calls on all stakeholders to increase efforts to guarantee the enforcement of the rights therein; highlights, in particular, the principle regarding the individuals’ right of ownership and control over their data and the right to data portability;

63. Considers that a self-sovereign identity based on DLT can be a key element in developing a range of new services and platforms for the digital single market, independent from data aggregators and avoiding intermediaries, while at the same time providing high security and data protection standards for individual EU citizens;

64. Believes that the lack of accessible and reliable data and information regarding digital finance activities can be a detriment to growth, consumer protection, market integrity and financial stability as well as to the fight against money laundering and terrorism financing, tax evasion and tax avoidance; advocates for increased transparency and enhanced reporting of digital finance activity so as to reduce asymmetries and risks, in particular regarding incumbent big data operators that may draw disproportionate benefits from increased access to data; emphasises the importance of a level playing field as regards cross-border data access as is guaranteed by the GDPR concerning personal data;

65. Points out that in this context standards play a key role in further promoting data management, sharing and exchange, including data interoperability and portability. It also requires a trustworthy and legally secure infrastructure as well as a sound legal framework with regard to data pooling and sharing that give businesses confidence in data cooperation on a cross-company or even cross-industry basis;

66. Calls for effective oversight of ’big data’ analytics in a way that addresses the opacity of models while ensuring that there is sufficient access to relevant and quality data; emphasises the need for greater accountability, explicability and transparency, with regards to algorithms, data processing and analytics, as essential tools to guarantee that the individual is appropriately informed about the processing of their personal data;

67. Underlines the importance of open banking in improving the quality of payment services by the inclusion of new market participants that provide increased operational and price efficiency to the consumer; points out that a transition from open banking to open finance, i.e. the inclusion of financial services other than payments, is a strategic priority which has the potential to improve efficiency, reduce concentration risks and enhance financial inclusion;

68. Instructs its President to forward this resolution and the accompanying recommendations to the Commission and the Council, and to the parliaments and governments of the Member States.






1. To set the groundwork for a future-oriented approach to rules concerning digital finance in the Union;


2. To ensure that digital finance can continue to be an innovative driver of growth and jobs across the single market;


3. To foster a common understanding of the key issues concerning digital finance and encourage the harmonisation of relevant provisions, which will lead to enhanced cross border activity;


4. To increase data sharing in accordance with Union principles in order to stimulate innovation. The aim should be to facilitate access to public data across the Union. This would not only benefit digital finance companies, but would also be to the benefit of a number of other Union policy areas and increase market transparency;


5. To consider three areas for initial action of the Union, specifically developing a framework for crypto-assets, developing a framework for cyber and operational resilience, and also to work to harmonise the concept of digital onboarding within the single market.






1. To put forward a legislative proposal for Crypto-Assets, which provides legal certainty for the treatment of Crypto-Assets while ensuring high standard of consumer and investor protection, market integrity and financial stability. Such a framework should consider an open-ended and comprehensive pan-Union taxonomy and aim to legislate according to the principle of the same rules applying according to the same activity and risks and principle of proportionality, thereby minimising regulatory arbitrage and ensuring a level playing field.


Such a legislative proposal should:


a) provide guidance on the applicable regulatory, supervisory and prudential processes and treatment of crypto-assets; adopt specific rules on market transparency and integrity at least equivalent to those of MiFID II for issuers or sponsors of crypto-assets; 

b) address the regulatory gaps in existing Union legislation as regards to crypto-assets, for example, classifying certain crypto-assets as ‘transferable securities’ under MiFID II to ensure they are treated in the same manner as other transferable securities;

c) create a bespoke regulatory regime for new and evolving crypto-asset activities, such as ICOs or IEOs, and any crypto-assets which do not fall under the existing regulatory framework, ensuring that they are regulated in a harmonised manner on the Union level;

d) address the environmental impact of crypto-mining and the need for solutions aimed at mitigating the ecological footprint of mainstream crypto-assets;


2. To move towards stronger regulatory and supervisory convergence, with the aim of developing a common Union framework; calls for a structured dialogue between the ESAs and national competent authorities which should focus on current supervisory challenges and convergence of practices towards seamless supervision on all levels in the area of digital finance;


3.  To develop a legislative framework for stablecoins, ensuring that they meet at least the standards of the Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC[28], including a stable conversion rate, redeemable at par, with fiat currencies;


4. Based on an assessment, put forward a proposal for a common Union framework for a pan-European sandbox for digital financial services;


5. To strengthen the application of the AML/CTF framework as regards crypto-assets and close the existing loopholes through, in particular, the measures outlined in Paragraphs 34 - 38;


6. Ensure that the proliferation of digital finance leaves no-one behind. Calls on the Commission and the Member States to take measures to enhance digital and financial literacy;


7. To put forward a legislative proposal on cyber resilience, which ensures consistent standards of ICT and cyber security across the Union financial sector, taking into account international standards. Such a framework should be future-oriented and focus on modernising the current rules applicable concerning cyber resilience, while also closing any regulatory loopholes and gaps, which may put businesses, investors and consumers at risk;


8.  Calls on the Commission to consider undertaking a supervisory overview of ICT providers in the area of financial services which provide their services in the Union as outlined in paragraph 47;


9. Calls on the Commission to propose legislative changes in the area of ICT and cyber security requirements for the Union financial sector. These changes should focus on the four key areas outlined in paragraph 48;


10. To work to develop Union standards in the area of cloud computing and outsourcing, while simultaneously working with international partners to develop international standards, as outlined in paragraph 50;




11. To propose a framework for digital onboarding. Such a framework should comply with relevant Union legislation such as Anti-Money Laundering provisions, data protection and privacy norms and aim to ensure a common understanding of digital financial identities across the single market, while fostering the harmonisation of cross-border onboarding;


12. To work to enhance accountability, explicability and transparency with regards to algorithms, data processing and analytics as outlined in paragraph 66.






Digital finance, also known as FinTech, consists of the use of new technologies to enable and enhance the activities of the financial sector. Digital finance thus plays a key role in developing financial activities and increasing their prevalence, as its application has significant benefits, such as a general gain in efficiency, cost reductions, improved protections for consumers, data management and transparency. The potential innovations introduced by it can contribute to the automatisation of several processes, as well as many investment and administrative decisions, and have contributed to more efficient decision-making and traceability of operations, by improving the quality of the data available to market operators. The introduction of new technological instruments to the financial sector can also lead to more financial inclusion and to stronger cross-border financial flows through alternative lending and investment channels, if properly managed. Furthermore, in order to facilitate the Capital Markets Union (CMU) in Europe, digital finance will have a key role to play in terms of innovation and breaking down cross-border barriers so long as it remains an integral part of the broader CMU objectives. Bearing in mind particularly the current COVID outbreak and the associated growth of the use of digital means for consumers, investors and financial institutions to deal with finance, digital finance will continue to grow in both size and importance to the EU economy.


However, at the same time, the ongoing evolution of technology and the enlargement of its potential applications in other sectors is one of the biggest challenges both from an economic and regulatory perspective. The expansion of digital finance entails risks in fields like financial stability, financial crime and consumer protection.


Besides those regulatory challenges, the global market for digital finance will continue to expand, bringing the importance of international co-operation in this area to the forefront. The European Union will need to be able to respond in an agile manner to global developments in the marketplace. Furthermore, and even though the application of new technologies to financial activities presents massive opportunities for European financial actors, the European Union is at risk of lagging behind its global counterparts. There is fragmentation of regulatory regimes concerning digital finance, as well as a lack of venture capital and budgetary instruments for boosting growth of existing digital finance companies in Europe. This calls for the adoption of a number of legislative and non-legislative measures at European Level, aiming both to address the aforementioned challenges and to consolidate and expand the digital finance sector across the Union.


European financial entities and in particular digital finance entities require a comprehensive and stable regulatory framework to expand their activities and operate with legal certainty. Consequently, any proposal aiming to efficiently regulate the impact of technology on finance and its potential risks should primarily aim to develop a level playing field (combining appropriate oversight and equal treatment), while targeting its most significant financial stability risks. The Commission’s proposals should be technology-neutral and apply the principle of legislating equally for similar activities, which present the same risk. Any legislative proposal should also take a risk-based approach and should lay the groundwork for financial entities and consumers to increasingly benefit from digital innovation, while providing for a level playing field.


Furthermore, the actions undertaken by regulators worldwide could be a good example for European legislators, as they show the different ways in which the authorities have aimed to address the risks emerging from the expansion of digital finance and the growing use of crypto-assets. Besides the measures adopted by third countries, international institutions like the Financial Stability Board, the Bank for International Settlements and the G7 Working Group on Stablecoins (among many others) have led efforts to build a smart regulatory approach to digital finance.


The core priorities of this report are to target the main areas that demand a pan-European regulatory response to digital finance. The report addresses 3 issues for consideration for legislative action: Crypto-assets, cyber resilience and Data. These areas are central to the future development of digital finance in Europe.


Defining a framework for crypto-assets


The appearance of different crypto-assets and the expansion of transactions involving them has raised debates on their potential impact for financial stability. Therefore, as the crypto-asset market, which currently constitutes 5100 crypto-assets with a market capitalisation of over $250bn globally[29], continues to grow, it is important that within Europe we are ready to seize the opportunities presented by them while ensuring that we do not risk financial stability. Furthermore, the potential risks for financial stability are increased by the lack of a comprehensive and coherent regulatory framework. This is the case in the European Union, where regulatory regimes are fragmented and generally outdated, and they thus do not efficiently assess the implications of the extension of the use of crypto-assets. Consequently, the Commission should put forward a proposal aiming to form a framework for crypto-assets that addresses their potential impact for financial markets, classifying them accordingly.


This draft report calls for the Commission to begin considering how to develop a taxonomy concerning crypto-assets, with a common definition the most appropriate starting point. Such a pan-European taxonomy for crypto-assets would enhance collaboration across different jurisdictions and provide market operators with legal certainty. Any taxonomy template should be open-ended, given that crypto-assets are likely to experience a significant period of evolution in the coming years. Besides defining crypto-assets, any regulatory initiative should primarily aim to target the most pressing risks emerging from the expansion in the use of crypto-assets, as well as ensuring that new risks can be identified at an early stage. The risks that emerge from increased exposure of the banking sector to crypto-asset holdings should also be appropriately addressed.


A level playing field is a pre-requisite to ensure that operations get the same regulatory treatment irrespective of the member state in which those operations take place. In addition, it is important to consider how to adapt current legislation to ensure that there are no gaps or loopholes concerning the use of crypto-assets.


In any case, in developing a definition and considering a future taxonomy for crypto-assets, we, as legislators, should acknowledge that crypto-assets are likely to evolve in the short run. Future innovation in the financial sector could enlarge the scope of this kind of asset, or even modify their nature and possible uses, so it would be necessary for the regulators to develop a flexible regulatory approach to crypto-assets. Their evolution should not make the whole regulatory framework obsolete. It is thus necessary to ensure that there is regulatory certainty for crypto-assets from their moment of issuance.


It would be necessary to ensure, within the legislative framework, that investors and consumers are adequately protected when operating with or holding crypto-assets. In order to ensure adequate investor and consumer protection, KYC obligations and the oversight of the underlying technology should be adapted.


A common approach to cyber-resilience of the financial sector


As we come to rely more on technology in the financial sector, it is also important for businesses to strengthen cyber-resilience in order to safeguard against potential disruption caused by internal failures or external factors.


The Commission should therefore propose targeted measures to increase cyber security through addressing inconsistencies and shortcomings in existing legislation, which apply to the financial sector. It may be appropriate, therefore, to propose a framework that applies primarily to the financial sector. This framework should aim to modernise and harmonise current rules while focusing on concerns related to the financial sector.


In addition, the rapid evolution of information and communications technology (ICT) has made it necessary to address the inconsistencies and shortcomings in the existing regulatory framework revealed by its application.  Consequently, any legislative change in the field of ICT should be focused on modernising it; aligning reporting rules in the light of previous incidents; strengthening the oversight of critical ICT third party providers; and developing a common framework for penetration and operational resilience testing across all financial sectors.


This report calls on the Commission to address these concerns, while encouraging additional coordination between national and European regulatory and supervisory authorities.




Data driven innovation is a key driver of growth and jobs in Europe and across the world. In order for the EU to benefit from this growth, it is important that the right data policies are in place for each sector, enabling trust from the consumer side through current frameworks such as GDPR while at the same time allowing for businesses in the financial sector to benefit from data-sharing across the single market.


Therefore, within the digital finance sector it is important that we put in place the right measures, which can help drive growth and ensure access to finance for a broad range of entities, from micro-enterprises and SMEs through to large businesses. Data sharing, in this context, would help to ensure that European businesses are able to innovate and expand both within the Union and beyond. The right policies will ensure that asymmetries and risks are reduced in parallel, while the lack of good quality and accessible data could hinder the expansion of European companies.


Consequently, data treatment is a key part of digital finance, making it necessary to include consistent, technology-neutral measures aiming to ensure an adequate treatment of data in the financial sector.


Furthermore, the EU’s traditional role as a global standard setter regarding data calls for an ambitious regulatory approach to data management by financial entities, where consumer protection is a priority for legislators, given that consumer data that is now particularly useful given incipient technological instruments that allow for its analysis (the so-called “big data”) is already being used by financial institutions. An enhanced oversight of such usage is necessary, particularly if it is framed in a way that targets the opacity of models while guaranteeing fair access to relevant data by financial actors.


Lastly, the reports calls on the Commission to study the possibility of introducing a framework for digital on-boarding, as well as for the use of digital financial identities which takes account also of current national measures, as such a framework would facilitate financial inclusion and cross-border supply of financial services within the single market.


Date adopted





Result of final vote







Members present for the final vote

Gunnar Beck, Marek Belka, Isabel Benjumea Benjumea, Stefan Berger, Francesca Donato, Derk Jan Eppink, Engin Eroglu, Jonás Fernández, Frances Fitzgerald, José Manuel García-Margallo y Marfil, Luis Garicano, Sven Giegold, Valentino Grant, Claude Gruffat, José Gusmão, Enikő Győri, Eero Heinäluoma, Danuta Maria Hübner, Stasys Jakeliūnas, Billy Kelleher, Ondřej Kovařík, Georgios Kyrtsos, Aurore Lalucq, Aušra Maldeikienė, Jörg Meuthen, Csaba Molnár, Siegfried Mureşan, Caroline Nagtegaal, Luděk Niedermayer, Lefteris Nikolaou-Alavanos, Dimitrios Papadimoulis, Piernicola Pedicini, Kira Marie Peter-Hansen, Sirpa Pietikäinen, Dragoș Pîslaru, Evelyn Regner, Antonio Maria Rinaldi, Alfred Sant, Joachim Schuster, Ralf Seekatz, Pedro Silva Pereira, Ernest Urtasun, Inese Vaidere, Johan Van Overtveldt, Stéphanie Yon-Courtin, Marco Zanni, Roberts Zīle

Substitutes present for the final vote

Damien Carême, Christian Doleschal, Eugen Jurzyca, Eva Kaili, Chris MacManus, Margarida Marques, Eva Maydell, Pina Picierno, Stéphane Séjourné







Johan Van Overtveldt


Chris MacManus


Piernicola Pedicini


Isabel Benjumea Benjumea, Stefan Berger, Christian Doleschal, Frances Fitzgerald , José Manuel García Margallo y Marfil, Enikő Győri, Danuta Maria Hübner, Georgios Kyrtsos, Aušra Maldeikienė, Eva Maydell, Siegfried Mureşan, Luděk Niedermayer, Lídia Pereira, Sirpa Pietikäinen, Ralf Seekatz, Inese Vaidere


Engin Eroglu, Luis Garicano, Billy Kelleher, Ondřej Kovařík, Caroline Nagtegaal, Dragoș Pîslaru, Stéphane Séjourné, Stéphanie Yon Courtin


Marek Belka, Jonás Fernández, Eero Heinäluoma, Eva Kaili, Aurore Lalucq, Margarida Marques, Csaba Molnár, Pina Picierno, Evelyn Regner, Alfred Sant, Joachim Schuster, Pedro Silva Pereira


Damien Carême, Sven Giegold, Claude Gruffat, Kira Marie Peter Hansen, Ernest Urtasun





José Gusmão, Dimitrios Papadimoulis


Gunnar Beck, Jörg Meuthen


Lefteris Nikolaou Alavanos





Derk Jan Eppink, Eugen Jurzyca, Roberts Zīle


Francesca Donato, Valentino Grant, Antonio Maria Rinaldi, Marco Zanni


Stasys Jakeliūnas


Key to symbols:

+ : in favour

- : against

0 : abstention



[1] OJ L 119, 4.5.2016, p. 1.

[2] OJ L 337, 23.12.2015, p. 35.

[3] OJ L 141, 5.6.2015, p. 73.

[6] JOIN(2016)0018.





11 JC 2018 74

[12] Texts adopted, P8_TA(2019)0301.

[13] Texts adopted, P8_TA(2018)0373.

[14] Texts adopted, P8_TA(2017)0211.

[15] Texts adopted, P8_TA(2017)0051.





[19] ESMA Advice - Initial Coin Offerings and Crypto-Assets (

[20] EBA Report with advice for the European Commission on crypto-assets (


[22] OJ L 194, 19.7.2016, p. 1.

[23] OJ L 173, 12.6.2014, p. 349.

[24] Electronically available via

[25] OJ L 141, 5.6.2015, p. 73.

[26] ESRB publishes a report on systemic cyberattacks in February 2020 (

[27] (OJ L 257, 28.8.2014, p. 73.)

[28] OJ L 267, 10.10.2009, p. 7.



Last updated: 23 September 2020Legal notice - Privacy policy