Cyber Risks Of APIs In Financial Services Need Special Attention, Say MEPs

PM
Pinsent Masons

Contributor

Pinsent Masons logo
Pinsent Masons – ‘Law Firm of the Year’ at the Legal Business Awards 2019 – is a full service international law firm with 25 offices spanning the UK, Europe, the Middle East, Africa and Asia. Our track record of awards success reflects the great pride we take in thinking differently.
A new EU cybersecurity action plan should be developed which specifically addresses the cyber risks of using APIs (application program interfaces) for financial services data sharing...
European Union Technology

A new EU cybersecurity action plan should be developed which specifically addresses the cyber risks of using APIs (application program interfaces) for financial services data sharing, a committee of MEPs has said.


In a motion for a resolution of the European Parliament, the Committee on Economic and Monetary Affairs (ECON Committee) said a "firm and risk-focused European action plan with regard to cybersecurity" is needed and that the European Commission should give "additional attention", within the area of cyber, to "the evolving 'API economy' and the current legal framework that obliges financial institutions to share crucial data with third parties".

Open APIs are set to play a central role in the future EU payment services market as reforms are introduced next year that require payment service providers, like banks, to open up access to account data to payment initiation service providers and account information aggregators when customers ask them to.

APIs are also envisaged as being pivotal to the success of the UK's open banking initiative. The chairman of the UK's Financial Conduct Authority (FCA), John Griffith-Jones, previously admitted that the open banking plans raise "a security dilemma".

In its report, the ECON Committee called on the European Commission to "present a comprehensive action plan that boosts fintech in Europe". It also said the EU financial services firms require "clear guidelines on outsourcing to the cloud".

Earlier this year, Pinsent Masons, the law firm behind Out-Law.com, and UK banking industry body the BBA identified complex regulatory barriers that can cause frictions and hold back adoption of cloud services in banking. They highlighted the seven hurdles banks have to clear when outsourcing to the cloud.

The ECON Committee also urged the European Commission to look into risks that fintech businesses face from "patent abusers".

"Fintech start-ups find themselves particularly vulnerable to patent abusers, i.e. entities that buy patents with the intention of asserting them against businesses already making use of the technology rights through threats of patent infringement lawsuits," the Committee said. "[The Committee] calls on the Commission to analyse this situation and to suggest measures to counter patent abusers in the fintech area."

The Committee's report also suggested a new "European data sharing strategy" could be established "with the aim of putting consumers in control of their data", and said it should be made "clear" who is liable for harm to consumers when there "errors or bias" result from the use of big data algorithms.


Useful Links

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances,

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More