1. Central Bank of Ireland's Governor's Blog – Crypto and how we can protect the consumer

On 5 May 2023 the Central Bank of Ireland ("Central Bank") published its latest Opens in new windowGovernor's blog postOpens in new window by Governor Gabriel Mahklouf on consumer protection and crypto-assets.

The Governor noted that "the lessons learned from the crypto winter shouldn't be forgotten" and due to the failures in the crypto world over the last year crypto is being discussed by central banks, regulators and policymakers.

The crypto ecosystem

The Governor noted that crypto depends primarily on cryptography and distributed ledger technology which has been designed to function as a medium of exchange without being issued by a central bank. As a result, the market is "developing at pace and the risks to consumers and investors are rising, particularly as these products remain unregulated". While the crypto market (including so-called "influencers") promotes the potential opportunities from crypto, regulators are focusing on the risks to consumers in the sector.

The Central Bank has a strong focus on technological innovation and recognises that we are currently in a period of technological transformationhowever, the Governor noted that while change comes with both benefits and risks, the Central Bank is focused on mitigating the risks.

2022 – The crypto winter

The Governor noted that the crypto sectorhas always been extremely volatile, however, 2022 was "particularly notable" describing the build up to boom and then the failure of TerraUSD. He advised that a number of key risks manifested in 2022 including:

  • an absence of consumer/investor protection;
  • aggressive and misleading advertising;
  • contagion risk;
  • inappropriate use of client assets; and
  • insufficient quality of reserves among some crypto.

How should we address the crypto risk

The Governor noted that there is an "urgent need for policy action" and welcomed the recently approved Markets in Crypto Assets Regulation ("MiCA") and noted that although it will not be fully implemented in the EU until the start of 2025, it is an important step in the regulation of crypto activities. Despite this development he stressed that the Central Bank remains cautious on the benefits and risks of crypto, notwithstanding that Ireland's exposure to the sector is currently low.

The Central Bank differentiates between 'backed crypto' and 'unbacked crypto':

  • 'backed crypto': The Central Bank is open towards the potential of 'backed crypto' – such as Electronic Money Tokens (EMTs) and Asset Reference Tokens (ARTs) under MiCA – where appropriate reserves and controls are in place. However, he cautions that "consumers should know these are not risk free".
  • 'unbacked crypto': The Governor cautions that "the purchase of such products can be similar to purchasing a lottery ticket: you might win but you probably won't". Additionally, he states that describing such purchases as an "investment" is "an abuse of the word, "Ponzi schemes" might be more accurate".

The Governor advised that the Central Bank remains concerned about the potential for consumer harm in particular through aggressive advertising. He further note that the crypto market "should be treated no differently to other financial markets with similar rules on the treatment of client funds, and on disclosures, governance, risk management and information exchange".

Conclusion

The Governor concluded by noting that regulators need to "identify and mitigate risks to consumers, investors, and the wider financial system" from technological innovation and this is "at the heart of the Central Bank of Ireland's mission".

2. European Commissioner Mairead McGuinness addresses Seanad Éireann on Europe Day

On 9 May, 2023 to mark Opens in new windowEurope DayOpens in new window, Mairead McGuinness, European Commissioner for Financial Stability, Financial Services and Capital Markets Union ("Commissioner"), gave an Opens in new windowaddressOpens in new window to Seanad Éireann. While the Commissioner's speech covered a multitude of topics relevant to the past, present and future of the European Union ("EU") as well as Ireland's role in the EU, she also made a number of comments in the area of financial services which are worth noting. The following is a brief outline of some of those comments:

Learning lessons from the past

The Commissioner spoke of the bitter taste which the global financial crisis still has for many families and businesses, even today some years after the event, but went on to explain the steps which the EU has taken to address the failings of that time. She stressed that the EU has a "much stronger eye on and supervision of the banking and pensions system, and the securities markets". This she explained has been made possible through the establishment of several authorities at an EU level and the European Systemic Risk Board, which has oversight of the entire EU financial system. She also confirmed that work has commenced to complete the banking union, to provide a strong European banking system to serve the EU's economy and society.

Digital Finance

The Commissioner stressed the importance of having "more money savvy citizens" particularly in the context of the move to digital finance. She highlighted the world leading regulatory framework being put in place at an EU level around crypto. The Commissioner explained that as we all move to more digital transactions, the use of cash declines. With this in mind the European Central Bank, is considering a possible digital euro, a central bank digital currency. She emphasised however, that this move would be to complement cash, not to replace it.

Single Market in Capital

The Commissioner explained that moving forward, a significant amount of investment will be required to address the climate agenda, biodiversity loss and the digitalisation of society. Although there has been 30 years of a Single Market, as of yet, the EU does not have a single market in capital. The Commissioner stressed the importance of the need to make progress in this area and that support of member states is necessary to achieve that. Currently, the European Commission is working to create deeper capital markets in order to provide large and small business with alternatives. At the moment, it is mainly bank financing – "if and when we develop deeper capital markets, businesses will have a choice."

Sustainable Finance

The Commissioner emphasised thatsustainable finance is "top of the agenda". She acknowledged that there is a lot of pressure on companies to do more, but that with this, will come an opportunity for companies to show their credentials around climate and the environment – "I think they will gain from that rather than be worried about the burden it places on them."

Cyber

The Commissioner explained how the financial system, is subject to potential attack every second of the day. As a result, the financial system needs to be operationally resilient. The Commissioner confirmed that the EU legislation relevant to this point has recently been passed ("DORA").

US Banking

The Commissioner briefly addressed the recent events in the US banking system. She described them as having "been due to bad management and poor risk management in particular". She also observed that the speed at which the money moved was interesting. The Commissioner went on to stress that Europe should not be complacent, but rather be mindful – "if there are vulnerabilities, then we need to address them".

Investment

The Commissioner described Europeans as great savers but explained that they do not realise that their savings could be better used by investing them. On this point, she confirmed that the EU will shortly launch a retail investment strategy which will address this and other points. This in turn she said will support a sustainable economy and society.

Building on her earlier comments regarding sustainable finance, the Commissioner explained that "today and in the future, we will make judgments about companies not just based on return on investment but also their action on sustainability. Investors will want to invest in future-proofed areas so that their money is not wasted." She confirmed that this information can only be secured through companies making the necessary reports. She acknowledged again the challenge this poses to companies but concluded that "it is the only way forward."

3. Implementing Regulations amending ITS on supervisory reporting and disclosure under Solvency II published in the Official Journal of the EU

On 5 May 2023, two Implementing Regulations amending Implementing Technical Standards ("ITS") on supervisory reporting and disclosure under Directive 2009/138/EC ("Solvency II"), were published in the Official Journal ("OJ") of the European Union ("EU"). EIOPA originally consulted on the proposed amendments in July 2021 and they were adopted by the European Commission on 4 April 2023.

Next Steps

Implementing Regulation 2023/894 entered into force on the day following its publication in the OJ (i.e. 6 May 2023) and Implementing Regulation 2023/895 will enter into force on the twentieth day following its publication in the OJ (i.e. 25 May 2023). In order to give insurance undertakings sufficient time to implement the updated requirements, the Implementing Regulations will both apply from 31 December 2023.

4. European Banking Authority publishes annual Report on convergence of supervisory practices for 2022

On 4 May 2023, the European Banking Authority ("EBA") published its annual Opens in new windowReportOpens in new window on convergence of supervisory practices for 2022 ("Report").

Context:

One of the EBA's key objectives is to enhance supervisory convergence across the internal market. Supervisory priorities were set out in the Opens in new windowEBA European Supervisory Examination Programme ("ESEP") for 2022Opens in new window, and included five key priorities including; the impact of the COVID-19 pandemic on asset quality, ICT, digital transformation, as well as environmental, social and corporate governance ("ESG") and money laundering/terrorist financing risks.

Main findings of the Report:

  • the five priorities detailed above were "overall adequately incorporated" into the activities of Competent Authorities ("CA"). Notwithstanding this, digital transformation and ESG require more attention. The Report explains that CAs are still in the process of building up their capacity to review the risks associated in both areas;
  • "a step forward" was made in the supervision of sound lending standards and practices;
  • supervisory attention in relation to asset quality and non-performing exposures shifted from the implications of the COVID-19 pandemic to monitoring the consequences of the Russian invasion of Ukraine and the changed macroeconomic environment;
  • ICT risks are still considered as high. ICT security and outsourcing risks are monitored closely by CAs and supervisory colleges. The Report stresses that any identified weaknesses need close supervisory attention;
  • CAs overall were not yet engaged in a comprehensive review of the digital transformation strategies and their implementation by institutions;
  • environmental and climate risks are increasingly part of the supervisory activities;
  • ML/TF risks are consistently high and as a result are covered by most CAs and supervisory colleges. Some, however, have not fully incorporated the specific elements of the ML/TF risk in the Supervisory Review and Evaluation Process ("SREP"). This the Report explained, will be addressed through the implementation of the revised SREP Guidelines in 2023;
  • supervisory convergence was supported by EBA peer reviews and benchmarking exercises;
  • supervisors showed ability to react to macro events that affected the financial situation of institutions under their supervision, although timely information exchange and cooperation between supervisors should be enhanced;
  • possibilities for enhancement in the functioning of supervisory colleges still exists;
  • several policy developments support the further convergence in prudential supervision; and
  • supervisors consciously applied proportionality in their supervisory practices.

Next Steps on the foot of the Report

The Report notes that the EBA will:

  • continue in its efforts to enhance supervisory convergence across the EU;
  • continue to drive the convergence in supervisory practices through its selection of topics deserving "European traction" based on multiple factors;
  • in accordance with Article 107 of the Capital Requirements Directive, report annually to the European Parliament and Council on the degree of convergence of the application of the SREP and other supervisory practices;
  • continue monitoring areas from the 2022 ESEP that were not fully covered in CA's supervisory work programs. These areas and other supervisory priorities are part of the Opens in new window2023 ESEPOpens in new window. The EBA will report on their implementation in its 2023 convergence report; and
  • facilitate and monitor the implementation of quality Key Performance Indicators for supervisory colleges in 2023.

5. European Commissioner for Financial Services, Financial Stability and the Capital Markets Union issues response to MEP query on Authorised Push Payment Fraud

On 5 May 2023, Mairead McGuinness, European Commissioner for Financial Services, Financial Stability and the Capital Markets Union ("Commissioner"), published a response to two questions posed by Chris MacManus ("MEP") in relation to Opens in new windowDirective (EU) 2015/2366Opens in new window on payment services in the internal market ("PSD2").

Questions put to the European Commission ("Commission")

In his written query, Mr. MacManus noted that Authorised Push Payment ("APP") fraud is becoming a major issue for citizens across the European Union ("EU") and that the current PSD2 legal framework fails to adequately protect the victims of such crimes. He posed the following questions:

  1. Will the Commission take action when revising the PSD to shift the burden of proof away from the victim and make the payment service provider offer greater protections along the lines of those proposed Opens in new windowin BritainOpens in new window, for example?
  2. In the meantime, can the Commission outline if Member States are free to bring in regulations that would allow victims of APP fraud to be compensated?

Responses from the Commissioner:

The Commissioner in her response on behalf of the Commission, acknowledged that APP fraud has become increasingly widespread across the EU and that the current PSD2 regime does not cover such cases. This, she explained, is due to the fact that PSD2 introduced refund rights for consumers only as regards unauthorised credit transfers where the payer has not consented to the execution of the payment transaction. The Commissioner stressed that while the application of strong customer authentication introduced by PSD2 has already led to a "significant reduction in the level of fraud related to unauthorised payment transactions, it is insufficient to prevent these new types of fraud." In light of this and the PSD2 review consultations, the Commissioner noted that the European Commission is assessing whether to introduce some targeted amendments to PSD2, particularly in relation to liability and refund rules, as part of its PSD2 review scheduled for Q2 of 2023.

The Commissioner noted that article 107(1) of PSD2 provides for maximum harmonisation meaning Member States cannot create provisions other than those already contained in PSD2. However, this applies only to provisions that are harmonised in PSD2 and given that PSD2 does not provide a liability framework for APP fraud, the Commissioner confirmed that Member States are authorised to implement legislation on a national level. Additionally, the Commissioner noted that payment service providers are also entitled to address APP frauds on a "voluntary basis".

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.