The deadline is fast approaching for in-scope financial entities and their ICT service providers to conform to the EU’s new digital operational resilience regulation.

By Christian F. McDermott and Alain Traill

With effect from 17 January 2025, a broad range of EU financial entities will be subject to the new EU regulation on digital operational resilience for the financial sector (DORA), with significant impact for firms and their third-party ICT service providers. As the new landscape takes shape, below is an overview of some of the key changes and steps that impacted financial entities and providers should be taking ahead of the deadline.

The DSA has a broad scope and regulates many aspects of digital services, including in the fintech space.

By Gail E. Crawford, Jean-Luc Juhan, Susan Kempe-Mueller, Deborah J. Kirk, Lars Kjølbye, Elisabetta Righini, Sven B. Völcker, Ben Leigh, Victoria Wan, and Amy Smyth

As a key part of the EU’s digital regulation strategy, the Digital Services Act (DSA) seeks to modernise legal frameworks and create a safer and more open digital environment.

It regulates many aspects of digital services, including liability for online content and services, targeted advertising, know-your-business-customer requirements, transparency for users, and managing systemic platform risks.

A new report explores the advantages, impacts, and approaches the Eurosystem is considering as it contemplates a digital currency.

By Max von Cube

In October 2020, the European Central Bank (ECB) published a Report on a Digital Euro (the Report). The Report sets out the main findings of a task force initiated in early 2020 to investigate the potential for a central bank digital currency (CBDC) in the euro area.

The proposed regulation will provide greater consumer and investor protection and lessen the risks of participating in digital finance.

By Stuart Davis

The EU Commission has published a proposal for a wide-ranging EU regulation covering cryptoassets and e-money tokens, both of which are currently largely unaddressed in EU financial services legislation.

The draft Markets in Cryptoassets Regulation (MiCA) has been designed to:

  • Increase legal certainty in the area of cryptoassets
  • Support innovation and promote the development of cryptoassets and the wider use of distributed ledger technology (DLT)
  • Instil appropriate levels of consumer and investor protection and market integrity in an area that presents many of the same risks as traditional financial instruments
  • Ensure financial stability

The guidelines create new obligations for financial, payment, and electronic money institutions that will impact cloud outsourcing and deployment of FinTech.

By Fiona M. Maclean and Laura Holden

On 25 February 2019, the European Banking Authority (EBA) published a final report on its draft guidelines on outsourcing arrangements (Guidelines). The report followed the EBA’s publication of draft guidelines in June 2018 (Draft Guidelines) and the ensuing public consultation in September 2018 (Public Consultation).

The Guidelines replace the 2006 Committee of European Banking Supervisors (CEBS) Guidelines on Outsourcing (CEBS Guidelines) and replace and incorporate the EBA’s final recommendations on outsourcing to cloud service providers (Cloud Recommendations). Financial institutions will now only need to consult one set of guidelines for cloud and non-cloud outsourcing.

New EU anti-money laundering measures have been approved by European legislators.

By Stuart Davis and Charlotte Collins

The European Parliament and Council have finally signed off on the text of the fifth Anti-Money Laundering Directive (known as MLD5).

Overview

The new directive is of particular interest to the FinTech sector as, amongst other things, MLD5 includes measures to increase transparency around more recently developed instruments of payment — namely cryptocurrencies and prepaid cards. Both these instruments lend themselves to anonymity and raise concerns that they could be used to help fund terrorist activities.

MLD5 will lower the threshold for identifying the holders of anonymous prepaid cards from €250 to €150. It will also require know-your-customer (KYC) checks to be performed for remote payment transactions exceeding €50, or if a withdrawal of more than €50 is made.