Proportional and clear guidelines would ensure citizens' data protection and foster innovation

The ESBG, together with eight other associations representing the EU payment sector, has written to the European Data Protection Board, the European Commission and the European Banking Authority about the EDPB Guidelines 06/2020 on the interplay between the reviewed Payment Services Directive (PSD2) and the General Data Protection Regulator(GDPR).

The letter highlights that while the payments sector remains fully committed to ensuring the protection of EU citizen’s data- including within the framework of PSD2 – there are concerns that the enforcement of the Guidelines will lead to an outcome that is not in line with PSD2 objectives. In the end, this would hinder innovation and competition in payments.

Although the final Guidelines help in clarifying certain aspects of the interplay, our letter emphasises and reiterates common concerns:

  • Provisions on data minimization create uncertainties and are potentially in conflict with PSD2;
  • There is lack of coherence with the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication (RTS on SCA & CSC);
  • Financial transaction data should not be considered as special category of personal data (SCPD). As such, if financial transaction data is not processed in order to infer SCPD, Article 9(1) GDPR should not apply.
  • There are resulting concerns that national Data Protection Authorities could start taking a differentiated approach to the interpretation of the provisions, resulting in fragmentation across the EU and adding to a growing trend when it comes to GDPR implementation.

Overall, the EU payments industry welcomes further discussion between all relevant institutions and stakeholders in the GDPR-PSD2 ecosystem to address these challenges and to provide legal certainty for all actors to enable them to meet their obligations and continue to provide top-tier services for their customers.

READ THE FULL JOINT LETTER

related


On the EBA guidelines for Anti-Money Laundering Compliance Officers

We welcome both the decision to update the Supervisory Review and Evaluation Process (SREP) Guidelines and the overarching objectives to increase convergence of practices across the EU and to align with other relevant EBA Guidelines.

ESBG calls for several clarifications and amendments.

Particularly, in light of the different transposition of the AML Directive, it is of utmost importance that, where a conflict is unavoidable, national specificities prevail guideline provisions.

related


Revised NPL data templates are overly detailed

The revised NPLs data templates are overly detailed and impose more costs than benefits to banks and investors.
They should not be mandatory, at least not for banks with low levels of NPLs.

BRUSSELS, 3 September 2021 – The European Savings and Retail Banking Group (ESBG) replied to the European Banking Authority (EBA) consultation on the review of the standardised data templates for Non-Performing Loans (NPLs) on 31 August.

The current revision of the templates is based on the user experience and feedback from various market participants. The revision responds to the European Commission’s Communication on tackling NPLs in the aftermath of the Covid-19 pandemic (December 2020) that, amongst others, requests the EBA to review the templates based on a consultation with market participants. The objective of this revision is to make the voluntary data templates simpler, more proportional and effective. It also aims to make them available to all market participants by the end of 2021. According to the authorities, this should play an important role in providing a common basis for data exchange in secondary markets.

From ESBG’s perspective, the data templates are overly detailed and require information that either is not critical for purposes of loan valuations or is not currently or readily available. Some data fields go beyond what is relevant for portfolio valuation.

Furthermore, the potential mandatory implementation of NPL data templates does not consider the role of all market participants and thus may have a negative impact on some of them.

The proposal to require that the preparation of these templates shall be mandatory for low NPL banks (NPL ratio lower than 5%) is detrimental, in ESBG’s view. It would be neither necessary (low NPL banks have no or little need to sell NPLs) nor would it make economic sense (the costs will surpass the benefits), nor would it materially support the build-up of a NPL trading market (as low NPL banks would not contribute to it). Such measure would also go against any proportionality considerations.

Content wise, the templates have also several downsides. Despite a significant decrease of the data fields compared to the original 2017 templates, the remaining number is still high, and contains significantly more information than the current market standard. An additional difficulty is related to the availability of information and to the existing barriers imposed by confidentiality rules. All these, if made obligatory, will put additional pressure that would outweigh benefits from the bank´s perspective due to the need for increased engagement of resources.

In addition, it is also worth considering whether the revised templates (which are still too detailed and granular) would actually make it more time consuming for investors, particularly those new to the market, to conduct the valuation process, and whether this might have a detrimental rather than stimulating impact on the NPLs market.

In light of the above, ESBG firmly believes that banks (or at least low level NPL banks) should be given a discretion to decide on the use of the NPL data templates even in this revised format, rather than being obliged. ESBG members have in fact the required levels of operational readiness to deal with the increase in NPLs, when (and if) the need emerges.

In conclusion, while we understand the rationality of aiming to increase the market transparency by making available the NPL secondary market data, we recommend that the implementation solution should be done without bringing any additional complexity, investments and effort for all players, and using existing regulatory and legal framework and IT infrastructure. If the initiative will be continued, we propose to use the already existing Credit Bureaus EU infrastructure, at least for the retail segment, as an alternative solution which may fulfil the original objective and does not require new reporting requirements for the banks.

Download

FULL REPORT

related


On the European Commission's Artificial Intelligence Act

The Commission aims to turn Europe into the global hub for trustworthy Artificial Intelligence. If we share this idea on the principle, it should be recognised that this is a risky bet.

The European Commission published a proposal for an Artificial Intelligence (AI) Act at the end of April. In parallel, it has set up a public consultation for stakeholders to provide feedback on the draft text, which ended on 6 August.

AI technology has only slowly began arriving on the market and as applications become more sophisticated, they will likely often become very unpredictable in their development. To ensure legal certainty, a level playing field and no obstacles to innovation, a clear definition of artificial intelligence is needed. This would cover the Commission work, as well as national data protection authorities, the Council of Europe initiative, and the OECD framework on classifying AI systems. ESBG members very much welcome the proposed technology-neutral and future-proof definition of AI, and the Commission’s risk-based approach to enable a proportionate regulation.

The Commission aims to turn Europe into the global hub for trustworthy Artificial Intelligence. If we of course share this idea on the principle, it should be recognised that this is a risky bet. Indeed, if European values are not ultimately adopted on an international scale, non-European solutions are potentially more efficient because they have been developed in less restrictive regulatory environments and could compete with European solutions.

With regards to the acceptance of data usage, members would like to use real datasets instead of the Commission proposed ‘synthetic’ datasets. These would mimic real life situations and allow AI training in a realistic setting, without the risk of second order bias (e.g., ethnicity indication based on living area or income).

We also believe that there should be a provision in the draft text to protect European AI developers and users at international level. AI does not discriminate against physical locations, and many different countries across the world have different interpretations of copyright and liability when it comes to AI applications.

Finally, we call for clarity on the scope of the text when it comes to biometric identification of natural persons. It is not yet clear if financial services firms and their providers, who rely on biometric identification to onboard customers remotely (and comply with KYC – know your customer requirements) will be included in the scope of the full set of requirements in the AI regulation.

We support the Commission in its efforts to create a clear legal framework for artificial intelligence which does not inhibit innovation and at the same time provides security for all market participants. We are particularly pleased with the Commission’s philosophical approach to promoting “digitalisation with a human face”. We believe that trustworthy AI in cooperation with human expertise will be of great value to European society. We particularly emphasise the interaction between man and machine. We firmly believe that both humans and machines are irreplaceable. However, we must ensure that new regulation does not inadvertently cripple our markets, dampen innovation and opportunities.

Download

FULL REPORT

related


ESBG welcomes announcement of harmonised European Digital Identity

The European Savings and Retail Banking Group (ESBG) welcomes the intention to remove fragmentation and to build a harmonised legal framework across Europe, recognising the role of Member States as providers of the European Digital Identity Wallet.

BRUSSELS, 15 June 2021 – ESBG welcomes the intention of the European Commission (EC) to end the current regulatory and technological fragmentation of electronic identification across EU Member States,  as announced on 3 June, with the creation of a regulatory framework for a European Digital Identity.

The proposed harmonisation would help correct some of the shortcomings of the current eIDAS Regulation, whose partial (only public services are included) and heterogeneous adoption by Member States resulted in a highly underutilised ecosystem in the Union, particularly for cross-border access to services.

“The ESBG and its members welcome the Commission’s proposal and believe that it can contribute to the further integration of the European Union. We look forward to the coming discussions in both Parliament and the Council”, said Andreas Widegren the Chair of the ESBG FinTech Regulation Committee and Swedbank’s Senior Manager.

ESBG also supports the EC’s aim to ensure that at least 80% of EU citizens get access to digital ID solutions by 2030. Today, only 59% of EU citizens have access to trusted and secure eID schemes across borders.

The new proposal not only extends the eIDAS but it also puts forward an ambitious, interoperable EU-wide scheme centered around Digital Identity Wallets, to be issued by Member States as providers of legal identity.

A key factor will be the involvement of the private sector in the creation of the Trust Scheme, in a “process for close and structured cooperation”, as referred in recital 36 of the Regulation proposed by the Commission.

ESBG calls for the specificities of the financial sector to be taken into account in this involvement. As relying parties, banks should be aware of the chain of trust in data sharing, including all the actors involved.

ESBG is also in close collaboration with the other European Credit Sector Associations, in the context of the Inter-ECSA eID Task Force, which brings together experts from 36 financial institutions with the goal of expressing a common position for the whole sector. ESBG, together with the ECSAs, stands ready to further engage on the strategic issue of digital identity with the Commission, EU co-legislators and a wide range of stakeholders both at European and national level.

related