ESBG keeps a close eye on prudential treatment of crypto assets

On 30 September 2022, ESBG responded to the second public consultation of the Basel Committee on Banking Supervision (BCBS) on the prudential treatment of banks' crypto asset exposures, which is built on the proposals in the first consultation issued in June 2021.

The basic structure of the proposal in the first consultation is maintained, with crypto assets divided into two broad groups: Group 1 includes those that are eligible for treatment under the existing Basel Framework with some modifications. Group 2, on the other hand, includes unbacked crypto asset and stable coins with ineffective stabilisation mechanisms, which are subject to a new conservative prudential treatment.

In the response to the second consultation in 2022, we advocated for the removal of the technological risk add-on from the proposed prudential framework.

The first reason for this would be the principle of technological neutrality. The regulation should focus on regulating the services but not the applicable technology in order not to prevent the adoption of a specific technology and to neither prefer nor prejudice a specific business model or service provider. Secondly, technological risk already exists in all asset classes. If persistent technological risks are detected, the supervisor could require actions for their mitigation or apply a Pillar 2 Requirement (P2R) surcharge. Finally, a common surcharge of capital would reduce institutions’ incentives to mitigate inherent risk.


OCTOBER 2022 | TOPICS: Prudential, Supervision and Resolution | Public Consultation | Crypto Assests | Basel Framework | Technology Neutrality


Digital platforms serving the agricultural sector

Scale2Save Campaign

Micro savings, maximum impact.

BRUSSELS, 18 November 2021 - The World Savings and Retail Banking Institute (WSBI) programme for financial inclusion, Scale2Save, launched today ‘A case study on digital platforms serving the agricultural sector’, the fifth of its State of the Savings and Retail Banking Sector in Africa research series.

This new publication, co-authored with FinMark Trust, an independent non-profit trust for making financial markets work for the poor, explores the topic from the point of view of Financial Service Providers (FSPs). It aims to answer two key questions FSPs must consider when weighing whether to launch an online platform for farmers: Why should I participate – and if I do, what must I keep in mind? This case study looks at a variety of African agricultural platform providers and more closely at three platform models: bank-led (First City Monument Bank in Nigeria), fintech-led (DigiFarm in Kenya) and telco-led (EcoFarmer in Zimbabwe).

The emergence of digital platforms serving farmers in Africa is of enormous importance as the agricultural sector employs more than half of the continent’s labour force, and accounts for almost 20% of the continent’s gross domestic product.

Platform models are still very new in the agricultural arena. However, the use of platform services to support smallholder farmers has blossomed. During the pandemic they proved a valuable lifeline, enabling farmers to stay in touch with their value chain partners, from financial service providers to farm input suppliers and off-takers.

Looking forward, agricultural digital platforms clearly have the potential to play a powerful role as a catalyst for financial inclusion and to transform the food sector into a more inclusive one that offers viable opportunities for smallholder farmers.

This case study is guided by the overarching objective of the WSBI research series, which is to inform FSPs about developments in the finance industry that affect services to low-income customers.

WSBI’s Scale2Save programme is a six-year partnership with the Mastercard Foundation.

The publication is available for download free of charge here.


Case study cover

The publication is available for download here.



Digitalisation of financial service providers to serve low-income customers

Scale2Save Campaign

Micro savings, maximum impact.

New Scale2Save case study: BRUSSELS, 30 September 2021 - The World Savings and Retail Banking Institute (WSBI)’s programme for financial inclusion, Scale2Save, launched today ‘A case study on connecting with low-income customers through digitalisation’, part of its State of the Savings and Retail Banking Sector in Africa research series.

Digitalisation is revolutionising the way financial service providers conduct their business. In Africa, the spread of mobile phones over the past two decades allowed the development of new forms of mobile transactions. Now digitalisation of African financial service providers is entering a new phase, as the widening use of mobile phones to access the Internet enables the roll-out of profitable digital services for low-income customers.

This new publication, co-authored with FinMark Trust, explores the answers to a question that many executives are asking: How best to digitalise a financial institution? The case study draws upon management consulting literature to assess digitalisation strategies in a pragmatic way. It also assesses three leading African financial organisations against this framework: Al Barid Bank, Morocco; Equity Bank, Kenya; and Consolidated Bank, Ghana.

The aim of this publication, as of the Scale2Save programme, is to identify the elements for financial service providers to serve low-income people and therefore boost financial inclusion. By opening the doors of remote access to formal savings and payments to people long excluded from them, these new customers get opportunities to improve their economic situation. They are enabled to smooth consumption, build assets, prepare against risks and improve their ability to cope and recover from shocks. In the context of Covid and its consequences, this case study highlights the importance of speeding up digitalisation by financial services providers not only in their service offer but also as dynamic organisations and as part of a digital financial ecosystem. It also underscores customer centred initiatives as a key to success.

WSBI’s Scale2Save is a six-year partnership with the Mastercard Foundation.


The publication is available for download here.


ECB announces members of Digital Euro Market Advisory Group

ECB appoints 30 senior business professionals with proven experience. Members to advise Eurosystem on design and distribution of potential digital euro. Meetings of group to be held at least quarterly, starting in November 2021.

25 October 2021 – The European Central Bank (ECB) has today announced the members of the Market Advisory Group for the digital euro project.

The Eurosystem’s High-Level Task Force on Central Bank Digital Currency called for expressions of interest on 14 July, following the Governing Council’s approval of the digital euro project investigation phase. After assessing applications, the selection committee appointed 30 senior business professionals with proven experience and a broad understanding of the euro area retail payments market.

“I am pleased that many high-quality experts from the private sector are willing to contribute to the digital euro project”, says ECB Board Member Fabio Panetta, Chair of the High-Level Task Force.

“Their expertise will facilitate the integration of prospective users’ and distributors’ views on a digital euro during the investigation phase.”

Members of the Market Advisory Group will act in a personal capacity, advising the Eurosystem on the design and distribution of a potential digital euro from an industry perspective, and on how a digital euro could add value for all players in the euro area’s diverse payments ecosystem. A representative from the European Commission and representatives from Eurosystem national central banks will also participate in the group.

Meetings are to be held at least quarterly, starting in November 2021, and written consultations will be organised between meetings. The issues identified will also be considered in the Eurosystem’s established forum for institutional dialogue on retail payments, the Euro Retail Payments Board (ERPB). The ERPB consists of high-level representatives of industry associations and represents a wide range of stakeholders. In addition, the Eurosystem will engage with the public and merchants through dedicated surveys (e.g. of focus groups) and will continue to hold technical workshops with the industry.

Members of the Digital Euro Market Advisory Group:

Aleksander Kurtevski, Managing Director, Bankart
Alessandro De Cristofaro, Director Digital Innovation Strategy, CRIF
Antonio Macías Vecino, Head of Payments Discipline, BBVA
Axel Schaefer, Payment Regulation and Innovation Specialist, Ingka Group (IKEA)
Cristian Cengher, Product Owner Cross Border Payments, Erste Group Bank AG
Cyril Vignet, Project Manager Innovation, Banque Populaire Caisse d’Epargne
Diederik Bruggink, Head of Payments and Innovation, European Savings and Retail Banking Group
Etienne Goosse, Director General, European Payments Council
Fanny Solano, Director Digital and Retail Regulation, Transparency and Implementation, CaixaBank
Fernando Rodríguez Ferrer, Head of Business Development, Bizum
Gerard Hartsink, Chairman, ICC DSI Industry Advisory Board
Inga Mullins, CEO, Fluency
Jens Holeczek, Head of Digital Payment Unit, National Association of German Cooperative Banks
Jochen Siegert, Managing Director, Global Head of Asset Platforms, Deutsche Bank AG
Nicolas Kozakiewicz, Chief Innovation Officer, Worldline
Nilixa Devlukia, CEO, Payments Solved
Nils Beier, Managing Director, Accenture Strategy & Consulting
Paul Le Manh, Advisor to CEO, EPI Interim Company
Piet Mallekoote, Former CEO, Dutch Payments Association
Régis Folbaum, Head of Payments, La Banque Postale
Roberto Catanzaro, Chief Strategy and Transformation Officer, Nexi Group
Ruth McCarthy, Managing Director, FEXCO Corporate Payments
Sean Mullaney, Head of Payment Engineering, EMEA Payments, Stripe
Silvia Attanasio, Head of Innovation, Associazione Bancaria Italiana
Sofia Lindh Possne, Senior Advisor, Group Regulatory Affairs, Swedbank
Stefano Favale, Head of Global Transaction Banking, Intesa Sanpaolo
Teresa Mesquita, Chief Marketing and Product Officer, SIBS Forward Payment Solutions
Valdis Bergs, Chairman of the Board, Mobilly sia
Ville Sointu, Head of Emerging Technologies, Nordea
Yves Blavet, Open Banking Director, Société Générale


On the European Commission's Artificial Intelligence Act

The Commission aims to turn Europe into the global hub for trustworthy Artificial Intelligence. If we share this idea on the principle, it should be recognised that this is a risky bet.

The European Commission published a proposal for an Artificial Intelligence (AI) Act at the end of April. In parallel, it has set up a public consultation for stakeholders to provide feedback on the draft text, which ended on 6 August.

AI technology has only slowly began arriving on the market and as applications become more sophisticated, they will likely often become very unpredictable in their development. To ensure legal certainty, a level playing field and no obstacles to innovation, a clear definition of artificial intelligence is needed. This would cover the Commission work, as well as national data protection authorities, the Council of Europe initiative, and the OECD framework on classifying AI systems. ESBG members very much welcome the proposed technology-neutral and future-proof definition of AI, and the Commission’s risk-based approach to enable a proportionate regulation.

The Commission aims to turn Europe into the global hub for trustworthy Artificial Intelligence. If we of course share this idea on the principle, it should be recognised that this is a risky bet. Indeed, if European values are not ultimately adopted on an international scale, non-European solutions are potentially more efficient because they have been developed in less restrictive regulatory environments and could compete with European solutions.

With regards to the acceptance of data usage, members would like to use real datasets instead of the Commission proposed ‘synthetic’ datasets. These would mimic real life situations and allow AI training in a realistic setting, without the risk of second order bias (e.g., ethnicity indication based on living area or income).

We also believe that there should be a provision in the draft text to protect European AI developers and users at international level. AI does not discriminate against physical locations, and many different countries across the world have different interpretations of copyright and liability when it comes to AI applications.

Finally, we call for clarity on the scope of the text when it comes to biometric identification of natural persons. It is not yet clear if financial services firms and their providers, who rely on biometric identification to onboard customers remotely (and comply with KYC – know your customer requirements) will be included in the scope of the full set of requirements in the AI regulation.

We support the Commission in its efforts to create a clear legal framework for artificial intelligence which does not inhibit innovation and at the same time provides security for all market participants. We are particularly pleased with the Commission’s philosophical approach to promoting “digitalisation with a human face”. We believe that trustworthy AI in cooperation with human expertise will be of great value to European society. We particularly emphasise the interaction between man and machine. We firmly believe that both humans and machines are irreplaceable. However, we must ensure that new regulation does not inadvertently cripple our markets, dampen innovation and opportunities.




Digital Euro Quote

ECB and ESBG committed to a successful Digital Euro

BRUSSELS, 15 July 2021 – ESBG welcomes the decision of the Governing Council of the European Central Bank (ECB) to launch the investigation phase of the digital euro project as announced by the Eurosystem. The investigation phase will last 24 months and will aim at addressing key issues concerning design and distribution.

“ESBG and its members welcome the Eurosystem’s announcement and look forward to the coming interaction with the ECB”, said Sofia Lindh Possne, Chair of the ESBG Task Force on Central Bank Digital Currencies and Swedbank’s Senior Advisor Group Regulatory Affairs.

ESBG supports the ECB’s aim to ensure that in the digital age citizens and firms continue to have access to the safest form of money, central bank money. ESBG and its Members also support the efforts towards an environmentally friendly design of the core infrastructure of a future digital euro.

ESBG especially welcomes the involvement of different stakeholders via the creation of the Market Advisory Group. ESBG stands ready to engage with the Eurosystem and the other European Institutions during this investigation phase. In anticipation thereof, ESBG already drafted and issued a high-level position paper on the key challenges that the digital euro will face. The paper, published here, also suggests four possible use cases that could especially benefit from the issuance of a digital euro.

ESBG hopes this is a good starting base for a fruitful dialogue in the months to come and is looking forward to a further engagement on this important file with the ECB.

Notes to the editor

ESBG’s high-level position paper on a digital euro is available for download below in full and in summary format. It analyses five challenges for the issuance of a digital euro and presents four possible use cases that could especially benefit from the issuance of a digital euro.


Digital tax: European Commission roadmap

​​​​​​​​​​​BRUSSELS 15 February 2021 – ESBG issued today comments on the European Commission's roadmap on the introduction of a digital levy.

In our opinion, it is most important that a precise distinction is made as to which companies are to be covered by the digital tax. Therefore, this differentiation should primarily be done based on the core business of a company and based on how the business is conducted. Secondly, any potential up-coming definition of digital activities might be used as a differentiation criterion. 

We are convinced that companies should be out of the scope of any digital levy if they have:

  • one or more branches with on-site sales personnel
  • ​face-to-face customer service and
  • whose core business is not based on the provision of digital services

Furthermore, it is completely unclear on which tax base the digital tax should be levied. It makes a big difference whether an income tax or a transfer tax is designed. At this point in time, without any draft legislative texts, the intention of the EU Commission cannot be assessed at all. We believe that a design based on income tax and a link to income taxable revenues make no sense. Because the income tax burden of companies exclusively active in digital business transactions is generally very low due to the lack of, and moreover, controversial definitions of a company’s presence, its permanent establishment.

Furthermore, the determination of the income tax base is completely different depending on the Member State where the companies have to be charged. Beyond that, in the case of internationally active companies the issue around the permanent establishment would be almost impossible to manage. Thus, it can be assumed that all Member States involved would claim a share of the tax revenue for themselves (see also below).

Similarly, after years of efforts to establish a Common Consolidated Corporate Tax Base (CCCTB), a “profit sharing method” is, in our opinion, doomed to fail. Therefore, a “top-up” on the current corporate income tax” has to be ruled out. A transfer tax would be conceivable, which would ultimately be linked to the turnover within the EU (and the location of the recipient of the service, regardless of whether it is B-2-B or B-2-C) and would have to be paid in a simple procedure, if possible at source by way of deduction – which would be the most efficient way – or by way of assessment by the digital company providing the service. The registration obligation of “platforms” for VAT purposes within the framework of the “e-commerce package” also goes in this direction.​

About ESBG (European Savings and Retail Banking Group)

The European Savings and Retail Banking Group (ESBG) represents the locally focused European banking sector, helping savings and retail banks in 21 European countries strengthen their unique approach that focuses on providing service to local communities and boosting SMEs. An advocate for a proportionate approach to banking rules, ESBG unites at EU level some 885 banks, which together employ 656,000 people driven to innovate at 48,900 outlets. ESBG members have total assets of €5.3 trillion, provide €1 trillion in corporate loans, including to SMEs, and serve 150 million Europeans seeking retail banking services. ESBG members commit to further unleash the promise of sustainable, responsible 21st-century banking. Learn more at

European Savings and Retail Banking Group – aisbl

Rue Marie-Thérèse, 11
B-1000 Brussels
Tel: +32 2 211 11 11
Fax : +32 2 211 11 99 ■





ESBG believes that European policymakers should put in place a classification that is flexible enough to accommodate for technological progress and that a transitional regime could lead to a detailed classification. EU supervisors and NCAs first need to take initiatives and provide guidance; then EU legislators should enlarge the scope through a general/high-level cryptoasset classification and finally provide regulation for areas that do not fall under EU legislation.

  • Regulatory policy should take into account the various purposes/functions of crypto-assets. Depending on the individual function/purpose of a crypto-asset, different aspects have to be considered. While e.g. payment tokens may raise questions on depositor and consumer protection as well as payment service issues, investment tokens may raise questions on investor protection.
  • From a prudential point of view, it would be better to establish categories indicating how much risk is associated with the specific crypto-asset and to link these categories to existing asset classes where possible. We agree with the Basel Committee that it makes sense to classify crypto-assets on the basis of their different functions. The three major categories are payments, securities and utility access. Within these categories, a further distinction should be made as to whether or not the crypto-asset is backed by a conventional asset. ESBG believes that the prudential treatment of crypto-assets should be designed by adapting current prudential regulatory treatment to these assets; designing a whole new framework would not be necessary.
  • Swift adoption of the MiCA regulation proposal and the proposal regulation on a pilot regime for market infrastructures based on distributed ledger technology. Policymakers are encouraged to deliver on the proposal and allow a smooth adoption and implementation of the proposed measures. ESBG would continue its contribution to the industry and public debate.​

Identified Concerns

ESBG supports the establishment of an EU regulatory framework for crypto-asset markets as a key priority, especially as some crypto-assets are currently not covered by EU legislation. Since crypto-assets are of a digital/virtual nature, policymakers need to consider the legal nature of the issuer (private vs. public), the difference between asset and technology, and the possible stabilisation mechanisms behind the cryptoasset (e.g. in case of stablecoins).​

Why Policymakers Should Act

ESBG is concerned by the abuse of retail investors’ trust and the emergence of highways circumventing policy frameworks which were carefully crafted over the last decades. A general framework for both the definition and the classification of crypto-assets should be set-up through regulatory measures in order to ensure that a scope expansion of crypto-assets is done in a harmonized manner. Regulatory measures provide a level playing field for all market participants involved.

European policymakers should try to preserve and extend to the crypto-assets market the recent advances and improvements achieved in market integrity, investor and data protection, and anti-money laundering.


Since the publication of the FinTech Action Plan in March 2018, the European Commission has been closely looking at the opportunities and challenges raised by crypto-assets and evaluating the suitability of the existing financial services regulatory framework on crypto-assets.

In January 2019, the EBA and ESMA reports pointed out that while some crypto-assets fall within the scope of EU legislation, effectively applying it to these assets is not always straightforward. Moreover, there are provisions in existing EU legislation that may inhibit the use of certain technologies, including DLT. At the same time, the EBA and ESMA have pointed out that most crypto-assets are outside the scope of EU legislation and hence are not subject to provisions on consumer and investor protection and market integrity. Finally, a number of member states have also legislated on issues related to crypto-assets which are currently not harmonised.

In September 2020, the European Commission proposed a comprehensive framework that will protect consumers and the integrity of previously unregulated markets in crypto-assets. The ‘Regulation on Markets in Crypto Assets’ (MiCA) will boost innovation while preserving financial stability and protecting investors from risks. The new rules will allow operators authorised in one Member State to provide their services across the EU (“passporting”). Safeguards include capital requirements, custody of assets, a mandatory complaint holder procedure available to investors, and rights of the investor against the issuer. Issuers of significant assetbacked crypto-assets – so-called global ‘stablecoins’ – would be subject to more stringent requirements, such as in terms of capital, investor rights and supervision.

In addition, the European Commission proposed a pilot regime for market infrastructures that wish to try to trade and settle transactions in financial instruments in crypto-asset form. The pilot regime represents a so-called ‘sandbox’ approach – or controlled environment – which allows temporary derogations from existing rules so that regulators can gain experience on the use of distributed ledger technology in market infrastructures, while ensuring that they can deal with risks to investor protection, market integrity and financial stability. The Commission is also proposing some related amendments where current legislation presents clear issues to the application of distributed ledger technology in market infrastructures

These proposals respond to most of the ESBG priorities and if adopted will ensure a level playing field that has been one of ESBG main demands for the last years.

Read full position paper from June 2019


​​​​RegTech & Innovation Facilitators

ESBG believes that improving the efficiency of reporting obligations both at national and EU level would be hugely beneficial to the deployment of RegTech solutions. 

ESBG believes that communication plays a key role, particularly when it comes to rethinking the relationship between banks (supervised entities) and supervisors. There is room for a more pro-active role of supervisors, which expresses advice and guidance ex ante, and not only ex post. 

ESBG sees innovation hubs as extremely helpful and as a commitment from supervisors to evaluate ideas in a different way (e.g. pro-active approach, ex-ante, expressing guidance). Supervisors go beyond their traditional role of watchdogs and take a step closer to becoming sources of valuable guidance for the wider interest of the banking sector. 

ESBG also believes regulatory sandboxes might be beneficial, provided they are: (a) inclusive (b) fully harmonised. For instance, when only a few players are accepted within a given regulatory sandbox, there is a risk of creating an unlevel playing field. Furthermore, the adoption of regulatory sandboxes in the EU is still too fragmented and differentiated: harmonisation is a key element when it comes to cross-border risk management.​

Identified Concerns

ESBG identifies as main barriers for new RegTech solutions to scale up in the EU single market:

  • Lack of harmonisation of EU rules
    Lack of clarity regarding the interpretation of regulatory requirements (e.g. reporting)​
    Lack of standards
    Lack of supervision for RegTech within the EU
    Frequent changes in the applicable rules

ESBG strongly believes in the principle that innovation comes from different kinds of players (FinTech startups, BigTech companies, incumbent banks). Hence, players of any size should be included in innovation hubs or regulatory sandboxes so to always maintain a level playing field. The current selection criteria of regulatory sandboxes are not always clear. If regulatory sandboxes include regulatory relief, they can threaten the level playing field and consumer protection. This results in competitive disadvantages for market participants who do not participate in the sandbox. Under no circumstances should the selection of participants in an innovation facilitator be based on the type of the entity. Innovation facilitators can only be beneficial if they remain harmonised and equally open to all actors.

Competition between national supervisors on the basis of regulatory arbitrage should be avoided. Sandboxes should not become an economic tool to attract new national market entrants.​

Why Policymakers Should Act

Regulating innovation is challenging. ESBG acknowledges the difficulties regulators might face in creating incentives for innovation. Proposals to enhance supervisory consistency could contribute to a convergence in domestic innovation policies across the EU, thereby facilitating the emergence of a single market for financial services.

Europe still remains outside the initiative of the Financial Conduct Authority’ (FCA) to create a “Global Financial Innovation Network” (GFIN officially launched in January 2019), as there are, at this stage, only a small number of European supervisors involved (Lithuania, Luxembourg, Hungary). As one of the main functions of the GFIN is to establish a network of regulators, it is indeed essential to ensure that the views of Europe can be expressed and defended. EU authorities should represent Europe in any international network, including the GFIN. Furthermore, EU financial entities should have the possibility to be part of any trials across multiple jurisdictions globally.


RegTech helps companies to identify, manage and mitigate risks. RegTech brings direct benefits to supervisors, allowing for a change in approach which is also beneficial for the banking industry. In order to be adopted effectively by the industry, RegTech needs a cultural shift. Supervisors should harmonise the regulatory framework. A pro-active dialogue between supervisors and banks could benefit not only innovation, but also governance. Innovation hubs allow supervisors to work more closely with the industry and to get a more hands-on approach to innovative projects. There are increasing cooperation and partnership opportunities among incumbent banks and FinTech start-ups to provide innovative products and services that they indeed would need to test. ESBG supports the ability to experiment within a controlled environment and test new products and services, while exploring new regulatory requirements and building up critical know-how for future regulatory requirement definitions. Moreover, establishing networks of cross-sectoral innovation hubs could prevent situations where a regulator or supervisor adopts guidelines, recommendations or opinions without taking into account relevant implications that are analysed by a supervisor from another sector.​



The cloud certification would help reduce technical, operational and security risks, and would support compliance with the EBA Outsourcing Guidelines.

It would also help the European banking industry be more competitive worldwide by quickly adopting new technologies. In any case, it is clear that a new oversight framework shall not increase the banking and financial sectors obligations and supervisions. The EBA has advised the European Commission to look at the establishment of an appropriate oversight framework for third-party service providers (TPPs), in particular in the area of cloud services. ESBG encourages and shares the need to strengthen and harmonise the current legislative framework for TPPs at both micro and macro level. ​

  • At micro level, Supervisors should have access rights, audit rights and sanctioning rights directly from the regulatory framework rather than relying only on contractual provisions in outsourcing contracts. ESBG believes that the Cloud Certification is an additional toolkit and will contribute to achieving this policy objective. ESBG encourages policymakers to increase efforts to create a CSP certification framework.
  • At macro level, ESBG also agrees with the EBA that for critical TPPs there is an urgent need for a new oversight framework that sets higher standards related to security and data protection (e.g. obligatory cybersecurity certification). The scope of oversight should aim at monitoring concentration risk, financial stability risks and ensuring cooperation with relevant authorities.

Identified Concerns

ESBG is concerned about the unbalanced power relationship between CSP (Google, Amazon, Microsoft, Alibaba, etc) and cloud service users, such as banks. It is indeed almost impossible for banks to negotiate contractual terms with the powerful CSP that are compliant with the EBA guidelines or applicable legal acts, and this situation generates compliance risk for banks as they are still responsible for the outsourcing arrangement.​

Regarding the regulatory framework, the EBA in its Outsourcing Guidelines, sets unrealistic obligations for banks (e.g. auditing rights, data localisation), as the negotiating position of European banks towards cloud service providers is fairly weak.

Why Policymakers Should Act

Industry sectors like banking urgently need for cloud services offered by big players to fall under a centralised, Europe-wide, validated and standardised EU framework that puts in place legal, technology and security requirements. ESBG has identified some of the major cloud guarantees expected from cloud service providers to comply with the authorities’ requirements and obtain trustworthy banking cloud services.

ESBG welcomes the European Commission’s approach to standardising certain mandatory and sensitive Cloud contractual clauses. Nevertheless, additional efforts are required to strengthen the financial sector’s capacity to negotiate. Beyond the standardisation of Cloud contractual clauses, a complementary approach could be considered to obtain a Trustworthy European Cloud certification for the financial sector.


There is an ongoing reflection on the level of oversight and supervision for providers supplying a public Cloud to the banking and financial sectors. The underlying idea is to ensure that CSPs deliver on a trusted European Cloud which should comply with the technical, security, legal and regulatory requirements imposed by the 2019 EBA Outsourcing Guidelines and the 2020 Guidelines on ICT and security risk management or legal acts like GDPR.