2nd Edition / July 2019

BrieFin Logo

#2 FinTech

Because of the self-confidence with which he had spoken, no one could tell whether what he said was very clever or very stupid”. Leo Tolstoy, War and Peace

As it is easy to mistake confidence for knowledge, we wish to acknowledge from the outset that, for this second edition of BrieFin we have chosen a topic complex enough to raise more questions than answers. FinTech, in fact, has become the buzzword in financial and banking regulation circles, but how much can be said with certainty is another matter.

Thus, our second number explores the fuzzy and uncertain frontiers between the present and the future of banking and financial regulation. In fact, FinTech and all the related burgeoning prefixes that are combined with the word “Tech”, suggest the pervasiveness of the topic and a clear need to understand these phenomena and their legal implications. Even if we cannot guarantee clear answers, the BrieFin initiative from the European Banking Institute (EBI), brings together the voices of academics, policy-makers, practitioners, and young researchers, and tries to ensure that at least the right questions are asked.

The advancement of Artificial Intelligence (AI), data companies, gamification, and crypto assets, just to mention some of the topics that are critically analysed in the present number, pose fundamental questions that go beyond mere regulator-industry dichotomies. In fact, technological developments question the very foundations of mankind and key relational aspects amongst human beings. And this ranges from very concrete issues, such as the bank-customer relationship and the impact of data-driven finance, to more philosophically-oriented ones, such as the uses and the limits to be imposed to technologies that could go beyond our imagination and human capabilities.

These questions about how to govern breakthrough technologies, when translated into legal concerns, can be answered in two broad ways. Either these technological features can be subsumed under existing legal categories by means of conceptual stretching and analogy or, on the other side of the spectrum, these novel elements cannot be interpreted through the current legal concepts and tools and, therefore, it is necessary to provide them with a fresh regulatory framework. The response in one way or the other will partly depend upon political and/or pragmatic considerations, but what we do know is that new technologies cannot be left without governing principles. Thus, it is fundamental to open spaces for debate and sharing of new ideas amongst different stakeholders. Without any intention of providing the reader with comprehensive answers, we hope to spark the EBI’s community curiosity on this fascinating and absolutely timing topic!

Table of Contents

1. The Comprehensive View

The Future of Data-Driven Finance: Building Better Financial Systems and Better Financial Regulation

Ross P Buckley

Douglas W Arner

Dirk A Zetzsche

2. The Practice View

Crypto Assets – Is National Bespoke Regulation Necessary?

Dr. Gabriele Apfelbacher

Dr. Valentin Pfisterer

3. The Regulators’ View

Regulating financial services in the age of FinTech

Diego Valiante

4. Young Researchers’ Reflections

4.1. Video-games in the hands of investment firms: An alternative way to assess the suitability of investors

Promitheas Peridis

4.2. Artificial Intelligence Meets Digital Finance in Unchartered Territory: How to Keep it Legal?

Tsany Ratna Dewi

4.3. Harnessing the Potential of SMEs Finance: A Glimpse into the European Crowdfunding Regime

Ana Odorović

FinTech Photo2 for Insights5


1. The Comprehensive View

Professors Ross P Buckley, Douglas W Arner, and Dirk A Zetzsche

The Future of Data-Driven Finance: Building Better Financial Systems and Better Financial Regulation

Banking has been an information business for many centuries. Fifty years ago, in most countries the local bank manager was embedded in the local community. The branch they managed was typically in a shopping centre or high street, and their advice on matters financial was free to, and typically valued by, their customers.

Responsibility for extending credit, within limits, often was vested in the manager and he, for it always was a ‘he’, used all the information at their disposal in making that decision. Information learned from the customer’s conduct of their account, and for small business owners the information to be learned from observing the number of people in their shop, right through to the customer’s general reputation and the village scuttlebutt.

Over recent decades the sources of information have tended to formalise. Banks extend credit today based on more rigorous analysis of all the information they gain from providing financial services to each customer, coupled to analysis of data acquired for this purpose from third parties.

But the core truth still holds that the party with the most, and most accurate, information about someone is the party best placed to price, and therefore extend, credit to them. What is changing is which party has that information. Historically, without doubt, it was a customer’s bank. Today it may well be a large tech or platform company. For this reason, Amazon, in a few short years, has risen to be the second largest provider of credit to Small and Medium Enterprises (SMEs) in the US and Ant Financial (the financial services subsidiary of Alibaba) is the second largest provider of consumer credit in China. Upon reflection, of course they are. Amazon is superbly placed to assess the creditworthiness of an SME, at least for those selling their wares through the Amazon website, as Amazon has a real-time data feed on their cash flow. Likewise, in China, where digital payments are now king, Ant Financial has the same information on potential SME borrowers that use both its payments platform and the Alibaba ecommerce platform.

The other critical distinction is that the tech and platform companies approach financial services with a data focus, not a customer relationship one. Traditional financial services companies, like banks, conceive of the customer relationship starting with a meeting across a counter and a customer completing a detailed statement of assets and liabilities, income and expenses. That perspective is embedded in the DNA of banks. But not data companies. Google, Amazon, Facebook or Apple in the US, or Tencent or Ant Financial in China, all start with what they already know about their customers, not with some relationship that requires initiation by the customer. We have explored these forces at work in finance in one of our earlier papers, here. The basis of efficient, broad-based financial services regimes is digital identity [which we have previously examined, here]. Such an identity is the foundational layer of India Stack – the farsighted, national program to provide digital identity to all Indians, based on biometric identifiers. And while this major initiative has attracted plenty of criticism for a wide range of reasons, most of the criticism arises from poor implementation and the sheer scale of the challenge of assembling fingerprints, iris scans, facial images, and other data (such as address, phone number, etc.) for over 1 billion Indians. The concept was, and is, the right one.

Likewise, the basis for China’s incredibly rapid move into electronics payments, facilitated mostly by WeChatPay and Alipay, has been the two proprietary digital identity regimes promulgated by these companies. What a grand irony, that one of the functions traditionally and most strongly associated with the sovereign, identity, should in modern day China be being provided by highly profitable private companies.

In Europe, eIDAS, lays a strong foundation for EU-wide recognition and usage of national sovereign digital identities for individuals and businesses. We see eIDAS as a critical piece of infrastructure for the future of data-driven finance in Europe. We discuss in our most recent paper how these elements of digital identity and open interoperable payments systems provide the rails for eKYC processes and for government-to-person frameworks of service delivery which are rapidly transforming finance in countries including China and India.

The contrast with Australia, Britain and the United States could not be more stark. As with the British and Americans, Australians do not have a national identity number or single, identification document. Australians, Brits and Americans have to use a bewilderingly diverse set of criteria to prove who they are in dealing with governments and banks, ranging from passports, drivers’ licenses, birth certificates, medicare / social security / national insurance numbers and credit cards, through, at times, to utility bills addressed to their current residence.

In all three places, governments of both major political persuasions have tried in the past to implement a national identity number and found it to be one of the best ways out of office.

In Australia, the government has been working towards a national digital identity framework for a couple of years, but of late progress has become glacial. Australia’s banks have ranked among the world’s most profitable in the decade since 2008. However, paradoxically, this track record of success does not necessarily position them well for the future. Instead, such a strong track record has given rise to resistance to government-mandated changes that in the medium-to-longer term will likely be necessary for the banks to flourish in the competition that data and tech companies are likely to provide. Instead of embracing change, the banks have tended to resist implementation of two other recent Australian initiatives -- the Open Banking regime and the New Payments Platform (a RTGS system for retail payments). Progress on these initiatives has been glacial. Indeed, given the current pace of climate change, in any race between Australia’s national identity framework, its New Payments Platform and its Open Banking regime and the proverbial glacier – we would be betting on the glacier.

In stark contrast, in Europe, it seems that regulatory initiatives implemented for separate reasons are interacting to lay the groundwork for the rapid growth in data-driven finance and in this uptake of RegTech. This is a paradox because detailed, rigorous regulation is not the usual tool of choice for preparing for the future. However, in another recent article, we argue that the combination of the extensive reporting requirements implemented in the wake of the 2008 crisis, namely AIFMD (2011/2013), CRRCRD IV (2013/2014), MiFID I/II/MiFFIR (2014/2018) and AMLD 5 (2018 / 2020) plus the open banking initiatives of PSD2, the data protection regime of GDPR and the EU-wide digital recognition of national identity schemes implemented by eIDAS, combine to lay a strong groundwork well adapted to underpin the rise of data-driven finance.

These four pivotal regulatory initiatives were implemented in Europe each for their own reasons. It is their interaction, and their tendency to support and reinforce each other, that provides a firm institutional framework upon which the data-driven finance of today in China, and of tomorrow in Europe and the rest of the world, can flourish. Europe’s regulatory initiatives are forcing its banks to become nimble with data, and to see and use it for what it is – their great source of comparative advantage. How clear this is, is revealed by the contrast with Australia, where highly profitable banks are each concerned with gaining market share from each other rather than focusing upon the real threat which comes from tech and data companies entering into financial services and doing much of the banks’ core lending business more cheaply and efficiently. This is not to say that suddenly Europe’s banks will become paragons of efficiency or competitiveness. However, this recent confluence of policy initiatives all undertaken for very good but independent reasons is forcing a process of digital financial transformation which is changing finance in Europe very rapidly – particularly in the context of RegTech use by both market participants as well as regulators – and which is being watched very closely by other countries around the world. Because every country in the world today is struggling with the implications of interaction of data, finance and their regulation.

BitCoin Photo for Insights BrieFin5

2. The Practice View

Dr. Gabriele Apfelbacher and Dr. Valentin Pfisterer, Cleary Gottlieb

Crypto Assets – Is National Bespoke Regulation Necessary?

“Crypto assets” has become a widely used term for a variety of financial assets and other rights that depend primarily on cryptography and Distributed Ledger Technology (DLT). Crypto assets are issued in the form of digital tokens (sometimes also called coins), i.e., entries in a decentralized system of electronic data bases, such as the blockchain, through initial coin offerings (ICOs) or otherwise. Most tokens so issued fall into one of the following three broad categories or a hybrid thereof: payment or currency tokens, such as, most famously, Bitcoin or comparable virtual currency tokens, security tokens representing investor rights similar to a traditional security and utility tokens representing the right to receive or use certain services or goods. It should be noted, however, that some participants in the crypto asset debate, including the European Central Bank (ECB), qualify as crypto assets only digital assets that are not and do not represent a financial claim on, or a financial liability of, any identifiable entity. Based on such definition, security tokens and also, depending on their structure, security-like utility tokens would not qualify as crypto assets. References to crypto assets in this article are not following this narrow approach, but are rather to digital assets more broadly, including securities and other financial instruments, and, thus, consistent with the use of the term crypto assets by the European Securities and Markets Authority (ESMA) and European Banking Authority (EBA).

As the number and volume of ICOs has increased in recent years, the call for the regulation of crypto assets has become louder – as has the question whether national bespoke regulation of crypto assets is necessary. Despite the 2018 Bitcoin frenzy which may be recurring in 2019, according to the ECB, overall volumes of crypto assets are still not big enough to be perceived as posing risks for financial stability in the Eurozone, monetary policy, or payment and markets infrastructures that would warrant regulation. Whether Libra, Facebook’s planned new cryptocurrency will change this assessment remains to be seen. At a minimum, monitoring of the further developments can be expected to be tightened. In any event, due to their often highly speculative nature, consumer protection concerns regarding crypto assets are real and have already materialized. The same is true for money laundering incidents. Therefore, the principal objectives of the regulation of crypto assets are easily identified at this stage: As much regulation as necessary to protect investors and the integrity of the financial and capital markets and prevent money laundering, as little regulation as possible to not hamper the further development of the technology and the industry that has the potential to increase the efficiency of capital raisings and financial intermediation, as well as the financial system as a whole. But the expectations of what crypto asset regulation should and can achieve goes far beyond that, depending on whom one asks – the crypto industry, governments or regulators. The crypto industry seeks first and foremost legal certainty, in particular in the areas that do not easily fall within the scope of the existing regulation, i.e., the utility tokens. And it looks for regulation that fully appreciates the technology and its benefits and is capable of translating this into appropriate regulation. For governments, the regulation of crypto assets also includes a competitive element. Among other things, they see a transparent and effective regulatory environment as a tool to building a reputation as a leading “blockchain-friendly” jurisdiction, becoming a hub for blockchain innovation and tapping the full potential of the blockchain technology and, ultimately, promoting a thriving crypto industry. Examples for the recognition of the economic factor represented by the crypto industry and related service providers as one of the motives for legislative action are ongoing and recently completed legislative initiatives covering ICOs and/or DLT-related activities more generally in Malta, Gibraltar, Liechtenstein, France and Switzerland. By contrast, regulators, such as the European Securities and Markets Authority (ESMA), take a more measured approach, seeing it as their responsibility to “remain objective, with an open mind but a critical eye.” Noting that bespoke regimes for crypto assets outside the existing rules would not provide a level playing field across the EU, ESMA’s January 2019 Advice called for an EU-wide approach for which it thought, however, the time was not yet ripe. Based on its narrow definition of crypto assets, the ECB recently concluded that except for anti-money laundering crypto assets and related activities are currently unregulated under EU law; as mentioned above, the ECB did not currently see a need for additional regulation.

Conceptually, there are three distinct ways how to deal with crypto assets from a regulatory point of view. First, treat crypto assets as securities or other financial instruments, where the crypto assets meet the corresponding requirements and otherwise subject them to general investment, anti-fraud and market integrity rules, such as anti-money laundering laws. Second, and partially overlapping with the first approach, adopt bespoke regulation applicable only to crypto assets that do not qualify as securities or financial instruments. Third, adopt a bespoke regulatory regime generally applicable to crypto assets.

Looking at Germany as an example, in the absence of specific legislation, Germany’s Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, “BaFin”), already in 2013, as a first major step, recognized Bitcoin as a unit of account (Rechnungseinheit) and, thus, a financial instrument within the meaning of the German Banking Act. As a consequence thereof, certain commercial activities relating to Bitcoin (and other virtual currencies), such as trading, brokerage, or dealing on own account, are subject to a license requirement, and engaging in such activities without a license may qualify as a crime. BaFin’s approach to qualify Bitcoin as a financial instrument based on an interpretation of existing legal concepts not designed for crypto assets raised questions as to BaFin’s authority to regulate Bitcoin. At least the Berlin Higher Regional Court (Kammergericht) held that it was outside BaFin’s responsibility to close perceived gaps in statutory law, at least if doing so resulted in the broadening of criminal liability. According to the court, the elements of a criminal law prohibition – in the case at hand, engaging in Bitcoin-related business without obtaining a license as an investment firm or bank, as the case may be - must be determined by the legislator, not by regulatory authorities like BaFin.

In February 2018, BaFin took the next step towards a regulation of certain crypto assets-related activities with its formal guidance (the “BaFin Guidance”) on the application of EU/German capital markets laws to tokens issued in ICOs. The BaFin Guidance is based on a broad definition of ICOs, at the outset covering the issuance of all types of tokens, including utility tokens and security tokens. BaFin established that it will assess on a case-by-case basis whether or not the tokens issued in an ICO qualify as securities or other financial instruments for purposes of EU and German capital markets laws. The public offering of tokens qualifying as securities will fall within the scope of the German Securities Prospectus Act (from July 21, 2019 replaced by the EU Prospectus Regulation) and be subject to a prospectus requirement. As far as the definition of securities is concerned, the BaFin Guidance refers to Art. 4 para. 1 no. 44 of MiFID II and Section 2 para 1 of the German Securities Trading Act (WpHG). Based thereon, the BaFin Guidance provides that in order to qualify as securities tokens must not be payment instruments and will “in particular” have to meet the following criteria: The tokens concerned must be transferable, negotiable in the financial or capital markets, including crypto currency trading platforms, and the tokens must represent corporate or contractual rights, or other rights comparable thereto. The BaFin Guidance also sets out that neither MiFID II nor the WpHG require that the tokens be represented by a physical certificate. Rather, it is sufficient that the owner of the token can be documented electronically, e.g., based on the DLT, blockchain or similar technology.

As the allegedly first public offering of digital bonds for which BaFin approved a securities prospectus in January 2019 shows, the BaFin Guidance works well from a capital markets law perspective for securities tokens representing contractual rights similar to conventional bonds. It is worth having a closer look at the German law-governed up to 100 million token-based subordinated bonds due 2029 of Bitbond Finance GmbH (Bitbond). While the tokens were issued by Bitbond against payment of the issue price in EUR or crypto currency (Bitcoin, Ether, or Stellar Lumens), pursuant to the terms and conditions of the bonds (T&Cs) repayment by Bitbond of the principal and payment of interest to the investors will be made in Stellar Lumens to the investors’ digital wallet. Based on the T&Cs, each bond and the investor’s rights thereunder are represented by a digital token issued to the investors in the offering. Each bondholder/owner of a token will be registered in a register on the Stellar Lumen blockchain (by means of an identification number comparable to an account number, also known as public key). The T&Cs provide that the bonds (including the investors’ rights thereunder) may only be transferred together with the token representing such bond. Any transfer of tokens will be registered on the Stellar Lumen blockchain for the benefit of the transferee (by means of transferee’s public key), reflecting the transferee’s ownership of the token and, correspondingly, the related bond. Pursuant to the T&Cs, bonds/tokens may not be transferred outside of the Stellar Lumen blockchain. The Bitbond bonds, thus, qualify as securities based on the criteria set forth in the BaFin Guidance and, as a consequence thereof, their public offering required a BaFin-approved securities prospectus.

From a legal advisors’ point of view, BaFin’s approach – both in the Bitbond case and in the BaFin Guidance – raises some questions, though. First, in a bold move, BaFin broadly recognized German law-governed all-digital securities, obviously for capital markets law purposes only. This is very interesting because, with certain limited exceptions, German civil law has not (yet) adopted the concept of fully dematerialized securities. In contrast, as a general rule, in order to be fungible and negotiable, German law-governed securities must be represented at least by a physical global certificate based on which deemed possession and, thus, bona fide acquisition of the securities represented by such certificate are possible. Although, admittedly, the qualification of financial instruments for capital markets law purposes has to be distinguished from their civil law qualification, fungibility and negotiability within the meaning of MiFID II and the WpHG cannot be separated from the question of whether and how a bona fide acquisition of securities is possible. In the case of tokens, the key issue is whether registration on the blockchain of ownership of a token is sufficient or whether registration in a separate register is required. Second, it is doubtful to what extent the BaFin Guidance was meant to address tokens that do not represent rights similar to conventional bonds, in particular utility tokens. While based on a literal reading all tokens that represent contractual rights or similar rights would be covered, which would also include utility tokens representing a contractual or similar right to the use or provision of services or goods. However, read in the context of the reference to the MiFID II and WpHG definitions of securities, “contractual rights” within the BaFin Guidance should be interpreted narrowly to mean typical bond-like rights, i.e., rights to receive payments or other financial assets based on standardized contractual terms similar to the rights of a bond creditor against the bond issuer (debtor).

In Germany, the discussion around the legal qualification of crypto assets has gained momentum: A draft bill (Referentenentwurf) of a law implementing the 5th Anti-Money Laundering Directive which was published only recently categorizes crypto assets as financial instruments for purposes of the German Banking Act, although leaving open the qualification of crypto assets as securities (for both capital markets and civil law purposes). Going forward, the discussion may eventually result in the long-awaited and much welcomed broad recognition of fully dematerialized securities. As the German Government’s April 2019 consultation paper “Key Considerations for the Treatment of Electronic Securities and Crypto Tokens” (“Key Considerations”) suggests, the Government is considering proposing legislation that would introduce a legal and regulatory framework allowing for the issuance of electronic securities, initially for debt instruments only, to be followed by legislation on electronic shares. The Key Considerations explicitly state that the proposed legislation would be technology neutral and not be limited to the blockchain technology. Rather, the Key Considerations advocate for the removal of the mandatory legal requirement for physical security certificates and the introduction of fully dematerialized electronic securities more broadly. Pursuant to the Key Considerations, however, the electronic securities would have to be registered in a government-operated or government-supervised electronic securities register. Unsurprisingly, the proposed requirement of such central securities register has stirred a vivid discussion among the crypto industry on the one hand and other interested parties on the other hand. Should the requirement for a government-operated or government-supervised central securities register become a legal requirement, the mere registration of the owner of a token on the blockchain would not be sufficient, unless such registration was government-supervised. Currently, the Bitbond bonds mentioned above would not meet this requirement.

Not unexpectedly, the Key Considerations at least also touch upon the potential regulation of utility tokens, although the Government does not yet seem fully decided what it wants to do: Either stay put and wait for legislative action at the EU level or, at least for a transitional period, adopt national bespoke regulation. Such regulation could include disclosure requirements for issuers of utility tokens, such as a publication of a BaFin-approved securities information document, similar to the information document currently required in connection with the issuance of securities with a total offer consideration between EUR 100,000 and 8 million. When addressing a potential necessity for national bespoke regulation of utility tokens, the Key Considerations do not deal with some twist resulting from securities law provisions contained in German civil law. At least from a civil law perspective, bonds may represent the right to receive any kind of performance from the issuer, be it a payment, an action or a service. From that point of view, certain utility tokens could actually be bonds, as long as they represent a contractual right against the issuer. That raises a much broader issue to what extent the concepts of securities for capital markets law purposes must be distinguished from securities for general civil law purposes.

That gets us back to our initial question of whether and to what extent bespoke national regulation of crypto assets is necessary or at least desirable. Well, in our view, it depends:

First, it depends on whether ESMA will make significant progress on the fostering of supervisory convergence in the field of financial innovation which it has identified as one of the priorities in its 2019 Supervisory Convergence Work Program. Should sharing views and experience among national regulators result in more consistent regulation and supervision of ICOs and crypto assets more generally, in particular the interpretation of what constitutes securities for purposes of capital markets law purposes, bespoke national regulation should not be necessary. Second, it depends on when ESMA thinks the time is ripe for EU level regulation of utility tokens that do not qualify as securities and whether the Commission will act upon it. The more national legislators and regulators see a necessity to adopt bespoke legislation in the field, the more fragmented the European market will become. Shouldn’t that be enough of a call for harmonized legislation?

FinTec Briefin4

3. The Regulators’ View

Diego Valiante, Bologna University [1]

Regulating financial services in the age of FinTech

New technologies are revolutionizing how financial services are provided to users across the world. Tangible changes continue to disrupt the payment service industry by lowering costs and increasing the competitive pressure on incumbents. Even more disruptive changes in securities issuance and settlement have been predicted for some years now, but very slowly being delivered by the Blockchain’s underlying Distributed Ledger Technology (DLT). The consensus-based infrastructure underlying the DLT creates opportunities for smart contracts to reduce transaction costs, including litigation costs. Artificial intelligence (AI) and cloud computing are also disrupting the provision of investment services and insurance, among others, via new advisory tools. The result is, on the one hand, an increasing pressure on margins through greater competition and, on the other hand, the gradual move from competition among specialised financial firms to a competitive landscape where financial groups increasingly struggle against BigTechs, which are able to capitalise on the competitive advantage that big data and a larger scope of commercial activities produce. As it is happening in small markets, like crowd-investing and peer-to-peer lending, financial services will be increasingly provided by one-stop-shop platforms that will be able to offer multiple funding tools, from equity and corporate bond issuance to loans. The recent move by Facebook, with the launch of Libra, is also a first step in that direction. The growth of Initial Coin Offerings (ICOs) has also showed that the widespread tokenisation of securities issuance is not so far down the road.

The opportunities brought about by financial technologies cannot be a call for complacency of both supervisors and regulators. Many concerns are still hanging over these new technological developments. Among those, the concentration and related operational challenges that come with the one-stop-shop platforms offered by BigTechs create significant idiosyncratic risks (such as cybersecurity or scalability issues). For instance, the new Facebook Libra claims that will serve 2.8 billion network users with a permissioned DLT network that will be able to process 1,000 transaction per second. Assuming that 1,000 transaction per second would be enough in all circumstances for so many potential users, this claim does not match a reality in which (permissionless) DLT networks out there are currently able to process a few dozen transactions per second. For means of payment, scalability may become a serious issue that may lead to a ‘run-like’ event in a crisis situation. Challenges also arise on how effective monetary policies will be in a context with limited control over the monetary base. Moreover, fraud and money laundering risks are very high with tokenisation of digital assets that are a replication of investment-like instruments (like shares), but with no rights attached and often issued directly by individuals, so making it harder to identify the liable person. More work needs to be done to identify the real gatekeepers, such as the platforms that convert virtual into fiat currencies, which should bear the burden of key anti-money laundering checks. The integration of internet-based services in the whole financial services value chain also raises concerns that cyber-attacks can produce widespread damages and thus destabilise the financial system.

When it comes to regulating financial services, national and international regulators and organisation (like the FSB, IOSCO and the European Commission) have taken a very prudent approach, by trying to first understand the nature of the change and thereupon to check how equipped is the current regulatory framework to face it. In some cases, especially at early stages, some regulators have been using sandboxes, with limited or no licensing requirements but with a strictly monitored perimeter of activities, to understand how these services/instruments are deployed on the market and spot potential regulatory loopholes. The European Commission, in its first consultation on FinTech, expressed a clear view that financial services legislation should be technology neutral and proportionate.[2] As EU financial services legislation is mostly activity-based, an approach based purely on how this activity or service is delivered would be altering this (fragile) harmony. Meanwhile, the European Securities and Markets Authority (ESMA) has highlighted the importance of distinguishing between digital assets that are payment and investment-like, which are mostly falling under the current legislative framework in some way, from other digital assets (like utility-like and some dispersed virtual currencies) that are not currently covered by a comprehensive framework. Nonetheless, the definition of transferable security in Europe remains a national prerogative, so the end result may vary significantly across Member States. Complexity also arises in regulating diffused virtual currencies, like Bitcoin and potentially the newcomer Libra. If not captured as financial or money market instruments, the closest definition in EU regulation for virtual currency could be e-money, but some may argue that the storage of value function foreseen in article 2.2 of Directive 2009/110/EC is not necessarily met, if we consider how volatile Bitcoin has been in recent years and how Libra plans to reinvest money in short-term assets and other currencies. According to the Securities and Exchange Commission (SEC), while diffused cryptocurrencies, like Bitcoin and Ether, fail the ‘Howey test’ mostly because of the lack of expectations of a financial return, many cryptocurrencies are now considered securities in the US. But new case law may reopen this discussion at some point. This new financial services infrastructure also makes some legal requirements not applicable at all and may call for new regulatory requirements, such as in the case of settlement finality in relation to the transfer of tokens of ICOs, or potential safekeeping obligations on providers of digital wallets for DLT networks, where only one key to access the asset is available and held by the ultimate beneficiary on his/her own laptop. In particular, several organisational requirements, including some in the Markets in Financial Instruments Directive, would probably need re-calibration to fit new modalities on how financial instruments, means of payments, and investment services (among other) are being offered/provided.

To conclude, regulators across the world are facing a daunting task in regulating new complex areas, like DLT-based financial services or AI in investment advice. Considering the high risk of circumvention, regulators across the world need to work together to find common grounds as we further move into the unknown.

[1] The views expressed in this contribution are personal and do not represent the views of the European Commission to which the author is also affiliated.

[2] See European Commission, Consultation Document on FinTech: a more competitive and innovative European financial sector, April 2017, see https://ec.europa.eu/info/sites/info/files/2017-fintech-consultation-document_en_0.pdf

4. Young Researchers’ Reflections

Promitheas Peridis, EBI YRG Member

PhD Candidate, European University Institute

Video-games in the hands of investment firms: An alternative way to assess the suitability of investors [1]

The evaluation of the investors’ preferences is a cornerstone for investor protection in the MiFID II regime. Investment firms which provide investment advice or portfolio management must provide suitable personal recommendation to their clients or have to make suitable investment decisions on their behalf.[2]

The assessment of suitability or in other words the investor risk profiling is the procedure to identify the investment targets, liquidity needs, time horizon, knowledge, risk aversion, financial situation, and experience of potential investors. The two elements of the investors’ risk profile are the risk capacity and the risk aversion. The level of risk an investor is able to take constitutes the risk capacity, whereas the investor’s willingness to take on financial risk and the emotional ‘pain’ the investor experiences when faced with financial loss comprises the risk aversion. The current methodology to evaluate the suitability of investors is through quantitative and qualitative questionnaires. These questionnaires are using the concepts and elements of traditional finance, meaning the classical decision making as it was expressed in the modern portfolio theory of Markowitz, and the capital asset pricing model (CAPM).The Modern Portfolio Theory and the CAPM assume that all investors are risk averse, mean variance[3] optimizers who always make the right and rational decision to maximize their utility and wealth (expected utility theory).[4] Thus, the aim of these questionnaires is to assess the risk profile of the investors and more specifically their risk aversion and risk capacity, meaning their willingness to take risk and their tolerance against risk in order to maximize their wealth.

A new way to assess the suitability of investors is through Fintech and more particularly through gamification i.e. video-games. A few games created by start-ups[5] are trying to assess the risk profile of each investor by using behavioural finance and by implementing the prospect theory in video games. In contrast with traditional modern portfolio theory and CAPM, behavioural finance assumes that investors act irrational because of emotional and psychological biases which affect them.[6] Prospect theory of Kahneman and Tversky,[7] the “fathers” of behavioral finance, claims that investors are loss-averse instead of risk-averse and that their investment decisions come mostly from their experiences, the environment that surrounds them, and their genetic predisposition towards risk.[8] According to this assumption, the traditional questionnaires are not effective to assess the suitability of investors. Instead, behavioural finance implemented in video games can be used in the suitability assessment.

In particular, the games guide investors through a series of choices in different scenarios. Each scenario presents different risk/reward options and the graphic format is designed to help the investor to understand the potential result of her/his choice i.e. her/his gains or losses. Three metrics are used to assess each investor: a) appetite for gains; b) loss aversion; c) optimism. The scenarios reflect real life investment choices and the information gathered can create a psychological profile of the investor. The scenarios and choice are not predetermined, i.e. each choice creates a sequence with the following choices and scenarios.[9]

To conclude, complying with the MiFID II requirements, especially when it comes to suitability of investors, is not an easy task for the majority of the investment banks and investment firms. The traditional questionnaires are outdated, misleading, confusing and do not take under consideration the biases of investors. Video games can improve the process of suitability assessment. However, it is a new method and their effectiveness must be proven. The use of both traditional and Fintech method alongside for a period of time is necessary to strengthen the trust of investors to Fintech and to ensure the proper use of them by investment banks and firms.

[1] Based on the article: Promitheas Peridis, “Gaming in investment banking: Testing the risk appetite of investors”, Thinking Ahead.

[2] ESMA, “Guidelines on certain aspects of the MiFID II suitability requirements”, May 2018, 2.

[3] Mean Variance analysis, is the method to weight risk against expected return. This statistical method gives investors the opportunity to evaluate and decide on investments with higher risk and higher rewards and investments with lower risk and lower returns. See: Investopedia.

[4] Markowitz Harry, “Portfolio Selection”.

[5] Check “Neuroprofiler”.

[6] Hodnett Kathleen and Hsieh Heng-Hsien, “Capital Markets Theories", 849-862 at 851.

[7] Kahneman Daniel and Tversky Amos, “Prospect Theory”: pp.263-291, at 263ff.

[8] Klement, J., and R.E. Miranda. “Kicking the Habit: How Experience Determines Financial Risk Preferences.”; Barnea, A., H. Cronqvist, and S. Siegel. “Nature or Nurture: What Determines Investor Behavior?”; Cesarini, D., M. Johannesson, P. Lichtenstein, O. Sandewall, and B. Wallace. “Genetic Variation in Financial Decision Making.”

[9] The Horizontal Trackers, Gaming your way to better investor profiling.


Tsany Ratna Dewi, EBI YRG Member

Doctoral Researcher; University of Luxembourg,

Faculty of Law, Economics and Finance.

Artificial Intelligence Meets Digital Finance in Unchartered Territory: How to Keep it Legal?

Artificial Intelligence (AI) technology poses a major challenge as it evolves from an agent that models reality to one that alters such reality. The Turing Test has had enormous effects on society and represented a turning point in the history of AI given the potentiality of AI to imitate human intelligence. It enables software and computer programmes carrying out a complex series of actions in unstructured environments, to automatically imitate human’s tasks in a diversity of fields ranging from medicine to more disputable practices in defense system, as in the case of fully autonomous weapons for modern warfare. Such cognitive computing growth has had major implications for the financial system as well. It influences digital financial services from payment, lending, investment to insurance. Whether AI would be able to outsmart humans is no longer a question, and this can be already seen in the financial world. AI derives Robotic Process Automation (RPA) and disrupts the traditional ways in which finance has been handled and practiced in the banking system for hundreds of years. It facilitates, for instance, algorithmic trading and algorithmic advising as part of a much broader development, by which it has enhanced efficiency in light of decreasing costs and human errors, improving productivity and providing a higher degree of transparency and accuracy.

The fact that ‘superintelligence’ AI –as described by Philosopher Nick Bostrom– works relentlessly, might exacerbate any perils attributed to it, if it works beyond our needs. Indeed, AI operates in unchartered territory in the field of digital finance. In all human-AI agent interaction, there is always the potential that AI agent may harm or mislead people. The next fundamental questions are: How can we keep AI legal?; Are we fully in control of the technology we have created?; Which are in fact the moral and ethical implications of AI? It is also questionable whether AI can meet the existing fiduciary and suitability duties. The conflict can be summarized as to who can be held responsible for any type of damages. The complexity of the internal work of AI and how it performs human-AI agent interaction are a clear call for a more advanced regulation, especially when the fully autonomous, independent, self-aware AI agent comes into place, in line with Hans Moravec’s projection that this will appear in 2020–2030+. There are in fact a wide range of possible solutions, from (1) applying a regime with no liability, (2) considering AI as a quasi-person as in the case of corporations, (3) granting AI personhood as if it were a natural legal person, (4) holding AI agent owners responsible for their AI agents’ actions such as the case of pet owners, or finally (5) disseminating the cost of damage by appointing a third party like insurance companies that pay for the damage.

Providing AI with a legal framework in digital finance is a core concern that goes beyond the regulation of punishment. Punishment’s aim is that of creating deterrent effects or correcting behavior. AI will not have enough self-conscience neither to comprehend the punishment nor to correct misdemeanors. For now, the existing AI technology is not likely to be adequately autonomous and self-aware to understand the legal sanctions and the implications that they are morally blameworthy if they engage in prohibited disruptive financial practices. We need to take this discussion seriously, as the technology is around the corner, ready to be used. In this sense, we need to reflect upon and ask ourselves what the impact of these advancements for mankind is. Human beings’ task today is no longer answering questions only. Machines can supersede humans taking over that task, as in the case of search engines that provide a never-ending list of possible answers, although not yet to the point of defining the right one. The essence of human’s task today is most importantly to cultivate good questions, as they oftentimes count more than the answer, in order to ignite cognizance. The problem is not to answer whether an AI agent shall be granted a personhood before the law, but rather how far are we willing to accommodate the advancement of the intelligence copy that we create. At least for now, before the self-autonomous AI comes to our living sphere, these questions are fundamental in order to start developing the necessary tools and regulation.

Crowdfunding BrieFin6

Ana Odorović, EBI YRG Member

PhD candidate, Graduate School in Law and Economics,

University of Hamburg

Harnessing the Potential of SMEs Finance: A Glimpse into the European Crowdfunding Regime

After several years of two-digit annual growth of crowdfunding across different jurisdictions, the European legislator began a process of establishing a pan-European regulatory regime in March 2018. Such an initiative was explicitly envisaged by the European Commission's FinTech Action Plan and feeds into the goals of the European Capital Markets Union. In the view of major stakeholders, the disparity in national regulations has kept crowdfunding mainly as a national affair for too long, while the crowdfunding market has matured enough to grasp where the key risks lie. The Regulation on European Crowdfunding Service Providers is expected to provide robust investor protection while at the same time enabling platforms to cater to clients in different countries holding a single license and adhering to a unique set of rules. The ultimate goal is to enable small and innovative firms to raise funds cross-border more effectively, which has been far from trivial in the last decade. As such crowdfunding holds promise to become an important alternative to traditional ways of financing SMEs.

The Proposal for a Regulation of the European Commission, currently discussed by the European Parliament and the European Council, is an attempt to find a common ground between national regulators who hold different views on where the golden middle lies between a sound regulatory regime and stifling innovation by burdensome rules. While disparities in the implementation of existing European directives have led to the fragmentation of the crowdfunding regime in the first place, the need to scale up regulatory compliance leaves limited room for opt-out provisions and partial harmonization in case of the European Crowdfunding Regime. The passporting regime envisaged by the European Commission’s Proposal prohibits individual member states to add regulatory requirements for platforms authorized as European Crowdfunding Service Providers, creating a level playing field between platforms operating in different states and curtailing regulatory arbitrage. However, as a compromise, the Commission’s Proposal also allows for coexistence of national regulatory regimes for platforms wishing to stay with the existing regime and operate merely in one country.

The proposed Regulation foresees a number of unique solutions while at the same time leaving a few pertaining issues subject to further debate, which I will illustrate in a non-exhaustive manner. The European Commission embraced the view that future Regulation should focus more on status and behavior of crowdfunding intermediaries rather than fundraising firms. This approach has allowed developing one unique regulatory regime for both lending-based crowdfunding for businesses (known as P2P business lending) and investment-based crowdfunding, despite the fact that the risk-return profile of the two types often differs substantially. While the blurry line of distinction between some debt and equity instruments justifies equal regulatory treatment, it is somehow surprising that P2P consumer lending, whose business model is often more aligned with P2P business lending than equity crowdfunding, remains outside the scope of the proposed Regulation.

The key aspect of investor protection under the proposed Regulation is a high level of transparency in order to attenuate information asymmetry inherent in all financial markets. Given that investors have imperfect information about both the quality of projects seeking funding and the quality of platforms’ services, the Proposal sets out distinctive transparency rules for project owners and platforms. Most importantly, instead of costly prospectus requirements, project owners have to provide investors with a simplified Key Investor Information Sheet to enable them to make sound and informed investment decisions. One of the crucial discussions is about what should be the investment threshold that triggers the exemption from prospectus requirements. In addition, another important debate is whether the role of platforms should be limited to ensuring clarity and completeness of the information provided by project owners, or whether platforms should also be held liable for the truthfulness of information as part of the due diligence process.

Besides project-specific transparency, the European Commission is concerned that retail investors do not understand the nature of crowdfunding investments and risks they entail. For this reason, the Proposal foresees an ‘appropriateness test’ (a concept also known under MiFID (II)) as part of investors’ ‘onboarding procedure’. Seemingly justified, such a solution is an attempt to circumvent a more burdensome ‘suitability test’, which would imply that a platform estimates the financial situation of its clients and their ability to bear losses associated with crowdfunding investments.

A number of provisions refer to business requirements for platforms with the aim of ensuring, among others, the impartiality before and continuity of business after the completion of a campaign. Given that platforms do not take any risk on their balance sheet, the European Commission deemed capital requirements redundant in case of crowdfunding, thus, leading to a sizable reduction of costs of market entry. In contrast, much debate revolves around conflict of interest rules. An open question is whether a financial stake in projects offered on a platform should be forbidden or merely disclosed to potential investors.

These are a few issues currently discussed among various stakeholders in the crowdfunding ecosystem. What seems to be a critical point often neglected in different debates, is the underlying role of platforms across different business models. In instances in which platforms have more discretion in executing orders of their clients, such as with automatic bidding in case of lending models, both platform’s transparency and conduct rules should be stricter in comparison with situations in which the decision on where to invest entirely lies with the investor. A nuanced rather than a uniform approach seems to better capture different risks posed by various crowdfunding models.

As may be concluded from the above, a number of open questions remaining should not hold back any further a long-awaited pan-European regulatory regime which promises to bring much legal clarity and further legitimize the crowdfunding among European investors.


D. Ramos Muñoz, E. Leone, T. Gstaedtner, E. Wymeersch, B. Joosen, B. Clarke, M. Lamandini, T. Tröger


C. del Barrio (coordinator), J. Tegelaar, K. Parchimowicz, M. A. Barata, T. Ratna Dewi



The European Banking Institute based in Frankfurt is an international centre for banking studies resulting from the joint venture of Europe’s preeminent academic institutions which have decided to share and coordinate their commitments and structure their research activities in order to provide the highest quality legal, economic and accounting studies in the field of banking regulation, banking supervision and banking resolution in Europe. The European Banking Institute is structured to promote the dialogue between scholars, regulators, supervisors, industry representatives and advisors in relation to issues concerning the regulation and supervision of financial institutions and financial markets from a legal, economic and any other related viewpoint.


Academic Members of EBI: Universiteit van Amsterdam, Universiteit Antwerpen, University of Piraeus, Alma Mater Studiorum – Università di Bologna, Academia de Studii Economice din București, Universität Bonn, Trinity College Dublin, Goethe-Universität, Universiteit Gent, University of Helsinki, Universiteit Leiden, KU Leuven University, Universidade Católica Portuguesa, Universidade de Lisboa, University of Ljubljana, Queen Mary University of London, Université du Luxembourg,Universidad Autónoma Madrid, Universidad Complutense de Madrid/CUNEF, Johannes Gutenberg University Mainz, University of Malta, Università Cattolica del Sacro Cuore, University of Cyprus, Radboud Universiteit, Université Panthéon-Sorbonne (Paris1), Université Panthéon-Assas (Paris 2), University of Stockholm, University of Tartu, University of Wroclaw, University of Zurich.



European Banking Institute e.V.

TechQuartier (POLLUX)

Platz der Einheit 2

60327 Frankfurt am Main





This e-mail has been sent to claudia.collins@ebi-europa.eu, click here to unsubscribe.