European Banking Authority’s EU-wide report suggests reconciling national authorities’ procedures in relation to regulating Fintech


On 19 July 2019, the European Banking Authority (EBA) published a report on its analysis of the regulatory framework in the EU for FinTech companies. The report reveals that little legislative activity has been undertaken at a national level to expand the remit of competent authorities (CAs) to regulate FinTech and that there are divergent national practices in relation to authorising FinTech firms.

The EBA’s report mainly focuses on three areas: the regulatory status of FinTech regulations across the EU, the development in national legislation in relation to FinTech companies, and the authorisation procedures followed by national competent authorities (CAs).

EU-wide regulatory status of FinTech firms

Since the entry into force of the Payment Service Directive 2 (PSD2), payment initiation service providers have been brought within the scope of this directive. The EBA report reveals that the activities and services currently not subject to regulation are ancillary to the financial market or relate to non-financial aspects of the industry, such as tech support, IT solutions, online payments, RegTech services and technological services for ‘big data analytics’ firms, thus concluding that such legislative gap does not pose considerable danger to the EU financial market.

The report further reveals that crypto-asset related activities, crowdfunding services and peer-to-peer lending are also out of the scope of the PSD2, but a more detailed legal framework for them is expected to be implemented in the future.

National regulatory status of FinTech firms

The findings show that there is little enacted national legislation expanding the scope of activity of local CAs. The report illustrates that in the EU only Malta has adopted specific FinTech legislation increasing the ambit of competent authorities in relation to crypto-assets. Additionally, one other EU member state has legislation pending that would extend the CA’s regulatory reach for crowdfunding service operators.

Authorisation procedures for banking and payment services

The EBA reported a consensus among CAs that the PSD2 incorporates the principles of proportionality and flexibility. This materialises in a risk-based approach that allows assessment to be calibrated on the basis of an applicant's institution’s size and complexity, organisational structure, the nature, scale and complexity of the services provided, and the planned risk and turnover. Furthermore, each CA can attach conditions, limitations and restrictions to authorisation, adding to the flexibility of the current legal framework.

The EBA report notes, however, that CAs in different countries have different ways of applying this flexibility, which could potentially create an unlevelled playing field. The EBA suggests further work to ensure the convergence of practices, and notes that Directive 2019/878 mandates the EBA to develop guidelines that – when issued in the future – could include a common assessment methodology for granting authorisations.

For more information on the implementation of PSD2 in Bulgaria, please see:

For further information on this topic, call or email your usual CMS contact or our local CMS expert Ivan Gergov, Attorney-at-law, CMS Sofia.