How EU Regulations Are Driving Digitisation in Light of the Pandemic
Like many industries, the financial services sector has had to adapt significantly to the unique challenges brought by the pandemic. Lockdowns and social distancing measures continue to force branches to close or offer reduced in-person services, so banks and financial institutions have had no choice but to re-think how they operate.
This ongoing disruption, coupled with changing consumer behaviour characterised by the growing preference toward mobile and online services, is driving regulatory changes that are shaping the future of finance.
While this is happening to varying degrees in regions and countries around the world, there are local nuances to consider. This is particularly true in the United Kingdom, where speculation is rife around what the future will hold for the UK following its departure from the EU and the impact this will have on financial services.
As one of the world’s leading financial centres, the UK is well-positioned to keep pace with changes in the industry. But in terms of regulations, there are still several questions around how the UK will adapt, what legislation it will adopt or modify, and what impact this may have on the wider EU region.
The Payment Service Directive 2 (PSD2) has been a linchpin of European financial regulations since its introduction in 2018, increasing security for online transactions and encouraging more competition through open banking.
The transition period ended on 1st January 2021 and enforcement of PSD2’s Strong Customer Authentication requirements for merchants will take effect at different times. The EU’s deadline is on 1st January 2021 while the UK’s is on 14th September 2021, which will no doubt cause a great deal of confusion for consumers.
In the case of a no-deal Brexit, a draft version of the UK Financial Conduct Authority’s (FCA) Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Open Standards of Communication indicates that the UK regulators would continue to accept the EU’s eIDAS certificates (or electronic Identification, Authentication and Trust Services) for authenticating third party providers to banks. However, the document also recognises that UK entities may require alternative methods, suggesting that both routes are still on the table.
Discussions are still ongoing, but time is running out. As security is a key component of the directive, mandating the use of transaction risk analytics and replication protection in mobile apps, any new UK specific variant will have to ensure that consumers remain protected and banks can still offer fully seamless digital experiences.
Driving digital identities
Some of the biggest regulatory developments throughout 2020 have come in the area of identity verification, with COVID-19 accelerating digitisation initiatives and investment. As an increasing number of customers are either reluctant or unable to visit a bank branch, fully digital and seamless identity verification has become a key requirement for remote account opening and onboarding.
This is an area where regulations – such as Know Your Customer (KYC) – play a key role, and where authorities have had to move quickly. For example, in response to the pandemic, the UK FCA issued guidance on digital identity verification permitting retail financial firms to accept scanned documentation sent via email and ‘selfies’ to verify identities.
This was supplemented by a 12-month document checking service pilot launched by the UK Government in the summer. Participating private sector firms can digitally check an individual’s passport data against the government database to verify their identity and help prevent crime.
And this is just the beginning. There are plans for private-sector identity proofing requirements and work being done to update existing identity-checking laws to become more comprehensive. Perhaps most significantly, the UK government plans to develop six guiding principles to frame digital identity delivery and policy: privacy, transparency, inclusivity, interoperability, proportionality, and good governance.
This all points towards a financial future that will be driven by digital identities. With customer behaviour likely changed forever, digital identity verification will be essential to improving the remote onboarding experience, while also minimising the threat of fraud and account takeover attacks.
The evolution of AML
Anti-money laundering (AML) legislation is also set to progress in the future, driven largely by an increasing focus on cryptocurrencies. Digital currencies are currently garnering plenty of attention from European regulators, as illustrated by the introduction of the 5th Anti-Money Laundering Directive (AMLD5).
EU member states were required to transpose AMLD5 into national law by the beginning of the year, with the goal of preventing the use of the financial system for money laundering or terrorist financing. One of the directive’s key provisions focuses on restricting the anonymous use of digital currencies and, as such, it now applies to both virtual cryptocurrency exchanges (VCEPs) and custodian wallet providers (CWPs).
VCEPs and CWPs that were previously unregulated must now follow the same rules as any other financial institution, which includes mandatory identity checks for new customers.
With the role of cryptocurrencies in our financial system expected to increase significantly over the coming years, we can expect European regulations to continue in this vein – particularly in a leading FinTech nation like the UK. It’s well known that digital currencies have – in their relatively short history – been used for illegal activities, so building trust in the technology through compliance will be a key focus for regulatory bodies in the future.
2020 has certainly been a year of upheaval for financial services regulations and we can expect this trend to continue into the new year. With digitisation in the industry evolving at a rapid rate, governments and lawmakers will have to work hard to keep pace. As the EU and the UK have shown, the future of finance will have plenty to offer.
This article, written by Frederik Mennes, Director of Product Security at OneSpan, was first published in the April 2021 issue of Finance Monthly Magazine.