France has the world’s seventh-wealthiest economy1 and is a leading European fintech hub, with a startup-friendly President and USD $5.2 billion raised in venture capital funding in 2020.2 Although the COVID-19 pandemic uncovered vulnerabilities in French cybersecurity and financial stability, France remains undeterred in its ambition to become a global leader in disruptive technologies and digital transformation.
The pandemic drove the French economy into a deep recession in 2020, with a GDP contraction of 8.3%.3 Meanwhile, a surge in cyberattacks targeted French institutions, including 27 hospitals,4 and large-scale attacks on critical businesses soared by 400% from 2019.5 Despite this grim landscape, the economy is projected to grow by 5.8% in 2021 and 4.0% in 2022,6 and shifting consumer habits will fuel digitalization efforts and further develop the French fintech ecosystem.
A traditional affinity for cash lost ground amidst the pandemic as the French turned towards digital payments solutions, and the government is looking to invest more in R&D and startups. France is set to receive EUR 40.9 billion (approximately USD $48.6 billion) from the EU’s Recovery and Resilience Facility and has allocated 25% of these funds towards digitalization.7 Its France Relance plan emphasizes digital transformation and support for startups, with a grounding in technological sovereignty, simplified digital regulations and accelerated innovation.
Alongside its pandemic-recovery goals, France’s 2021 digital agenda focuses on AML/CFT, multiple central bank digital currency experiments, strengthening the regulation of virtual assets and bolstering competition and compliance in the payment services industry.
Financial Regulatory Authorities
Central Bank: The Bank of France (Banque de France) is the independently run central bank of France. The Bank oversees multiple government and public accounts as well as public securities auctions of the European Central Bank. The Bank is a member of the Eurosystem of central banks. The Observatory for the Security of Payment Means is a unit operating under the Bank of France.
The French Data Protection Authority (Commission nationale de l'informatique et des libertés, CNIL) is the authority responsible for the protection of data.
The French Financial Markets Regulator (Autorité des marchés financiers, AMF) is an independent public authority regulating the French financial marketplace and its participants.
Other Regulatory Authorities
The French Prudential Supervision and Resolution Authority (Autorité de contrôle prudentiel et de résolution, ACPR) is an independent arm of the Bank of France that supervises banks and insurance companies in the country. The ACPR is composed of three main committees:; the Supervisory College, the Resolution College and the Sanctions Committee, in addition to several consultative bodies.
The Ministry of the Economy and Finance (Agence française de développement, AFD), informally known as Bercy, performs multiple functions related to the growth and stability of the country’s economy. Primarily, the Ministry drafts taxation laws, oversees national funds, and develops regulations supervising the public and private sectors.
The French Competition Authority (Autorité de la concurrence) is the national competition regulator of France and an independent administrative authority. The agency’s main purpose is to counteract anti-competitive practices in private markets. The National Commission on Informatics and Liberty (CNIL) is the national data protection authority in France.
The National Information Systems Security Agency (Agence nationale de la sécurité des systèmes d'information, ANSSI) is the national computer security agency of France operating under the Secretariat-General for national Defense and Security (SGDSN). Both agencies help the Prime Minister carry out defense and national security responsibilities.
The French Anticorruption Agency (Agence française anticorruption, AFA) is the national agency responsible for detecting and preventing corruption.
The Intelligence Processing and Action against Illicit Financial Networks Unit (TRACFIN), housed in the Ministry of the Economy and Finance, combats money laundering and the financing of terrorism.
Policy, Laws and Regulations
France-Singapore Partnership on Cross-Border CBDC Trial, 08 July 2021
The central banks of France and Singapore announced that they had successfully undertaken a CBDC-based cross-border payment experiment using JP Morgan’s Onyx blockchain unit. The experiment simulated transactions with digital euro and Singapore dollar CBDCs on a common network and employed automated market-making and liquidity management capacities.8 As Valérie Fasquelle, Director of Infrastructures, Innovation and Payments at Banque de France explained, “By experimenting the circulation of EUR CBDC in a shared corridor network, the MAS and the Banque de France tested the possibility to provide a link with other CBDCs all over the world. It is an opportunity to construct arrangements for multiple CBDCs models, improving cross-border payments and increasing harmonisation of post-trade procedures.”9 Cross-border payments are currently slow and expensive, and they rely on intermediary correspondent banks, which presents friction such as KYC requirements.
Also on 08 July 2021, Banque de France issued a press release outlining a successful experiment conducted in partnership with the Tunisian central bank, Banque Centrale de Tunisie. The investigation successfully completed wire transfers between French and Tunisian commercial banks utilizing a blockchain-based wholesale CBDC.10
On 06 June 2021, Banque de France, the Swiss National Bank and the Bank for International Settlements (BIS) Innovation Hub announced that they planned on conducting an investigation—called Project Jura—into cross-border settlements using wholesale CBDCs. The banks have partnered with Accenture, Credit Suisse, Natixis, R3, SIX Digital Exchange and UBS in executing the project. The experiment will involve a euro CBDC, a Swiss franc CBDC and a French digital financial instrument on a distributed ledger technology (DLT) platform.
CBDC Experiment on the Settlement of Listed Securities, 18 June 2021
The central bank—in partnership with SEBA Bank, Banque Internationale à Luxembourg and Luxembourg central securities depository LuxCSD—successfully conducted an experiment on CBDC and the settlement of listed securities. The experiment involved the simulated issuance of CBDC on a public blockchain, employing a smart contract to trigger the delivery of the securities. The trial comes on the heels of a third successful experiment on CBDC and interbank settlements.
On 28 April 2021, a collaboration between the Bank of France, European Investment Bank (EIB) and Société Générale – FORGE successfully conducted its third experiment testing a blockchain-based interbank settlement. The experiment centered on investor subscription to EUR 100 million in EIB-issued digital bonds, with cash settlements represented by a blockchain-issued CBDC. A Bank of France press release states, “From a technological standpoint, the experiment required the development and deployment of smart contracts under secured conditions, so that the Banque de France could issue and control the circulation of CBDC tokens and so that CBDC transfer occurred simultaneously with the delivery of securities tokens to the investors’ portfolio, in a Delivery versus Payment.”
France has been a major proponent of the adoption of a digital euro, especially as tech giants’ payments solutions threaten monetary sovereignty. French Finance Minister Bruno Le Maire adamantly opposed the advent of Facebook’s Libra digital currency, now known as Diem, pointing to its “systemic risk” and “danger to consumers.”11 The central bank plans on continuing its experimentation on the uses of central bank digital currency in interbank settlements.
Data Protection Authority Publishes Annual Report 2020, 18 May 2021
The Data Protection Authority (CNIL) published its annual report for 2020, which provides an overview of regulatory changes and its supervisory activities. Major themes include enhanced cooperation with other European authorities, data protection and the future of payments. Cash use has declined with the advent of digital payments solutions, and the CNIL believes this trend will accelerate as new technologies emerge. This rapidly evolving landscape has required the authority to consider implications for data protection and increased means of committing fraud. The CNIL plans on releasing a white paper in 2021 that will open a public consultation on compliance rules and guidelines for various actors in the payments sector. Its ultimate goal is to ensure GDPR compliance and increased user awareness of risk.
Decree on Strengthening the AML/CFT Framework Regarding the Anonymity of Virtual Assets, 02 April 2021
The French Ministry of the Economy and Finance’s Decree No. 2021-387 of April 2, 2021 relating to the fight against anonymity of virtual assets and strengthening the national system for the fight against money laundering and the financing of terrorism was issued. The decree builds upon and applies Ordinance No. 2020-1342 of November 4, 2020 strengthening the mechanism for freezing assets and prohibiting their provision. In bolstering the AML/CFT framework, the decree aims to tamp down on the use of anonymous digital assets in illegal activity by expanding the scope of customer due diligence requirements. The decree modifies KYC measures for payment and e-money institutions and requires digital assets services providers (DASPs) to identify customers in advance of a transaction. E-money issuers are required to conduct customer due diligence when e-money is utilized in the purchase of digital assets, and thus anonymous e-money is prohibited in such sales.
France’s regulatory action was likely spearheaded by the Financial Action Task Force, of which France is a member. In March, the FATF released a public consultation on a risk-based approach to virtual assets and virtual asset service providers. Loopholes in identity verification of customers are being plugged to thwart illicit activity. This is not isolated to France, but globally.
Government Publishes Action Plan on AML/CFT, 22 March 2021
The Plan to Fight Money Laundering and Terrorism Financing 2021-22 is centered on five main priorities: mobilize all stakeholders in preventing risks; guarantee financial transparency; prioritize detection, prosecution and sanctioning; hinder terrorists’ access to the financial system; and reinforce coordination of national policy. A major theme is heightened supervision, coming amidst a spate of AML/CFT regulations cracking down on the anonymity of virtual assets. Indeed, a high-profile terrorist financing network in France, dismantled in September 2019, utilized cryptocurrency, and French Finance Minister Bruno Le Maire has repeatedly warned that the advent of decentralized finance will facilitate ML/TF. The action plan comes on the heels of a 18 January 2021 Financial Markets Regulator announcement that it had updated the Book III of its General Regulation and the four guidelines constituting its AML/CFT policy. The guidelines cover the risk-based approach to AML/CFT, due diligence obligations, relations with politically exposed persons and the obligation to report to TRACFIN.
The past year has seen an especially aggressive and innovative French approach to AML. On 22 January 2021, the French Anticorruption Agency published a communication on DATACROS, a prototype tool aimed at uncovering money laundering and other illicit activities. A collaboration between the Anticorruption Agency and other European entities, the tool detects anomalies in the ownership links between companies in the identification of risk indicators. Indicators include patterns of collusion, relations with politically exposed persons and abnormally complex relations with jurisdictions that do not adhere to the same standard of transparency.
France Begins Issuing Digital ID Cards, 16 March 2021
The French government launched its new national digital identity card, which include an electronic code, QR code and fingerprint. The QR code is an electronic seal that operates as a digital signature and authenticity stamp. The digital identities will be crucial in combatting identity theft and fraud, which soared amidst the COVID-19 pandemic, although concerns over data protection persist.
Government Unveils National Cybersecurity Strategy, 18 February 2021
This ambitious national cybersecurity strategy outlines key objectives, including bolstering support for French R&D in cybersecurity and innovation; doubling the amount of cybersecurity professionals in France by 2025; promoting a cybersecurity culture amongst businesses, especially small ones; tripling the annual sales of cybersecurity companies to EUR 25 billion in 2025; and supporting the emergence of three French cybersecurity unicorns by 2025. A new cybersecurity center will also be established in Paris, and will host 1500 researchers and representatives from public and private sectors.
The strategy comes on the heels of a challenging 2020 cybersecurity landscape for France, which saw a 225% increase in ransomware attacks compared to 201912 and a surge in large-scale incidents targeting critical businesses and hospitals. France’s approach has been twofold in both bolstering national cybersecurity measures and in seizing the chance to grow its reputation as an innovation hotspot. French President Emmanuel Macron has routinely promoted a startup culture and high-tech dovetailed with economic growth, launching multiple billion-euro investment plans for startup funding throughout his presidency.
Financial Markets Regulator Publishes Action and Supervision Priorities for 2021, 11 January 2021
The French Financial Markets Regulator (AMF) published its action and supervision priorities for 2021, which include mobilization in recovery from the pandemic and economic recession, a rapid transition to sustainable finance, participation in financial regulation reforms and the strengthening of its monitoring and supervision approaches. Per France’s startup-friendly landscape, the AMF details its commitment to support businesses, especially SMEs, by facilitating their access to capital markets and bolstering the mobilization of private funding. In ensuring the continued competitiveness of Europe’s financial markets, the AMF points to the need for a more harmonized and transparent approach to EU regulation. Addressing regulatory fragmentation would make the EU more swift in responding to rapid changes in financial markets and strengthen the single market as a whole. EU and member state authorities have increasingly pointed to the benefits of cooperation and greater integration, especially in light of the COVID-19 pandemic and resultant challenges. The AMF especially welcomes EU legislation on the regulation of crypto -assets, particularly regarding strengthening the EU-wide approach to AML/CFT.
Bill Ratifying Ordinance on Strengthening the AML/CFT Framework Applicable to Digital Assets, 21 April 2021
The French Ministry of the Economy and Finance submitted a draft law ratifying Ordinance No. 2020-1544 of December 9, 2020 strengthening the framework for the fight against money laundering and the financing of terrorism applicable to digital assets. The ordinance broadens the scope of AML/CFT framework requirements to include services for the exchange of digital assets and digital asset trading platforms. Crypto-to-crypto exchange services and digital asset trading platforms must register with the Financial Markets Authority, and digital assets services providers (DASPs) are prohibited from maintaining anonymous accounts.
France has traditionally taken a hard line against virtual assets, especially cryptocurrencies like bitcoin that safeguard users’ anonymity. In a press release accompanying the 09 December 2020 ordinance, Finance Minister Bruno Le Maire confirms that regulatory provisions will be introduced allowing for the speedy launch of digital identification solutions for digital asset transactions.
Bill on Contactless Mobile Payments Submitted to Parliament, 16 November 2020
Bill No. 3574 aiming to regulate contactless mobile payments was submitted to parliament. The draft law seeks to restore consumers’ freedom of choice in contactless mobile payments, especially as the COVID-19 pandemic spurred on the rapid adoption of digital payments solutions. Meanwhile, the draft law speaks to the importance of increased regulation in cultivating more robust competition, as tech giants utilize their dominant stance to gain unfair advantages and deter smaller players. If passed, the bill would require “operating system suppliers to guarantee fair conditions of competition between its own payment service activity and the competing activities carried out directly or indirectly by credit institutions, electronic money institutions, payment service providers, institutions agents and agents within the meaning of Directive (EU) 2015/2366 [on payment services in the internal market].” Operating system suppliers would also have to ensure that their products and services do not prevent consumers from enjoying freedom of choice in selecting a contactless mobile payment service provider.
On 01 December 2020, the Bank of France published a press release by the National Cashless Payments Committee affirming its commitment to the European strategy on payments, welcoming support in the promotion of cashless payments and lauding the French payments sector in its response to the COVID-19 pandemic.
1. “The Top 25 Economies in the World.” Investopedia, 24 December 2020. https://www.investopedia.com/insights/worlds-top-economies/.
2. “French tech startups and scaleups to watch in 2021.” Sifted. https://sifted.eu/rankings/french-startups-top-rankings.
3. Covid-19 pandemic pushes French economy into deep recession.” France24, 29 January 2021. https://www.france24.com/en/europe/20210129-covid-19-pandemic-pushes-french-economy-into-deep-recession.
4. Lovell, Tammy. “Emmanuel Macron pledges €1bn for cybersecurity after hospital ransomware attacks.” Healthcare IT News, 22 February 2021. https://www.healthcareitnews.com/news/emea/emmanuel-macron-pledges-1bn-cybersecurity-after-hospital-ransomware-attacks.
5. Keohane, David and Peggy Hollinger. “Pandemic brought surge in French cyber attacks, warns Thales CEO.” Financial Times, 06 April 2021. https://www.ft.com/content/70e1c40d-acc8-4e8e-8ce3-3e0d9901358a.
6. “France Economic Snapshot.” Organisation for Economic Co-operation and Development, May 2021. https://www.oecd.org/economy/france-economic-snapshot/.
7. “France aims to spend €30 billion on decarbonising its economy.” Euronews, 07 May 2021. https://www.euronews.com/2021/05/07/france-aims-to-spend-30bn-on-decarbonising-its-economy.
8. “Central banks of Singapore, France trial cross border CBDC using JP Morgan tech.” Ledger Insights, 08 July 2020. https://www.ledgerinsights.com/central-bank-singapore-france-cross-border-cbdc-jp-morgan-tech/.
9. Smith, Tyler. Monetary Authority of Singapore and Banque de France Report Success from CBDC Experimentation.” The Fintech Times, 15 July 2021. https://thefintechtimes.com/monetary-authority-of-singapore-and-banque-de-france-report-success-from-cbdc-experimentation/.
10. “Central banks of France, Tunisia in wholesale cross border CBDC trial.” Ledger Insights, 19 July 2021. https://www.ledgerinsights.com/central-bank-of-france-tunisia-in-wholesale-cross-border-cbdc-trial/.
11. Seibt, Sébastian. “Why is France's finance minister at war with Facebook's cryptocurrency?” France24, 14 September 2019. https://www.france24.com/en/20190914-french-finance-minister-bruno-le-maire-war-with-facebook-cryptocurrency.
12. « La polémique sur le paiement des rançons de cyberattaques. » Ecole de Guerre Economique, 26 May 2021. https://www.ege.fr/infoguerre/la-polemique-sur-le-paiement-des-rancons-de-cyberattaques.
*DISCLAIMER: This information is OneSpan's interpretation of the compliance requirements as of the date of publication. Please note that not all interpretations or requirements of the applicable laws are well-settled and its application is fact- and context-specific. The information contained in this document should not be relied upon as legal advice or to determine how the law applies to your business or organization. We encourage you to seek guidance from your legal counsel with regard to law applying specifically to your business or organization and how to ensure compliance. This information is provided “as-is” and may be updated or changed without notice. OneSpan does not accept liability for the contents of these materials.
Last updated: November 2021