The ability of Fintech to leverage customer data through AI raises the question of how financial authorities should deal with data rights, particularly in the broader context of data protection regulation. This relates to how authorities should consider the potential to promote data sharing between the different actors involved in the provision of financial services. This can help to promote competition and ensure a level playing field for all market participants.
Equitable access to data for fintech entrepreneurs should therefore be ensured to allow for a healthy level of competition and innovation. However, regulatory obligations for financial firms to share relevant data with new market entrants may also introduce new risks that need to be addressed. For European Parliament, Distributed ledger technology (DLT) presents operators and regulators with new challenges around the use, sharing and storage of data, as well as the rights to access that data. The processing and analysis of individual data through Big Data analytics techniques, insufficient authentication procedures or the lack of transparent and clear terms and conditions raise concerns, in particular with regard to compliance with existing data protection rules.
In terms of effective enforcement, the GDPR is, in practise, the EU framework for data ownership, which sets out who retains control over data, its use and its dissemination. The storage of data should also be considered, especially if it is stored via cloud computing services, which are often outsourced. Again, the risks mainly relate to cybersecurity and the possibility of breaches, which, as mentioned earlier, requires strengthening operational cyber resilience. There is also a need for more specific guidance on the application of the GDPR to the financial sector and on the ethical use of data - in particular Big Data.
In terms of data use, oversight of Big Data analytics is a concern. The OECD points out that Big Data and AI applications could lead to consumer profiling, enabling price discrimination and creating new barriers to accessing finance. Detailed profiling could promote financial exclusion and inequalities in financial systems and lead to increased price discrimination, particularly in insurance markets. The ethical use of data needs to be ensured, and one option suggested by the IMF could be a data regulation framework that establishes purpose as a guiding principle in setting these frameworks.
Another problem is the lack of a harmonised procedure for digital identities. The European Commission states that secure electronic identification (eID) would enable fast and cross-border identification, benefiting consumers, investors, businesses and public authorities alike. They would help foster a culture of trust between actors in the digital financial world and more broadly in the European Digital Single Market. Currently, 13 Member States have announced national e-identity schemes. In the area of digital finance, the introduction of electronic identities has been associated with greater financial inclusion, lower costs and faster transactions, as well as a reduction in fraudulent activity.
The development of digital identities could also help curb the use of digital financial instruments for money laundering and improve compliance with customer identification (KYC) requirements by financial market actors.
Finally, financial authorities could benefit from close cooperation with other regulators, such as competition authorities and data protection authorities, to ensure more transparent and comprehensive reporting on digital finance. This is particularly important as one shortcoming of data-related regulation is the lack of a sector-wide perspective. While financial market infrastructures (FMIs) - in particular banks - are covered by most existing rules, other market participants do not fall within their scope, even though they provide the same services and face the same risks. Moreover, the GDPR still has a number of weaknesses, mainly due to inconsistent implementation across Member States. For example, there are significant differences in national information disclosure requirements, which could have an impact on the ability to properly implement the legal requirements in the area of money laundering and terrorist financing in the case of financial services.
Specialists from AlphaLAW will be happy to help you in preparing all necessary documents and procedures for your fintech business, obtaining a cryptocurrency license in Estonia. Our assistance includes the preparation of the list of required documents, help in developing company procedural rules, translation of documents into Estonian/English and support throughout the whole licensing process.
In case you have any questions or are interested in any of our service, please contact us through the following communication channels.