The European Securities and Markets Authority (ESMA) has found regulatory gaps in the licensing regime for crypto-asset related activities, as well as in the governance processes associated with cyber security and cloud outsourcing.

Two surveys conducted by ESMA earlier this year gathered evidence from national competent authorities (NCAs) across the EU on the treatment of FinTech firms within their jurisdictions.

The research confirmed that NCAs do not typically distinguish between newer FinTech and more traditional business models in their decision making, since they authorise a financial activity and not a technology.

The primary area where problems were identified - and where FinTechs do not fit within the existing rules - is related to crypto-assets, distributed ledger technology and Initial Coin Offerings.

Regulators have already called for more clarity across Europe in terms of financial instrument definition and the legal nature of crypto-assets. ESMA responded that the findings confirmed its own Crypto Asset Advice that certain tokens are financial instruments are subject to the full attendant regulation, while those tokens that are not deemed financial instruments should be subject to a more minimal level of regulation.

The surveys also identified the need for greater clarity around the risk management processes associated with cyber security and using third parties for cloud computing.

ESMA stated that recent guidelines published by EU regulatory bodies on legislative improvements relating to IT risk management and cyber-resilience will address many of the issues raised. It concluded that “at present, most innovative business models can operate within the existing EU rules” so there are no plans to make additional recommendations for changes in EU regulation at this stage.

Share Story: