The structure of the EU financial services sector is changing as firms, including so-called BigTechs, increasingly leverage access to data and analytical capability, and innovative technologies to market and distribute financial and non-financial services to their customers. To-date policymakers have focussed on the adequacy of regulation in mitigating risks at both activity and entity level. However, the emergence of increasingly significant mixed activity groups—the next generation of financial conglomerates—gives rise to the need for an urgent review of the adequacy of supervisory oversight arrangements under Directive 2002/87/EC (the financial conglomerates directive; FICOD).
By way of background, in response to the globalisation of financial markets and the emergence of groups providing a wide range of financial services in a variety of jurisdictions, in 1993 a joint forum of bank, securities, and insurance regulators was set up to report on issues relating to the supervision of conglomerates. The forum observed that a system of supervision based on siloes of activity (banking, securities, insurance) undertaken at group entity level was insufficient and that greater coordination between supervisors was needed in order to provide “a realistic insight into a group’s risks”. The following issues were explored: contagion risk, intra-group exposures, large exposures, shareholder suitability, information access, supervisory arbitrage and moral hazard.[i] Ultimately, the forum concluded that there was a need for more intensive cooperation between supervisors, specifically as regards (i) capital adequacy at a solo and group level (the ‘solo-plus’ approach), (ii) the exchange of prudential information, and (iii) the monitoring and surveillance of group structures. This analysis informed the September 2012 Principles for the Supervision of Financial Conglomerates.
In parallel with the international work, the European Commission stepped up efforts to prepare a legislative framework for the supplementary supervision of regulated entities (including credit institutions, insurance undertakings and investment firms) in financial conglomerates within the EU, resulting in the adoption of FICOD in December 2002.[ii]
In its current form, FICOD defines ‘financial conglomerate’ by reference to two different scenarios: one where a ‘regulated entity’[iii] is the head of the group or subgroup, and the other where at least one of the subsidiaries in the group or subgroup is a regulated entity. In either scenario conditions regarding the materiality of the financial (ie, banking, investment and insurance) activities must be satisfied in order to qualify as a financial conglomerate.[iv] Supplementary supervision pursuant to FICOD relates to capital adequacy, risk concentration, and intra-group transactions. Measures to facilitate supplementary supervision include stress testing and enhanced cooperation and exchange of information between competent authorities responsible for the supervision of regulated entities within the financial conglomerate. FICOD does not provide a framework for the supervision of ‘mixed conglomerates’ (to use a term adopted by the forum).
So what are the problems?
Since the early work on conglomerates supervision, and the adoption of FICOD, the structure of the EU financial sector has undergone substantial change. First, banking services are now offered by a much broader range of market participants. Changes to the regulatory framework have enabled a disintermediation of some types of financial service, notably payment services,[v] and market forces have prompted a rise in lending activity by ‘other financial intermediaries’.[vi] Second, technological advancements have facilitated, and continue to facilitate, new delivery mechanisms (including via mobile applications, internet portals and digital platforms) helping to overcome barriers to entry and enabling groups to leverage their brands and extend their customer bases, including cross-border, by marketing and distributing new bundles of (financial and non-financial) products and services.[vii] Third, we are starting to witness technology firms with large customer bases and access to—and the capacity to analyse and utilise—vast customer datasets (so-called BigTechs) enter the financial sector directly (as opposed to entering partnership arrangements with incumbent financial institutions). Often dedicated group companies are established focussing on the provision of specific types of financial service (again, notably, payment services and lending activity[viii]) and have the capacity to scale up rapidly by leveraging existing (group) market power. For example, Facebook is already active in payments and there has been much speculation about potential business lines relating to the proposals for the Libra.[ix] These three factors are creating the conditions for a new generation of financial conglomerates to emerge.
Additionally, our attention to different forms of risk has evolved substantially over the last few decades. Indeed, the regulatory community is now much more alive to reputational and operational interdependencies (including in the context of recovery and resolution), digital operational resilience, data protection, and competition. And these elements have been borne out in sector-specific regulatory reforms, particularly following the financial crisis that began in 2008.[x]
In this context, the framework for conglomerates supervision can be exposed as woefully out-of-date giving rise to the very same vulnerabilities that were highlighted in the early work on conglomerates supervision.[xi] These are vulnerabilities that will become only more pressing as BigTechs and other non-traditional financial groups scale up retail financial services offerings.
It is therefore incumbent on the supervisory community to act now to address the limits of existing arrangements for supervisory coordination.
In particular, attention is needed to the scope of the definition of ‘financial conglomerate’, including the definition of ‘regulated entity’ and the thresholds defining the materiality of financial services activity. Here it is important to highlight that, for many years, industrial groups with financial services arms (eg, car manufacturers[xii]) have been tolerated without the need for enhanced supervision structures because the financial services have been limited in scale and jurisdictional reach, and typically very closely connected to the core business. The new generation is rather different, with (i) the capacity for scale in terms of product offerings, customer and jurisdictional reach far surpassing that we have seen to-date, and (ii) integrated data pools and operating systems and processes, together posing risks of a more systemic dimension.
Attention is also needed to the range of entities and types of risk subject to supplementary supervision, with interconnectedness (including interrelationships with ‘unregulated’ group companies) warranting particular consideration, in order to ensure an appropriate, effective and timely superintendence and mitigation of the cumulative potential risks for consumers and, ultimately, for financial stability.
These themes are explored in my paper ‘The Next Generation of Financial Conglomerates: BigTech and Beyond’, a final version of which will be published in the November edition of Butterworths Journal of International Banking and Financial Law (JIBFL).
Elisabeth Noble is a Senior Policy Expert at the European Banking Authority
The views expressed in this blog are mine alone and should not be taken to represent those of the European Banking Authority (EBA) or to state EBA policy. Neither the EBA nor any person acting on its behalf may be held responsible for the use to which information contained in this publication may be put, or for any errors which, despite careful preparation and checking, may appear.
[i] Further to the 1993 report a Joint Forum on Financial Conglomerates was formed in early 1996 under the BCBS, IOSCO and IAIA ultimately producing three reports further particularising recommendations relating to Supervision of Financial Conglomerates (February 1999), Intra-group Transaction and Exposure Principles (December 1999), and Risk Concentration Principles (December 1999).
[iii] ‘Regulated entity’ means a credit institution, insurance undertaking, reinsurance undertaking, investment firm, asset management company, or an alternative investment fund manager.
[iv] See Article 3 (thresholds for identifying a financial conglomerate).
[vi] For information about non-bank financial intermediation in the EU, see the European Systemic Risk Board’s monitoring work. This work complements monitoring carried out by the Financial Stability Board at the global level. For information about ‘other financial intermediaries’ see the EBA’s November 2017 Opinion and Report.
[ix] Facebook has been offering payments products for some time and, within the group, money transmitter licences are held in the US and an e-money licence is held in the EU. Facebook has recently established Novi (previously known as Calibra) as a digital wallet to enable customers to send, spend and receive digital payments in Messenger, WhatsApp and the Novi app.
[xi] European Commission staff working document on Directive 2002/87/EU (July 2017) reflected on some of the regulatory changes to that point but did not identify an urgent need for change taking into account only those factors. The need for continuous monitoring of market developments was identified as important to ensure any new issues can be taken into account in a timely manner.