February 2019 EU affairs newsletter
- Company law
- Data protection
- Addendums to client contracts for outside EU data transfers after GDPR
- Consumer Credit – market consolidation
- Credit rating
- ESMA PUBLISHES GUIDELINES ON SUPERVISORY REPORTING FOR CREDIT RATING AGENCIES
- Non-financial reporting
- Commission consultation on the update of the non-binding guidelines on non-financial reporting
- Data protection
- Roadmap Consultation on Data storage & processing services – interaction with data protection rules
- Member States’ corner
- Poland: draft act putting Credit Scoring in danger?
- European Data Protection Board note on Brexit
- Payments services
- EU adopts its reform on reducing charges and increasing transparency
EU company law adapted to the digital era
The EU has decided to revise its company law rules so that they remain fit for purpose in the digital age. The aim is to achieve greater efficiency, transparency and legal certainty using digital tools. The Romanian presidency of the Council reached on 4th February 2019 a provisional agreement with European Parliament's representatives on a draft directive that will facilitate and promote the use of online solutions in a company's contacts with public authorities throughout its lifecycle.
The new rules ensure that:
· companies are able to register limited liability companies, set up new branches and file documents for companies and their branches, to the business register fully online;
· national model templates and information on national requirements are made available online and in a language broadly understood by the majority of cross-border users;
· rules on fees for online formalities are transparent and applied in a non-discriminatory manner;
· fees charged for the online registration of companies do not exceed the overall costs incurred by the member state concerned;
· the 'once-only' principle, whereby a company would only need to submit the same information to public authorities once;
· documents submitted by companies are stored and exchanged by national registers in machine-readable and searchable formats;
· more information about companies is made available to all interested parties free of charge in the business registers.
At the same time, the directive sets out the necessary safeguards against fraud and abuse in online procedures, including control of the identity and legal capacity of persons setting up the company and the possibility of requiring physical presence before a competent authority. It maintains the involvement of notaries or lawyers in company law procedures if these procedures can be completed fully online. It also foresees an exchange of information between member states on disqualified directors in order to prevent fraudulent behaviour.
The directive does not harmonise substantive requirements for setting up companies or doing business across the EU. According to figures provided by the Commission, there are around 24 million companies in the EU, out of which approximately 80% are limited liability companies. Around 98-99% of limited liability companies are small and medium-sized enterprises, which would be most directly impacted by these improvements.
The proposed directive complements the existing rules on EU company law as codified in directive (EU) 2017/1132. It is one of the two proposals tabled by the Commission in April 2018 for the modernisation of EU company law. It is also an important pillar for the recently adopted Single Digital Gateway regulation, which facilitates interactions between citizens, businesses and competent authorities by providing access to online solutions.
· Click here to see the Commission proposal.
· Click here to see the latest provisional Council text agreed (it stills needs formal linguistic review and adoption).
Addendums to client contracts for outside EU data transfers after GDPR
In the last call of the FEBIS regulatory committee, the issue of the Addendums that many of the FEBIS members are currently trying to agree with their clients following the introduction of the GDPR legislation was raised. Indeed, the discussion showed that some of the Febis members were having problems, in particular with Asian customers, in getting them to agree to signing these addendums. The question being asked is whether other members are also having the same issues and whether FEBIS as a Federation should approach the issuer. This can also concern data transfers with users outside the EEA.
The Febis regulatory committee therefore proposed to add this issue as a discussion item for the next FEBIS spring meeting in the regulatory section to assess if this is a broad issue and what could be done to ease the process and get Febis members’ clients to agree more easily on this, relying on adequacy decisions or the use of BCRs and the MCC (model contractual clauses) are defined at EU level so they can’t be changed. FEBIS could help in explaining the current background of MCC and why you can’t change the clauses.
Orange Digital Ventures invests in Aire, a fintech company providing consumer credit risk knowledge to financial institutions
Orange Digital Ventures is joining the Series B round of 11 million dollars in the Fintech company, Aire, alongside Crane Venture Partners, Experian Ventures and existing investors, White Star Capital, and Sunstone Capital.
The new round will allow Aire, which aims to make credit fairer for consumers and more valuable to lenders, to support its rapid growth-phase including investment in Aire’s innovative credit insight engine and expansion in the US.
New forms of “alternative data” have proliferated in recent years and widened the base of data used in credit scores. However, with machine learning as an enabler, these data and ‘digital footprints’ can offer highly predictive outcomes and offer an unprecedented opportunity to better serve consumers.
Aire’s solutions – deep consumer credit risk knowledge combined with new consumer-supplied data, leveraging machine learning in a regulated environment – are addressing this growing opportunity aiming at making credit fairer for consumers, and more valuable to lenders.
The start-up’s solution meets several of Orange’s strategic objectives, particularly in mobile financial services, where the group has two diversification initiatives with Orange Bank in Europe and Orange Money in Africa, both aimed at serving the customer with the best solutions to improve their financial life.
In the two years since Aire received Financial Conduct Authority (FCA) Approval, the company has grown from a start-up with eight people to a fully-fledged business with a headcount approaching 40. Along the way, it has forged numerous alliances with the notable financial institutions such as Toyota Financial Services and online retailer N Brown, alongside high-street banks. These partnerships have underlined the versatility of Aire’s technology, which can be integrated at various stages of the credit lifecycle. To date, Aire’s sophisticated algorithmic model has scored over $10 billion of credit across various categories of consumer credit proving the relevance and robustness of its platform.
Aneesh Varma, co-founder and CEO of Aire: “Aire is built on the premise that empowering consumers to play an active role in their credit assessment is the only way to give lenders a comprehensive view with which to make a decision. Since launching five years ago we have come a long way in bringing along the credit ecosystem: FCA regulation; scalable technology; proven uplift for lending partners; and funding. Today's announcement is a significant milestone in the Aire journey and showcases how much the market is paying attention, with the support of the largest credit bureau. This Series B funding is allowing us to push the Aire philosophy further into new markets, such as the US, as well as new sectors.”
Marc Rennard, Orange Digital Ventures chairman commented: “In both emerging and mature markets, more than 1.7 billion adults lack access to formal financial products. As a mobile financial services provider in Europe and in Africa, Orange has leveraged new technologies to bring digital payment and transfer to underserved populations. We believe consumer credit is the next frontier, and that Aire - relying on AI to improve risk assessment - is in an ideal position to enable lenders to upgrade their scoring and give a fairer access to finance.“
ESMA PUBLISHES GUIDELINES ON SUPERVISORY REPORTING FOR CREDIT RATING AGENCIES
The European Securities and Markets Authority (ESMA) has published on 5th February its revised Guidelines on the information which credit rating agencies (CRAs) need to report to ESMA for supervisory purposes.
These Guidelines amend some sections of ESMA’s 2015 Guidelines on the reporting of periodic information to ensure they continue to support ESMA’s supervisory processes in an efficient and effective manner.
The main goal of the Guidelines is to streamline the information that is reported on a periodic basis by CRAs to ESMA, ensuring that the information is fully aligned with ESMA’s supervisory processes. However, a secondary goal of the Guidelines is to increase the predictability of ESMA’s supervisory interactions with CRAs, with respect to the requests for information that ESMA submits to CRAs.
The main features of the revised Guidelines are:
· Differentiated reporting calendars for entities depending on required level of supervisory engagement;
· Individual reporting instructions for each reporting item which have been elaborated and expanded in areas where ESMA has identified a supervisory need; and
· Standardising reporting templates for specific reporting items.
· The publication of these Guidelines follows a public consultation in July 2018 following which a number of refinements have been introduced in areas such as cost and revenue reporting, “as soon as” notifications and reporting calendars.
ESMA will make all relevant templates available on ESMA’s website. This will be done sufficiently in advance of the implementation date to allow for a period of testing between ESMA and CRAs.
Commission consultation on the update of the non-binding guidelines on non-financial reporting
Following from the workshop at the end of 2018 on non-financial reporting, the Commission has issued a consultation on the update of the non-binding guidelines on non-financial reporting. The consultation mainly focuses on the climate-related guidelines and is open for comments until 20th March 2019. It can be found at https://ec.europa.eu/info/consultations/finance-2019-non-financial-reporting-guidelines_en
Roadmap Consultation on Data storage & processing services – interaction with data protection rules
The European Commission has issued a Roadmap on the relations between the free flow of data regulation and the GDPR- the aim is to concretely assess how the 2 instruments can work together and especially about the application to mixed datasets and provide guidance on the interaction.
As usual, the Roadmap will serve as a basis for further consultation and discussion about the issue. The Roadmap is available for comments until 13th March and can be seen at https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2018-6446221_en
Poland: draft act putting Credit Scoring in danger?
A draft act on adjusting the Polish legal system to the provisions of the GDPR is under way in the lower house of the Polish Parliament (Sejm).
The draft act (in Polish) contains, among others, provisions amending the rules for processing personal data by banks, credit institutions, loan companies and other entities regulated by Polish banking law.
Particular controversy has been caused by the government’s proposal to limit the scope of data on which the credit risk scoring may be based, to only those categories of data which are expressly indicated in the draft act. In its current version, the proposed data catalogue is limited solely to identification data, data concerning marital status and matrimonial regime, information about financial and work situation, as well as credit history. Importantly, such limitation of the data catalogue excludes the possibility of using behavioural data (e.g., Internet habits including behaviour in social media) in credit scoring, which to date has been widely used.
At the same time, the current wording of the draft act excludes (but not expressly) the possibility of broadening the data catalogue, even with the credit applicant’s consent.
According to unofficial information gathered from the participants of the parliamentary commission’s debate, the government side is reluctant to agree to any revisions of the draft. If this information is confirmed, many banks and loan companies may be required to significantly modify their model of granting credits and loans. These changes may also affect other entities in the fintech industry.
The draft act is currently under first reading (out of three) in Sejm. Before adoption the draft act must be accepted by the upper house of the Parliament (Senat) and subsequently by the President.
This article was originally published on HL Global Media and Communications Watch.
European Data Protection Board note on Brexit
At its February plenary meeting, the EDPB adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit. The information note reiterates the need for organizations to implement data transfer mechanisms if they wish to continue transferring personal data from the European Economic Area (“EEA”) to the UK following Brexit. The information note on Data Transfers lists the following steps that organizations should take to prepare for a no-deal Brexit:
· identify the processing activities that involve a personal data transfer from the EEA to the UK
· determine the appropriate data transfer mechanism (e.g., standard contractual clauses, binding corporate rules (“BCRs”), derogations)
· implement the transfer mechanism before March 30, 2019
· ensure internal documentation states that transfers will be made to the UK
· update privacy notices to inform individuals that transfers will be made to the UK.
Finally, the information note also mentions the UK government’s approach to transfers, which is to recognize existing EEA countries as offering adequate data protection from the point at which the UK leaves the EU. Any formal discussion of the UK’s adequacy, in contrast, will not take place until after the UK has left the EU.
EU adopts its reform on reducing charges and increasing transparency
The EU is working towards making payments in euros cheaper. Paying or withdrawing money in euros anywhere in the EU will soon cost the same as at home.
The Council today adopted a regulation on aligning the costs of cross-border payments in euros between euro and non-euro countries and increasing the transparency of charges related to currency conversion services across the EU.
Since 2002, the same charges have applied to cross-border and national payments in euros within the euro area, while cross-border payments in euros from non-euro countries are subject to high fees.
The reform will align the charges for cross-border payments in euros for services such as credit transfers, card payments or cash withdrawals with the charges for corresponding national payments of the same value in the national currency of the Member State where the payment service provider of the payment service user is located. This measure will extend the benefits of cheap cross-border euro transfers to an additional 150 million non-euro area consumers, and a potential extra 2,5 billion transactions per year.
In addition, further transparency requirements will be introduced on charges for currency conversion services. When consumers make card payments or withdraw cash abroad, they can choose whether to pay in the local currency or their home currency. According to the new rules, consumers will be informed of applicable charges before making their choice. This will be achieved by introducing an obligation to disclose the charges applied as a percentage mark-up of all currency conversion charges over the latest available exchange rate of the ECB. This new level of transparency is intended to raise consumers' awareness, thereby enhancing competition between different currency conversion services providers.
Most of the provisions will become applicable as of 15 December 2019.
Write a comment