Although many have greeted the prospect of more uniform rules for financial regulation in Europe, some member state-level regulators and trade associations have questioned just how stringent these should be.
One of the EU’s greatest benefits to outsiders is undoubtedly the potential of the single market. Once you are in, you can passport your product to the other member states, made possible by the freedom of movement for goods and services.
However, two regulators have recently warned that this does not necessarily mean all bodes well for consumers.
In a position paper published late last year, the Netherlands Authority for the Financial Markets (AFM) and the French regulator Autorité des Marchés Financiers (AMF) advocated that more access to the European market should by no means lead to less protection for consumers.
“In the current supervisory system, the responsibility lies with the supervisor in the country where the company is established,” the regulators warned. “However, the regulator in the country where the services are offered often has a better view of harmful practices.”
For this reason, consumers and investors can bear the brunt of this division of responsibilities.
To some extent, this has played out with the one-stop-shop (OSS) rule in the General Data Protection Regulation (GDPR). The GDPR’s OSS mechanism is designed to ensure cooperation between data protection authorities (DPAs) in the EU.
For example, if a company is processing data in different EU member states, it will have a lead DPA that is based where its main establishment, usually its headquarters, is located.
This rule applies unless decisions about the purpose and means of the processing of the personal data are taken in another establishment and it has the power to implement such decisions.
The GDPR may have become the EU’s pièce de résistance, setting off a wave of regulation across the globe in the field of data protection; however, the OSS has unleashed tensions among the EU’s member state regulators and its Brussels-based Data Protection Supervisor.
Wojciech Wiewiórowski, the European Data Protection Supervisor (EDPS), has previously said that it goes as far as to hinder the GDPR, pointing out that increasingly bigtech companies are setting up their main establishments in selected member states — in part due to their approach to the GDPR.
This was evidenced by the flack that the Irish Data Protection Commissioner received in 2021 from not only Wiewiórowski but the European Parliament as well, which voted in favour of a resolution calling on the European Commission to open an infringement procedure against Ireland for failing to enforce the GDPR.
The Irish commissioner, however, received support from the EU’s justice chief, Didier Reynders, who said that the European Commission does not find room for an intervention in a letter that was leaked to the press last week.
Companies choosing to set up their base in EU countries that do not necessarily have the most stringent regulatory tools is wider than just GDPR. It means companies can market riskier products into other member states with a lack of capability for supervisors to intervene.
“The AFM and AMF specifically propose that supervisors in the country where the services are offered be given more responsibilities and enforcement options,” the regulators suggested.
Meanwhile, authorities should also receive more information about the services and products offered in their country, the position paper advocates. In this way, regulators would be able to better protect consumers and investors against harmful practices.
The future of EU regulation
The Dutch and the French financial supervisors are not the only ones seeking member state-level powers. The Belgian competition regulator, alongside its Dutch counterpart, have previously said that they want more of a role for member state regulators in the enforcement of the Digital Markets Act (DMA).
The DMA will offer the European Commission enhanced powers to deal with what it feels are "gatekeepers", for example, bigtech firms, and will mean that they can intervene regarding issues, such as payment options when consumers interact with gatekeeper platforms.
In November, Sweden’s Banking Association issued an opinion that it hoped its government would negotiate a more flexible anti-money laundering framework at EU level than the current proposal suggests. For example, arguing that the proposal for a money laundering ordinance further sets requirements for the board of the association that does not seem possible to be merged with the Swedish Companies Act.
In some areas of regulation, even voters appear to want powers to be kept within national borders. For example, a poll released in August by Redfield and Wilton Strategies found that a majority of EU citizens would prefer that national governments implement their own framework for crypto-assets, instead of the EU.
The EU’s largest economies, France and Germany, both sided with national rather supranational, according to the survey, whereas Spain and Portugal were the only countries polled where a majority backed an EU-wide crypto framework.
As we enter the new year, challenges to some of the EU’s most prominent regulatory proposals — whether that be the Markets in Crypto Assets (MiCA) regulation, the DMA or upcoming AML reform — could indicate potential future changes. It also shows that the EU’s most traditional battles, between the ease of business that comes with uniform rules and concerns over sovereignty, could be a contentious issue for Brussels to have to contend with going forward.