The impacts of technological innovation on regulatory structure: Fintech in post-crisis Europe

Specific forms of digitised financial innovation have been the subject of several chapters in this volume: Chapter 2 studied the regulation of high-frequency trading and Chapter 3 the role of clearing houses and central depositories in derivatives trading. In this chapter, we examine technological innovation more broadly and in its own right, considering its impact on European regulatory structures in recent years. How does technological innovation, or ‘Fintech’,1 in major financial markets – currencies, payment systems, capital markets, alternative intermediaries and insurance – impact upon regulation? The dynamic features of financial markets and the innovation of complex financial products and services based on new technologies and business models present regulators with significant challenges. Specifically, how can they effectively scrutinise unprecedentedly large volumes of market data? Is ‘Regtech’, an instrument developed by private actors, able to ensure compliance with public regulation? Does an alternative approach which institutionalises public–private cooperation offer answers to new regulatory challenges? New financial technologies and activities often do not fall within the purview of established regulatory regimes, leading to a situation where regulators are playing catch-up with the private sector. At the very least, this necessitates further engagement between public and private actors; at most, it calls for sweeping reforms to regulatory rules and strategies. While it is routine for regulators to encounter asymmetric information problems in interactions with firms (Besanko and Sappington 2001), these are acute in sectors such as finance where disruptive innovation can lead to a state of ‘Knightian uncertainty’, as was demonstrated by the most recent financial crisis itself (Nelson and Katzenstein 2014). A key lesson drawn from the 2008 crisis was that if

regulators do not understand the technology they seek to regulate, they will be unable to assess risks posed to the public. The crisis prompted a reconsideration of regulatory cultures in many countries whilst also coinciding with and partly catalysing the contemporary wave of disruptive financial innovation, often referred to as 'Fintech 3.0' (Arner et al. 2015). 2 This wave has emerged rapidly and exponentially by historical standards: global investment in Fintech firms stood at $111.8bn in 2018, up 120 per cent on the previous year (KPMG 2019); and as of 2017, 20 per cent of all financial services firms had been founded since 2005 (Accenture 2018).
This chapter discusses the dynamics driving regulatory responses to this trend across Europe in the past decade. It examines the steps that public actors (policymakers and regulators) have taken across Europe, teasing out the political and strategic dynamics underlying these moves. In keeping with the broader theme of the volume, we examine these trends with respect to debates over regulatory trends in Europe: centralisation, decentralisation or fragmentation.
Before turning to our empirical analysis, it is necessary to first restate the relevant hypotheses developed in Chapter 1 about the impact of financial technological innovations on national and European financial regulation. Our analysis examines variations in four principal areas of uncertainty linked to new financial instruments and business models: substantive uncertainty, legal uncertainty, uncertainty with respect to risks for public goods; and uncertainty as regards compliance with existing regulation affected by the use of Regtech.
To offer more specific answers to the question of how regulators respond to new financial instruments under specific conditions, we refer to the causal hypotheses developed in the theory chapter about how specific types of new financial instruments based on technology and/or innovative business models linked to specific types of uncertainty are likely to lead to specific regulatory structures. In doing so we outline the underlying causal mechanisms and illustrate the different types of financial innovations and their expected impact upon regulatory structures, focusing on specific examples of innovation.
In line with Chapter 1 on theory, we assume that the nature of uncertainty linked to the newly introduced financial product or service matters most when explaining regulatory outcomes. This assumption was inductively drawn from the scrutiny of the extensive 2017 and 2019 reports from ESMA which provide evidence of regulatory responses to a wide variety of Fintech innovations. From this work, it emerged that these types of uncertainty are crucial in determining regulators' reactions to Fintech. We accordingly propose a systematisation of the nature of uncertainty: (a) unclear substance of the instrument and or the business model introduced; (b) unclear legal nature; (c) the unclear effect regarding cross-sectoral risks that call for a public goods provision by regulation; (d) a degree of uncertainty linked to the use of Regtech offered as Agnieszka Smoleńska, Joseph Ganderson and Adrienne Héritier -9781839101120 Downloaded from Elgar Online at 08/19/2020 01:06:39AM via free access a financial regulatory instrument to control rule compliance. These different types of uncertainty trigger different reactions from regulators. Based on the framework established in Chapter 1, we hypothesise as to how they affect the regulatory structure before examining cases in each area: Hyp 10 If the substantive nature of a new financial instrument and/or a new business model used by a Fintech is unclear, national regulators may take recourse to bespoke regulatory solutions developed in cooperation with Fintechs. The result will be a fragmented regulatory structure. Hyp 11.1 If the regulator considers a new financial product as a financial instrument falling under existing regulation, fragmentation will be avoided. The resulting regulatory structure will be shaped according to the existing legislation and thus reproduce the existing structure (centralised vs. decentralised). Hyp 11.2 If the new financial product is not considered a financial instrument falling under existing legislation, locally limited bespoke (self) regulations will emerge, leading to a fragmented regulatory structure. Hyp 12 If regulators are certain that Fintech activities imply cross-sectoral risks and they can build on pre-existing cross-sectoral rules protecting public goods, they will adopt centralising measures based on these rules. Hyp 13.1 Low uncertainty about the application of new financial instruments and their compliance with rules due to the use of Regtech offers regulators real time insight in regulatory compliance and triggers automatic enforcement of the relevant rules. This leads to a centralisation of regulatory structures if the relevant rules are strict and precise. Hyp 13.2 If regulators are endowed with rich material, institutional (competences) and non-material (expertise) resources, they will make use of Regtech, which will result in a centralised regulatory structure if the relevant rules are strict and precise. Substantive uncertainty refers to a gap between an understanding of technological innovations, with their associated risks and effects, between private firms and public regulators. Substantive uncertainty is manifest across all major areas of financial services, and is generally embodied in specific tools, technologies or product innovations that have hitherto been untested and require regulatory learning processes. 3 This has led to regulators reaching out to certain Fintechs in an attempt to learn about products and assess their regulatory viability. At the time of writing, the majority of EU Member States have established national 'facilitator' programmes that seek to encourage public-private interaction and information sharing and reduce uncertainty. Facilitators comprise physical infrastructure and resources on the part of the competent national financial services regulator: either innovation hubs, sandboxes or both (see Table 7.1). Among them, the original and most advanced project is run by the UK's Financial Conduct Authority (FCA). The FCA is a relatively new regulator, created in 2013 after the Conservative-Liberal Democrat coalition dissolved its predecessor the Financial Services Authority (FSA) following the financial crisis. Legally, it operates as a non-profit limited company, funded entirely by the firms it regulates, and though it is officially functionally independent of the UK government, it reports annually to the Treasury and bi-annually to Parliament, who appraise its performance. In the UK's post-crisis 'twin peaks' model, it is the regulator responsible for consumer protection, industry standards and promoting competition. 4 The FCA launched Project Innovate with a 'call for input' and by hosting roundtables with Fintech industry members in summer 2014. 5 The call stated that the FCA sought to "support industry innovation by opening our doors to businesses (large and small) who are developing innovative approaches that can benefit consumers in financial services markets" (FCA 2014, p. 5). The consultations sought to establish recurrent regulatory barriers; the feasibility of establishing an 'incubator' and an 'innovation hub' model long-term; and how best to discern "genuine, ground-breaking innovation" from transitory crazes or false dawns (FCA 2014, pp. 5-6). In October 2014, the FCA responded to feedback by relaunching the Fintech section of its website, establishing criteria for assessing growth potential and, most importantly, formally launching the first dedicated innovation hub. The hub launch was notably receptive to most of the industry respondents' major requests, promising to: proactively assist specific firms with regulatory navigation by assigning a dedicated FCA contact to each case, offer post-authorisation support for up to one year, provide general information and updates on regulation, organise broader outreach events, maintain an informal tone in interactions with firms, and act as a champion of innovation within the FCA itself (FCA 2014, pp. 7-9). 6 Taken together, these steps represented a receptive and comprehensive environment for Fintech entrepreneurs and firms that was hitherto unmatched across Europe. 7 Objectives such as 'maintaining an informal tone' are indicative of a working relationship founded on respect and mutual understanding rather than deference on the part of firms seeking to please regulators. As far as the FCA is concerned, the project was and remains couched officially within the regulatory remit of stimulating domestic competition for consumers (FCA 2019b). However, Project Innovate also represented a signal of intent to international competitors that the UK was open to investment from Fintech, and placed the country on a stronger institutional footing than other large European economies and the European Union itself in this respect (see below). There were quite transparent political motives underpinning the project. In 2015, Chancellor George Osborne publicly stated his desire for London to become "the global centre for Fintech", stressed that regulators must provide the necessary space for innovation, and acknowledged the international competition explicitly: "the race is on, but we're determined to win it" (Campbell 2015). Indeed, some scholars have suggested that the British regulatory approach even constitutes "large-scale efforts to promote the Fintech industry" (Dorfleitner et al. 2017, p. 15). According to a team member at France's innovation hub, "there has always been a lot of emphasis from the FCA on competitiveness", however this emphasis is not passed down in the same fashion in other financial regulatory regimes, such as France's (Interview 2019a).
This open regulatory philosophy complemented London's pre-existing endowments in finance and technology, and gave the UK a first mover advantage that it has expanded upon in recent years. Whilst More recently, this British leadership has manifested itself in two strategic directions. Though the FCA has expanded its range of outreach via events programmes and calls for input, more consequential has been its development of a regulatory sandbox and related internationalisation through the development of its Global Financial Innovation Network (GFIN) and bilateral 'Fintech bridges'. These steps respectively represent a simultaneous deepening and widening of its activities. Sandboxes "offer an environment in which Fintech entrepreneurs can conduct limited tests of their innovations with fewer regulatory constraints, real customers, less risk of enforcement action, and ongoing guidance from regulators" (Allen 2019, p. 580). They are thus analogous to clinical trials in pharmaceuticals. The UK was the first country in the world to formally launch its sandbox in April 2016, and referring to it, the FCA's Head of Innovation acknowledged that "as regulators we're under constant pressure to be more pro-innovative" (Kelly 2018). Since then, the sandbox has processed five cohorts, comprising 118 organisations seeking to obtain market access for Fintech products (FCA 2019c).
Sandboxes are viewed as business-friendly regulatory innovations, and the FCA's intervention has sparked a global race of the sort Osborne was referring to. Since April 2016, six other European states have launched or are launching their own sandboxes (see Table 7.1). In addition, in the year following the UK launch, ten other non-European countries, including major financial centres Hong Kong and Singapore, followed suit. Other large economies including Russia, Canada and Indonesia have now also established operations, while the United States is considering a similar initiative. 8 The FCA has responded by pursuing a strategy of horizontal collaboration through its GFIN initiative and bilateral bridging. In 2018, the FCA stated it wished to pursue a 'global sandbox', which would allow for knowledge pooling between regulators, facilitate joint work on Regtech, and create a cross-border environment for product trials. To date, this network is chaired by the FCA and comprises ten other members in its coordination group, including Hungary, Lithuania, Hong Kong and several smaller states and subnational authorities. A further twenty authorities are members, and seven more have observer status (FCA 2019d). As of September 2019, GFIN is in the process of launching a cross-border pilot with eight firms that will interact with at least two of the seventeen participating regulators, spanning a range of Fintech subsets such as blockchain, Regtech and digital securities. Moreover, the UK has signed five bilateral agreements with Singapore, South Korea, Hong Kong, China and Australia to formally explore expanding market access via controlled trials and collaboration between national innovation hubs (Fintech Alliance 2019). Motivations here are twofold. First, industry has unsurprisingly cited cross-border regulatory collaboration as a priority in a new round of calls for input, calling for cooperation that would allow UK established firms to expand seamlessly. Second, by chairing and coordinating a formal network with a 'hub and spokes' model, the UK expands its influence and becomes an international standard setter.
No other country has yet replicated a comparable network, though the lack of formal collaboration between the UK and other major states hints that others may wish to create their own, rival networks or distinct strategies in the Fintech race. Though currently lagging, intra-European competitive dynamics could be affected by the Brexit process, which may exert pressures on both regulators and private actors. The financial centres of Paris and Frankfurt have actively courted financial services since the UK's 2016 referendum, offering 'passporting' services and prized single market access to Fintechs (Lavery et al. 2018, p. 20). The broader strategies of these two leading economies, and others, merit brief attention here.
Like Osborne, French ministers and authorities have not been shy to admit that they are runners in the race (Lavery et al. 2018, p. 20), though strategy has manifest differently in Paris. France's innovation hub includes dedicated teams at both the Banque de France and Autorité des Marchés Financiers (AMF). However, rather than focusing on formal sandboxing, France has instead established physical infrastructure in the form of 'incubators' in strategic Parisian locations, in partnership with but not formally part of regulators themselves. The central bank has established Le Lab, an incubator space on its premises exclusively dedicated to experimentation and bringing together diverse stakeholders (Banque de France 2019). Another major flagship incubator project, Le Swave, is dedicated to Fintechs and supported by a mixture of public and private institutional partners. These include public agencies, banks, researchers and Le Lab itself. Le Swave was launched as part of the government's broader start-up agenda and explicitly offered funding for relocation (Boland 2018). The remit of AMF's 'Fintech, Innovation and Competitiveness' team explicitly includes making Paris an attractive destination for investors. AMF has signed 'memorandums of understanding' with leading countries such as Canada, Taiwan, Hong Kong and Singapore (Interview 2019a). However, "there is a huge question of information sharing" between regulators, which limits the extent to which countries such as France can interact with partners, preferring instead informal networking processes, such as organised events and conferences (Interview 2019a). As a French regulatory official stated, "on the horizontal level, the collaboration is nascent and everybody is trying to understand if we can do more than just sign an MoU or organise events" (Interview 2019a Equally, Germany's innovation hub is run through the federal financial supervisory authority, BaFin. It provides regulatory information for different subsets of Fintech but has notably been less activist than both France and the UK in its approach towards reaching out to Fintech firms (Dorfleitner et al. 2017). Frankfurt has also invested in physical infrastructure, in the form of its TechQuartier space, which is partnered with Deutsche Bundesbank and is comparable to Le Swave.
While sandboxing and hubs represent an active pursuit of private partners on the part of the UK and other jurisdictions, other countries have taken alternative strategic approaches. In 2016, Switzerland adjusted a longstanding banking law to relax Fintech licensing for deposit taking firms that do not lend to customers up to the value of CHF100m ($100m), effectively lifting the threshold at which regulators must involve themselves. This was designed to make it easier for blockchain and cryptocurrency firms to establish themselves (Labbé 2016), and helped the Swiss Financial Market Supervisory Authority (FINMA) become the first regulator to officially license 'crypto banks' in 2019, while at the same establishing strict anti-laundering rules (RT International 2019). Though the banks in question are not yet fully licensed, this is an example of another approach to attracting market entrants in specific fields. It demonstrates that outreach facilitators are but one of a broader array of policymaking tools to attract investment.
Under conditions of substantive uncertainty, we have seen that untested new technologies have led to a process of competition and fragmentation rather than centralisation and standardisation, as predicted in hypothesis 10. However, subsequent attempts to establish bi-or multi-lateral networks are at a more embryonic stage, and are not readily identifiable across Europe. To date, the imperative for horizontal collaboration appears secondary to states' unilateral desire to establish a strong footing in the global race.
Concomitantly, the EU has yet to establish anything approximating comparable outreach programmes of its own. However, European institutions have not been entirely inactive in this area. ESMA and the EBA had both been collecting relevant data in a purely monitoring and advisory capacity in fields such as cryptocurrency and crowdfunding since 2013-2014, prior to the emergence of the national authorities' facilitator programmes. In March 2018, the European Commission published its more comprehensive 'Fintech Action Plan', which established some progressive objectives for EU institutions while also concluding "the case for broad legislative or regulatory action or reform at EU level at this stage is limited" (European Commission 2018, p. 4). As such, proposed actions in the plan largely eschewed the establishment of new specific regulations or institutions in favour of a process of mapping the private and regulatory landscape, establishing guidelines and best practices, and reviewing the impact of related regulatory frameworks such as the General The 'Action Plan' does also mandate that European authorities monitor national hubs and perform a coordinative role, but at present this amounts to 'interested observer' status rather than that of an active participant, shaping national strategies.
On the specific issue of facilitators, the Commission focused squarely on establishing best practices through competent national authorities. The ESAs published a report on this subject in January 2019, citing three focus areas for future improvement: (1) consistency of facilitator design; (2) transparency of supervisory outcomes between firms and regulators; and (3) facilitation of cooperation with appropriate authorities, including consumer and data protection agencies (ESAs 2018, p. 6). However, the report also noted three areas of significant variation between hubs and sandboxes: (1) modes of interaction between regulators and firms, such as personal versus digital interactions; (2) the nature of advice provided, binding versus non-binding; (3) record-keeping and disclosure of regulatory outcomes, from the publication of frequently asked questions and, in some cases, nil disclosure. Though innovation hub and sandbox models may be similar by design, these disjunctures clearly reflect a lack of horizontal collaboration or formal cooperation. Currently, hubs and sandboxes are adopting different methodologies, unsurprisingly sharing different regulatory guidance and withholding data on their interactions with industry. This bodes ill for future reconciliation or standardisation at the European level. Equally, though an 'EU network' is mooted as a potential solution to this, the report is clear that this would be ESA-led and there is no mention of any integration of powers. Moreover, though ESAs are starting to accrue certain limited competencies concerning responses on substantive uncertainty, no concrete steps towards outreach have yet been undertaken at the European level.
Taken together, then, the European landscape for facilitators currently chiefly reflects a pattern of fragmentation and competition. The UK has been a clear leader in this respect, both in Europe and globally, but has been closely followed by other countries both within and without Europe. The EU itself has taken steps to try to embrace this competitive dynamic while preventing deleterious fragmentation, but Brussels has to date not attempted to replicate such a proactive embrace of substantive uncertainty. Indeed, there is some appetite for further action among the Member States themselves in this respect. AMF Chairman Robert Ophèle (2019) has called for EU-wide regulations for non-financial instruments, such as crypto-assets, albeit based on the French strategy. This is reflective of the race to establish international standards in a national image in this brave new world of innovative non-financial instruments. Whether any European country will establish singular dominance in this area, and whether the EU ultimately reflects its powerful Member States' preferences or operates independent of them, remains to be seen. However, the prospects for standardisation of Fintech facilitators appear weak at present.

Legal Uncertainty: Purposive Interpretation by Regulators
Legal uncertainty arises where a given financial innovation is not clearly captured by existing legislation, but where it is introduced by already regulated entities or where it arises at the fringes of regulated activities as a corollary of regulatory arbitrage (Carruthers and Lamoreaux 2016). Generic terms for financial innovation -such as 'Fintech' -do little to disperse such uncertainty, even where they are referred to directly by EU documents, 9 since the term in fact relates to the use of technology by financial firms rather than a specific regulated financial activity. 'Fintech' does not appear in EU legislation nor as a distinct regulatory category, even in relatively recent handbooks of EU financial law (Armour et al. 2016). Authorities can respond differently to doubts as to whether a new financial innovation fits within the existing categories established by law both at the national and European levels. Such different strategies may depend on factors such as their role in the pre-innovation regime (Pacces 2010;Ford 2013). Legal uncertainty therefore, the second type of uncertainty we consider, may cause regulators across governance levels to diverge in their interpretations, resulting in a fragmented regulatory structure.
Authorities may respond to uncertainty about the legal nature of a financial innovation by extending an existing legal category to cover it. In fact, according to a survey conducted by the European Securities and Markets Authority (ESMA) in 2018, 60 per cent of Fintech firms identified in Member States fall under MiFID definitions (as 'investment firms'). 10 Other applicable EU regimes include: the Alternative Investment Fund Managers Directive (AIFMD), which regulates entities such as hedge funds and private equity firms; 11 the European Market Infrastructure Regulation (EMIR), which regulates central counterparties and trade repositories; 12 and collective investment firms (UCITS). 13 In cases where a given activity falls within the scope of regulation, designated competent authorities at national or EU level authorise, supervise and enforce the rules. When faced with uncertainty, regulators may seek to identify the regulated entity engaging with the financial innovation (e.g. a bank or an investment firm), with no bespoke regime developed to govern the specifics of the technological dimension (Interview 2019b). This subsequently extends the pre-existing regulatory structure to the financial innovation (hypothesis 11). Where such an interpretation is extended for EU level for example by ESMA, this reduces potential fragmentation which occurs if legal uncertainty is left unaddressed. Many financial innovations, however, do not fall neatly within nor even close to pre-existing categories. In such cases, evidence suggests that regulators at different levels may adopt divergent strategies leading to fragmentation of the regulatory structure and competition both between levels and within it. Specifically, they may adopt different legal interpretations in the face of legal certainty with a view to attaining their distinct regulatory or institutional goals. The example of competition for the prevailing definition of 'cryptocurrency' in the EU provides an example of this dynamic.
So far there is no distinct EU regulation of crypto-assets, which has led to legal uncertainty as to how they should be treated for the purpose of prudential regulation, tax and anti-money laundering legislation. EU regulators have adopted interpretations which extend the existing legal categories of financial instruments -to the extent possible -to crypto-assets in order to safeguard the objectives of legislation, such as financial stability or integrity in the markets. ESMA has used the financial instrument definitions under MiFID to apply existing rules to retail transactions involving cryptocurrencies. 14 Specifically, ESMA has held that some crypto-assets may fall within the scope of 'transferable securities' definitions under Art. 4(1)(44) MiFID2, noting however that such an interpretation excludes crypto-assets which have payment-like qualities, such as Bitcoin. Such a broad interpretation pursued by ESMA allows for an extension of EU centralised frameworks to the specific Fintech activity, with the corollary expansion of the scope of centralised regulatory structure. In such cases, EU agencies further facilitate supervisory convergence across the internal market when issuing further guidance and advice to national authorities.
At the same time, some national authorities have adopted different interpretations of cryptocurrencies under their tax code -leading to horizontal competition for such financial innovation between Member States. As under conditions of substantive uncertainty, here their strategy can be explained by a desire to pursue economic competitiveness and a wish to attract innovative Fintechs into their jurisdictions, for example by exempting cryptocurrencies as a financial asset in this context, elaborating bespoke arrangements to regulate taxation of crypto-trades. 15 Such uncoordinated new rules as a response to legal uncertainty have resulted in fragmentation. However, where legal uncertainty is addressed in a differential way by the national regulators, centralisation may still occur through the activity of EU courts. Specifically, the Court of Justice (CJEU) may be asked to resolve distortions in the internal market arising from such fragmentation. In the case of cryptocurrencies, in fact this was precisely the question asked in the context of applying the VAT Directive. 16 The Court has resolved the legal uncertainty by interpreting the scope of EU law so as to encompass the financial innovation in this case. The judges held that transactions which consist of an "exchange of traditional currency for units of the 'bitcoin' virtual currency and vice versa, in return for payment of a sum equal to the difference between, on the one hand, the price paid by the operator to purchase the currency and, on the other hand, the price at which he sells that currency to his clients, constitute the supply of services for consideration" and therefore transactions in Bitcoin fall within the scope of transactions on which VAT has to be paid pursuant to EU law. In so doing the CJEU rejected the arguments of the Swedish Law Commission which argued that transactions in cryptocurrencies should be exempt from VAT payments to the extent that they constitute means of payment. Such litigation at the EU and national level shows that though centralised agencies, notably ESMA, may seek to respond to legal uncertainty by broadening existing rules, any unresolved legal uncertainty will bring about a fragmented regime, where legal classifications in other areas of law adopted by national regulators diverge. In other words, different statutory interpretation strategies pursued at a centralised level by ESMA (i.e. a majority of EU national authorities) and a decentralised level by local supervisors result in a fragmented regulatory structure in the face of uncertainty concerning the legal nature of Fintechs. Though the EU courts have had to grapple with the question of extension of specific legal concepts to innovations such as cryptocurrencies (namely 'services' and 'activity linked to the issuance of electronic money'), 17 they have not been able to answer the question in a consistent way and there has not yet been a review of ESMA's treatment of cryptocurrencies under the existing MiFID regime (Gikay 2018). Unresolved legal uncertainty leads to fragmentation by provoking centralised and decentralised authorities to pursue different strategies, even when the existing regulatory structure is extended to the financial innovation.

(Un)certainty about EU Public Goods
When dealing with financial innovation regulators must deal not only with legal or substantive uncertainty about the nature of a new product, but also its possible effects on general public goods already protected by law. Doubts or lack thereof as to the negative externalities which innovation may have on such public goods results in different regulatory strategies adopted by the regulators -subsequently leading to different regulatory structures (centralised, decentralised or fragmented). In this section we consider the response of regulators to financial innovation which affects general public goods protected at EU level, such as privacy or market integrity. Specifically, we show how regulators develop their strategies in the face of dangers which a given financial innovation may pose. We distinguish such specific 'effects-based' uncertainty from types of uncertainty linked to legal or substantive doubts in the light of prominence of new objectives which have emerged in regulation in the aftermath of the global financial crisis. Such new EU legislation covers a number of European public goods to be protected given the societal impact of financial instability. New rules not only seek to ensure adequate management of systemic risk, 18 they also identify new public goods where delivery must be ensured, for example the integrity of the market system. Further, public goods protected in the context of financial regulation are not limited to sector-specific risks, but extend to cross-sectoral public goods, such as security (pursued via anti-money laundering laws (AML) 19 ) or privacy (data protection rules (GDPR) 20 ). If such public goods are already regulated at EU level, this necessarily entails a regulatory structure, for example one which is decentralised in the case of AML.
Prior to the crisis, societal externalities were insufficiently incorporated into the regulatory framework, but in its aftermath regulators became more attuned to these risks. Consequently, when faced with a financial innovation, they no longer assess it purely from the point of view of impact on systemic stability, but increasingly also from the perspective of other public interest objectives (Black 2012).
Where an incidence of a given financial innovation activity on such general public goods is identified, this provides an avenue for an extension of existing rules thereto -even in the light of legal or substantive uncertainty described above. In other words, even for certain types of Fintech activity where legal and substantive uncertainty leads to a fragmentation of the regulatory structure, certainty about the risks they may entail for public goods, can lead regulators to extend such existing public goods regulation to cover the innovation. Evidence of such causal mechanisms can be found in two Fintech areas where new rules governing technological innovations were established by regulators at both national and EU level in the context of rules other than sector-specific prudential regulations, namely cryptocurrencies and cloud computing. In the case of cryptocurrencies, first binding EU regulations have been adopted in the area of anti-money laundering legislation, which regulates 'virtual currencies' with a view to preventing their use for criminal purposes. The framework for financial innovation in cloud computing, meanwhile, is subject to the GDPR and guidelines of the European Data Protection Supervisor constitute one of the first legal documents of EU bodies governing this type of innovation. Developing a causal argument linking certainty about the incidence of a given financial innovation on a public good protected by generally applicable EU rules requires identifying the process through which regulators acquire knowledge (overcome uncertainty) about the effects of financial innovation.
In the first place, regulators may acquire certainty in exercising their general mandates for the monitoring of emerging market trends and risks (Minto et al. 2017). EU agencies and ESMA in particular, with regard to financial services, have a general competence for market monitoring. However, when such risk monitoring is carried out by EU agencies they are constrained by their specific mandates. ESMA, for example, assesses financial innovation such as cryptocurrencies in terms of financial stability, orderly market conduct and investor protection (ESMA 2018). There is evidence, however, that a political mandate may be given to EU agencies to explore the possible effects of a given financial innovation on EU public goods. For example, when the European Commission presented its action plans which outline EU activities in the area of financial regulation, these required European agencies to assess the causal links between innovation and money laundering. The 2018 Fintech Action Plan mandates European Supervisory Agencies to develop specific proposals or reports (for example, concerning formal guidelines on outsourcing to cloud services), placing requirements not only in the context of existing competences of the financial regulators, but also other pieces of EU legislation protecting specific EU public goods (such as privacy) under the GDPR. The European Commission in fact states there that: The General Data Protection Regulation and the Anti-Money Laundering Directive provide fundamental safeguards for the protection of personal data and the integrity of the EU financial system against money laundering and terrorism finance. and The GDPR creates a genuine single market for the free movement of personal data at a high level of personal data protection. Fintech shall be fully compliant with applicable personal data protection rules. (European Commission 2018) The European Commission, however, has been guided in such cases by both Member States and the European Parliament, supported by evidence from financial regulators such as the EBA and the ECB (ECOFIN 2016;European Parliament 2016). Such consensus around the need to develop an EU-wide regime to reduce money laundering by introducing EU rules on cryptocurrencies informed EU agencies in their calls for a bespoke cryptocurrency regime. For example, in February 2019, ESMA substantiated its recommendation for regulation of initial coin offerings and crypto-assets by specific reference to AML rulebook. Specifically, though ESMA already created its own rules for crypto-assets under the existing MiFID provisions in the light of its investor protection mandate, presumably given the early success in introducing general (not temporary) rules for crypto-assets under AML, strategically the EU agency considered a general EU public good (security, market integrity) a more forceful reason for EU regulation than purely sectoral objectives (such as investor protection) (ESMA 2019). Though the resulting regulatory structure is not yet fully centralised, certainty about the risk for the provision of Such a precautionary approach can be explained by the global financial crisis, the consequences of which made regulators more attuned to the emerging risks relating to activities which have proven particularly welfare-decreasing, such as financial instability and money laundering. Further, such an embedding of regulatory action in broader objectives pursued by the EU is not without strategic merit. As Member States have already agreed to protect such specific EU public goods, extending these rules to new financial innovations allows the bypassing of the lengthy process of developing a bespoke regulatory structure. In the case of cryptocurrencies, uncertainty of regulators about the impact of such financial innovation on EU public goods (security) is overcome through a specific mandate emerging from political processes. The regulatory structure applied subsequently is identical to that in the general EU regulation.
However, certainty about the incidence of a given financial innovation on an EU public good may as well arise in the context of work carried out by agencies which are not sector-specific. Such EU agencies created for the protection of EU public goods may have the tools to identify the specific risks which financial innovation may pose to society quicker and more precisely than sectoral regulators. One example here is the regulation of cloud computing, for which there is no harmonised rulebook at EU level, and where the first EU body to develop a set of rules has been the European Data Protection Supervisor -the EU institution's controller, whose mandate extends as well to acting as an advisory body in EU legislative processes (EDPS 2019). EDPS in particular focuses its attention on monitoring the emerging technological risks related to data processing innovations. On 16 March 2018, EDPS issued guidelines on the use of cloud computing services by the European institutions and bodies -even though no specific regulation of this activity is in place at EU level (EDPS 2018). The guidelines were developed specifically as a response to queries by EU institutions and developed following a stakeholder and expert consultation process (Interview 2019b). The scope of the guidelines concerns only the use of cloud computing by EU institutions; however, the principles may in principle inform approaches taken by other data protection regulators.
This evidence suggests that certainty about a given technological innovation's incidence on the delivery of specific (EU) public goods protected under a EU general rules, allows EU financial regulators such as ESMA to take centralised action (or for the European Commission to require such action from European agencies). As hypothesis 12 holds, when EU regulators have certainty as to the incidence of a given financial innovation on a public good -attained via a political mandate or regulatory expertise -they will extend the existing structure to the new activity or instrument. As a result, the pre-existing general regulatory structure will be replicated for the innovation.
Consensus attained already by member states in the context of such specific EU public goods regulation explains the limited resistance among national regulators to such centralising strategies. Conversely, where the incidence of a given financial activity on a public good is not certain, regulators will be less willing to regulate such innovation at the European level, much less centralise the regulatory structure.

Little Uncertainty: Regtech
Finally, we explore the impact of innovation which is explicitly designed to decrease uncertainty facing regulatory structures. We consider the response of regulators to innovations which increase the information available, often described as 'Regtech' -that is, the application of technological innovation for compliance purposes. Previous sections have shown that financial innovation generally creates uncertainty for financial regulators at the national and EU levels to the extent they elude existing legal and business structures or raise concerns about the (possible) societal negative impact. However, there are also innovations which operate in the opposite direction, namely they reduce information asymmetries between the market and the regulators by increasing certainty about the levels of compliance with existing rules by regulated financial firms in the market through technological solutions. As this section will show, such technologically-enabled advances not only reduce uncertainty for supervisors, facilitating centralisation through convergence where harmonised rules apply. Even further, in the context of increasingly granular regulatory requirements and progressively increasing use of technology the regulators themselves ('Suptech'), reducing uncertainty through technology has more general centralising effects and an impact on general market oversight functions and regulatory approaches. In this section, we explore how national and EU regulators respond to the reduction of uncertainty about the market offered by technological innovations in data reporting and analysis explore the consequences for regulatory structures. The principal way through which post-crisis regulation has sought to prevent another financial meltdown has been an increase in the reporting obligations of regulated institutions. Increasing transparency and disclosure of all stages of transactions has been the very objective of post-crisis EU regulations, and MiFID in particular. The new rules specifically seek to reduce asymmetry between market participants and regulators. The reporting compliance burden has been put in place at a time when the developments in data science allow for new ways of collecting, processing and reporting of data. To respond to such market demand, new technologies emerged, and private enterprises specialising in facilitating data collection and processing for compliance, known as Regtech (Arner et al. 2017, p. 383;Micheler and Whaley 2019). As a result, Regtech firms are heterogenous groups: they comprise a variety of services including account verification, general compliance, monitoring and risk analysis (Virtual Capitalist 2019). They also employ a variety of technologies to this end, including data analytics, AI, machine learning and new interfaces. Regtech allows for greater agility, timely reporting, speed and integration, analytics and management information by the supervised entities. With improved accuracy of reporting better compliance can be achieved (Anagnostopoulos 2018, p. 14).
Regtech has facilitated processes of change in the regulatory relationship by making data point reporting and analysis simpler, cheaper, more efficient and timely -it therefore reduces uncertainty about compliance with the regulatory structure. Before such advancements the supervisory relationship was characterised by significant asymmetry and a time lag between market and supervisory action. In the EU context, such technology-facilitated reporting implies greater certainty about compliance with EU rules, especially for cross-border transactions. However, different Member States observe different levels of Regtech development as a result of varying levels of resource availability, regulator encouragement or in fact regulator digitalisation (Interview 2019b). In jurisdictions where Regtechs are more popular, better quality of information could allow for greater automaticity of regulatory action, if adequate procedural safeguards are in place (Arner et al. 2017). Such regulatory solutions are now employed in pilot programmes in some EU jurisdictions, most notably in the UK where the FCA has been running pilots related to digital regulatory reporting, by translating regulatory requirements into machine readable and executable regulation (FCA 2019d). To the extent that the FCA is a frontrunner in this respect, this confirms the hypothesis that resource-rich supervisors are more willing to use new capital intensive and risky technologies. Though for the moment there is little evidence of greater automaticity being employed at centralised level, ESMA's role as the gate keeper for regulatory market data, coupled with its mandate to facilitate convergence of supervisory activity has meant the EU agency has privileged information about the Regtech (or Suptech) developments across EU jurisdictions, even as different solutions continue to be tested out at national (decentralised) level (Armstrong 2019).
However, Regtech's role in decreasing uncertainty has also been deemed to warrant harmonisation. In the absence of national regimes, a new EU regulatory structure has been established where there have been specific concerns raised by Regtech companies, including with regard to meta-risks (such as data protection) and traditional financial sector problems such as conflicts of interest (Micheler and Whaley 2019). A subset of companies which employ Regtech technology have already been regulated at EU level under Art. 59 MiFID 2, that is the data reporting services providers (DRSP). These entities will be now supervised for the first time at EU level as they were mostly where Regtech allows for greater certainty about compliance it reduces the arguments for centralisation of direct supervisory authority (e.g. forbearance) -an argument which has been raised by national authorities. Regulation of Regtech companies under MiFID as a response to their role in reducing uncertainty supports the hypothesis that the provision of Regtech services would lead to centralisation of the EU regulatory structure -in this case over the new technological service providers. However, since the adoption rates of Regtech are uneven, and compliance functions and regulatory structures are not technology neutral, the resulting regulatory structure could also be fragmented. This is as the adoption of uncertainty-reducing technology alters the relationship between the regulated firm and the regulator (including through the potential for greater automation).
Furthermore, reducing uncertainty and information asymmetry through technological innovation is not neutral from the point of view of the regulatory structure since it affects centralised and decentralised regulators differently. Specifically, the use of information technology in regulation triggers a shift of the regulatory paradigm from one oriented at using data for ex post verification and enforcement of compliance, to one which is ex ante data-driven, where standardisation and real-time analytics play the defining role (Anagnostopoulos 2018; Berner and Judge 2019). As a result, centralisation occurs within the regulatory structures where data-collection and aggregation facilitated by adoption of supervisory technologies (Suptech) leads to centralisation by increasing information asymmetries between the ESMA as the data gateway and the national regulators.
The enhanced ability of regulators to process and extract data from supervised entities and the market leads to what has been called 'data-driven supervision' as a new regulatory strategy (cf. Black 2015;Berner and Judge 2019). Under this model the distribution of tasks within the regulatory framework is altered: what matters is not who takes the decision vis-à-vis the regulated entity, but who decides the standard for data points to be collected, the technology for data analysis and the language (code) which determines the inter- operability between various regimes. In other words, even if the regulation and distribution of competences within the regulatory structure do not change formally, the increasing importance of data as a focal point of regulation changes what it means to take a regulatory decision. Further, the data aggregator -even if not fully competent for taking supervisory decisions -simply becomes better informed (Arner et al. 2018). As a result the regulatory structure centralises due to two factors. First, since data-orientation in a cross-border context begets standardisation, in a highly rule-based system with limited discretion, decisions relating to standard-setting determine the regulatory decision. Second, centralisation in the light of the new 'data gateway' function of ESMA. Such dynamics can be observed in the example of the changing role of ESMA in data-processing under the MiFID rules (Moloney 2018, p. 133). The EU MiFID rule book for financial markets is heavily reliant on granular data requirements. Information, meanwhile, is the 'lifeblood of finance' (Berner and Judge 2019). This means that even when enforcement and decisions (i.e. challengeable acts taken vis-à-vis the regulated entity) are decentralised, rule-setting decisions become relatively more important in a data-driven regulatory paradigm where technology enables real-time monitoring. Furthermore, setting the standard of information reconciliation (i.e. harmonising how information about cross-border trades can be exchanged) becomes a tool for harmonisation even where such an objective is not directly prescribed under the regulation. This is specifically the case of ESMA's work on data reconciliation for two-sided reporting requirements, where the supervisory difficulties and national level with exacting the regulatory requirements have led ESMA to develop a specific messaging system (ISO 20022 XML) which will allow standardised processing of data by authorities (Risk.net 2019). Such (centralising) innovations are developed by ESMA on the basis of already existing infrastructures, operational processes and formats, where the agency has direct competence for centralised oversight (namely with regard to trade repositories) under MiFID. 21 Standardisation in data reporting meaning sets the standards of interoperability -that is how different national systems are to understand each other and use the data. As a result the regulatory structure is integrated via the data reconciliation practices developed by EU agencies with regard to new technological reporting standards. There is no evidence of such standardisation being driven 'bottom up' by national authorities, since they would not have the competence to impose their own standards on other national authorities in the EU. ESMA's capacity to set standards is, however, facilitated by its material and non-material resources (hypothesis 13.2).
It is not merely, however, the role of ESMA in standardisation of data-collection and interoperability which is proven to have a centralising effect. Centralisation occurs as well with ESMA becoming 'a data gateway', which means in essence that though the uncertainty of the regulators about the Agnieszka Smoleńska, Joseph Ganderson and Adrienne Héritier -9781839101120 Downloaded from Elgar Online at 08/19/2020 01:06:39AM via free access market is decreased as a result of the greater precision in reporting enabled by technology, where such market information is aggregated at EU by ESMA, a new type of information asymmetry arises: that is between national regulators who have only part of the picture and ESMA which can base its regulatory decisions authoritatively on the basis of holistic information spanning the entire internal market. 22 Technology-enabled data analytics have already allowed ESMA to combine various databases compiled using data from different national supervisors and supervised entities received pursuant to MiFID II and EMIR. The centralising effects of such asymmetry are reinforced by a general shift towards novel regulatory policy modelling tools and the data standardisation already discussed, elaboration of new systemic risk tools, greater interoperability and integration of monitoring systems enabling first collaboration and data sharing, and the development of uniform compliance tools (Weber 2017). ESMA has already developed new technologies of combining and reconfiguring the data uniquely available to it. Greater use of advanced data analytics (supported by deep learning and AI) enables centralisation, as the authorities which have such aggregate data at their disposal are able to draw conclusions from such data far beyond their original scope. 23 Through complex data amalgamation, ESMA is further able to identify new emergent risks and deliver specific input into primary legislation, enabling greater reflexivity of regulation (Ford 2013;Anagnostopoulos 2018). As a result, even if it does not have the centralised competence for the implementation of a specific regulatory action related to the data point, ESMA -as the information gateway -is in a position to draw conclusions from a holistic overview of the market and identify systemic concerns and emerging risks. Such explorative empirical findings support the general hypothesis that Regtech's increased efficiency of information processing, resource-intensity and standardisation effects facilitate centralisation of the regulatory structure. However, they provide an alternative explanation as to the specific channel through which this occurs, namely through the transformation of the role of data in supervision of financial activity, and a replacement of market-regulator asymmetry with national regulator-EU-level data aggregator asymmetry.
There is evidence, therefore, of Regtech firms already having a two-fold impact on the regulatory structure. First, these firms themselves perform an activity which warrants distinct regulation as a result of the public-like role they play in ensuring compliance. Providers of Regtech services, that is private companies which use data analytics and IT systems to facilitate the fulfilment of reporting obligations by regulated financial activities, have become a separate regulated activity as their role in reducing regulatory uncertainty becomes a public function which warrants oversight. Where the levels of adoption of the Regtech differ, this may, however, result in a fragmented structure since reduc-tion of uncertainty for the purpose of compliance verification is not technology neutral in this case. At the same time, greater use of technology by supervisors at EU level may lead to centralisation by increasing the information asymmetry between the EU and national levels where regulators are endowed with different resources to implement digitised innovations and where advanced data analytics processing at EU level. As a result, centralisation could occur even in the absence of formal structural reforms.

CONCLUSION
This chapter has investigated how recent developments in digitised technological innovation in financial products and business models have impacted upon financial regulatory structures in Europe. We have argued that the degree of informational uncertainty given with a new financial instrument exerts a crucial influence on the way regulators react to new financial instruments introduced by Fintech. From this, we derived a number of hypotheses showing how variations in types and levels of certainty -substantive uncertainty, legal uncertainty, uncertainty regarding public goods and a technology based reduction of uncertainty regarding rule compliance -lead to specific regulatory reactions and regulatory structures. Most of our expectations are supported by the cases examined. Substantive uncertainty about a new financial product induces regulators to engage in the collaborative development of regulatory solutions in conjunction with Fintechs, resulting in competitive and fragmented regulatory structures. However, this is not immutable, and a second phase will see state-driven attempts to bridge regulatory regimes, across Europe and in strategic markets around the world. Given legal uncertainty, if an innovation is defined as a financial product, regulators will seek to incorporate it into existing legal provisions. In the case of MiFID2, this leads to centralisation at the EU level, and decentralisation at the national implementation level. If regulators are convinced that new products imply risks endangering EU public goods (data protection, privacy, security), they will use existing law protecting these public goods, resulting in a centralisation of provisions and a centralised regulatory structure if no discretion is left to Member States in the process of implementation. If regulators dispose of sufficient material resources to apply Regtech controlling the implementation of strict regulations in real time, centralisation will ensue. However, our empirical analysis reveals an additional factor leading to a centralisation of regulatory structures that was not conceptualised ex ante: the importance of governing masses of trans-border data and the need to reconcile the use of these data by a supranational authority, in our case ESMA. This data gatekeeper function leads to an informal de facto centralisation, independent of formal regulatory structures. and templates for data reporting. 22. "The fact that Europe was able to put together a centralised, fully open, publicly available and accessible system for the reference data of financial instruments is quite an achievement. The fact that Europe is now able to collect data from more than 200 trading venues on a daily basis, consolidate information on each and every financial instrument, and make that data publicly available is unique" (Risk. net 2019). 23. "For example, if we think about clearing obligations under Emir, those classes of OTC derivatives which fall into the clearing obligation would have been identified and prescribed on the basis of our analysis of EMIR data" (Risk.net 2019).