Big Data, Innovation & Regulation in Finance: Finding the right balance!

Published in 
CEPS - Centre for European Policy Studies, 1 Place du Congrès/Congresplein, 1000 Brussels
The pace of data-driven innovation is accelerating in financial services. The promise of benefit for both firms and clients will become reality as long as the right policies and enablers are in place. To help meet that challenge, CEPS, ECRI and ECMI are jointly organising their Annual Conference on “Data, Innovation and Regulation in Finance: Finding the right balance!”.
Given the significant impact of digitalisation on all types of products and clients, the objective of this conference is to provide a platform for the exchange of good practices across the various supervisors and providers of financial services, thereby contributing to greater regulatory consistency across the different segments of financial services. As such, the scope is relatively wide and intends to include retail financial services (credit, savings and payments), as well as investments and insurance. The programme features key stakeholders in the financial services sector and high-level representatives from the European institutions, national authorities, the financial industry, FinTech start-ups and academia.
The conference will first explore the interplay between data privacy rights and financial innovation. It will then discuss the potential benefits, risks and challenges for robo-advisors and the capacity to progress from niche markets to the mainstream. The debate will also explore how policy-makers could further help financial firms better protect critical data against increasingly complex cyber-attacks.  Finally, the conference will place some focus on the Payment Service Directive 2 and what it implies for banking.

08:45  Registration

09:15  Opening remarks

09:20  Opening keynote address  by Willem Debeuckelaere, Belgian Privacy Commission

09:50  Session I - Privacy rights and financial innovation: Finding the right balance

The General Data Protection Regulation (GDPR) and ePrivacy went into effect on May 25th to address specific risks that can be triggered by the increasing use of personal data for the purpose of innovation. The focus has been placed on the rising risks related to discrimination and data privacy. While these new rules should raise IT innovation for compliance purposes (notably through RegTech innovations), some of their main provisions are sometimes perceived as an obstacle to specific forms of financial innovation. In particular, could the “right for consumers to be forgotten” undermine the integrity of certain algorithms? How and to what extent can the right to demand that a live human being (as opposed to a computer) review and explain an algorithmic decision impede automation of certain processes using machine learning? More generally, could the legal uncertainty resulting from unclear provisions impede innovation? In the end, how to enhance innovation in finance, whereas ensuring that privacy rights are well preserved?

Keynote address by Birgit Sippel, European Parliament


  • Beverly Sawyers, American Express
  • Florence Raynal, CNIL
  • Martin Schmalzried, COFACE
  • Nabil Hbali, Ingenico Group

Moderated by Sylvain Bouyon, ECRI/CEPS

11:15  Coffee break

11:30  Session II - The reality of robo-advisors: Business models, investor protection and supervision

The actual and anticipated growth of robo-advice has attracted considerable attention from industry participants and policy-makers. Many firms have entered the market in recent years, mostly based on passive investments/ETFs, with the promise of positively impacting retail investors (reduced costs, improved access to advice and better product choices). They could also benefit from attracting greater interest on the part of certain categories of institutional investors. Nonetheless, flaws in the algorithms, mis-selling risks and privacy and data protection concerns could negatively impact their take-up. Once a robo-advice tool qualifies as investment advice or portfolio management, the provider has to comply with the provisions of MiFID II, in particular the requirements related to suitability.

Keynote address by Mady Delvaux-Stehres, European Parliament


Moderated by Karel Lannoo, ECMI/CEPS

13:00 Lunch break

14:00  Session III - Cybersecurity in finance: Getting the policy mix right

Cyber-attacks are growing in sophistication, requiring prompt and effectively managed responses. All financial firms are exposed to cyber risks, in particular those that have grown through acquisitions and need to absorb legacy IT systems. Also, as they are undergoing a profound digital transformation, financial firms are adjusting their processes and integrating new types of technologies. The learning processes inherent in these changes pose significant challenges to cybersecurity as well. While EU and national policy-makers are gradually creating the necessary conditions to tackle cybersecurity risks in financial services, numerous policy issues remain unresolved. In particular, can reliable macro-data be produced on cyber-attacks? How can we build an efficient and reactive framework for reporting cyber incidents? What are the main pillars of the preventive approach? Will we be ready when the “Big One” strikes?

Keynote address by Udo Helmbrecht, ENISA


  • Mark Bannon, Zurich Insurance
  • Giorgio Cusmà Lorenzo, Intesa Sanpaolo
  • Ilias Chantzos, Symantec

Moderated by Richard Parlour, Financial Markets Law International

15:30 Coffee break

16:00 Session IV – Payment services, Fintech and data flows: What to expect? 

The new Payment Service Directive 2 (PSD2) and its Regulatory Technical Standards (RTS) require banks to open APIs to Third-Party Providers (TPPs) in 2019. The early start jumps the EU ahead of its U.S. and Asian competitors. It will allow start-ups to use these APIs to link their innovations with traditional bank accounts. Regulators hope this move will drive competition between banks, tech giants and start-ups, opening up the market and providing new innovative and trusted payment services for small businesses and individual users. The reform should encourage banks to reinforce their IT infrastructure, allowing consumers quick access to these new services with a few simple steps. Several key questions remain unanswered. What data is required? How much data is enough? What is the interplay between PSD2 and GDPR? What standards should be implemented?


  • Jean Allix, BEUC
  • Krzysztof Zurek, European Commission
  • Ralf Ohlhausen, PPRO Financial
  • Bernie McKay, Intuit
  • Chirag Patel, Santander

Moderated by William Echikson,  CEPS

17:25  Concluding remarks

17:30  End of the conference