The regulatory framework, which had been extensively overhauled in previous years by the entry into force of several particularly significant regulations, such as the European Market Infrastructure Regulation (EMIR) on central counterparties (CCPs), the Central Securities Depositories Regulation (CSDR) and the second Payment Services Directive (PSD2), has been clarified by various technical standards and supplemented on several points. In the case of CCPs, these additional provisions concerned, firstly, the supervision of third-country central counterparties – in light of Brexit, the objective being to increase the powers of the European authorities over CCPs deemed systemically important for the EU – and, secondly, the applicable framework for recovery and resolution, in order to incorporate into European Union (EU) law the principles adopted by the Financial Stability Board (FSB) in this area. In addition to CCPs, in line with the relevant principles of the CPMI and the IOSCO, and in a context of increasing threats, the Eurosystem has also clarified its expectations regarding the monitoring of cyber risks faced by market infrastructures under its jurisdiction. In the area of retail payments, the primary task was to implement PSD2, which came into force in early 2018, in particular its security aspects, and especially in light of the work of the Observatoire de la sécurité des moyens de paiement (OSMP - Observatory for the Security of Payment Means). Finally, in the wake of the work carried out by the G7 in 2019 under the French Presidency and then by the FSB, in late 2020, the European Commission published a legislative proposal on the regulatory framework for crypto-assets, as part of a legislative package on digital finance. The INTRODUCTION negotiation phase that has begun will refine the substance of the proposed measures as necessary, but in any event the process constitutes a major development that will enable the EU to meet the challenges of new technologies.
The Banque de France’s supervisory actions have focused on three main areas.
- The first priority was – and remains – the continuing assessment of market infrastructures’ compliance with the laws that apply to them. The analyses conducted on this issue provide an overview of all risks to which they are exposed (financial, operational, cyber, etc.), as well as the mechanisms in place or the measures taken to prevent these risks, and ultimately serve to ensure both their robustness and their performance.
- The second, in the field of cashless means of payment, focused on a series of actions designed to enhance their security, whether by providing support to the financial community – supplemented by individual monitoring – for the gradual implementation of strong customer authentication or by analysing the security measures taken by issuers of means of payment.
- A third priority in 2020 was closer monitoring of both market infrastructures and players in the retail payments chain to ensure their resilience in the face of the operational and other risks created by the COVID-19 pandemic on their information systems and organisations – and it is clear they have been able to cope with them.
