CHAPTER 2
Overview of Financial Services Regulation
2.1 Types of Regulation
Regulations are about addressing market failures. There are a number of market failures in the financial services space, and it is useful to classify the different strands of regulation according to the market failure that they are meant to address (see Figure 2.1).
FIGURE 2.1 Types of Regulation
- Prudential regulation. Micro‐prudential regulation addresses the issue that single institutions have incentives to take excessive risks, and macro‐prudential regulation addresses the same issue for markets as a whole; many of them have a tendency to operate in destructive boom and bust cycles.
- Market structure regulation. Market structure regulation addresses the issue that markets are not operating optimally, eg because of asymmetric information.
- Conduct regulation. Conduct regulation addresses the issue that customers are not able to properly assess the respective risks and rewards of financial products, and that they can't see ahead of time who'll treat them fairly once they are tied in.
- Public interest regulation. Public interest regulation addresses the issue that the financial system can be used for illicit purposes, for example money laundering or terrorist financing.
2.1.1 Prudential Regulation
Banks, and more generally the financial system, are critical for the functioning of an economy, so ultimately authorities will always step in once a critical solution develops. The knowledge of this fact feeds back into the behaviour of all actors involved. For example, shareholders of banks know that they'll get the upside of any risky investments the bank makes, but don't have to bear the downside below a certain level. They therefore have an incentive to invest the depositors' money as riskily as possible to benefit from this free option. If depositors are confident they will be bailed out by the state if things go wrong, they might not particularly mind. So as soon as there is a reasonable belief that the state will bail out failing banks and/or their investors and/or their deposit holders, there must be regulatory oversight to ensure that risks are kept at bay. The regulation that is meant to ensure the safety of financial institutions and financial infrastructure is commonly known as prudential regulation.
Within this prudential regulation, there are two strands, micro‐prudential regulation and macro‐prudential regulation. The former deals with the stability of individual institutions without considering their context, and this was the main focus of prudential regulation before the crisis. Up to that point it was widely believed that if all banks are considered safe, then the system can be considered safe as well. Since then, regulators have realised that this is not necessarily the case. To give an example, banks might choose to hold a portfolio of reasonably liquid assets in case they run into liquidity problems, and regulators might consider this sufficient, given the liquidity they see in the market. However, if many banks hold similar assets, and if there is a general liquidity stress, all companies might all try to sell those securities at the same time, and they might find that markets seize up. Macro‐prudential regulation is meant to discover and address those risks.
Micro‐prudential regulation
On the micro‐prudential side, regulators want to ensure that individual institutions are safe and well run. For banks, for example, the major prudential requirements are that:
- they hold sufficient capital to be reasonably certain that depositors and other senior liability holders don't suffer any losses in case of distress
- they hold sufficient liquid assets to be reasonably certain they will be able to repay obligations when they come due
- they competently assess, manage and mitigate all risks they face, including operational risks.
The last point includes business continuity planning. It is important that a bank failure does not interrupt the business for their customers. So even if a bank is in the process of winding down it must be possible for their customers to participate in the payment system, up to the point where their accounts can be transferred to a viable entity.
For players other than banks, the prudential requirements are very similar when their particular circumstances are taken into account. For example, for insurance companies all of those points apply. For funds, the main prudential requirements are that they have adequate risk management processes in place, that assets are properly segregated and are in particular not commingled with the management company's own assets, and generally that the fund's operations are safe. Finally, for payment systems and other infrastructure items, operational risk and in particular business continuity tend to be the most important requirements.
A key purpose of micro‐prudential regulation is to protect the customers of the business. This means that there is a priori no lower size limit below which it becomes less important: whether a bank is established in a single small town and serves a few hundred customers out of a single branch or whether it is a large national bank serving tens of millions of customers does not matter in this respect, as every single customer should be protected to the same level by micro‐prudential regulation. Regulation is meant to be proportionate; however, in many cases, the small banks have simpler products and processes, so the regulatory burden can be lighter.
There is an important carry‐over of this into the Fintech space: even if a start‐up has only a few thousand customers, to the extent that the start‐up offers products or services that are only offered by regulated entities, and unless it has been clearly agreed otherwise both with the customers and the regulators, those customers can expect the same level of protection as if they were a customer of one of the regulated businesses. It is therefore crucial for a Fintech start‐up to understand the regulations that apply to their regulated competitors. Also, for early‐stage Fintech companies there is a real risk that companies cease operations, so regulators expect contingency plans in place that allow for an appropriate level of business continuity.
Macro‐prudential regulation
Macro‐prudential regulation is about protecting the interconnected system as a whole, not individual players. Size matters here: macro‐prudential regulators will usually ignore an institution that has only a few thousand customers—or even a few ten‐thousands of customers for that matter—and similarly they are likely to ignore individual start‐ups if their business volume is insignificant in the overall scheme of things.
There are, however, a number of exceptions to this general rule. For example, in some cases there are many small players that are similar to each other or share resources, eg small credit unions serving local communities. Regulators will look for systemic risk among those, as well as single points of failure like centralised data or payments infrastructure. A similar example from the start‐up world would be bitcoin mining: even if miners were not as concentrated as they are now, systematic regulators would look at what could make the system fail, eg a reliance on mining pools, or central servers used to update the mining software, or coordinated attacks.
Also, growth and growth potential matters: in the old world of bricks and mortar finance, things changed slowly. This is different in the modern environment where markets can grow from insignificant to systemically important within a few years—see for example the development of CDS and securitisation markets in the early 2000s. We have not seen that in Fintech yet, but it has the same potential of massive growth when their service offerings become popular. Whenever there is massive growth, macro‐prudential regulators are worried, often with good reason.
For banks, the most important considerations are size and interconnectedness.
After the crisis, the Financial Stability Board has decided to identify Globally Systemically Important Banks (G‐SIBS), later renamed to Globally Systemically Important Financial Institutions (G‐SIFIs) that would be subject to enhanced supervision and increased capital requirements. It is usually not the core lending businesses that cause the regulators to worry about the systemic importance of the banks, but it is more their securities and derivatives trading businesses and how they connect to their peers.
Whilst banks are on top of the list when it comes to systemic risk considerations, they are by no means the only ones on it. Systemic regulators oversee all important parts of the financial infrastructure, for example the clearing houses, the major payment systems, and stock and derivatives exchanges. If systemic regulators pay attention to specific Fintech players in the next couple of years, then this is probably in that area rather than in areas like lending. For example, if start‐ups are directly or indirectly connected to a major interbank payment system then the regulators will want to be comfortable that the start‐up's systems are either secure enough or well enough insulated from the system not to be able to wreak havoc under any circumstances.
The toolkit of macro‐prudential regulators is mostly analytic—they collect and analyse data, and if they have specific concerns they ask for specific reports, or for stress tests under scenarios they are worried about. In their active toolkit they can ask institutions that they are systemically important to hold larger amounts of capital, and in severe cases they can also request that positions that they consider excessive are reduced in an orderly manner. Another important tool is living wills and resolution plans: for companies that are considered systemically important there must be a detailed plan as to how they can be wound down without risk to the overall financial system. It is similar to a business continuity plan but much more detailed, and it is created in close interaction with the regulators.
2.1.2 Market Structure Regulation
Market structure regulation is about making sure that markets are as close to being efficient as is reasonably possible. The main issue to address here is usually information asymmetry in its various guises. The argument is slightly subtle, however: in the real world, information is not free, but it costs resources to acquire, and those who spend those resources acquiring it should make an adequate return on their investment—after all, they contribute to price discovery. To the extent this price discovery works, the price in the market then is fair, and everyone buying or selling does so at this fair price. On the other hand, a market with too much private information—especially when this private information is concentrated with a small number of players—becomes unattractive to everyone who is not in possession of private information and liquidity dries up, to the point that the market possibly collapses.
So market structure regulation tries to address the situations where some participants are in a structurally superior position. For example, it outlaws insider dealing, ie, it makes it in many cases a criminal offence to trade a security when in possession of material non‐public information. Other regulations ensure that players do not have different access to key market information—for example that some players are not allowed to see orders significantly earlier than others, or also that companies must release information such as annual reports or ad hoc messages to all investors at the same time.
It also addresses natural oligopoly issues that often arise in financial services, in part because of regulatory moats. So in order to ensure competition, regulators can require access to key infrastructure on fair and non‐discriminatory terms, thereby allowing the smaller players to compete with the larger ones. An important example for such regulations is PSD 2, which requires banks—and other payment institutions, including larger Fintech companies—to provide their account query and payment API to other players, effectively allowing customers to substitute the large banks' electronic banking system with that of a third‐party provider or aggregator.
2.1.3 Conduct Regulation
Financial markets are at the same time important, and complex for many people to understand, with an added difficulty that many developments play out over a long horizon, which gives people less opportunity to learn from experience.
As an example let's have a look at savings deposits: there are a number of investments out there that look very similar to but more attractive than term savings deposits, for example bonds issued by those banks. Whilst the bonds might look similar, they can be quite different, especially when Tier 1 or Tier 2 capital bonds are involved—and many retail investors do not understand that difference. First, bonds are not usually covered by the deposit protection schemes, so if a bank defaults those bonds will suffer a loss. Moreover, this loss can be dramatically higher on capital‐type bonds, something that was not necessarily clear to the customer when they bought them. Those customers might simply have seen bonds offered by the same bank with attractive yields. Unless there has been a crisis recently, looking backwards does not help to assess the risks on those bonds, but, as many bond holders discovered in the crisis, this does not mean that those risks won't materialise in the future.
Conduct regulation is in place to ensure that customers are treated fairly. What this means depends on the exact regulatory regime in place—some are more protective than others—but the principle is that customers should be put in a position to make informed decisions with respect to their finances. For example, some jurisdictions might simply require customers to be provided with sufficient information, others might require the financial services company to ensure that their customers understand the information they have been given, others might prevent certain customers from acquiring in certain instruments entirely, and others finally might give companies the fiduciary duty to act in their customers' best interest.
A typical regulatory system divides the customer base into three tiers:
- private clients
- professional clients
- market counterparties.
The first tier are all those clients who do not operate in the financial markets in a professional capacity. This includes most retails clients, but also small and medium‐sized companies and public bodies etc. The second tier are clients who operate in the financial markets professionally and on a regular basis. For example, this would be the treasury operations of large and some mid‐sized companies, investment managers, insurance companies, etc. Note that this distinction is to be made on a by‐product‐class basis: for example, if a treasury operation is regularly engaging in forex hedging but rarely does interest rate swaps, then it might be considered a professional client when trading forex products, but a private client when trading interest rate swaps. The third tier are other financial institutions that are considered equal trading partners to the institution in question, not clients.
The difference between the tiers is the amount of consideration financial institutions have to give to their needs. In many cases, when dealing with private customers, financial institutions have to make an effort to understand the needs and circumstances of their clients, and must make sure that the products are suitable for them. They are also subject to very specific transparency requirements, for example they might have to produce key facts sheets that in easily understandable terms contain all major considerations important for the client to assess the product. For professional clients there will usually be no requirement to assess suitability, and the transparency requirements are more lightweight—for example, they might be expected to understand deals based on the term sheet and the deal documentation. Market counterparties finally do not profit from any specific protection, other than the usual commercial rules with respect to acting in good faith.
The classification is done jointly by the financial institution and its counterparty. Sophisticated clients have an interest to be treated as professional clients because it will allow them to deal on more favourable terms, and it will allow them to access a wider range of products and services. Financial institutions, however, cannot just take a client's declaration at face value and must make a reasonable effort to determine whether clients do indeed qualify for being in the professional clients tier in the areas in which they want to transact.
Direct conduct regulation also includes data protection and privacy rules that regulate what level of protection customers can expect by regulated institutions and their partners in this area. This is important as customers are not in a position to audit their provider’s systems and processes in this respect, and might not even be able to ascertain whether or not the protections provided in a company's terms and conditions are adequate.
2.1.4 Public Interest Regulation
Financial institutions' conduct is also regulated for the common good, for example for crime prevention and similar public policy purposes. The key areas covered with those regulations are the anti money laundering (AML) area, the combat terrorist finance (CTF) area, and the Anti‐Bribery Corruption (ABC) area, which includes the politically exposed persons (PEP) processes. More widely there is a cyber security and cyber crime angle, which means that there is also some overlap with data protection regulation that otherwise sits mostly in the conduct space.
For AML the issue is that criminals can use the regular financial system to launder the proceeds of crime, ie to make it appear that those proceeds come from legitimate ventures, which then allows them to benefit from this money wherever they please. In the ABC and PEP area the purpose is similar, except that instead of targeting crime the main purpose is to combat corruption, whether or it is criminal in the country in question, and also to support with politically motivated embargoes. The thrust of CTF goes in the opposite direction: terrorists might use the regular financial system to move around the resources that they need to prepare their activities.
All those regulations enlist the financial system as a deputy in the fight against crime, corruption, and terrorism, and also to support politically motivated actions, in particular embargoes. It puts a liability on each and any participant to be vigilant in this respect, including checking customer data against the numerous watch lists, and to profile the transactional behaviour where appropriate. The central element in all those processes are the Know Your Customer (KYC) rules: financial institutions must know their customers—and where necessary the ultimate beneficiaries behind their customers—to assert whether or not flows of funds they observe correspond to legitimate activities, and that the persons involved do not appear on any of the relevant lists.
The cyber security and cyber crime angles are independent from those discussed above, but the common denominator is that companies must perform some duties out of public interest over and beyond what they'd be doing out of self‐interest. For example, some companies might consider being hacked in some more unusual scenarios an acceptable risk when assessing how much to spend on systems security, whilst regulators—having the financial system and its customers in mind—might want companies to harden more against cyber attacks.
2.2 Strands of Regulation
Most financial services nowadays are regulated. This regulation has developed over time, and for practical reasons it has developed along the lines of the regulated sectors. So bank regulators would be in charge of applying bank regulation to banks, insurance regulators would be in charge to apply insurance regulation to insurance companies and so on. Even in the past this did not work entirely without hiccups, especially when industries restructured. For example, there was a trend towards universal banks or financial conglomerates, and the same company (or group of companies) might provide, say, banking services, insurance services, fund management, and brokerage. By and large that was not an issue as the different activities would be run out of different entities within the group, so the bank subsidiary would be regulated by the bank regulator, the insurance subsidiary by the insurance regulator etc. There are, however, group‐level effects: for example, banking and insurance subsidiaries might have common treasury operations, and/or rely on intra‐group funding which has to be taken care of at a group‐level. Also, one of the key reasons why companies would join into financial conglomerates would be the ability for cross‐selling, which means that ideally salesforces and IT systems would be joined up.
With Fintech we now have a slightly different dynamic in that companies tend to be ultra‐focused, at least to begin with. This focus could be a product focus, in which case the operations might fit neatly into one of the traditional areas of regulation. For example, a robo‐advisor would be regulated similar to an investment advisor, and for an app that allows friends to share bills some bank‐like regulation might apply (unless there is specific regulation in the payments space that recognises non‐bank payment services providers, as is the case for example in the EU). There are products that are more difficult to fit into existing categories, especially if they fit into some kind of market‐place category. For example, peer‐to‐peer lending or crowdfunding do not slot neatly into pre‐Fintech categories that did not really foresee individuals providing finance to each other on a large scale. Also, applicable regulations would be partly from the banking space (eg money laundering, consumer protection) whilst some would be from the market infrastructure space (eg the requirement to treat all customers equally).
The company focus could also be a customer focus. For example, a company could focus on providing a complete set of financial services to a very narrow set of customers. This company might focus on distribution, meaning that it would not create the products itself, but rely on partners—eg banks, insurance companies, asset managers—whose products it would white‐label and sell on to its own customers. Regulating this company like a financial conglomerate would certainly not be the way to go. On the other hand, solely relying on the fact that the backend product providers are regulated would probably not work either, as at least some of the applicable regulations (eg money laundering, data protection, conduct) are relevant for the front‐end provider as well.
Before we go on I want to illustrate this issue with a comparison of one product (a standard bank account) to two products that can be functionally very similar, but that belong to different regulatory universes (a money market fund and a gift card).
2.2.1 Regulating Products Versus Regulating Institutions
One fundamental issue when regulating a market is to decide what exactly should be within the regulatory scope and what should be out. To show that this is harder than it looks I want to give an example, looking at the savings account product.
Example: Current accounts versus money market funds
A current account is an account whose main purpose is to allow the owner to participate in the country's payment system—cards, cheques, transfers, ATMs—and to hold the funds necessary to do so. Many money market accounts allow for exactly the same benefits, albeit with a number of important differences:
- bank deposits are protected by deposit guarantee schemes; money market funds are not
- deposits are general liabilities of a bank that uses the funds for their overall balance sheet; money market funds are invested in specific high‐quality and highly liquid assets
- deposit accounts usually benefit from an overdraft facility, avoiding payments to bounce; money market funds don't.
Many of the securities that money market funds invest in are either banks' short‐term debt, or asset‐backed securities that in turn serve to finance loans. Therefore, overall the picture is very similar: customer deposits serve to finance loans to other customers, either via a bank balance sheet, or via asset‐backed securities. Also, if money market fund investors expect to be bailed out by the government—as they have been in the financial crisis—they might not care about the lack of deposit protection.
From a regulatory point of view banks and funds are very different, as they are subject to very different regulations. For example, banks have very strict guidelines on how much capital they have to hold against their lending, whilst there is no such requirement for funds. Also banks will be expected to contribute to some deposit protection fund, either ex‐ante, or ex‐post when an event has actually happened. This constitutes a regulatory arbitrage, as what is economically essentially the same product is provided with a very different level of regulatory requirements.
Example: Savings accounts versus gift cards
Now let's look at another common product, the gift card. Here a customer has purchased a card that can be used to purchase specific products, and/or in specific stores. In some cases the restriction might be significant, eg it might allow one only to purchase, say, music, or smartphone apps. However, there are less restrictive cards, eg those issued by department stores, that might give access to a large range of goods, including food and other everyday items. Those cards are almost as useful as cash, or as a pre‐paid debit card.
Now regulators have a dilemma: on the one hand they do not want to regulate retail stores that issue gift cards if they are genuinely used as such and the amounts involved are not too high. However, to the extent that the gift cards become more like cash—and possibly represent significant value—regulation can become more important, for example in the AML/CTF space.
Regulating products
To conclude this section, it is often difficult to design product‐based regulation. In the example above we have seen that some funds and some gift cards can look very similar to deposit accounts; however, not all funds do, and neither do all gift cards. It would be good to be able to apply the equivalent of duck typing—it walks like a duck, and it quacks like a duck, so it must be a duck—but whilst regulators often try to do so, it is not always possible:
First, the nature of law makes it difficult to write regulation on a functional or product level because there is the tension between making the law unambiguous and predictable, and making it flexible enough to allow for variations around a theme when the market offers products that are similar in nature, but different in important details, in particular also in the legal form.
The question is often where to put the boundary, as can be seen in the gift card example: there is a spectrum of design choices, and on one side of it—say not transferrable, can only be used for very restricted purposes, possibly a time limit—it is almost certainly not electronic money, whilst on the other side of it—say card‐based, and accepted in a wide variety of stores—it almost certainly is, as the difference to a regular pre‐paid card is very small.
Legislating this is hard, especially ex‐ante: it is usually possible to look at existing products and services and then write legislation that sorts them correctly into those where it should apply and where not. However, once the legislation is written, new products can be designed that end up on the wrong side of the boundary, either deliberately—a process often referred as regulatory arbitrage—or by chance, in which case existing legacy regulation can and does impede the development of innovative products and services.
An attempt to solve this dilemma is to go down the route of principles‐based regulation which—as opposed to classic rules‐based regulation—is meant to allow for more regulatory flexibility. In practice this is not a dichotomy but rather two opposite ends of a continuous spectrum, as principle‐based regulations also have some hard rules, just fewer of them, and vice versa. Principles‐based regulation can solve some of the issues, but it comes at a cost: for example, there is less regulatory certainty, and regulators become more powerful so regulatory capture and even corruption can become more of an issue.
Second, apart from the nature of law there is a more mundane issue, that of organising regulation (in this context, see also Figure 2.2 for a graphic presentation of the financial services segment on the products/institutions grid, and Figure 2.3 for an illustration of how regulators are traditionally organised). When regulating a firm, it is both important to understand the nature of the firm as a whole and what is happening at the detailed product level. Therefore the regulatory team has to pull in both product specialists and people who have a high‐level view. This is easy if the organisational structure of the regulator mirrors the organisational structure of the industry it regulates: for example, traditionally there will be a banks team, an asset management team, and an insurance team. Within the banks team there will be specialists for lending, payments, and deposits and they'll work together to get an overall view. However, more recently we have seen both fund‐based checking accounts and dedicated payment institutions, so suddenly the payment specialists also have to work on the fund side, and might even need their own department.
FIGURE 2.2 Company Classification: Product vs Institutions Grid
FIGURE 2.3 Typical Regulatory Alignment
This might not seem overly complicated at first sight, but the issue is that the nature of Fintech means the business models are deconstructed and reconstructed in a different manner at scale, and the emerging companies do not fit any longer into mutually exclusive boxes. Regulating this is a challenge, because the regulatory organisation has to follow what is happening in the markets. To some extent regulators will be able to operate with multidisciplinary teams. However, it is well known that matrix reporting structures (two reporting lines) are difficult to operate, and cube or hypercube reporting structures (three or more lines) are even worse.
Eventually regulators will be able to find a new organisational structure that is both manageable internally and that fits their external environment—we already see the transformation happening, and initiatives like regulatory sandboxes and sharing of best practices are evidence for this. However, this will take time, and the regulatory structure will always lag behind the structure of the market. As long as the market is permanently playing with and transforming business models, the regulators forcibly will remain a few steps behind.
What this means in practice is, for example, that deposit takers will be regulated as banks, money market funds will be regulated as funds, and many gift cards will probably not be regulated at all. There will be some regulatory distortions, and regulators will monitor how important those distortions are. If they become too big—in a business‐volume‐weighted sense—regulators will try to address those distortions. However, this takes time, and in the meantime all those companies are operating and competing under the existing regulations.
2.2.2 Strands of Financial Services Regulation
Financial services regulation is usually organised along the classic industry sectors which are
- banking and payments
- insurance and asset management
- market infrastructure.
Within those sectors, there are a number of lines along which regulation can be split, for example:
- prudential (robustness of institutions and the system) vs conduct (eg fair treatment of customer) vs market structure (eg product innovation and availability)
- by subsector (eg banking, payments; or insurance, mutual funds, pension providers etc; or exchanges, clearing houses).
There are also a number of regulations which cut across all sectors, the most important ones being:
- money laundering
- terrorist finance
- financial crime
- data protection and privacy.
2.2.3 Global Strands of Regulation
The financial system is exceedingly global, and therefore regulation is becoming global as well. One reason is that this makes it easier for companies to expand into other national markets, thereby increasing competition and improving customer choice. Also, globally uniform regulation avoids regulatory arbitrage, so business will be located and regulated where it makes sense from a business point of view rather than where the regulatory barriers are lowest.
Banking
One area where global harmonisation is very advanced is the banking sector, where the Basel Committee for Banking Supervision (BCBS; a committee made of international regulators) defines the so‐called ‘Basel Accords’. We are now into the third revision of those regulations, with the fourth one being work in progress.
Securities, markets and asset management
In other areas there is also some international harmonisation, but it is less strong. For example, in the securities, markets, and asset management space there is the International Organization of Securities Commissions (IOSCO). They provide technical guidance and advice in a number of areas related to the securities space. Some of the advice is more formal, the most important piece in this respect being the 38 Principles of Securities Regulation from 2010, which contains high‐level guidance on regulators and their interaction, auditors, rating agencies, issuers, investment funds, and intermediaries, and which has been endorsed by the G20 and the FSB. They also publish less authoritative staff working papers on topics of interest, for example the 2014 paper on the crowdfunding sector.
Insurance
In the insurance space, there is the International Association of Insurance Supervisors (IAIS). According to their own words, the IAIS is:
the international standard setting body responsible for developing principles, standards and other supporting material for the supervision of the insurance sector and assisting in their implementation. The IAIS also provides a forum for members to share their experiences and understanding of insurance supervision and insurance markets.
They are the author of the Insurance Core Principles document that sets out the 26 core principles of how an insurance company should be run, and that, at almost 400 pages in size, is closer to the Basel framework than the terse 10‐odd pages of the IOSCO 38 Principles document.
2.2.4 Strands of Regulation in the EU
Within the EU there are a number of regulations that apply to all sectors, notably in the areas of data protection and privacy, which is covered by the General Data Protection Regulation (GDPR), which is as of 2016 in its second revision, and in the area of money laundering, terrorist finance, and financial crime, where the Anti Money Laundering Directive (AMLD) is as of 2015 in its fourth revision.
There are also general rules covering all consumer contracts, including financial services contracts, in the 1993 Consumer Contracts Directive.
Banking and payments
On the banking side, there is the EU's implementation of the Basel Accords.
The currently active implementation is loosely referred to as Capital Requirements Directive 4 (CRD4), which consists of the Capital Requirements Regulation (CRR) and the Credit Institutions Directive (CID), both published in 2013. They in turn are based on the 2010/2011 Basel 3 Accord. Basel 4 is work in progress, but whilst there have been some publications at the Basel level there is little visibility regarding if and when this will impact EU legislation.
On the prudential side, another key regulation is the Banking Recovery and Resolution Directive (BRRD) of 2014, which deals with failing banks, and there are a number of conduct regulations on the consumer side, notably the Consumer Credit Directive from 2008 and the Mortgage Credit Directive from 2014. Also, the Deposit Protection Scheme Directive, which is in its second revision as of 2014, is important in this space.
On the payments side, there is the Payments Services Directive (PSD), which as of 2015 is in its second revision. There is also the Electronic Money Directive from 2009 that is covering things like pre‐paid payment cards. There is also the Cross‐Border Payments Regulation from 2009, which deals with the fees for Euro‐denominated cross‐border payments.
Insurance, pension, and fund management
On the insurance prudential side, the equivalent of the banks' Basel/CRD regulations is Solvency 2, ie the second revision of the Solvency Directive, published in 2009. On the pension side there is the Institutions for Occupational Retirement Provision Directive (IORPD) from 2003.
In the asset management space there is the Undertakings for Collective Investment in Transferable Securities Directive (UCITSD), which is in its fifth revision as of 2014 and covers retail‐focused mutual funds. There is also the Alternative Investment Fund Manager Directive (AIFMD), which covers alternative investments like hedge funds, private equity, and venture capital, and there is the Packaged Retail and Insurance‐based Investment Products Regulation (PRIIPR) from 2014.
Markets
The big directive in the markets space, covering market places, intermediaries, advisors, etc. is the Markets in Financial Instruments Directive (MiFID), which as of 2014 is its second revision, and which consists of the MiFIR regulation and the MiFID2 directive. The central entity under this regulation is the investment firm, which, like the banks and insurers, is one of the types of regulated entities with whom most end‐customers are most likely to interact.
There is also the European Market Infrastructure Regulation (EMIR) from 2012, which deals with clearing houses (aka central counterparties aka CCPs) as well as with trade repositories collecting trade data. Finally, there is the Market Abuse Regulation (MAR), which is as of 2014 in its second revision, and which replaces the previous MAD directive, and there is the Rating Agencies Regulation (RAR) from 2009 which deals with rating agencies.