Abstract: In 2018, EU financial service providers will face a particularly intense regulatory panorama comprised by three crucial pieces of new legislation: i) the second Markets in Financial Instruments Directive (known as MiFID II), ii) the second Payment Services Directive (PSD2); and, iii) the General Data Protection Regulation (the GDPR). Although there is substantialrationale underpinning the new measures, their simultaneous entry into force is also giving rise to excess bureaucratic burden, which will significantly hamper development of finance in the EU in 2018. In parallel, intense political debate is taking place between the countries that want to see completion of the banking union (with a single deposit insurance scheme and, possibly, a European Monetary Fund) and those that believe that before additional risks are mutualised, these risks should be first substantially reduced. In Spain, the recent effort to reduce non-performing assets has been very noteworthy. Indeed, non-performing loans declined by 91.27 billion euros between December 2013 and September 2017. Moreover, the latest forward-looking stress tests carried out by the Bank of Spain suggest that Spanish banks would prove highly resilient to even the most adverse scenarios.

Introduction
2018 will usher in a particularly hefty load of financial regulations on top of an already regulation-dense year-end 2017 with the application of Basel III. All of the legislation about to come into effect makes sense and has its own rationale, but its length, timing and probable impacts could spark controversy in some respects. The timing question is of particular relevance in a year in which in Europe alone three new major pieces of legislation are due: i) the second Markets in Financial Instruments Directive (known as MiFID II), ii) the second Payment Services Directive (PSD2); and, iii) the EU General Data Protection Regulation (the GDPR). All these pieces of legislation have a cross-cutting impact on customer service in the financial industry, as well as implying a plethora of transformations in the manner in which supply must interact with demand.

2018 should also have been a fundamental year for advancing towards the construction of banking union in Europe in terms of the mutualisation of risk by means of a single deposit insurance scheme and the articulation of a more powerful single resolution mechanism. However, these aspects have been redesigned and while remaining an important milestone, their application has been postponed, in some areas indefinitely. The main reason is that Europe’s main net lenders, spearheaded by Germany, want to see a significant reduction in existing NPLs before sharing risks. It is hardly surprising, as is also shown in this paper, that many eurozone banks have accelerated their plans for selling their toxic assets or that we are witnessing a debate about how to manage non-performing loans in a country such as Italy, currently the focus of the main concerns in this arena. On this point, the live issue in this new year is the broad debate about how these kinds of write-downs should be carried out. There has been talk about creating a pan-European asset management company, a single ‘bad bank’. But this idea has run up against the same reluctance to share risks before reducing exposure. In countries such as Spain, to which we pay particular attention in our analysis, considerable progress has already been made on reducing non-performing loans. In Spain and other markets what could loosely be termed a secondary market for impaired assets definitely remains active.

Some papers and stress tests carried out recently by the Bank of Spain and European Banking Authority also provide important insight into existing risks and their active management. Lastly, this paper also analyses the European Central Bank’s recent proposal regarding how to implement a non-performing loan (NPL) transaction platform.

The perfect regulatory storm
At the top of the European financial and banking agenda is the simultaneous arrival of three new pieces of legislation, destined to exert additional pressure on the already overloaded compliance departments: i) the second Markets in Financial Instruments Directive (known as MiFID II), ii) the second Payment Services Directive (PSD2); and, iii) the EU General Data Protection Regulation (the GDPR). Although each of these pieces of legislation obviously boasts its own field of application, there are also areas of overlap, as shown in Exhibit 1. Consumer protection is particularly prominent as a concern underpinning all three standards but there are other areas of overlap such as the importance ascribed to how customers are pitched or marketed to (in MiFID II and PSD2) or what information can be shared with third parties (the GDPR and PSD2).

In addition to the sheer number of new laws coming into force at once, all of the new regulations are extremely detailed, in some cases providing exhaustive ‘cataloguing’ (particularly the PSD2). This implies a very substantial implementation burden for the financial service providers, with one set of new rules overlapping the next, which is bound to bring operational and compliance-related difficulties.

As for the specific regulations, the new regulatory framework governing markets in financial instruments, based on MiFID II and its implementing regulation (the Markets in Financial Instruments Regulation, or MiFIR), came into effect on January 3rd, 2018. However, the European Commission has given an additional six-months for definitive implementation in each country, so that the new effective implementation deadline is July 3rd, 2018. What it regulates, in general terms, are the authorisation and operating requirements for investment firms, including the freedom of establishment and the freedom to provide services in the EU and also the provision of services by third country firms; the conditions governing the authorisation and operation of regulated markets; position limits and position management controls in commodities derivatives; the codes of conduct and investment protection rules to be upheld by investment firms; data reporting services providers; and, the organisational and conduct requirements for market participants designed with the aim of enhancing investor protection.

With this broad scope of application, the directive attempts to achieve several objectives:

• Ensure the conduct of organised trading on regulated platforms.
• Introduce rules governing algorithmic and high frequency trading.
• Enhance financial market (including derivative market) transparency and oversight, while addressing certain shortcomings in the commodity derivative markets.
• Reinforce investor protection, codes of conduct and conditions for competition in the trading and clearing of financial instruments.

Regulation EU 600/2014 (MiFIR) primarily addresses pre- and post-trade transparency in respect of the competent authorities and investors, the requirements and obligations of data service providers and the introduction of the obligation to trade derivatives on trading venues, as well as certain supervisory initiatives.

Customer data processing is a particular concern of the MiFIR. It regulates the public disclosure of data pertaining to trading activities and the reporting of transaction data to regulators and supervisors. MiFIR also attempts to give some private markets more ‘official’ status. For example, it stipulates that derivatives be traded in organised systems. It also promotes the elimination of obstacles between trading systems and clearing service providers in order to ensure greater competition.

Although it is highly probable that MiFID II and the MiFIR will attain most of their defined targets, it is unlikely to be without difficulty, simply on account of pure regulatory proliferation and overlap. Potential difficulties are anticipated in at least four areas:

• The first and most obvious one is the profuse ‘cataloguing’ of services. An attempt to harness the entire marketing and advisory supply side in a sort of manual that runs hundreds of paragraphs long.
• The new MiFID attempts to break down every step of the distribution and advisory process in order to set an exact price for every service. One of the most talked about aspects is the research area. Most investment firms have opted to assume the costs of their research internally but this has in turn reduced the publication of proprietary research free of charge for interested investors. There are also substantial discrepancies in analyst remuneration, with much higher salaries for those who also perform advisory work.
• There is a good deal of confusion regarding the entry points that determine in which country a sale materialises. It is conceivable that very similar international transactions could be priced very differently by simply changing the geographic location of one of the links in the service chain. This creates the risk of regulatory arbitrage.
• Automation is part and parcel of MiFID II and will be very positive insofar as it triggers the digitalisation of processes, particularly in the compliance area; but this will also generate large volumes of often overlapping information that will be hard for investors and supervisors to digest.

As for the PSD2, its numerous provisions include new and very strict security protocols for the initiation of electronic payments and regarding the protection of consumers and their personal data. This directive also attempts to foster and provide legal coverage for the activities that consumers or small businesses may undertake in the digitalisation sphere. In general, this directive has implied and will continue to imply numerous initiatives in terms of consumer protection in areas such as ultimate liability for unauthorised payments and their refund and the ban on levying surcharges for certain transactions.

It is important to highlight that the PSD2 even attempts to provide a new list of payment service providers. Alongside the credit institutions, there are two other categories worthy of mention: (i) the ‘electronic money institutions’, those that attempt to provide an intangible payment service; and, (ii) ‘payment institutions’, the legal entities that will be authorised to initiate and execute payments throughout the entire European Union. While a given institution (e.g., a bank), albeit recognised as a credit institution, will be able to develop the functions of a payment institution, the idea is to open up the market to a potentially large number of bank and non-bank providers.

Another essential component of the PSD2 is the introduction of an authorisation regime by means of the so-called ‘single license’ for all payment service providers that do not take deposits or issue electronic money. This provision is an attempt to ensure a sufficiently level playing field for former and new providers, while guaranteeing that the latter are subject to regulatory control. Regardless, digitalisation is bound to introduce very significant complexity into the payments market as well as protracted periods of transition, consultation and probably competitive disputes. In fact, the PSD2 places the bulk of responsibility for payment institution oversight and control on the European Central Bank and the European Banking Authority. The latter body, among other duties, will have to keep an updated register of suppliers and make that register publicly available [1].

Albeit less profuse than MiFID II or PSD2, the EU’s General Data Protection Regulation also poses important challenges for financial service providers. It takes effect on May 25th, 2018. It will affect all entities that offer user products or services in the EU member states. What’s new is the fact that it will affect all entities that process the data of European citizens regardless of whether they do so within European borders. This attempt at thwarting regulatory arbitrage is particularly relevant to many suppliers within the world of FinTech. The new regulations also introduce new tools for helping consumers to manage their digital footprints, such as the ability to exercise their ‘right to be forgotten’. Customers will be entitled to have their data removed when they are no longer needed for the purpose for which they were collected. It also allows for the unhindered ‘portability’ of data to another allocated manager/firm.

One of the ways in which this new standard will be frequently tangible is in the requests for data use consent, as blanket consents will be hard to give and specific consents required. This should enhance consumer protection but will also increase the red tape and bureaucracy involved in every transaction.

Slow progress on banking union and economic policy
Along with the new regulations outlined above, the major challenge looming in 2018 remains that of making progress on the construction of full banking union. The key advances were discussed at the European Summit of December 14th and 15th, 2017. Although other important issues, such as the new guidelines for the Brexit negotiations, were addressed at this meeting, certain aspects of the future of banking union also came up. The economic policy shaping this process is now focused on four areas:

• There is broad consensus regarding the need for a European deposit insurance scheme but not on how to implement it. Since the crisis, the rules governing the management of non-performing loans have been tightened and the banks’ liquidity and capital requirements reinforced.
  
  However, some states, such as Germany and the Netherlands want to see substantial progress on the reduction of exposure to non-performing loans, especially in Italy. There is also consensus regarding the need for a more powerful Single Resolution Fund but here again the same countries want to see a reduction in non-performing loans before sharing future commitments or risks.
• One of the practical aspects that could give banking union a boost in Europe is the conversion of the stability mechanisms into a full-blown European Monetary Fund. However, how this fund would be funded from the European budget, without upfront liability on the part of each member state in the event of potential bailouts, has yet to be worked out.
• There are other requests from the net lender states which are running up against opposition from the net borrowers. These include Germany’s request to create a sovereign debt restructuring mechanism. The idea would be that in the event of national bond crises, the debt would have to be restructured before initiating bank bailouts or allowing the debt to spiral unchecked. However, those that oppose this idea believe it would impinge upon each member state’s ability to correct its own imbalances.

The EU has yet to update its working papers on the construction of the banking union published in 2015 but has explicitly acknowledged that the goal of setting up a single deposit insurance scheme by 2024 has been put on hold until there is consensus regarding how and when to mutualise the risk.

Evidence of prevailing pressure to reduce exposure: European practices and proposals
We are seeing practices and supervisory proposals that evidence this political and strategic pressure to reduce banks’ exposure to non-performing loans before risks can be fully mutualised in Europe.

On November 11^th, 2017, the European Banking Authority published the results of two assessments. Both analyse the consistency of risk weighted assets (RWAs) across all EU institutions authorised to use internal approaches for the calculation of capital requirements. One of the reports focused mainly on credit risk and the other on sovereign and market risk. They concluded that although there is risk weights variability, this is “explained by fundamentals.”

In particular, in terms of credit risk, 61% of the variability observed in the treatment of risk-weighted assets is due to fundamentals such as the proportion of defaulted exposures in the portfolio; the country of the counterparty; and the portfolio mix. The rest of the variability is explained by “differences in riskiness” and by “supervisory practices”. It is perhaps on this latter aspect that further work is required in order to ensure progress towards the uniform treatment of bank exposures across the eurozone.

As for market risk, the general conclusion is that there is a degree of consistency and homogeneity in the treatment of interest-rate risk but “significant dispersion” in the estimation of more sophisticated internal measures, such as the ‘incremental risk charge’ (IRC) used in the models for measuring trading portfolios and in ‘all price risk’ (APR) models.

At any rate, given that the pressure to reduce risk exposure stems mainly from the core of ‘creditor’ nations, the element of uncertainty emphasised the most in these assessments is credit risk, to which the countries in Southern Europe, particularly Italy, are the most exposed. This is observed, by way of anecdotal evidence, in the synopsis of what the ECB dubs the “secondary market for NPLs” in the EU. Table 1 provides a compilation of the major transactions undertaken in these markets using calculations made by the ECB based on data sourced from Deloitte, by line of business, in a selection of member states. Some 67 such transactions took place in these countries between 2015 and 2017, with Italy standing out with 32 transactions. Italy was followed by Spain (18), Ireland and the Netherlands (13) and Germany (11). It is worth nothing that in Italy the risk exposures underpinning these transactions came from a broad spectrum of business segments. In Germany and Ireland, they stemmed mainly from exposure to commercial real estate. In Spain, most of the transactions corresponded to the restructuring of real estate developments.

In all likelihood, aimed at the countries that still have the most work to do in terms of reducing their exposure to non-performing debt, the ECB included a special feature on how to structure these NPL transactions in its Financial Stability Review of November 2017. Exhibit 2 shows the working concept of what the ECB has coined a potential “NPL transaction platform”.

The concept could be considered the seed of what could be a single asset management platform, or ‘bad bank’. To read Exhibit 2, one must go from left to right. Initially, the banks interested in selling non-performing assets gather the information and documentation that then has to pass through independent standardisation and validation filters, the idea being to transform the documentation into quality-assured information that upholds market standards. These assets and the related data would then pass to a trading platform that would manage them by offering them for sale along with similar assets to potential investors. The advantage lies in the fact that the platform would offer assurance with respect to the valuation practices and standards used, guaranteeing standard terms of sale for the various impaired assets traded on it.

Evidence of prevailing pressure to reduce exposure: The case of Spain
In Spain, the pressure to reduce exposure remains, despite the fact that the NPL reduction effort has already been considerable. As shown in Exhibit 3A, the overall volume of non-performing loans has fallen significantly since December 2013; specifically, by 91.27 billion euros by September 2017. NPL exposure also came down previously, in September 2012, in what could be viewed as a one-off recalibration of the series, as this was when a significant volume of non-performing assets were sold to Spain’s so-called bad bank, the SAREB.

Exhibit 3B shows the year-on-year rate of change in the Spanish banks’ NPL exposures. The greatest increases were observed during the second half of 2008, when the rates were triple and even quadruple the pre-crisis rates. However, since December 2014, the total volume of non-performing loans has been continuously decreasing at double-digit rates.

There are prevailing practices and regulatory developments that bode for continued acceleration of this risk reduction effort. One such development is Bank of Spain Circular 4/2017 on credit institutions and their public and confidential financial reporting rules and templates. The goal of this Circular is to adapt the Spanish banks’ accounting regime for incoming changes to European accounting standards deriving from the adoption of two new International Financial Reporting Standards, IFRS 15 and IFRS 9, which, from January 1^st, 2018, introduce new criteria for accounting for revenue and financial instruments, respectively, the second standard being of particular relevance for the banks.

It is worth noting that the Circular continues to offer alternative solutions to the development of internal calculation methods by the banks for the purpose of estimating their collective loan-loss provisions with a dual purpose: i) to facilitate the application of the new expected loss model, which is more complex than the outgoing incurred loss model; and, ii) to facilitate the comparison of the estimates made by the banks themselves with the results that would be obtained by applying those alternative solutions. These solutions have been updated to include the Bank of Spain’s most recent information and experience and to factor in the new expected loss model.

Another of the exercises undertaken that suggests that the risk reduction effort has not only increased but is effective are the stress tests performed by the Bank of Spain under the scope of its Forward-Looking Exercise on Spanish Banks (FLESB) Framework. The Bank of Spain’s Financial Stability Report of November 2017 presented the main results to date. Note that this constitutes an effort by the Bank of Spain to increase transparency and is an exercise it has been undertaking since 2013. The tests contemplate a baseline case in which the Spanish economy registers growth in 2018 and 2019 and an adverse scenario in which GDP contracts by 1.9% and 3% in those years, respectively.

The stress tests first contemplate the banks with significant international operations (Exhibit 4A). In the baseline scenario, these entities’ CET1 ratio increases from 10.8% in 2016 to 12.9% in 2019. In the adverse scenario, the CET1 drops by one percentage point.

The impact of these scenarios on the other entities under the direct supervision of the Single Supervisory Mechanism (SSM) is illustrated in Exhibit 4B. In the baseline scenario, the CET1 ratio increases by 0.8 percentage points between 2016 and 2019, while in the adverse scenario, it declines by 4 percentage points over the same time horizon to 7.3%.

Lastly, the analysis looks at the group of so-called ‘less significant institutions’ (in terms of systemic risk) (Exhibit 4C). In the baseline scenario, the CET1 ratio remains virtually flat, increasing a scant 0.1% to 16.9% by 2019. As noted by the Bank of Spain, “the adverse scenario does lead to a larger volume of losses (9% of RWAs), exceeding the volume of resources capable of absorbing them”. Although this would result in the depletion of reserves, the capital ratio would remain well above the regulatory minimum at the end of the test time horizon.

Conclusions: Greater regulatory burden and demonstrated resilience
The analysis undertaken in this paper suggests that 2018 starts off under the shadow of a dense regulatory agenda for financial service providers. The looming regulations are set to have a cross-cutting impact on several core aspects of their business activities, above all, how they interact with their customers, how they mind their data and the rules for marketing a large number of products. This pressure stems primarily but not exclusively from the entry into effect of the second Markets in Financial Instruments Directive (MiFID II), the second Payment Services Directive (PSD2) and the EU General Data Protection Regulation (the GDPR). As analysed throughout this paper, although the reasons for these regulations and some of their implementing initiatives respond to logical criteria, their abundance, overly zealous ‘cataloguing’ of procedures and overlap in time pose real challenges for the development of finance in the EU in 2018.

From the European perspective, we are seeing intense political debate between the countries that want to see completion of the banking union (with a single deposit insurance scheme and, possibly, a European Monetary Fund) and those that believe that before additional risks are mutualised these risks should be first reduced substantially.

There is evidence that bank assets are still not being treated on a harmonised basis across Europe, marked by different capital requirements in respect of risk-weighted assets that are not always attributable to business or market fundamentals.

Specifically in Spain, the recent effort to reduce exposure has been very considerable and the latest forward-looking stress tests carried out by the Bank of Spain suggest that the Spanish banks would prove very resilient to even the most adverse scenarios.

Notes