« NSA : Unified Extensible Firmware Interface (UEFI) Secure Boot Customization | Main | FedRAMP認定クラウドサービスオファリング(CSO)が200を超えたようですね! »


欧州議会 暗号資産のリスクに関する報告書を発表、サイバー耐性とプライバシーを重要な関心事として強調



● EU Parliament

・2020.09.17 Digital finance: Emerging risks in crypto-assets – Regulatory and supervisory challenges in the area of financial services, institutions and markets

・[PDF] Digital finance:Emerging risks in crypto-assets – Regulatory and supervisory challenges in the area of financial services, institutions and markets

Table of contents

1. Introduction

2. Description of digital finance services and market organisation
 2.1. Understanding the role of DLT in the crypto-assets market
 2.2. Types of crypto-assets, market organisation and actors
 2.3. Size, importance and prospects for the crypto-asset market

3. Analysis of the main current policy issues in the crypto-assets market
 3.1. Classification of crypto-assets
 3.2. Cyber-resilience
 3.3. Data sharing and related rights

4. Scope and policy context of this assessment
 4.1. Crypto-assets under consideration in this assessment
 4.2. Progress made in the current EU legislative context
 4.3. Importance of cooperation at international level

5. Identification of gaps in the existing EU regulatory and legal framework
 5.1. A framework for crypto-assets
 5.2. Operational cyber-resilience
 5.3. Data strategy

6. Policy options to address the existing gaps
 6.1. Policy options under consideration on a framework for markets in crypto-assets
 6.2. Policy options under consideration on cyber resilience
 6.3. Policy options under consideration on data strategy

7. Comparative economic analysis of the EAV of policy options identified
 7.1. Conceptual framework and scenarios
 7.2. Description of the accounting model and of the main assumptions
 7.3. Economic assessment of the EAV for the European financial sector
7 .4. Complementary qualitative EAV assessment of the impact on benefits and risks of policy option scenarios

8. Conclusion



Executive summary


Digital finance is playing an increasing role in the provision of financial services in the European Union (EU). Rapid progress with digitalisation, data analysis and computing capacities are allowing for a new range of financial services and transactions, contributing to boosting innovation. In particular, the diffusion and the development of crypto-assets enabled by digital financial technology has attracted a lot of attention, as they could offer some potential for economic development and growth if the associated risks are mitigated.


Why should the EU act?

Crypto-assets are diversifying extremely rapidly, in line with the ongoing structural transformation in technology, preferences and usages amongst investors and consumers. Moreover, the international dimension linked to crypto-assets should also be taken into consideration, as cryptoassets are by nature cross-border in their application and infrastructure. These concerns are exacerbated when crypto-assets are not backed by an accountable entity that can be bound by regulation and held responsible for potential breaches of regulation. An important issue when it comes to crypto-assets is therefore also being able to clearly determine exactly what they are and which rules, if any, apply. Some crypto-assets fall under existing EU law, but most of them do not.

This can leave investors and consumers exposed to substantial risk.

Given the complexity and the rapidly evolving nature of crypto-assets, there is a need to constantly assess existing legislation to check if it can be effectively applied to this type of asset or if amendments or guidance are needed. So far, no comprehensive and commonly accepted taxonomy of crypto-assets has been established. As a result, there is still a large number of definitions as to what exactly the term crypto-assets encompasses. Also, various classifications of crypto-assets are sometimes difficult to navigate, which contributes to a high level of fragmentation and complexity between Member States and at international level.

This high level of uncertainty and complexity in a rapidly changing environment presents a series of challenges for the legislator dealing with crypto-asset regulation. As highlighted in this study, three areas are particularly pivotal to the future development of crypto-assets and digital finance in Europe and need specific attention at the current juncture. The first is the definition of a common framework for crypto-assets, the second is cyber-resilience and the third concerns the establishment of a comprehensive data strategy.


Description of key findings

To understand whether and which types of crypto-assets fit into existing regulatory classifications, and to assess if and how these need to be amended, it is crucial to agree on common criteria for the categorisation of each crypto-asset and to establish a European framework for markets in cryptoassets, including stablecoins and cryptocurrencies. Such a framework should ensure legal certainty for innovators and investors, while addressing risks to market integrity, risks of market fragmentation and risks of financial instability. It should also be flexible and open, as it may need to be revisited based on future evolutions. Furthermore, the ongoing digital transformation in the financial sector has prompted an increasing focus on the issues of cyber-resilience and on the need to implement a comprehensive data strategy. In this paper we analyse these issues with a view to identifying possible gaps in EU legislation and to evaluating the European added value (EAV) of policy options to address such gaps.

We estimated the EAV through a sectoral growth accounting model for the financial sector and using various scenarios. The scenario which forms the base for the evaluation of the EAV in the financial sector assumes that further legislative effort at EU level is undertaken so that the policy \ options identified in the previous part are fully implemented. Under this scenario, the European Commission would introduce targeted amendments to existing financial services legislation to further detail their applicability to crypto-assets. For crypto-assets that currently fall outside the regulatory perimeter, the European Commission would propose a series of legislative measures for crypto-assets issuers and service providers and a bespoke legislative measure on stablecoin issuers.

Under this scenario, a series of legislative proposals would strengthen the digital operational resilience of the EU financial sector entities, including their information and communications technology (ICT) security, by streamlining and upgrading existing rules and introducing requirements. Finally, the EU data strategy would be enhanced to allow for consistent, technologyneutral application of existing EU data legislation. Cooperation at international level would be pursued, deepened and reinforced.

The results from our simulations confirm a more dynamic return to economic growth in the European financial sector under this scenario. Potential added value in the sector would increase by €55 billion compared with the baseline scenario. A more prudent scenario indicates a lower bound estimate for the increase of added value of €27 billion. Finally, beyond quantitative results for the financial sector and with a view to broadening the EAVA, a more systemic qualitative EAVA is also performed. In particular, still considering the scenario described above, we evaluate the impact – in terms of potential direct benefits and in terms of risk reduction – which the adoption of a legislative initiative on a framework for crypto-assets, on cyber+resilience and on a data strategy would bring.

The results highlight the broader gains that could be expected from well-designed, comprehensive and well-balanced EU legislative action in these areas.



« NSA : Unified Extensible Firmware Interface (UEFI) Secure Boot Customization | Main | FedRAMP認定クラウドサービスオファリング(CSO)が200を超えたようですね! »


Post a comment

(Not displayed with comment.)

« NSA : Unified Extensible Firmware Interface (UEFI) Secure Boot Customization | Main | FedRAMP認定クラウドサービスオファリング(CSO)が200を超えたようですね! »