
- Home
- News & Publications
- Public statements
- Speech by Marie-Anne Barbat-Layani, AMF Chair – ACPR-AMF Fintech Forum, Monday, 14 October 2024
Speech by Marie-Anne Barbat-Layani, AMF Chair – ACPR-AMF Fintech Forum, Monday, 14 October 2024
Check against delivery
Governor,
Members of the Board,
Ladies and Gentlemen,
I am particularly pleased to see you here again at this 5th edition of the Fintech Forum, jointly hosted by the AMF and the ACPR. This is now a well-established event. Its aim is to bring innovation and regulation together, and to seek the ever-complex balance between protection and innovation.
I would particularly like to thank François Villeroy de Galhau, Governor of the Banque de France and Chair of the ACPR, for once again welcoming us to this wonderful room, which is so conducive to discussion.
The ACPR-AMF Fintech Forum is set to be a highlight of the French financial innovation ecosystem.
It falls within French Fintech Week, which aims to promote the dynamism of the fintech ecosystem, and naturally this is an initiative that we support.
As you know, for several years now, both the AMF and the ACPR have been committed to supporting innovation in the financial sector.
Innovation is one of the six key priorities set out in our IMPACT 2027 strategic orientations.
We have compellingly reaffirmed our position as a regulator that is open to and in favour of innovation. This is part of the AMF's DNA.
This openness is reflected in our commitment to welcoming the promotors of innovative projects. In fact, that is the role of our dedicated Digital Finance and Innovation team, which is there to listen to all project promoters, and with whom many of you will be familiar. Since the last Fintech Forum, the AMF has met with more than 70 project owners.
This active dialogue is essential to ensure that innovation is compatible with investor protection and the proper functioning of the markets.
At this critical juncture, this dialogue is all the more important.
A number of major regulatory regimes that will impact the innovation ecosystem, including MiCA and DORA, will soon come into force, and we are preparing for them.
In addition, the recent changeover at the European Parliament is our signal to get to work on the next European priorities in terms of digital finance.
The AMF must therefore not only ensure that legislation is properly applied and support financial market participants, but also anticipate new challenges, particularly in a constantly changing digital environment, with artificial intelligence for example, and pull its weight to ensure that support for innovation is one of the key objectives of the new European term of office.
One of the major challenges will be to successfully combine innovation and security, so that financial market participants can adopt these new technologies while understanding and having full control over their associated vulnerabilities.
The key reforms that we must collectively implement from 2025 onward
The previous European term of office saw the adoption of several fundamental texts providing a framework for digital finance. These include the regulation on crypto-assets (MiCA), the Pilot Regime for market infrastructures operating on blockchain and the DORA (Digital Operational Resilience Act) Regulation, as well as the regulation on crowdfunding. All these texts require an extremely high level of cooperation.
These are major reforms, some of which have already come into effect or will apply from the beginning of 2025.
The AMF has been actively involved in preparing for the implementation of these texts for several years now.
We work to ensure that financial market participants fully understand and get to grips with these new obligations, and accompanies them in their journey to comply with these rules.
We can begin by discussing blockchain and crypto-assets with a review of the PACTE regime and MiCA prospectuses.
The PACTE Law introduced a legislative framework for crypto-assets in France from 2019, constituting an important first step towards their supervision. This has enabled the AMF to build up its expertise in this new area.
The outcome has yielded mixed results: many providers have been registered, several are in the process of obtaining ‘enhanced registration’ or authorisation, but only one has actually been authorised, and only a few ICOs have joined the optional regime provided for under the law.
Cryptos are a real hit with investors, as shown by a recent OECD study carried out for the AMF. Today, there are more French people who own crypto-assets than those that directly hold listed shares (9% and 7% respectively). Furthermore, 54% of ‘new investors’ hold cryptos. This is, therefore, a major phenomenon. At the same time, the crypto world has been rocked by numerous scandals, and at a point when the economy's financing needs are considerable, as Mario Draghi's recent report reminds us, crypto yet has to demonstrate what its social utility and its contribution to financing the economy will be.
The MiCA Regulation, which will enter into application at the end of 2024 for crypto-asset service providers, creates a demanding regulatory framework common to the entire European Union.
It will establish stricter rules for crypto-asset service providers, ensuring greater attention is given to investor protection, while limiting the risks that have been highlighted in the sector in recent years.
It will also pave the way for cross-border activity through the passport.
The AMF has been accepting MiCA applications since the summer, and market participants will have to start thinking in terms of this European framework.
To help them make the transition from PACTE to MiCA, in July we organised a webinar and published educational content on our website. A workshop dedicated to this subject is also planned for this afternoon.
I would also like to remind you of the key role now played by ESMA, the European financial markets regulator, both in finalising the implementing legislation and in ensuring the convergence of authorisation and supervision practices in Europe. The AMF is heavily involved in this work and we will continue to take part in the European debate to ensure that France’s voice is heard.
We find it more logical, and ESMA has said as much in its report on the Capital Markets Union, published on 22 May 2024, that the major global and cross-border crypto platforms should be subject to direct European supervision. This would save time and increase efficiency.
The AMF is also closely monitoring developments in terms of the tokenisation of financial assets, which could radically transform markets by enabling the digitalisation of financial securities.
This development, which has great potential, has yet to materialise in large-scale projects. The Pilot Regime, which entered into application in March 2023, has not yet led to the development of projects at European level. A number of obstacles have been identified. We must continue to support the market and proposals to develop this regime. However, it will be those initiatives from private actors that will make the promise of blockchain technology a reality.
The second major law that will come into force in 2025: DORA on cybersecurity. This is a key issue for the financial sector, as the Governor mentioned in his speech, so I will be brief.
Cyber security is a key strategic issue for financial market participants, for blockchain/crypto-asset activities and, more broadly, for the entire digital economy and beyond.
The cyber threat is not receding, and is considered a major risk by all regulatory bodies, including the AMF, in its latest 2024 Markets and Risks Outlook.
Cyber attacks are on the rise, targeting both major financial groups and fintechs, with potentially devastating repercussions for investors and even market stability.
The DORA Regulation, which will apply from January 2025, imposes cyber resilience obligations on financial market participants and critical third-party service providers.
Financial institutions need to have robust systems in place to protect themselves from cyber threats, and ensure service continuity in the event of a crisis.
Like the ACPR, the AMF stresses the importance of market participants actively preparing for these new requirements.
The AMF has carried out three consecutive SPOT inspections – which are non repressive inspections – of the cybersecurity systems of asset management companies. While improvements have been noted, these have consistently revealed poor practice and shortcomings that continue to give cause for concern. If such deficiencies persist, we will be forced to initiate more repressive inspection procedures.
We are aware that this requires a major effort on the part of market participants, particularly for smaller structures, however the risks are high and thus the efforts made are justified to ensure the protection of their clients, confidence and the long-term future of their activities.
European perspectives on digital finance
We also need to look to the future, and the new European term of office will have to respond to a number of structural challenges.
With regard to crypto-assets, while MiCA represents a significant step forward, a review of this text (‘MiCA II’) should be envisaged to provide for direct supervision at the European level of global and cross-border platforms, to clarify, where necessary, the cybersecurity obligations of market participants and to take into account the rapid developments in crypto-asset markets, particularly concerning decentralised platforms.
In this respect, I welcome the work of the group created under the aegis of the ACPR-AMF Fintech Forum on the certification of smart contracts: bringing together players from the crypto-asset sector, traditional finance, auditors and public authorities.
This technical work will contribute to the European debate on the possibility of a regime for Decentralised Finance. This working group will be publishing a report in the coming months.
In addition, the work of the Legal High Committee for Financial Markets of Paris (HCJP) has clarified the adaptation of the MiCA Regulation into French law.
Furthermore, as I briefly mentioned, there is also an urgent need to consider the supervision of crypto-asset platforms, particularly those offering a wide range of services and operating on a cross-border basis.
At a time when the idea of a Savings and Investment Union is once more being revived as a major objective for Europe, many stakeholders, including ourselves, are advocating for direct European supervision of major crypto-asset market players. This should be one of the objectives of MiCA II.
Moreover, in this sector, the cyber risk will be especially high. Regular external audits of crypto firms' information systems by certified service providers are essential to ensure compliance with cyber security standards and their ability to withstand large-scale attacks. This audit is already required in France under enhanced registration. For us, this represents a major factor in security and client protection, and we hope that European institutions will assume reasonability in this area, where it would be unconceivable and counter-productive to lower our guard.
In short, what are we talking about? We are talking about potential crypto theft, identity theft, people having their bank accounts siphoned off because the data attached to their wallets is poorly protected, and so on. The occurrence of such events is already skyrocketing.
It would be extremely damaging to reduce the level of requirements, and problematic if short-term considerations were to prevail in Europe, causing us to turn back the clocks, especially in the field of cyber security. This is a key point of the technical standards that the European Commission will publish in the very near future.
I repeat this important point, as I do not think that diligence in terms of cybersecurity, and protecting investors' funds and data constitute an obstacle to innovation. Quite the contrary.
It would also be a matter of urgency to include this requirement in a much-needed ‘MiCA II’, should this prove necessary in light of current legislation.
Finally, I would like to conclude on two major areas of innovation: artificial intelligence and open finance. Artificial intelligence (AI) is poised to revolutionise many aspects of the financial sector, from asset management and trading, to client and investor service. It is still too early to say whether this constitutes a breakthrough in terms of innovation, or is merely an acceleration of existing trends. Regardless, of the undeniable opportunities that AI provides, we also need to anticipate its impacts.
In terms of investor protection, the AMF has worked with ESMA to reiterate the rules in force and emphasise that AI must be used in a way that is fully transparent for clients, without abandoning any investor protection rules.
The obligation to act in the best interests of clients must therefore remain central and be integrated into the AI systems used by financial market participants.
Financial institutions and fintechs must put in place appropriate measures to monitor the use of AI. This reminder also applies to third-party AI technologies, whether planned or already adopted by the firm.
Investor protection is essential: AI is an opportunity, but like all other tools used by market participants, it requires compliance with the fundamental principles of regulation in terms of protection and the implementation of vigilant measures. This work will increase in scale over the coming months, particularly in view of the implementation of the European AI Act, which will strengthen user protection.
Since mid-2023, the AMF has also been leading international discussions on AI uses applied to financial markets, via the International Organization of Securities Commissions, aimed at identifying potential risks to financial stability that could arise from the development of AI.
All international regulatory bodies are working on this topic. We will be paying a lot of attention to this and will continue to work in this direction.
However, AI is also of interest to us, the authorities. I have talked a bit about this before. AI has already been deployed at the AMF as part of our market supervision programme. The AMF intends to take advantage of the new opportunities offered by AI by developing new tools to strengthen our operational performance and our supervisory activities.
Regarding open finance, one of our main concerns is to ensure that consumers fully understand what they are giving consent to when they give permission to access their financial data. Robust mechanisms must be in place to ensure the confidentiality and security of highly sensitive data, as well as its correct use, which must be limited to financial offers.
The risk of cyber attacks is increasing exponentially as more and more market participants gain access to clients' financial information, reinforcing the need for strict governance of how this data is shared and used, and for stringent cyber-security requirements. I repeat, I do not think that diligence in terms of cybersecurity, and protecting investors' funds and data constitute an obstacle to innovation. Quite the contrary.
Open Finance also raises major competition issues, particularly in relation to the major American technology players (Big Tech), who already have massive access to the data of the users of their platforms.
We are keeping close attention to ensure that the European Commission's regulatory proposal – the FiDA (Financial Data Access) Regulation – respects these principles. This regulatory framework will need to be sufficiently flexible to encourage innovation, while at the same time being very strict where consumer protection, data security and Europe's strategic autonomy are at stake.
2024 is therefore a crucial year for digital finance, during which innovation, regulation and security will come together to shape the future of the sector.
The AMF plays a central role in supporting market participants while maintaining strict regulation.
In this rapidly changing context, we are also calling for greater cooperation between European and international regulators to ensure that innovation develops in a responsible and secure manner.
I would also like to emphasise the vital role of innovation players of the fintech ecosystem in developing responsible innovation.
I further call on all market participants to put in place robust compliance systems to anticipate future regulatory requirements. Last, but not least, we must remember that investor confidence is the key to any long-term development, and that investors must remain at the forefront of the concerns of all market participants.
I wish you all a day of constructive discussions.
Thank you for your attention.
On the same topic



Head of publications: The Executive Director of AMF Communication Directorate. Contact: Communication Directorate – Autorité des marches financiers 17 place de la Bourse – 75082 Paris cedex 02