A new EU cybersecurity action plan should be developed which specifically addresses the cyber risks of using APIs (application program interfaces) for financial services data sharing, a committee of MEPs has said.

In a motion for a resolution of the European Parliament, the Committee on Economic and Monetary Affairs (ECON Committee) said a "firm and risk-focused European action plan with regard to cybersecurity" is needed and that the European Commission should give "additional attention", within the area of cyber, to "the evolving 'API economy' and the current legal framework that obliges financial institutions to share crucial data with third parties".

Open APIs are set to play a central role in the future EU payment services market as reforms are introduced next year that require payment service providers, like banks, to open up access to account data to payment initiation service providers and account information aggregators when customers ask them to.

APIs are also envisaged as being pivotal to the success of the UK's open banking initiative. The chairman of the UK's Financial Conduct Authority (FCA), John Griffith-Jones, previously admitted that the open banking plans raise "a security dilemma".

In its report, the ECON Committee called on the European Commission to "present a comprehensive action plan that boosts fintech in Europe". It also said the EU financial services firms require "clear guidelines on outsourcing to the cloud".

Earlier this year, Pinsent Masons, the law firm behind Out-Law.com, and UK banking industry body the BBA identified complex regulatory barriers that can cause frictions and hold back adoption of cloud services in banking. They highlighted the seven hurdles banks have to clear when outsourcing to the cloud.

The ECON Committee also urged the European Commission to look into risks that fintech businesses face from "patent abusers".

"Fintech start-ups find themselves particularly vulnerable to patent abusers, i.e. entities that buy patents with the intention of asserting them against businesses already making use of the technology rights through threats of patent infringement lawsuits," the Committee said. "[The Committee] calls on the Commission to analyse this situation and to suggest measures to counter patent abusers in the fintech area."

The Committee's report also suggested a new "European data sharing strategy" could be established "with the aim of putting consumers in control of their data", and said it should be made "clear" who is liable for harm to consumers when there "errors or bias" result from the use of big data algorithms.

Useful Links

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances,