Fintech on the Move: Payments, AI, and Regulation at DFS 2024

Last Friday, I had the opportunity to attend the Digital Finance Summit in Brussels, an annual fintech conference organized by Fintech Belgium. It was a packed day of networking, reconnecting with old acquaintances, and attending insightful keynotes and thought-provoking debates. Clearly, the Belgian fintech scene remains vibrant, delivering exciting new innovations.

The dominant themes of the conference were the upcoming payment revolutions and the buzz around AI, which sparked significant discussions. Below are some key takeaways:

Payment Revolutions

• Instant Payments: Domestic and cross-border real-time payments are gaining momentum, with over 70 real-time payment networks launched globally in the past decade.

• SEPA Request-to-Pay: This rollout offers exciting opportunities for fintechs, banks, and merchants.

• PSD3/PSR Regulation: This upcoming regulation aims to address shortcomings in the current PSD2 directive.

• A2A (Account-to-Account) Payments: In 2023, A2A payments represented a $30 trillion market globally, surpassing the $25 trillion market for card payments.

• Wero Mobile Payment Solution: The pan-European rollout of Wero is another exciting development to watch.

Artificial Intelligence (AI)

• The financial services sector is potentially the sector which has the most to gain from AI, given its access to vast amounts of structured, high-quality data and the fact AI can support almost every domain of financial business, such as:

• Challenges include the need for high-quality, representative data sets, and simpler, more transparent AI models (“Explainable AI”) that are easier to deploy and consume less energy.

• The pros and cons of the European AI Act were widely discussed.

Belgium holds a favorable position in both key domains:

• Payments: Belgium has a robust ecosystem and is among the leading European countries for Open Banking APIs and A2A payment maturity. However, consumer adoption lags behind, e.g. only 10% of Belgian payments are mobile, compared to 25–30% in the Nordic countries.

• AI: Belgium is home to promising startups and excellent collaborations with universities, driving research and innovation in AI.

A recurring theme throughout the conference was the delicate balance between innovation and regulation. While modern technology unlocks exciting possibilities, processes, change management, and compliance frameworks are equally important. For example, A2A payments — seemingly simple — require multiple checks and flows, including authentication, payment authorization, fraud and AML checks, clearing and settlement, dispute management…​ When defining a new innovation, it is therefore key not only to listen to customers, but also to take into account the full financial ecosystem (and all its links).

Trust is paramount in the financial services sector, and trust stems from security, confidentiality, and transparency. Regulation, though often seen as a constraint, ensures trust and creates opportunities. In fact, many European fintechs have emerged in response to new regulations, such as PSD2, AML directives, and PEPPOL e-invoicing.

For innovation to succeed, a solid framework must support it. This framework could include:

• Trusted Intermediaries: While DeFi aims to eliminate intermediaries, most innovations showcased at the conference still relied on established central parties. Examples include:
  • Isabel’s KUBE platform: A KYB data-sharing solution for financial institutions
  • VISA A2A solution: Positioned as a trusted partner for Open Banking-based A2A payments
  • Euronext: Improving public listings and international stock trading

• Participant Quality: Clear rules (e.g. licenses) to ensure all ecosystem participants meet required standards.

• Data Quality: Rules ensuring data accuracy, methodology consistency, and compliance with regulations like AML.

• Transaction Standards: Harmonized standards for integration, such as Open Banking APIs and SEPA Request-to-Pay.

• Non-Functional Requirements (NFRs): Security, performance, traceability and availability guidelines for all participants.

• Data Sharing: Secure, GDPR-compliant ways to share data, such as privacy-enhancing technologies. E.g. Datavillage presented encryption techniques enabling insight generation without exposing raw data or Aera presented techniques to merchants to identify customers paying at the merchant, even when they pay with X-Pay (where a dynamic card number is used for every transaction).

• Transparency: Rules for data origin, collection methods, storage, and model transparency for insights generation.

• Financial Crime Prevention: Innovations must address potential misuse, such as fraud or money laundering. AI-based detection and collaboration between financial players (e.g., mule account lists) are essential to combat financial crime effectively.

While frameworks can be industry-driven, regulators play a crucial role in standardizing requirements.

• Outcome/Goal-Based Regulation: Encourages innovation but can be vague.

• Rule/Prescriptive-Based Regulation: Provides clarity and guidance but may hinder innovation.

A hybrid approach — combining both regulatory types — was suggested. Regulators' sandbox environments were highlighted as a Win-Win: Fintechs validate compliance while regulators refine directives with real-world insights.

However, regulatory processes often struggle to keep pace with rapid technological advancements. As a result, fintechs face challenges and criminals exploit loopholes. Key regulatory pain points discussed include:

• Lack of tools to pressure Big Tech: There is insufficient tooling to hold Big Tech platforms accountable for preventing Authorized Push Payment (APP) fraud and contributing to consumer protection. Today, 73% of fraud originates on online platforms, with the vast majority occurring on Big Tech services.

• Verification of Payee: Mechanisms like Verification of Payee are being included in upcoming directives such as PSD3 and the Instant Payment Regulation to help combat APP fraud.

• AISPs consent renewal: Account Information Service Providers (AISPs) are currently required to renew user consent with financial service companies every 180 days, creating unnecessary friction.

• Regulation of EMIs: Electronic Money Institutions (EMIs) remain insufficiently regulated compared to banks. A solution could involve either reducing their scope of activities or requiring them to obtain a full banking license.

• API standards and formats: There is a pressing need for common standards and formats for APIs exposed by banks to reduce complexity and ensure smoother integration.

• AI for AML detection: While the current AML directive sets static rules for Anti-Money Laundering (AML) detection, these publicly known rules allow criminals to adapt and circumvent them. Leveraging AI can significantly reduce false positives and false negatives in AML detection. However, since AI-based approaches are not yet defined in the directive, they often lead to challenging discussions with regulators.

• API Non-Functional Requirements (NFRs): APIs exposed by banks must have clearly defined NFRs, such as 24/7 availability, performance benchmarks, and traceability standards.

• Payment fraud responsibility: A clearer framework is needed to determine who bears the cost of payment fraud—whether the responsibility lies with the bank or the customer.

• Pan-European IBAN adoption: While pan-European IBAN usage is encouraged, many small businesses still require local IBANs to get trust of their customers. This poses challenges for financial institutions looking to expand quickly across European markets.

• Data sharing framework: A regulated framework for securely sharing data — such as fraud data — between financial institutions is essential to combat financial crime effectively.

• Fragmentation among regulators: Despite common directives, there remains significant fragmentation in the implementation between national regulators, which creates inconsistencies across countries.

• Regulatory overlap: There is considerable overlap and, at times, contradiction between different regulations, such as PSD2/3, the Instant Payment Regulation, the AML directive, the AI Act, GDPR, FiDA…​ Streamlining these frameworks is crucial.

• PSPs and A2A payments: Payment Service Providers (PSPs) should be able to facilitate Account-to-Account (A2A) payments directly without being required to pass through banks.

• …​

Ultimately, trust is a balancing act between convenience and consumer protection. While seamless experiences build trust, a single failure in security or compliance can shatter it. Although fine-tuning regulations is necessary, speakers agreed that stabilization and consolidation are equally important to help financial services absorb the current regulatory changes.

Overall, the Digital Finance Summit offered much food for thought and showcased Belgium’s strong fintech ecosystem and innovative spirit — a truly valuable experience.