Financial Services

European Commission publishes report on the Modernisation Directive for Consumer Protection Rules

Written by

Dr. Michael Huertas

RegCORE – Client Alert | Capital Markets Union

QuickTake

As in the EU’s 2019-2024 legislative cycle consumer protection in financial services is likely to remain so for the incoming European Commission (EC) policymakers for the current term which is set to conclude in 2029. The overall aims of the EC on its consumer protection priority are two-fold – (i) strengthen rules generally (and specifically when applicable to financial services) while ensuring they are (designed as) fit for purpose and (ii) harmonise national transposition of EU-level rules largely set out in Directives and/or those rules that remain set at national law. As part of the EU’s “New Deal for Consumers Initiative” the EC spearheaded the introduction of Directive (EU) 2019/2161, commonly referred to as the “Modernisation Directive” (the MD). The MD sought to enhance consumer protection and promote fairness and transparency for consumers in the Single Market. It did so by overhauling existing EU and national legislation on consumer protection. While the MD was not aimed specifically at financial services firms nor the sector, the requirements have far-reaching compliance obligations for how financial services firms engage with retail clients that are “consumers”.

On 18 June 2024 (9 days after the conclusion of the European Parliament elections), the EC published a Report on the implementation of the MD (the Report).Available here.] The Report’s findings are comprehensive. So too are its recommended areas for improvement. Accordingly, the Report serves to signal future policymaking options for the EU’s co-legislators in closing gaps and reflecting further developments in the digital environment that market participants engage with and experience when acting in or through the EU’s Single Market.

This Client Alert provides (i) a brief recap of the aims of the MD, (ii) the key takeaways from the Report and (iii) concludes with an outlook for existing or new market entrants into the EU’s Single Market for financial services. This Client Alert should be read in conjunction with further analysis on consumer as well as investor protection rules as made available on our EU RegCORE Thought Leadership site.Materials as made available from time to time on the following site.]

A recap of the MD’s main aims

The primary objectives of the MD was to adapt existing consumer protection rules to the digital age, to ensure better enforcement of consumer rights and to facilitate coordination between national authorities in the face of cross-border violations. The MD addresses issues such as transparency in online marketplaces, consumer rights in relation to "free" digital services and penalties for violations of consumer protection laws. In order to deliver against these objectives, the MD made targeted amendments to the EU’s existing pillars of consumer protection rules. Those pillars, which apply beyond “just” financial services and are in force across the EU, include the:

  1. Consumer Rights Directive (2011/83/EU) (the CRD);
  2. Unfair Commercial Practices Directive (2005/29/EC) (the UCPD); 
  3. Price Indication Directive (98/6/EC) (the PID); and 
  4. Unfair Contract Terms Directive (93/13/EEC) (the UCTD). 

The MD had to be transposed into national law by 28 November 2021 and become applicable in Member States from 28 May 2022. Not all Member States were timely in their efforts and thus fragmentation still persists.

While the MD was not specifically tailored to financial services (nor dealings with consumer users) in mind, provisions have implications for the sector, particularly in the digital context. Financial services providers that engage with consumers through online platforms or digital services must be cognisant of the MD’s requirements and thus the targeted changes to the key pillars above. Specifically for financial services providers, this includes the MD’s introduction of more prescriptive rules that apply to: 

  • Online Marketplaces: Financial service providers operating online marketplaces or comparison tools must ensure transparency regarding the main parameters determining the ranking of offers presented to consumers, as well as the relative importance of those parameters. This is crucial for financial products where consumers often rely on such platforms to make informed decisions.
  • Consumer Reviews: The MD requires that firms provide information on whether and how they ensure that the consumer reviews they publish are genuine. This is particularly relevant for financial services, where consumer trust and credibility are paramount. Similar restrictions apply to presenting paid advertisements or placements in search results without making them clearly identifiable – see EU RegCORE coverage on “Finfluencers”.
  • “Free” Digital Services: The MD extends consumer protection rules to digital services for which consumers provide personal data instead of paying with money, such as certain financial apps or platforms. Providers of such services must clearly inform consumers about the main contractual terms and the right to withdraw from the contract.
  • Transparency of personalised pricing: obligation in the CRD to alert consumers when presenting them with a price personalised on the basis of automated processing. This means that financial services firms that use algorithms or other techniques to adjust the price of their products or services according to the consumer’s profile or behaviour have to inform the consumer of this fact before the conclusion of the contract. The General Data Protection Regulation (GDPR) also applies to the underlying collection and processing of personal data for this purpose.
  • Transparency of price reductions: amendment to the PID requiring sellers announcing a price reduction to also indicate their lowest price in the past 30 days. This means that (certain) financial services firms for certain financial products/services that offer price reductions for their products or services have to comply with this rule, unless they fall under the exception for services whose price is dependent on fluctuations in financial markets. The UCPD also remains applicable for assessing other aspects of price reductions that are not expressly regulated in the PID, such as the duration of the price reduction and the use of other reference prices.

Financial services firms generally have (had) to review and potentially revise their online presence, contractual terms, advertising practices and data handling processes. They must also ensure that staff are trained on the MD’s changes to existing requirements and that internal compliance mechanisms are robust.

One of the main amendments introduced by the MD is the strengthening of the rules on penalties for infringements of the four directives. The MD requires Member States to provide for effective, proportionate and dissuasive penalties and to take into account certain non-exhaustive and indicative criteria for the imposition of penalties, such as the nature, gravity, duration and recurrence of the infringement, the benefits obtained by the firm, the damage caused to consumers and the firm’s cooperation with the authorities. The MD also requires Member States to provide for a minimum fine of up to 4% of the firm’s annual turnover or, alternatively, EUR 2 million, in respect of infringements subject to cross-border coordinated actions under the Consumer Protection Cooperation (CPC) Regulation.

The new rules on penalties apply to financial services that fall within the scope of the UCTD, the PID, the UCPD and the CRD and that are subject to the CPC Regulation. However, the MD also provides for some regulatory choices for Member States to derogate from or the ability to supplement the general rules on penalties, depending on the type and severity of the infringement, the nature of the contractual term or commercial practice and the specific characteristics of the financial service or product. For example, Member States may decide not to apply penalties for the use of unfair contractual terms or unfair commercial practices that are not expressly defined as unfair in all circumstances in national law, or to apply higher maximum fines for all infringements than those required by the MD for cross-border cases. Therefore, the level and uniformity of penalties for financial services may vary across Member States, depending on the national transposition and implementation of the MD. Such national options and discretions create fragmentation and complexity in particular in online cross-border services as well as choice but also application of mandatory laws such as consumer protection measures.

Another important amendment introduced by the MD is the provision of consumer remedies in cases of unfair commercial practices under the UCPD. The MD requires Member States to ensure that consumers have the right to seek compensation for damage, price reduction or termination of the contract when they are victims of unfair practices, such as misleading or aggressive marketing or selling. The MD also requires Member States to ensure that consumers have the right to challenge the validity of a contract or a contractual term that results from an unfair practice and to seek the application of any other remedy available under national law. However, the MD leaves it to Member States to determine the conditions for the application and effects of the remedies, such as the burden of proof, the calculation of damages, the limitation periods and the interaction with other legal bases for remedies, such as contractual or tort law.

The MD’s rules on remedies apply to financial services that fall within the scope of the UCPD and that are subject to unfair commercial practices. However, the MD does not affect the existing rules on remedies under the sector-specific directives that regulate certain types of financial services, such as payment services, mortgage credit, consumer credit and insurance distribution. These Directives provide for specific remedies for consumers in case of non-compliance by the financial service providers with their obligations, such as the right to withdraw from the contract, the right to redress, the right to compensation and the right to complain.

A further amendment introduced by the MD is the introduction of new transparency requirements for online platforms and marketplaces under the UCPD and the CRD. The MD requires online platforms and marketplaces to inform consumers about the main parameters determining the ranking of the offers presented to them and whether the ranking is influenced by any direct or indirect remuneration paid by the traders. The MD also requires online platforms and marketplaces to inform consumers about the identity and status of the person offering the products or services and whether the consumer protection rules apply to the transaction. Moreover, the MD requires online platforms and marketplaces to inform consumers about the existence and functionality of any online dispute resolution mechanisms available to them.

The MD’s transparency requirements apply to financial services that are offered or intermediated by online platforms and marketplaces and that fall within the scope of the UCPD and the CRD. However, the MD does not affect the existing transparency requirements under the sector-specific directives that regulate certain types of financial services, such as payment services, mortgage credit, consumer credit and insurance distribution. These directives provide for specific information obligations for financial service providers and intermediaries, such as the disclosure of the main features and costs of the financial service or product, the pre-contractual and contractual information and the standardised formats and terminology. Therefore, the application and interpretation of the transparency requirements under the UCPD and the CRD to financial services requires a careful analysis of the consistency and coherence of the different information obligations, as well as the role and powers of the relevant authorities and stakeholders at the EU and national level.

In addition to the above-mentioned amendments, the MD also introduced some other amendments that may have an impact on the provision of financial services to consumers in the EU, such as the rules on price reduction announcements under the PID, the rules on ‘dual quality’ marketing under the UCPD, the rules on personalised pricing under the CRD and the rules on telephone calls at basic rate under the CRD. However, these amendments are either less relevant or less specific to financial services and therefore their application and interpretation typically may not raise significant issues or challenges for financial service providers and consumers.

Financial service providers operating across the EU are expected to be aware of the potential for significant fines and ensure compliance with consumer protection laws. Such fines are separate to but may be compounded by regulatory enforcement measures by financial services national competent authorities (NCAs) in addition to consumer protection bodies.

Key takeaways from the Report

The Report marks a timely assessment on whether the MD is achieving its aims. The Report reviews and assesses the period of the two years following the transposition deadline of the MD and thus conformity of Member States efforts, which had to adopt and publish the necessary transposition measures by 28 November 2021 and to apply them from 28 May 2022.

The Report presents the results of the consultations and data-gathering on the application and enforcement of the MD in the specific subject areas addressed by the Directive, based on various sources of information, such as stakeholder/consumer surveys, compliance tests as well as evidence from enforcement actions and studies. The Report draws conclusions regarding those specific areas to the extent possible at this stage, taking into account into what it concludes as a “short reporting period and the limited enforcement experience”.

The Report also signals future policy options that the EU’s co-legislators may seek to advance. This is especially the case given some of the difficulties in timely or complete transposition of the MD into national law of Member States. This is particularly the case as the Report:

  • notes that only five Member States adopted and communicated complete national transposition measures before the deadline and that the Commission opened formal infringement procedures against 22 Member States that had not notified any or only partial transposition measures; 
  • identifies some recurrent issues with the transposition of the provisions on individual consumer redress in the UCPD and of the reinforced rules on penalties in the UCTD and the CRD; and 
  • points out some problems with the transposition of the new Article 6a of the PID on price reduction announcements, as some Member States appear to have extended its scope to cover services that are outside the scope of the PID.

The Report highlights some positive signs, namely that the MD’s changes are overall contributing to the strengthening of consumer protection. However, the Report also flags some areas that require further attention, such as price promotions, consumer reviews and ‘dual quality’ marketing. The Report also acknowledges the challenges posed by the evolution of consumer online markets and new technologies and the need for close monitoring and effective enforcement in light of new “bad practices”.

One such emerging bad practice is “review fraud”. On page 30 the Report highlights that:

“Many problems concerning review fraud originate from the actions of fake review ‘brokers’ – specialised illicit businesses that organise (especially on social networks) the posting of fake reviews by users (who can be actual users or buyers of the products in question) for the benefit of businesses that engage these brokers to promote their business on online marketplaces or specialised review tools. Moreover, there have been reports of review brokers offering businesses to organise the supply of fake positive reviews on review sites and then retaliating against those who refuse by organising the posting of fake negative reviews. Some of the businesses concerned in the EU report that they bring criminal complaints and take private enforcement actions against the fake review brokers. Another challenge in this area is AI-generated reviews which might be more difficult to detect.”

This is an area that both consumer protection bodies as well as NCAs are likely to keep under strict supervisory scrutiny.

It is important to note that the Report was prepared in parallel with the ongoing “Fitness Check” of the body of EU consumer law on digital fairness. While that Fitness Check was launched in May 2022 and aims to assess whether the key horizontal consumer law instruments remain adequate for ensuring a high-level of consumer protection in the digital environment i.e., “digital fairness” the outcomes of that Fitness Check are subject to a separate report that is anticipated to be published in the second half of 2024 – with further analysis available from the EU RegCORE.

Outlook and next steps

The EC concludes its Report by stating that the EU has made significant efforts to modernise and harmonise its consumer protection rules, especially in the context of the digital transformation and the cross-border provision of financial services. However, the EC points to some gaps and challenges that need to be addressed in order to ensure a high level of consumer protection and a level playing field for financial service providers and intermediaries in the EU.

One of the main challenges is the effective and consistent enforcement of the consumer protection rules across the EU’s 27 Member States. The MD introduced stronger and more deterrent penalties for breaches of consumer rights, as well as enhanced cooperation and coordination mechanisms between national consumer protection authorities as well as between those bodies and financial services focused NCAs. However, the Report indicates that some Member States have not fully transposed or applied these provisions. Moreover, the Report calls out that there is still room for improvement in the exchange of information and best practices, the use of common tools and methods and the involvement of stakeholders and consumers in the enforcement process.

Another challenge is the adaptation of the consumer protection rules to the evolving means of how (and indeed where) consumers access online markets and new technologies. The EC uses the Report to point to the impact of artificial intelligence, big data and blockchain-powered solutions.Moreover, all firms subject to the MD, including financial service providers and intermediaries, are subject to comprehensive regulatory requirements and supervisory expectations to monitor and comply with the relevant data protection and privacy rules, as well as the ethical and social implications of using new technologies, such as artificial intelligence, in their interactions with consumers.]

The MD, which was conceived, finalised and came into force prior to the general acceptance of such comparably “newer” technologies, aimed to increase the transparency and fairness of online platforms and marketplaces, as well as to address some specific issues, such as personalised pricing, consumer reviews and ‘dual quality’ marketing. However, the Report acknowledges that these issues require close monitoring and further analysis, as they may pose new risks and opportunities for consumers and businesses alike. More pressingly, the Report notes that the MD does not cover some aspects of the digital environment, such as the use of algorithms, the collection and processing of personal data and the liability of online intermediaries, which are subject to other EU legal frameworks or initiatives. Consequently, the EC signals needs for further legislative and supervisory calibration across rules. 
Accordingly, financial service providers and intermediaries operating in the EU should expect further developments and changes and/or sharpening in scrutiny of consumer protection rules in the near future, as the EC and the Member States will seek to ensure the effective implementation and enforcement of the MD, as well as to address the emerging challenges and opportunities that fall under the EU’s efforts to finalise the (Digital) Single Market.

In addition to sharper supervisory scrutiny from NCAs, financial services firms should also be prepared for the possibility of cross-border coordinated actions, including more broadly under the CPC Regulation. This may involve joint investigations, information requests, enforcement measures and injunctions by consumer protection authorities from different Member States, as well as the EC’s involvement and oversight.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments as well as conducting targeted compliance reviews. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 1,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award”. 

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website