European Commission publishes reports showing the need for strengthened consumer protection enforcement at the EU level

RegCORE – Client Alert | EU Digital Single Market

QuickTake

Consumer protection remains a core priority of the European Commission across the EU’s Single Market. It is also a central aspect of the legislative reforms that aim to complete the construction of a Capital Markets Union (CMU) as well as the more targeted measures proposed during 2024 as part of the CMU’s tentative rebrand as an EU Savings and Investment Union. With many types of financial services firms faced with a rise of (regulated) complaints from consumers over the past years and the European Commission set to announce further consumer protection legislation reforms in its workplan for the legislative cycle from 2024 through to 2029, some financial services firms may want to step-up preparatory action to improve their compliance with consumer protection requirements.

Since 2017 the EU’s Consumer Protection Cooperation (CPC)Available here.Show Footnote Regulation sets a legislative framework for cooperation amongst CPC designated bodiesRespective information and lists available here.Show Footnote and their responsibilities for the enforcement of consumer protection laws. In some EU Member States those authorities differ from those that are designated as national competent authorities (NCAs) for the supervision of financial services. Cooperation amongst NCAs take different forms, ranging from college of supervisors through to coordinated actions, including those led by the European Supervisory Authorities (ESAs) as part of Common Supervisory Actions (CSAs) i.e., cross-border on-site inspections (OSIs), thematic reviews and/or the use of more targeted mystery shopping exercises (each of these supervisory tools, both in design and deployment, are discussed in Thought Leadership coverage from our EU RegCORE).

On 25 July 2024 the European Commission’s published two reports on the effectiveness of cross-border enforcement cooperation of EU CPC relevant authorities. The reports have a differing focus but common aims, namely:

1. The CPC Regulation Application ReportAvailable here.Show Footnote – which assesses the application in practice of the CPC Regulation since its entry into application in January 2020 and the effect that its enforcement cooperation system has had on traders’ (not just financial services firms’) compliance with the body of EU (as opposed to national) consumer protection laws. Overall, the report concludes that the CPC Regulation has been useful in addressing widespread breaches of EU consumer law affecting several Member States. Nevertheless, this report also finds that the current enforcement mechanisms need to be strengthened to effectively face new challenges such as the rapid multiplication of illegal practices on digital markets and low levels of compliance, especially by non-EU traders. For financial services firms this strengthening also includes greater cooperation between CPC relevant authorities with NCAs and the ESAs; and
2. The Biennial ReportOverview available here and the report here.Show Footnote – which provides an overview of activities carried out by the CPC Network[Details available here.] during 2022 and 2023. This report identifies key market trends, including areas of concern where CPC authorities expect the biggest challenges for consumers (generally and not just financial services specific) in the near future. The report finds that topics linked to the digital and green transition, in particular digital fairness in terms of the transparency of prices, (f)influencer marketing, artificial intelligence or illegal green claims and greenwashing, will continue to determine the priorities of the CPC network for the years to come. Data collected from yearly “sweeps” shows that compliance with basic consumer rights online continue to hover around 50% on average.

This Client Alert assesses the key takeaways of both of these reports and their impact on financial services firms and should be read in conjunction with further coverage from our EU RegCORE as it relates to corresponding changes affecting consumer protection rules and NCA/ESA supervisory as well as enforcement priorities ahead.

Key takeaways from the CPC Regulation Application Report and the 2024 Biennial Report

For financial services firms, these reports should signal a clear priority: to anticipate and prepare for tighter regulatory scrutiny and enforcement actions in consumer protection. As detailed in both reports, The CPC network’s actions are crucial for financial services firms as they highlight the regulatory focus areas and enforcement trends. The CPC Network has increased its mutual assistance requests by 41% compared to the previous period reviewed by the preceding Biennial Report, indicating a more collaborative and stringent enforcement environment. Financial services firms should note that a significant portion of these requests pertained to unfair commercial practices and consumer rights, which are central to financial consumer protection and thus subject to interest also by NCAs and the ESAs.

The increase in issuance of “alerts” and the conduct of “sweeps” by the CPC Network are indicative of a more proactive regulatory oversight. Many financial services firms may want to step up their efforts to become more vigilant about compliance with consumer protection laws, as non-compliance can lead to alerts that may trigger cross-border enforcement actions by consumer protection authorities but also by NCAs, the ESAs or ultimately litigation risks, including from collective action claims (as now very much possible pursuant to pan-EU legislation). Sweeps, particularly those targeting misleading price reductions and online fraud schemes, should prompt firms to review their pricing strategies and online representations to ensure transparency and avoid deceptive practices.

Importantly, while both reports are published in 2024, data and analysis underpinning both reports follow in the wake of the COVID-19 pandemic and policymakers as well as authorities (regardless of mandate) being cognisant of the need to focus on how multiple crises impacting consumers, such as pandemics and economic downturns. Financial services firms must consider how these crises affect consumer vulnerability and adjust their practices accordingly to ensure fair treatment of consumers during challenging times and reflect this in policies and procedures – indeed certain Member States require a “Vulnerable Customer” policy and for those that do not, adopting one may be recommendable.

Introduction to the CPC Regulation Application Report and its relevance to financial services firms

The CPC Regulation is particularly significant for financial services firms, as it directly impacts how these entities interact with consumers across the EU, especially in cross-border scenarios. The CPC Regulation’s overarching goal is to ensure that consumer protection laws are applied consistently and effectively throughout the EU, thereby safeguarding consumers’ economic interests and promoting a level playing field for businesses.

The CPC Regulation’s tools facilitate the detection and cessation of cross-border infringements and consistent enforcement actions by authorities. These include mutual assistance requests, alerts, coordinated actions, sweeps, and other collaborative activities beyond those and in particular OSIs and thematic reviews conducted by the ESAs and/or NCAs. Financial services firms must be cognisant of these CPC Network mechanisms as they can lead to investigations, enforcement measures, and potentially significant implications for their operations as well as their supervisory engagement with financial services authorities and ultimately also litigation risks.

The report highlights key market developments since the adoption of the CPC Regulation, such as the rapid growth of e-commerce and increased cross-border shopping, including from non-EU traders/actors. These developments have a direct bearing on financial services firms, particularly those offering online services or products, as they must navigate a complex landscape of consumer interactions and ensure compliance with evolving EU consumer protection laws and which laws apply where and when depending on an online cross-border interaction.

The report’s primary focus is on evaluating the effectiveness of the CPC Regulation in achieving its objectives. It assesses enforcement actions, compliance by traders and the powers of competent authorities. Financial services firms should take note of this evaluation as it reflects the regulatory environment within which they operate and may signal areas where increased regulatory scrutiny or changes in enforcement practices could occur.

The effectiveness of the CPC Regulation is scrutinised in light of recent consumer market evolutions within the EU. Financial services firms should be aware that authorities view the regulation as flexible enough to address emerging business models and marketing practices, including those in the digital sphere. While this means that the CPC Regulation will not return to the drawing board, challenges such as workload and rapid online activity development are noted.

Despite its benefits, the report identifies shortcomings in the CPC Network’s current cooperation framework that could impact financial services firms. These include differing enforcement capacities at the national level, differences in interpretation and application of the regulation, difficulty addressing infringements by traders outside the EU, and a perceived lack of deterrence due to the absence of straightforward fines. Article 9 of the CPC Regulation sets out minimum powers for competent authorities, which are crucial for effective cross-border cooperation. Financial services firms must understand these powers both within (i) a Member State and in (ii) a cross-border (including comparative law) setting as they form the basis for investigations and enforcement actions that could affect their businesses as well as which national consumer protection authority can escalate to which NCA and/or ESA (if at all). Further clarification, which is permitted under the CPC Regulation, by the European Commission and/or relevant national authorities may well follow so as to level the playing field and harmonise the current supervisory and enforcement toolbox for consumer protection authorities and/or by NCAs/ESAs on consumer protection matters even further.

The report concludes that while the CPC Regulation has generally met its objectives, there is room for improvement. Financial services firms should anticipate potential changes to the current framework that could arise from ongoing impact assessment studies aimed at addressing future enforcement challenges. Specifically, this may well mean forward planning for:

• Enhanced Regulatory Cooperation: Firms should expect increased cooperation among EU consumer protection authorities, which could lead to more coordinated enforcement actions across EU Member States including jointly with NCAs/ESAs. 
• Greater Scrutiny on Cross-Border Activities: With a focus on cross-border infringements, financial services firms operating in multiple EU jurisdictions may face heightened scrutiny and should ensure robust compliance mechanisms are in place as well as the ability to quickly produce evidence to substantiate which consumer protection law standards have been complied with when, where and how in a financial services firms’ cross-border operations. 
• Adaptation to Digital Market Dynamics: As digital markets evolve rapidly, the findings of this report point out that firms must be perhaps ever more agile in adapting their practices to comply with consumer protection laws and avoid engaging in practices that could be deemed unfair or deceptive in digital as well as non-digital delivery models.
• Preparedness for Emerging Business Models: The report indicates that new business models, particularly those leveraging technology such as artificial intelligence, will be under increasing regulatory scrutiny (see comments below re EU AI Act). Firms should be proactive in assessing and adjusting their business models accordingly. 
• Impact of Non-EU Actors: The difficulty in addressing infringements by actors outside the EU may lead to stricter regulations or enforcement measures that could affect financial services firms with global operations, certainly if tolerance of what is conducted from where with respect to EU consumers and how may become stricter. 
• Potential for Increased Penalties: The report’s indication of a lack of deterrence due to insufficient penalties suggests that there may be future regulatory changes leading to stricter penalties for non-compliance. Financial services firms must pay close attention to the enforcement actions highlighted in both reports. The CPC Regulation Application Report indicates a significant increase in mutual assistance requests and alerts, signalling a more collaborative and proactive approach among national authorities in tackling consumer protection issues. The 2024 Biennial Report further emphasises this trend by providing specific examples of enforcement actions, such as those against payment services providers regarding recurring payments and subscription traps. 
• Communication and Transparency: The report suggests that increased communication about CPC activities could improve compliance. Some firms may want to improve how they engage in transparent communication with regulators and monitor regulatory developments closely. Both reports underscore the importance of price transparency and personalised pricing disclosures. Financial services firms must ensure that their pricing structures are transparent and that any personalised pricing tactics are clearly communicated to consumers. Failure to comply with these requirements could result in enforcement actions and reputational damage.
• Monitoring Implementation of Commitments: Firms should be aware that authorities will monitor the implementation of commitments following coordinated actions, which may require ongoing adjustments to business practices.

In conclusion, financial services firms operating within the EU must closely monitor developments related to the CPC Regulation and its enforcement. They should be prepared to adapt their compliance strategies in response to regulatory changes and ensure that their practices align with consumer protection laws to mitigate risks and maintain consumer trust. Some further aspects are set out in more granular detail in the 2024 Biennial Report. 

Introduction to the 2024 Biennial Report and its relevance to financial services firms

The 2024 Biennial Report provides a comprehensive review of the enforcement actions and market trends observed by the CPC Network during 2022 and 2023. The findings are of significant importance to financial services firms as the 2024 Biennial Report outlines the regulatory landscape and enforcement priorities that have direct implications for firms’ operations. The CPC Network’s activities, particularly those related to digital markets and payment services, are highly relevant to financial services firms as they must navigate a complex web of consumer protection laws and regulations that are in differing states of evolution/application in force and/or reform.

The 2024 Biennial Report details coordinated actions concerning digital markets, including those related to payment services. Some financial services firms may wish to take note of the enforcement actions against major marketplaces and platforms, as these set precedents for compliance expectations. For instance, the commitments by major payment service providers like Mastercard, VISA, and American Express to introduce changes ensuring clear consumer information regarding recurring payments highlight the regulatory focus on transparency and informed consent in financial transactions.

The commitments by payment service providers to modify their rules and payment windows to provide clear information about recurring payments underscore the importance of clear communication with consumers. Some financial services firms may wish to (re-)evaluate their current arrangements to ensure that their customers are fully aware of the terms and conditions of any recurring payment agreements, particularly in relation to "subscription traps." This focus on preventing hidden subscriptions charged on a monthly basis emphasises the need for firms to review their customer interfaces and terms of service to ensure compliance with these enhanced transparency requirements.

Moreover the 2024 Biennial Report’s focus on online fraud schemes is particularly pertinent for financial services firms, which are often at the forefront of combating such fraudulent activities. The cooperation between national consumer authorities, the European Commission and law enforcement agencies, including Europol, against online fraud schemes indicates a strategic approach to consumer protection that financial services firms must align with. The development of collaborative platforms and intelligence-sharing mechanisms will likely require firms to participate actively in fraud prevention and detection initiatives.

The expansion of an “EU eLab” by the CPC Network, which aims at providing advanced investigative tools for online infringements, signals an increased capacity for regulatory authorities to detect and act against non-compliant practices. Financial services firms must be aware that their online activities are now very much subject to stricter scrutiny using state-of-the-art digital solutions. This development may lead to a higher detection rate of non-compliant practices within the sector, necessitating a proactive approach to compliance. Financial services firms must anticipate more advanced investigative techniques being employed by authorities and ensure their operations can withstand such scrutiny.

Moreover, the 2024 Biennial Report’s analysis of the E-Enforcement Working Group and Academy, with its focus on online enforcement tools and widespread infringements in digital markets is noteworthy, in how greater supervisory tools and practices are being applied in a more coordinated manner. Financial services firms operating online platforms or engaging in e-commerce must be particularly attentive to these developments, as they signal increased regulatory attention on online consumer protection issues.

Equally, the financial support provided to CPC authorities for developing digital enforcement tools with an emphasis on international cooperation, including with the U.S. Federal Trade Commission (FTC), indicates a global harmonisation trend in consumer protection standards. Financial services firms operating across borders should anticipate a more coordinated regulatory approach and prepare for compliance with not only EU regulations but also those that may emerge from international collaborations.

The 2024 Biennial Report wraps up in identifying key market trends that might affect consumers’ interests in the future, with generative artificial intelligence (AI) and chatbots or use of finfluencersThe focus on online fairness, including price presentation or financial influencers (finfluencers), is particularly pertinent for financial services firms engaged in digital marketing. The need for transparent pricing and clear disclosure of commercial relationships with influencers is emphasised, requiring firms to review their online marketing strategies for compliance.Show Footnote being highlighted – and indeed these are areas of increased supervisory interest by the ESAs and NCAs (see notably coverage on dedicated Thought Leadership on the use of finfluencers). Financial services firms employing AI technologies must ensure that they are developed, deployed and used safely to prevent risks to consumers. These statements reached in both reports, while not new, dovetail and complement those that have been expressed in legislation (see coverage on the EU’s AI Act and implications for financial services as well as other Thought Leadership from our EU RegCORE). Lastly, the call for action by consumer organisations regarding generative AI systems like ChatGPT suggests that regulatory scrutiny in this area is imminent, and firms should be prepared for potential investigations and compliance requirements.

Outlook and next steps

In conclusion, the 2024 Biennial Report and CPC Regulation Application Report serve as a clarion call for enhanced consumer protection enforcement within the EU’s Single Market. Financial services firms should heed these insights and bolster their compliance frameworks to meet the heightened expectations of regulators by NCAs working more closely with CPC authorities intra-state and/or together with the ESAs on cross-border thematic reviews and/or OSIs.

As the market landscape continues to evolve, particularly in digital and green sectors, firms that proactively adapt to these changes will be best positioned to thrive in an increasingly regulated environment. Financial services firms should be prepared for their commitments to be tested in real-world scenarios, ensuring that their practices are not only compliant on paper but also effective in protecting consumers.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 1,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award”.

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.