A new European framework for financial services contracts concluded at a distance has recently been finalised.
It is set to bring about significant reforms for financial services concluded online, via telephone or through other forms of remote marketing. An extensive set of new provisions, in the form of a directive, was adopted in October 2023 by the European Council. Although it is likely to be mid-2026 before the changes become effective, firms should start planning for how the changes will impact business models.
The new law is intended to cover consumer financial services contracts concluded at a distance. It repeals Directive 2002/65/EC which concerns the distance marketing of consumer financial services (DMD) and amends the 2011 Consumer Rights Directive (2011 CRD) on financial services contracts concluded at a distance. The new requirements will form a part of the 2011 CRD.
The new framework aims to address the issues presented by the existing overlap in sector-specific legislation, to combat the challenges presented by the rapid digitalisation in the financial services market and to increase and further harmonise consumer protection across the European Union.
What are the key changes for financial services distance contracts?
- Scope: The final text of the new Directive clarifies the scope of its application. Where other EU legislation relating to specific financial services also provides for an aspect (e.g. right of withdrawal, etc.) of the provisions of that sectoral legislation more generally, rather than the provisions introduced by the new Directive, will apply. That is unless otherwise provided in the relevant legislation. It also confirms the continued application of the “safety-net” feature of the current DMD for financial services which are either not covered by EU sector-specific legislation or are excluded from scope.
- Pre-contractual information (PCI):The new Directive varies the existing position on information disclosure and represents a modernisation of PCI obligations. Member States are also given the ability to impose stricter national rules in the area. Examples of the modernised approach include specific reference to the practice of “layering” when providing PCI by electronic means (i.e. placing certain key elements of PCI prominently on the first “layer” and other detailed parts of PCI in accompanying “layers”). The new Directive introduces a requirement that where PCI is “layered”, it must be possible to view, save and print it as one single document.
In addition, the PCI requirements themselves are expanded to include, for example, information on electronic means of communication, the environmental or social objectives targeted by the financial service and (where applicable) that the price was personalised using automated decision-making. The PCI must be provided to the consumer at least a day before any distance contract binds the consumer. If not, a reminder on the possibility of withdrawal must be sent.
- Right of withdrawal: The right of withdrawal from distance contracts must be facilitated through a prominent, easy-to-find ‘withdrawal function’ on the provider’s interface. The withdrawal function must be clearly labelled, unambiguous and comprehensible. It must be continuously available during the withdrawal period. A confirmation of withdrawal must accompany the withdrawal function which is clearly labelled and easily legible. Once activated, an acknowledgement of receipt must be sent to the consumer without undue delay. Certain financial services, including travel and baggage insurance policies or similar short-term insurance policies of less than one month’s duration, are not subject to the right of withdrawal.
- Online fairness: The new Directive contains two important provisions intended to improve online fairness:
- Human intervention – in using online tools (e.g. robo-advice or chat boxes) a firm must through their use be able to provide and explain to the consumer all key information, including the main characteristics of the proposed financial service contract. Importantly, if the consumer requests human intervention, this must be provided. The Directive’s recitals clarify aspects of the scope of this entitlement to human intervention. For example, it needs only to be available to consumers during the business hours of the firm.
- Dark patterns – the new Directive introduces additional protection for consumers from “dark patterns” (i.e. a user interface designed to deceive or nudge users into making unintended and potentially harmful choices). Member States are required to take measures to limit the use by financial services providers of ‘dark pattern’ marketing techniques to influence consumers’ choices. This aims to avoid as far as possible consumer biases and increase transparency.
The new Directive is expected to enter into force by early 2024 after which Ireland and all other EU Member States have 24 months for national implementation. Affected firms therefore have until about mid-2026 to incorporate required changes into contractual provisions and digital customer journeys.
The new Directive will strengthen and modernise the rights of consumers of distance financial services contracts. Given the rapid acceleration in digital financial services in recent years, a significant cohort of firms now engage in distance contracts and will be impacted. Firms are recommended to begin planning for how the new requirements may impact their business.
Contributed by Martha Ní Dhochartaigh