Competition Law - Financial Services
Picture three banks in a concentrated mortgage market. Each runs its own pricing engine; each engine watches the others, reads funding costs and demand, and trims its rate just enough to stay profitable. Within months the three sit in a narrow band, comfortably above where real competition would put them. Nobody picked up a phone. No data passed between them. No shared vendor sat in the middle. And households pay for it, quietly, every month. Economically, the outcome behaves like a cartel. Legally, it is almost nothing at all.
I call this unilateral parallel algorithmic behaviour, or UPAB: competing firms each running their own pricing system, those systems settling on supra-competitive prices with no agreement, no contact and no shared data. It is the subject of my new article in ERA Forum. The easy reaction is to file it under the familiar worry that algorithmic collusion is hard to detect and harder to prove. That misreads it. There is no hidden infringement here waiting to be uncovered.
The conduct falls outside competition law not because the evidence is elusive but because the legal category does not reach it. The gap is doctrinal, not evidential. That is what sets UPAB apart from the general lament that enforcement cannot keep pace with technology.
Article 101 of the Treaty on the Functioning of the European Union (TFEU) bites on agreements and concerted practices, and a concerted practice needs some interaction that trades the ordinary risks of competition for cooperation. Since Wood Pulp, parallel conduct on its own has never been enough: firms that simply react to the same public prices are competing, not colluding. I have no quarrel with that rule. UPAB just happens to sit on the safe side of it.
The systems observe the same signals, apply similar logic and converge. They do so not because anyone agreed, but because the shape of the market and the design of the software make convergence the obvious result. Take away the assumption that coordination requires contact, and there is simply nothing for Article 101 to grip.
The algorithmic cases we have circle this boundary without crossing it. Eturas caught a discount cap, but only because it travelled through a message between competitors; the platform carried the restriction, it did not invent it. Google Shopping confirmed that conduct does not escape competition law merely by being written in code, though that was an abuse case under Article 102 TFEU, a different animal from coordination between equals. Each tells us where the line runs. Neither tells us what to do with the firm that switches a system on and walks away.
MiFID II disciplines how a firm runs its own trading algorithms; it is silent on what happens when an entire sector prices in parallel. The Market Abuse Regulation is aimed at manipulation, at spoofing and layering, not at honest systems reading visible prices.
The AI Act reaches creditworthiness and parts of insurance but leaves ordinary mortgage, credit and investment pricing below its high-risk tier, while the Digital Markets Act governs the vertical grip of gatekeepers rather than the horizontal drift of rivals. Even the Commission’s 2023 Horizontal Guidelines, which concede that algorithms can facilitate collusion, reach only the cases that still have an agreement, a shared tool or a signal behind them. Each was built for a different question. None was built for this one.
Regulators sense the shape of the problem even where the law cannot close its hand around it. In February the Bundeskartellamt banned Amazon’s price-control mechanisms and recovered €59 million. Italy’s authority examined airfare algorithms and retreated into a conversation about transparency rather than an infringement finding.
The American cases, RealPage above all, turn on shared software and pooled non-public data, which is exactly why they fit the established categories. The CMA, Canada’s Competition Bureau and the OECD have each flagged the risk, and in a 2024 joint statement the EU, US and UK authorities voiced a broader shared concern about competition and AI. But notice the pattern. What reaches a tribunal is always a shared-tool case, because that is the only version with a doctrinal door. The pure case is still standing outside, on both sides of the Atlantic: separate systems, no contact, the same result.
The honest objection is that this is just competition moving faster. Firms have always watched one another, and software only quickens the reflex. Much of the time that is true, and I have no appetite for a rule that punishes a bank for reading a published rate. The concern is narrower. It arises where a market is concentrated and transparent, where prices reset in seconds and costs run broadly in parallel.
Those are the conditions Airtours long ago identified as fertile ground for tacit coordination. Drop self-optimising systems into that soil and they can hold a price line no group of human managers could discipline for long. So the question is not whether a firm reacts to public information. It is whether it knowingly deploys a system that, in that particular market, will keep prices up.
If the diagnosis is right, the remedy is not to torture Article 101 TFEU until it confesses to something it never contained. It is to move the point of scrutiny forward, to the moment of deployment. That is the one reform I would put at the centre: a narrow duty that bites only where market structure and system design already make coordination foreseeable.
Think of a market where three or fewer firms hold most of the national supply in mortgages, consumer credit or personal insurance. There, before it switches the system on, the firm would have to weigh the very factors competition lawyers have assessed since Airtours and the merger guidelines. This is not a new offence. It is the existing coordinated-effects analysis, brought forward to the design stage, where it can still do some good.
The rest is plumbing, and I would keep it in the background. Someone has to watch the combined effect of algorithmic pricing across retail finance, whether European Securities and Markets Authority (ESMA), the European Systemic Risk Board (ESRB) or the Commission; it matters less who holds the mandate than that the mandate exists.
The AI Act’s high-risk list can, within Article 7’s limits, be widened by the Commission’s own hand. Supervisors should be able to see, in confidence, what these systems actually feed on. And because Article 17 of Regulation 1/2003 yields only a report, the Union needs a market investigation power with real remedies behind it, of the kind the UK already has under Part 4 of the Enterprise Act 2002; a firm that turns an autonomous pricing agent loose in a regulated market should answer for what it does. None of these is the headline. Each is what makes the headline workable.
None of this is tidy, but it is more honest than asking Article 101 TFEU to catch conduct it was never written to see. The present enforcement gap is not a safe harbour. If the economists are right that these systems can hold prices above the competitive level, then people in concentrated financial markets are paying for it now, with no real way to object. The tools are on the shelf. The only open question is whether we reach for them while the problem is still taking shape, or wait until it has set into the ordinary way the market works.
The author's article, Unilateral parallel algorithmic behaviour in EU financial services law, is available here.
Ian Gauci is Managing and Founding Partner of GTG Legal, Malta, and Chair of the AI in Fintech Strategy Group at the Malta Financial Services Advisory Council.
This article was first published on the Oxford Business Law Blog on 02 June 2026.
