Regulatory and Legal aspects of FinTech
This article has been co-authored by Andrew Oldland QC and Freshfields Bruckhaus Deringer.
The term FinTech is used to describe the application of technology to financial services. Technological change in financial services is nothing new, but what is new is the pace of change coupled with a significant amount of investment. FinTech is affecting all aspects of financial services, from disruptors to collaborators, retail services to investment banking, front office to back office. FinTech has also brought to light entirely new services and products that didn’t exist five years ago – for example, virtual currencies, distributed ledger technology, crowdfunding, robo-advice.
In relation to these new products and services, the applicable regulatory position is not always clear. Taking virtual currencies (also known as cryptocurrencies) as an example, a key problem for regulators is the definition of cryptocurrencies and tokens – a clear definition is an essential pre-requisite to ‘good’ regulation.
It seems that the prevailing view among regulators is that cryptocurrencies are more akin to an asset class than a currency.
At present, the three key areas of concern shared by regulators worldwide relating to cryptocurrencies are:
- consumer protection (including the protection of personal data)
- the prevention of financial crime, in particular money laundering
- the integrity of the markets.
Currently, we find ourselves in a somewhat counter- intuitive position. National regulators are reluctant to regulate, or indeed, may not be sure how to regulate, whereas many participants want to be regulated so as to have the badge of credibility that goes with authorisation.
Regulatory enforcement in this area can be sporadic and primarily focused on money laundering, (see the US authorities acting against the Silk Road). In Turkey, an example was given of drugs money being laundered through Bitcoin.
Initial Coin Offerings (ICOs) have also received a lot of attention recently, being ways of raising funds from the public, effectively by way of a coin or token sale – usually in exchange for cryptocurrency. The regulatory position in relation to ICOs is similarly not always clear (and where it is, it is often because ICOs are banned). The confusion is compounded by the fact that the broking of ICOs may well fall within regulation. A number of regulators have caveated their position by stating that the characteristics of the token issued will determine whether the token is considered to be a security, a form of payment or a representation of some sort of service or utility. The current position of many regulators, which appears to be one of ‘wait and see’, is unlikely to be sustainable in the longer term. Indeed, we are beginning to see guidance emerging (e.g. in Switzerland).
As to consumer protection, in the UK for example, ICOs are generally unregulated (although again, this depends on the characteristics of the coin being offered) but the FCA has issued stark warnings to consumers about the risks.
At the other end of the FinTech spectrum are financial services or products which, although enabled by cutting edge technology, clearly fall within regulation. Regulators are also starting to be much more encouraging of start- ups and new services. In order to encourage competition through advances in technology, in many countries, national regulators now have the powers to relax their requirements or provide guidance through so called ‘sandboxes’. Sandbox participants may benefit from lighter-touch regulation, but are required to provide often detailed information to the regulator which will help better inform regulation going forward. Here regulation appears to be working well.
Predominantly, regulators are tending to follow ‘neutral’ regimes (or relying on their existing frameworks) rather than producing detailed rules and regulations specifically on FinTech. This is often through ‘principles based’ regimes where regulators have greater discretion and flexibility.
Two further important issues relate to the protection of personal data and intellectual property (IP). The introduction in the EU of the GDPR, with its enhanced requirements, will have a significant impact on many FinTech companies. Improved methods of IP protection are also likely to be required to enable FinTech companies to flourish.
In the UK, the FCA has four objectives. Its strategic objective is to ensure that the relevant markets function well.
The FCA’s operational objectives are to:
- protect consumers – the FCA aims to secure an appropriate degree of protection for consumers
- protect financial markets – with the aim to protect and enhance the integrity of the UK financial system
- promote competition – the FCA aims to promote effective competition in the interests of consumers.
View from Turkey
Cost efficiency, financial inclusion, establishment of an eco-system, intellectual property rights and cyber security are the most important considerations for the regulators. There are a number of ongoing regulatory initiatives concerning FinTech in Turkey. A working group composed of the Central Bank of Turkey, the Capital Markets Board and the Banking Regulation and Supervision Agency has been studying cryptocurrencies. In addition, the Banking Regulation and Supervision Agency has been collaborating with payment services firms to ensure growth and to contain cyber risks. Last but not least, Turkey’s Ministry of Development is expected to cover FinTech in the 11th National Development plan to be published in June 2018.
It is worth noting the FCA’s focus on financial inclusion and the ability of Fintech to provide services to vulnerable consumers. In 2016, the FCA hosted a TechSprint event focussing on this and the only mention of Fintech in the FCA’s 2017 mission related to financial inclusion:
“We can use our convening powers to bring participants together and explore innovative ways of improving market effectiveness, such as developing Fintech to reduce the cost of financial services or to extend access to vulnerable consumers.”
It also features as one of the eligibility criteria of the robo- advice unit (Potential to deliver lower cost advice or lower cost guidance to unserved or underserved consumers).
Noting in particular that innovative tech can create better competition, the FCA is seeking to promote innovation as part of the ‘virtuous circle’ of competition, where competition is a very powerful driver of innovation and vice versa. With that in mind, the FCA set up Project
Innovate,1 which aims to tackle regulatory barriers to allow firms to innovate in the interest of consumers. Project Innovate consists of:
- direct support and guidance
- an advice unit – a dedicated team providing feedback to firms developing automated advice and guidance models
- the sandbox – ultimately to facilitate testing
- engagement with others, covering industry (such as the FCA’s ’themed weeks’), regional engagement
(i.e. outside of London) and international engagement with other regulators.
In respect of the FCA innovation agenda and the sandbox, the FCA has available, where permitted, certain tools, such as restricted authorisation, individual guidance, waivers of rules and no-enforcement action letters.
Looking to crowdfunding as a practical example of legislating a new area, the FCA reviewed the peer-to- peer lending sector and noted that while equity-based crowdfunding platforms were already likely to be included in the regulatory perimeter, loan-based platforms (also known as peer-to-peer lenders) were not. When it took on competence for consumer credit activities in April 2014, the FCA brought in a bespoke, lighter-touch regulatory regime which applied to the operators of loan-based peer-to-peer platforms. The FCA has been keeping developments in the peer-to-peer lending sector (both equity-based and loan-based) under review. We expect to see revisions to the regulatory regime in the future, including a consultation paper with proposals for rule changes, addressing the concerns raised by the FCA in its interim review paper. While this might be somewhat difficult for the affected providers, who will need to keep updating their policies and procedures, as well as keeping up to date with the regulatory requirements that apply to them, the intention of the review is a proportionate and appropriate regulatory regime.
The European Commission is also considering legislation on crowdfunding and has very recently published a proposal whereby operators of platforms can ‘opt in’ to an EU framework. This includes an EU regime that platforms wishing to conduct cross-border activity could opt into, while leaving the rules for platforms conducting only national business unchanged. Whether this will be the ultimate outcome for this proposal remains to be seen.