This country-specific Q&A provides an overview of the legal framework and key issues surrounding fintech law in Belgium.
This Q&A is part of the global guide to Fintech.
For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/index.php/practice-areas/fintech-2nd-edition
What are the sources of payments law in your jurisdiction?
The main source of payments law in Belgium is the European Union legislator. The European Union strongly harmonised both the prudential rules (which concern the eligibility, the licensing process and the conditions to be met in order to offer payment services) and the rules of conduct (which concern the mandatory pre contractual and contractual rules in relation to payment service users).
These rules are laid down in the EU Directive n°2015/2366 of 25 November 2015 on payment services in the internal market (the “PSD2”). This directive has been transposed into Belgian national law in two distinct acts:
- the law of 11 March 2018 on the status and control of payment institutions and electronic money institutions. This law concerns the prudential rules applicable to payment and electronic money institutions.
- Book VII of the Belgian Economic Law Code.
While the law of 11 March 2018 is only applicable to payment institutions and electronic money institutions, Book VII of Belgian Economic Law is also applicable to all other payment service providers, i.e. the credit institutions and certain (semi-) public entities such as Bpost, the National Bank of Belgium and local authorities.
Beside these laws, special attention must also be paid to the soft law rules enacted by the regulators at both the European level (the European Central Bank Guidelines) and the Belgian level (the National Bank of Belgium).
Can payment services be provided by non-banks, and if so on what conditions?
Yes. So-called electronic money institutions (EMIs) and payment institutions (PIs) are also allowed to provide payment services. In order to become a payment institution or an electronic money institution, a company must get licensed by the National Bank of Belgium.
Several requirements laid down in the law must be met. They concern e.g. the quality of the shareholders and management, the governance, the minimum capital requirements, the business model, the IT infrastructure, etc. The candidates must file a licence application containing the different requirements set out by law (as specified in applicable EBA guidelines).
Since the introduction of the PSD2 in Belgium the licence requirements for EMIs and PIs have become very similar. The most important difference lies within the higher minimum capital requirements for EMIs.
The prudential requirements that must be reached during the licensing process must be met during the whole existence of the payment/electronic money institution. Regulated entities must also fulfil reporting obligations.
A licence obtained in Belgium allows a regulated entity to provide payment services in all the other EU Member States. A simple prior notification to the home country national regulator (which is in charge of informing the national regulator of the target country) is required.
Besides banks, PIst and EMIs, certain (semi-) public entities such as Bpost, the National Bank of Belgium and local authorities are also allowed to provide payment services (see above the question on the sources of payment legislation).
What are the most popular payment methods and payment instruments in your jurisdiction?
Card payments and fund transfers are the two main (retail) payment methods in Belgium.
Fund transfers occur directly between different banks, PIs and EMIs and are cleared by the local CEC or European Target2 payment system. These payment operations can be initiated online (as the case may be, via a banking or payment app.) or offline
Card payments rely on a card scheme (Bancontact / MasterCard) and include the intervention of a card issuer (mostly banks or PIs), a payment acquirer and a retail payment processor (Worldline in Belgium). Most payment cards are still physical, while virtual cards are gaining market share very quickly.
International payment methods linked to credit cards (such as Paypal, Google and Appel Pay etc) are also available to customers.
Money remittance providers are also common in Belgium and focus primarily on both foreigners and locals sending money to their relatives in foreign countries.
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
Since the transposition of the PSD2 in Belgium by the law of 11 March 2018, credit institutions must in principle open their infrastructure to authorised third party payment service providers, i.e. the account servicing payment service providers and the payment initiation service providers.
Account servicing payment service providers and payment initiation service providers are payment institutions in the meaning of the law of 11 March 2018. They must be authorised by the National Bank of Belgium prior to exercising their activities.
However, one important piece of legislation in relation to open banking, the Regulated Technical Standards 2018/389 of 27 November 2017 on Strong Customer Authentication (RTS SCA) has taken effect since 14 September 2019. These Regulatory Technical Standards contains the concrete rule on the opening of banking infrastructure. Only then will the open banking really enter into force in Belgium.
In practice, we foresee that certain if not the majority of Belgian credit institutions will not be ready by 14 September 2019 with an API which is tested and approved by the regulators.
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
By their digital nature, fintech initiatives are very often exposed to data protection issues. With regard to the protection of personal data, the most important regulations are the GDPR (Regulation 2016/679 of 27 April 2016), the ePrivacy Directive (Directive 2002/58/EC of 12 July 2002) and the provisions transposing this Directive into Belgian law. The Belgian legislator has also adopted the Belgian Data Protection Act of 30 July 2018, which partially incorporates the generally applicable provisions of the GDPR and partially provides for additional provisions. These laws mentioned above however do not specifically address data protection within the context of providing financial services.
For the processing of data within the context of open banking in particular, it is generally agreed upon that the PSD2 and the GDPR are jointly applicable. According to the Belgian transposition of the PSD2, the processing and storage of personal data necessary for the provision of payment services by the payment service provider can only take place with the explicit consent of the payment service user. It is assumed that this explicit consent under the transposition of the PSD2 is a mere contractual consent and does not have to comply with the strict conditions for valid explicit consent under the GDPR, as this would impose significant additional (practical and financial) responsibility on the bank. Parties to a framework agreement may agree that the explicit consent of the payment service user to the access, processing and storage of personal data – this being necessary for the provision of payment services, and falling within the scope of the framework agreement concerned – is effectively given through the consent to the execution of the payment transactions.
However, as the GDPR applies to these processing activities, the bank should always process the personal data on a legitimate basis (e.g. necessity for the performance of a contract) and should at all times respect all principles of lawful processing. Therefore, the bank should ensure that the personal data is processed in a manner that ensures appropriate data security and integrity, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (e.g. through pseudonymisation or encryption of personal data).
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
The supervision of the financial sector is shared by the National Bank of Belgium and the Financial Markets and Services Authority (twin-peaks model). Both these regulators have created a common dedicated ‘Contact Point for FinTech’. Fintechs are welcome to contact the regulators through this medium and they will answer their queries within three business days. This should be seen as a so-called “sound box” rather than an actual “sand box”.
Generally, both the NBB and the FSMA are open to innovation in the financial sector and certain dedicated operational teams have been reinforced with tech-savvy profiles.
Regulators also accept to organise informal intake meetings with fintechs to discuss their project. Licence applications, meetings and contacts can be held in French, Dutch, or English, which greatly facilitates the dialogue with foreign entrepreneurs and fintechs
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
Not particularly. To the contrary, the central position of Brussels and the Brexit context tend to attract fintechs in the country. Since 2018, we also see more and more international (non-European) groups coming to Belgium (outside the Brexit context) willing to use this jurisdiction as a base camp from which they can easily passport their activities throughout the entire European market.
What tax incentives exist in your jurisdiction to encourage fintech investment?
The Federal Government has created a “tax shelter” to foster start-up investment. Under certain conditions, investors may benefit from a tax reduction ranging from 30% to 40% on their invested amounts.
Increased tax deductions are also organised to favour investments in digital assets allowing for the integration and exploitation of electronic means of payment and invoicing, as well as in systems increasing IT and communication security.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
Fintechs active in payments and regulatory applications (‘regtech’) form the current hype on the market. The insurance sector (‘insurtech’) and certain more isolated challenger bank projects should also be mentioned.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
Belgium seems to attract fintechs for several reasons.
Geographically, Belgium is at the heart of Europe and benefits from many high-speed train connections with key EU capitals (Paris, London, Amsterdam, Berlin, etc.).
As a multicultural and multilingual country (with a bilingual French-Dutch capital, Dutch-speakers in the North and French-speakers in the South), Belgium is also seen as an interesting test market for FinTech companies.
Regulators are pragmatic, are tech-savvy, have a very personalised approach of each project (unlike larger jurisdictions) and, in our experience, they adopt an open and no-nonsense approach to disruptive business models. They also accept applications in English and voluntarily translate many applicable regulations and guidelines in this language.
Finally, Belgium hosts most EU institutions and is generally a pro-EU country. Nowadays, this is a reassuring factor for fintechs which rely on their aptitude to passport their licence across the EU.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
For an EU citizen (and by extension any EEA citizen), the fundamental principle of the free movement of workers applies (Article 45 TFEU), whereby this person is allowed to work and live in another Member State without the need to acquire a work permit in this other Member State.
Any non-EU citizen who wishes to work in Belgium must obtain either a work permit (for employees performing services in Belgium on a salaried basis for a Belgian or the foreign parent company) or a professional card (for self-employed persons). The work permit or professional card must normally be applied for and issued before the person arrives in Belgium. The application process usually takes up to four months for a work permit and up to six months for a professional card.
Highly skilled personnel and executive-level personnel (employees) earning a yearly gross salary exceeding a threshold that is adjusted on a yearly basis can, however, apply for a fast track application. Certain exemptions and a range of specific limitations may also apply to employees. With respect to self-employed persons, there is an exemption for business travels not exceeding three consecutive months.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
In practice, the most noticeable gap in access to talent lies at the level of the compliance functions. There is sufficient skilled staff on the market, but they are difficult to move and it turns out to be no sinecure to have relatively experienced compliance officers take the step from incumbents (large institutions, fixed values) to fintech companies and start-ups in this sector. Such officers need to be familiar with the specific Belgian regulations, which also quickly restricts the eligible public for this task. In Belgium, however, the regulator itself does not actively look or facilitate to fill these gaps. Nevertheless, a positive shift is noticeable lately and we see that more and more smaller innovative newcomers on the market are able to attract and inspire the talent their organisation requires.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
Depending on the specific nature, activities and creations of the fintech concerned, it may rely on various intellectual property rights existing under Belgian law. The most prevalent ones are the following.
Fintechs may protect their trademark under a Benelux or European trademark. Registration is required to benefit from such protection and may only be obtained if the sign is susceptible to graphical representation, has distinctive character, and is permissible and available. By contrast, a fintech’s trade name is protected simply by first use and offers protection only in the geographical area where it is used for the activities that are identical or similar to those engaged in under the trade name.
As most fintechs strongly focus on digital presence, it is important to note that they may register a domain name on the Internet and that their computer programmes (e.g. mobile applications) may be protected by copyright laws provided there is originality, and a precise and objective expression of that originality. If investments are made for building databases, specific protection rights for databases may be relied upon. Furthermore, the technical IT solutions containing a computer programme which constitute an invention may be eligible to patent protection if all conditions thereto are fulfilled.
Finally yet importantly, fintech organisations must organise themselves to keep their (commercial and technical) confidential information and business secrets secret. If they can prove that such an organisation is implemented, they are protected against malicious misappropriation of such information.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
Belgium has no specific legislation on cryptocurrencies except for a Regulation of the FSMA (i.e. the Belgian regulator in charge of the oversight of financial services and markets) of 3 April 2014 banning the distribution of derivative products based upon the value of one or several cryptocurrencies to retail clients.
Besides this specific national piece of legislation, Belgium is also subject to the provisions of European Law that concern cryptocurrencies. So far, only the 5th Directive on Anti-Money Laundering has been enacted (and still needs to be transposed into Belgian law). At the European level there are ongoing discussions on regulating other aspects of cryptocurrencies as well.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
Initial coins offerings (“ICOs”) are not specifically regulated (or forbidden) in Belgium. This does not mean, however, that they may not be subject to existing (general) regulations.
The local FSMA, EBA and the ESMA, have made it clear that depending on their legal structure and on the characteristics of the issued tokens, ICOs could be subject to various laws and regulations.
For instance, an ICO with tokens that are considered to be transferable securities could fall directly or indirectly under:
- the Law of 16 June 2006 on public offers of investment instruments and on the admission of investment instruments to trading on regulated markets. This law requires notably the preparation of a prospectus to be approved by the FSMA in the event of a public offering of investment instruments within the territory of Belgium;
- the Law of 18 December 2016 regulating the recognition and definition of crowdfunding. this Law sets out the conditions for authorisation as a recognised alternative finance platform (that is, the financial form of crowdfunding) and the rules that apply to the providers of alternative finance service;
- the Law of 2 August 2002 on the supervision of the financial sector and on financial services (Belgian transposition law of MiFID 2) as well as the delegated MiFID Regulations at the EU level;
- the Law of 19 April 2014 on alternative investment funds and their managers.
The legal regime applicable to ICOs should be assessed on a case-by-case basis.
In Belgium, the FSMA pro-actively looks into ICO projects having a connection with Belgium and invites issuers to clarify their projects (through questionnaires focussing on the scope of the offer, the underlying assets, the business model and AML aspects) in order to verify whether any of the existing financial legislation applies.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
We are aware of certain live blockchain projects in Belgium, although the blockchain scene is still rather immature compared to other jurisdictions.
- SettleMint is a start-up that helps its corporate clients building blockchain applications (or integrating blockchain technologies into existing applications); and
- Bolero (which is a spin-off of the Belgian Bank KBC) organises a secondary market of crowdfunding investment products on the based on the blockchain technology.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Certain initiatives using AI are being developed, especially in the investment industry (robo-advisory, etc.), credit (especially credit scoring), and regtechs (automated KYC, etc.). Chatbots are also getting more and more common in the finance industry.
At this stage, regulations dedicated to AI processes are rather seldom. One of the most important exceptions can be found in the GDPR which has put in place specific requirements for automated decision-making processes.
We believe that specific AI requirements are likely to increase in the future. They will probably create new safeguards which will on the one hand restrict the use of AI but on the other hand will also offer a better legal framework and increase legal certainty in the field.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
Belgium is an attractive place for insurers. The Brexit has also shown that even large incumbents of the sector found Belgium to be an interesting alternative to the UK.
We have seen the development of several initiatives in the insurtech industry.
Generally, insurtechs choose to intervene at the distribution level where they compete with traditional intermediaries – many of which are brokers in Belgium. A licence as insurance intermediary is indeed much easier to obtain than a full-blown licence of insurance company.
By the same token, insurtechs tend to prefer the non-life sector (car insurance, rent insurance). Part of the reasons is due to the fact that life insurance products are subject to more stringent requirements, have a long contract duration, and are trickier to market in an online environment – people subscribing life insurance policy are often looking for face-to-face advice.
Are there any areas of fintech that are particularly strong in your jurisdiction?
After a few years of activity in the alternative lending and crowdfunding industries, we would say that today’s fintechs are mainly active in the fields of payment, regulatory tools (‘regtech’), and insurance (‘insurtech’).
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
Incumbent financial institutions were initially rather reluctant and reserved towards fintechs, which came to disrupt this specific sector. Over the past five years, however, this reluctance has given way to a relationship of increased cooperation. Four main trends towards cooperation are noticeable: (1) there are incumbents which focus specifically on what is happening in the field of fintech and actively support particular fintechs; (2) more and more incumbents support fintech industry organisations, such as e.g. FinTech Belgium and B-Hive, where fintechs get a shared platform; (3) some promising fintechs are acquired by incumbents through M&A, which allows to benefit from the widest possible opportunities; (4) more and more often, due to the high cost of client acquisition, fintechs are called in to provide B2B services to incumbents, whereby the latter hence becomes a customer of the fintech.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Incumbents often organise and support the field in which fintechs can grow (dedicated incubators or “FinTech villages”). In this way, a cooperation is set up, whether or not with a view to an imminent takeover by the incumbent. It is important to note that fintechs may be favoured by specific regulations (e.g. PSD2), which makes this way of operating an attractive option. On the other hand, established banks are found to launch innovative projects, which are developed in-house.
Are there any strong examples of disruption through fintech in your jurisdiction?
At the moment, there is no single major fintech disrupting the whole financial sector at once. However, there are several sector-specific initiatives that each adds value in its own way. Examples of this are Qover (insurance), Pom and Digiteal (both e-invoicing), Monizze (e-meal vouchers), Edebex (invoice market place) and mozzeno (P2P lending).
We have reasons to believe that more and stronger examples of disruption of the Belgian financial sector will appear in the coming months and years.