This country-specific Q&A provides an overview to Fintech law in Denmark.
It will cover open banking, regulation of data, cryptocurrencies, blockchain, AI and insurtech.
This Q&A is part of the global guide to Fintech. For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/index.php/practice-areas/fintech/
What are the sources of payments law in your jurisdiction?
The offering and performance of payment services in Denmark are governed by the Danish Payments Act (hereinafter, the "Payments Act"), which im-plements the newest European payment service directive (PSD 2) into Dan-ish law. Denmark has fully implemented PSD 2 into national legislation.
Can payment services be provided by non-banks, and if so on what conditions?
In Denmark, non-bank entities can be authorised by the Danish Financial Su-pervisory Authority (hereinafter, the "FSA") in accordance with the Pay-ments Act enabling such entities to provide payment services on a full or lim-ited basis.
A fully licensed payment institution or electric money institution can be au-thorised to provide one or multiple types of payment services within the meaning of PSD 2, Annex 1. These licenses include full EU-passporting, but entail capital requirements, organisational and internal procedural require-ments, fit and proper management, KYC obligations and approval of qualified owners etc.
Danish companies operating a limited payment service business in Denmark only can apply for a less onerous, limited authorisation to provide payment services. Such limited authorisation can cover one or multiple types of pay-ment services (not including payment initiation services and account infor-mation services). A company operates a limited payment service business if the average monthly transaction volume for the last 12 months period does not exceed 3.0m EUR. Similarly, there is a limited and less onerous authorisa-tion for Danish companies operating a limited electronic money business in Denmark only. A company operates a limited e-money business if its obliga-tions deriving from issued e-money do not exceed a value equivalent to 5.0m EUR at any time.
The Payments Act also includes the newly introduced third-party-providers (TPPs), i.e. the account information service providers (AIS) and the payment initiation service providers (PIS).
Providers of payment initiation services only are required to obtain a full payment institution license, however, because PISs are never to actually hold any client funds, the license requirements are much less onerous than a full payment institution license covering other types of payment services.
Providers of account information services only need to obtain a special li-cense from the FSA in accordance with the relevant provisions of the Pay-ments Act. The requirements for the AIS-license is less onerous than the PIS-license and more similar to the limited licenses mentioned above.
Finally, due to the EU-passport regime pursuant to PSD 2, payment institu-tions, e-money institutions and TPPs from other EU countries may offer their services in Denmark through a local branch, or on a cross-border basis.
What are the most popular payment methods and payment instruments in your jurisdiction?
The most popular payment method in Denmark is by far the Danish national debit card "Dankort", though the use of international payment cards (such as VISA and MasterCard in particular) have seen significant growth in 2015-2017, where the use of payment cards in general have doubled. Within the EU, Denmark is ranked as number one when it comes to consumers using pay-ment cards.
New payment instruments, such as mobile payment and contactless pay-ment, have been introduced in recent years. In terms of contactless, nearly half of the payment card transactions in Denmark were made by way of con-tactless payments in 2017. Moreover, according to a recent market study, 25 percent of the Danish consumers had used the popular mobile payment so-lution "MobilePay" at least once a month during 2017.
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
In accordance with the TPP-regime in PSD 2, the Payments Act stipulate that operators of payment accounts will be obligated to grant access to account information and payment initiation to authorised TPP-companies. However, the actual obligation to grant access will not be effective until September 2019. Consequently, the Payments Act will facilitate open banking in the Dan-ish market once all provisions are fully effective.
Meanwhile, both Danske Bank and Nordea have launched their own individ-ual API-testing platforms to be used by TPPs requesting data from those banks. To our knowledge, these testing platforms are being heavily used al-ready by fintechs. Furthermore, Danish fintech company Spiir under the business name Nordic API Gateway has launched their own API gateway on which any TPP will be able to communicate with the vast majority of the banks in the Nordic region in order to deliver their services to the end users. This platform is based on Spiir's own original model for communicating with Danish banks as an account information provider.
With respect to open banking in Denmark, it is important to understand that apart from the largest banks like Danske Bank and Nordea, all other banks uses an external, central data provider for its backup systems. Currently, there are only three such data providers operating in Denmark; SDC, BEC and Bankdata. Consequently, linking up to the vast majority of banks in Denmark requires only five points of contact.
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
Financial businesses as well as any other businesses in Denmark are subject to the provisions of the Danish Data Protection Act, which implements EU's general data protection regulation (GDPR). In addition, Denmark has a special domestic gold-plated payment data regime, pursuant to which the pro-cessing of payment data is prohibited and only allowed in certain situations. The limitation on processing of payment data applies to all businesses in Denmark, but its real impact is on fintechs and other providers of payment services.
Payment data are defined as person identifiable data connected to a payer’s use of a payment service, the type of the payment service used (credit card) and the object(s) purchased using the payment service. Depersonalised data do not constitute payment data or personal data, and are therefore not cov-ered by the Payments Act (or personal data laws).
Payment data, which are not collected via a payment service, but for exam-ple via a loyalty programme, are not covered by the definition of payment data to the extent that the data are collected as a clearly separate function and thereby independently of a payment service. Loyalty programmes will meet these requirements when the processing of the data relating to the use of the payment service on one hand and the product/service purchased on the other takes place in separate data flows.
Pursuant to the Payment Act, a business shall only process payment data in connection with (i) implementation or correction of a payment transaction; (ii) provision of a service directly aimed at the consumer; or (iii) depersonali-sation of payment data. Moreover, a business must obtain prior explicit con-sent from a consumer if it intends to process payment data in connection with the provision of a service, which is directly aimed at the consumer.
Services directly aimed at the consumer are services, which the consumer has actively requested to receive/use, for instance concerning:
(i) Overview and categorisation of the consumption
(ii) Budget planning
(iii) Payment reminders
(vi) Discount and loyalty programmes
(vii) Automatic reporting to public authorities of charity donations.
Therefore, it is possible to use payment data with the consumer’s consent for individual marketing aimed at the consumer. It is not, however, possible to fix individual prices or terms to the consumer based on the payment data - so-called individual price discrimination.
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
The Danish FSA has recently established both a dedicated fintech-team, as well as a fintech sandbox initiative where selected companies are granted the opportunity to test their innovations in a secure environment with the support of the regulators.
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
Overall, we do not foresee any imminent risks to the growth of the Danish fintech market. The Danish fintech industry has been growing increasingly over the last couple of years and especially in the Copenhagen area due to the Copenhagen FinTech Lab. The political environment seems to favour this development, and a lot of effort is put in to Copenhagen becoming the Nor-dic fintech hub.
With respect to capital, Scandinavian fintechs have attracted lots of venture powder over the last few years. In addition, recently major international fi-nancial institutions and corporates have entered into partnership agree-ments with Copenhagen FinTech Lab, including financial powerhouses Royal Bank of Canada and Citi, together with IT-giant SAP. Thus, it is our under-standing that promising fintechs seem to have access to sufficient capital and relevant partners in order to continue their growth strategies.
Domestic financial institutions seem to continue to have a collaborative ap-proach and seek partnerships with fintechs when attractive opportunities arise, and which is required in order to continue the growth of the Danish fintech market. Especially the willingness to share data with fintech startups will be paramount to the successful development of the Danish fintech in-dustry.
What tax incentives exist in your jurisdiction to encourage fintech investment?
No specific tax schemes with the purpose of encouraging fintech invest-ments have been implemented in Denmark.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
According to data from Nordic Tech List, Danish fintech companies raised cap-ital in the amount of 65m EUR spread across 12 companies in 2017, of which 7m was pure seed capital. The area for payments received the largest portion of investments in 2017 - around 50m EUR. The current number of fintech startups in Denmark is around 200.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
Denmark ranks high in the Ease of Doing Business Index which, combined with a strong tech savvy population and the FinTech-oriented legislators, provides for a strong environment for FinTech startups to develop and thrive.
The Danish FSA has recently established both a dedicated fintech-team as well as a fintech sandbox initiative, where selected companies have the op-portunity to test their innovations in a secure environment with the support of the regulators.
Several organizations from different interest groups are working progressive-ly to provide a digital infrastructure and business environment that lead the way for fintech entrepreneurs. Among these are Copenhagen FinTech Lab and Digital Hub.
Copenhagen FinTech Lab is the leading fintech hub in Denmark and founded by industry interest groups. The hub's vision is to combine the visionary ideas of entrepreneurs, the experience of the financial sector, and the research from the universities in order to build a thriving fintech ecosystem for the benefit of all stakeholders.
Digital Hub is a PPP incubation hub between the government and several NGO focusing on Big Data, AI and IoT.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
Citizens from the EU, the Nordic countries and the European Economic Area (EEA) and Switzerland are entitled to live and work in Denmark but must ap-ply for a registration certificate if the citizen intend to reside in Denmark for more than three months.
As a main rule, non-EU citizens are required to have a work permit in order to carry out work in Denmark. However, some citizens are visa exempt and do not need a visa for entering into Denmark for up to 3 months. As visa ex-empt, it is only possible to perform very limited work-related activities while in Denmark such as teaching or attending a course or participating in meetings, company visits, negotiations, briefings and training etc.
Several different schemes exist under which an applicant can apply for a work permit to Denmark.
As a foreign entrepreneur, it is possible to be granted a Danish residence permit in order to establish and run an innovative growth company through the Start-up Denmark Scheme. It is a requirement that the entrepreneur's business idea is approved by a panel of experts appointed by the Danish Business Authority before the relevant authorities can process an application for a residence and work permit based on the scheme. The scheme may be used by both individuals and teams of up to 3 people who want to start a business together in Denmark through a joined business plan.
Work permits can also be granted through the Pay-Limit Scheme if the em-ployee has been offered employment in Denmark with a minimum annual gross salary of DKK 417,793.60 (2018-level) and is able to present a contract or a specific job offer when submitting the application for a work permit. Salary and employment terms must be in accordance with Danish standards. It is worth noting that most start-ups will not be able to offer such a high salary to its employees.
A foreign citizen may also be granted a work permit if the person will take on employment in Denmark within professions experiencing a shortage of quali-fied professionals (The Positive List), or if the applicant has been offered a job so closely linked to this person that only he/she can carry it out.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
The Danish Financial sector, like in most other countries, have a concern for lack of people with sufficient IT capabilities. According to the Danish Ministry of Business, the demand for IT-specialists will increase, and Denmark will be in shortage of approximately 19,000 workers with STEM-competencies (Sci-ence, Technology, Engineering and Math) in 2030.
Danish regulators are very attentive to any gaps identified in the digital and financial sectors and try to mitigate the gaps by way of agile regulation, edu-cational promotion, creating hubs, and creating political awareness. Further-more, the Danish government is constantly trying to ensure that Denmark is an attractive workplace for foreign IT-specialists and other highly skilled and educated work forces.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
Software as well as specific design elements or text on a website or in an app can be copyright protected if they are original. Design elements can also be protected as unregistered design rights or as a registered design, if such ele-ments fulfil the requirements of protection in that regard.
It is recommendable to make sure that relevant trademarks for the specific company are protected. In Denmark, trademarks can be both unregistered and registered, however, registered trademarks are often the preferred op-tion, since such rights are easier to enforce.
While "concepts", e.g. a specific business idea, can generally not be protect-ed as intellectual property rights, the Danish Marketing Practices Act regu-lates among other things unfair marketing practices, which supplements the protection provided under many of the other intellectual property rights (de-sign, copyrights, patents, trade secrets etc.). Thus, a business may be pro-tected under this act against e.g. discrediting or impairment as well as imita-tion of products etc.
A relevant protection for many businesses is also the protection of trade se-crets, which is regulated by the Danish Trade Secret Act.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
At present, cryptocurrencies are not treated under any specific regulatory framework in Denmark. Therefore, cryptocurrencies and legal fields related to cryptocurrencies (e.g. initial coin offerings, decentralized autonomous or-ganizations, smart contracts, etc.) are likely not subject to any financial regu-lation.
In terms of the financial regulation of cryptocurrencies in Denmark (and thus not e.g. the tax-related legal framework), the Danish FSA seems to act in ac-cordance with EU authorities.
Meanwhile, a revision of the 4th EU AML-directive has been passed this year and will come into effect during the course of 2019. With this directive custo-dian wallet providers and providers of exchanging services between virtual currencies and fiat currencies will become subject to AML regulation and KYC requirements.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
Referring to our answer in question 14, the absent regulation of initial coin offerings ("ICO") in Denmark is in accordance with the absent regulation in the rest of the EU. Therefore, ICO's do not fall under the financial regulation.
Meanwhile, based on the above-mentioned revision of the 4th EU AML-directive, it is our preliminary assessment that ICO's will fall under the term "providers of exchanging services" and will thus become subject to the AML regulation. A final assessment of this question must be based on the final wording of the national act implementing the directive which is expected to be presented during the course of 2019.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
We are aware of several live blockchain projects in Denmark.
Amongst these and worth mentioning are Aryze and MakerDAO who oper-ates within the field of stable coins. The last-mentioned project is solely based on blockchain technology and is thus - as the only stable coin project in the world - autonomous and decentral.
Besides, Danish based global company Maersk has developed blockchain based projects to facilitate shipping services.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Major banks such as Danske Bank have already launched products which are fully or partly based on artificial intelligence and machine learning technology. A notably example is the automated home and mortgage searching app, Sunday. Furthermore, numerous Danish fintechs are making use of AI.
The current Danish government recognise the potential and value in artificial intelligence ("AI") and encourage businesses' use of AI. Thus, we see no im-plications that national regulators would adopt regulation which would im-pede the use of AI. On the contrary, in our view the direct opposite is more likely.
On EU level, it is worth mentioning that the EU Commission in April 2018 pro-posed a number of initiatives in order to strengthen investments in, and the use of, AI in both the public and the private sector.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
Generally, the insurtech business is still at a low in Denmark and way behind fintech and especially areas such as payments. However, notably Tryg, the largest insurance company in Denmark, has launched their own incubator co-working space called the Camp with room for up to 300 entrepreneurs.
Current Danish insurtech businesses are primarily working within intelligent insurance software, insurance technology, reduction of insurance fraud, in-surance and price comparison services and blockchain.
Are there any areas of fintech that are particularly strong in your jurisdiction?
The most popular area of fintech in Denmark is payments followed by various management tools for small and medium sized businesses (for managing fi-nances, tax, payroll, accounting, invoicing etc.) and personal finance. Pay-ments and tolls for small and medium sized business are mainly targeting the B2B-market, whereas only a few companies operate in the B2C-market.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
The fintech environment in Denmark is dominated by a collaborative spirit and lot has been done to establish Copenhagen as the Nordic fintech hub. Many successful Danish fintechs are currently collaborating with existing fi-nancial institutions (most often banks) in order to gain access to potential customers, data or capital. Most notably are the establishment of the Co-penhagen FinTech Lab by industry interest groups and commercial sponsors. Copenhagen FinTech Lab has been a strong driver for collaboration between the fintechs and the existing financial industry in Denmark.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
The majority of the major Danish banks and insurance companies are under-taking their own fintech development by why of hosting hackathons and es-tablishing self-sponsored incubators or hubs. Others choose a more coopera-tive approach and invest in promising compatible fintech startups.
The largest bank in Denmark, Danske Bank, has had its own independent in-novation hub called Mobilelife for several years. Mobilelife counts around 150 people and its purpose is to challenge status quo within Danske Bank. The most well-known product of Mobilelife is the successful payment app Mobilepay, which today has around 3.8 million Danish users.
Tryg, the largest insurance company in Denmark, has launched their own in-cubator co-working space called 'the Camp' with room for up to 300 entre-preneurs.
Are there any strong examples of disruption through fintech in your jurisdiction?
A strong example of fintech disruption in Denmark is Danske Bank's Mo-bilepay, however, Mobilepay was actually invented and developed by Dans-ke Bank's own internal disruption IT-hub "Mobilelife". The Mobilepay app made peer-2-peer wire transfers fast and easy. Suddenly everyone could transfer money to each other by way of just using the Mobilepay app. Mo-bilepay is also accepted as a payment instrument in a wide number of shops and stores in Denmark.
Another strong example is the Danish peer-2-peer lending platforms count-ing Lendino and Flex Funding.
Finally, neobank LunarWay, credit company ViaBill, cryptocurrency exchange Coinify, and company card monitoring tool Pleo are worth mentioning as well established Danish fintech companies.