Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
Banking in the fintech market has been a global issue as financial institutions around the world have been hesitant to provide financial services for this sector. However, a new class of banking licence is being introduced in Bermuda to address this apparent hurdle and ensure Bermuda becomes the leading fintech jurisdiction from a global perspective. As mentioned in Question 3, as of the date of writing, amendments have been tabled in respect of the Banks and Deposit Companies Act 1999 which will allow for a new class of bank that will provide banking services to Bermuda-based fintech companies. The Government of Bermuda has indicated its priority is to encourage fintech initiatives, including fair access to financial services and fair treatment of consumers. The amendments allow for local and international financial institutions to participate in the new banking regime, as well as provide additional options to parties outside the fintech industry, including individuals residing in Bermuda. Once the proposed amendments are approved and in force, financial institutions will be able to apply to the Bermuda Monetary Authority for a Restricted Banking License. The amendments will also delineate what types of business undertakings the license-holders can service.
In terms of the Cayman Islands domestic market, the primary impediment to growth in fintech is the small population limiting return on investment.
In respect of fintech being offered by entities located in the Cayman Islands in other jurisdictions, the Cayman Islands face a number of potential legislative challenges, which are shared by many of our competing jurisdictions, including the proposed changes to the beneficial ownership regime and the EU’s approach to offshore jurisdictions. The Cayman Islands is dealing with these challenges and we expect a continued robust fintech industry.
There is also a shortage in local personnel skilled in the fintech industry however the SEZ encourages companies to relocate employees to the Cayman Islands.
In our view the following comprise possible risks to the growth of the fintech market in Cyprus:
- Additional tax incentives: The Cyprus financial and banking crisis of 2013 and the consequent Memorandum of Understanding entered into in March 2013 between the Eurogroup, European Commission, European Central Bank and International Monetary Fund has impacted on the ability of the Cyprus government to tailor its current tax regime to the needs of new industries emerging industries, including in fintech. This has arguably placed Cyprus at a competitive disadvantage in respect of some fintech-inspired developments such as initial coin offerings (ICOs).
- Attitude of the CBC: In contrast to CySEC (see above re Innovation Hub) the CBC has generally taken a conservative view on permitting authorised banking institutions from carrying out non-traditional banking activities, including facilitating transactions in crypto-assets such as bitcoin. Whilst fintech is clearly a broader movement than payments in crypto-currencies, the weariness of the Cyprus banking sector to this area may constitute a risk to the overall development of fintech in Cyprus.
Overall, we do not foresee any imminent risks to the growth of the Danish fintech market. The Danish fintech industry has been growing increasingly over the last couple of years and especially in the Copenhagen area due to the Copenhagen FinTech Lab. The political environment seems to favour this development, and a lot of effort is put in to Copenhagen becoming the Nor-dic fintech hub.
With respect to capital, Scandinavian fintechs have attracted lots of venture powder over the last few years. In addition, recently major international fi-nancial institutions and corporates have entered into partnership agree-ments with Copenhagen FinTech Lab, including financial powerhouses Royal Bank of Canada and Citi, together with IT-giant SAP. Thus, it is our under-standing that promising fintechs seem to have access to sufficient capital and relevant partners in order to continue their growth strategies.
Domestic financial institutions seem to continue to have a collaborative ap-proach and seek partnerships with fintechs when attractive opportunities arise, and which is required in order to continue the growth of the Danish fintech market. Especially the willingness to share data with fintech startups will be paramount to the successful development of the Danish fintech in-dustry.
Both the Finnish regulators and authorities have been aiming to foster innovations and development of fintech in Finland, and we do not foresee any imminent risks to the growth of either one.
However, the rules in place are not always clear to fintechs as they come partly from the EU level and partly from national legislation. It might sometimes also take time for fintechs to receive necessary authorisations.
There are no imminent risks to the growth of the Fintech market in France to our knowledge.
The FinTech market encompasses a large range of different services such as payment services, crowdinvesting services, bitcoin exchange services and many more. For any of these areas there are specific risks, which could hinder the es-tablishment of a flourishing business model, but for FinTechs in general the per-spective is promising.
The main risk to the growth of the fintech market in Gibraltar is Brexit. The future for licenced financial services institutions who rely on passporting their services to other European Union (“EU”) Member States is currently uncertain as there are few details as to the effect of Brexit. Nevertheless, many of the licensed firms in Gibraltar source the majority of their business from the United Kingdom and it is expected that post-Brexit Gibraltar will retain a strong relationship with the UK.
Firms licenced under the DLT Regulations are not able to passport their services to other EU Member States, in the same way that firms authorised to conduct electronic money activities, payment services and investment services can, as the DLT Regulations were not introduced in order to give effect to any EU directives. The EU has not yet developed and implemented a harmonised approach with regards to the use of DLT in financial services. Brexit should therefore have no impact on those firms licensed under the DLT Regulations. The current position is that those firms licensed by the GFSC under the DLT Regulations can provide their services in any jurisdiction in which the provision of those services are not expressly prohibited by or subject to any legislation of the particular jurisdiction in which the licensed firm wishes to provide its services.
The fintech market in Malta is growing at an unprecedented accelerated rate mostly because Malta has positioned itself as a blockchain-friendly island. Cybersecurity is one of the risks which, if not tackled, can drive investors to revert to traditional financial services, thereby reducing the growth prospects of the fintech market. Access to finance might also be a deterrent. Some fintech businesses may not fall within the risk appetite of certain banks in Malta making it difficult for them to gain access to loan financing. This is a consequence of the fact that the banking sector might not be adapting well to the fast-based growth of fintech, creating funding problems. When it comes to employment, better retention mechanisms need to be enforced to avoid the brain drain of valid employees moving from the regulator to industry.
We do not foresee any imminent risks to the growth of the fintech market in Israel.
Japan was the first country to establish a regulatory framework for virtual currencies. The cryptocurrency market in Japan experienced exponential growth in 2017 on the coattails of a steep rise in the price of bitcoin and growing enthusiasm for initial coin offerings ("ICOs"). Japan has emerged as one of the largest cryptocurrency markets globally, and the Japanese government signalled its intention to support and encourage continued and sustainable growth of the cryptocurrency market.
However, the upsurge of the Japanese cryptocurrency market was arrested in January 2018 when one of the largest cryptocurrency exchanges in Japan, announced losses of approximately USD 530 million due to a cyber-attack on its network. After that hacking incident, the JFSA conducted inspections of all deemed crypto-exchanges (i.e. the crypto-exchanges which are allowed to provided services to its clients without having the applicable registration during the grace period) and seven registered crypto-exchanges. The JFSA found that most of these entities are weak especially in the areas of AML/CFT and cyber security and issued business improvement orders ("BIO") or business suspension orders to all these exchanges. Based on the findings in the inspection, the JFSA raised the bar for obtaining the registration as a Virtual Currency Exchange Service Provider is much higher than before. In addition, in order to enhance consumer protections, the JFSA established “the Study Group on Virtual Currency Exchange Services etc.” (the “Study Group”) that analyses and considers the appropriate legal framework for cryptocurrency-based businesses.
The incident also accelerated integration of the exchange industry. The Japan Virtual Currency Exchange Association (the "JVCEA"), a newly founded self-regulatory organization whose membership consists of 16 registered exchanges, was established on March 29, 2018. The JVCEA is FSA-accredited and proposes regulations with which its members must comply.
In summary, the weakness in AML/CFT and cyber security of the cryptocurrency exchange may hinder the development in cryptocurrency and blockchain industry.
Although the Fintech market is expected to grow locally during the upcoming years, it is of our opinion that risks may arise in relation with: (i) the lack of secondary regulation for APIs and sandboxes; (ii) the amendments to privacy regulation; (iii) corporate governance rules that may become a burdensome for small ventures commencing operations in Mexico; and (iv) political changes in Mexico which may impact the administrative structure of financial regulators.
British Virgin Islands
There are no imminent foreseeable risks to the growth of the fintech market in the BVI. Of course, the banking industry in the BVI is tied to the currency of the United States and there will therefore be currency risks. As with any type of investment business, there is the usual systemic risks, cyber security risks and money laundering/terrorist financing risks to be aware of. However, fintech itself provides smart date and algorithms to help alleviate these types of issues and the BVI has a robust regulatory framework and competent regulator to assist in managing and minimising these risks.
SSEK: We do not believe there are any imminent risks to the Indonesian fintech market at present. If anything, it is the opposite, with Indonesian regulators becoming more open to accommodating fintech products that do not necessarily fall under a specific category of financial product under the current nomenclature.
The most evident risk we foresee as to the growth of the fintech ecosystem in Portugal pertains to the regulatory and supervisory authorities treatment and understanding of the different subject. The actual interpretation of some of the provisions included in the PSD2 (notably in what concerns the exemptions provided thereunder) may prove controversial and hinder some business models which would otherwise based on the assumption that the PSD2 transposed framework would not apply to it.
More troublesome seems to be the matters related to cryptocurrencies and blockchain technology initiatives, due to the apparent inertia of both the Bank of Portugal and the CMVM (as well as the legislator’s) will to regulate and give context to such potential disruptive technologies.
In general, there is a lack of uniform regulation and substantive guidance from U.S. regulators for fintech companies. Regulatory uncertainty may be hampering the development of fintech in the U.S.
In addition, the fragmented regulatory landscape contributes to the complexity of navigating fintech regulation in the US. There are multiple federal financial regulatory agencies, as well as state level regulation. These regulators are not well coordinated, which adds to regulatory uncertainty for fintech activities.
As previously stated, there is a clear mandate to encourage the growth of the fintech market in both the public and private sectors of the UAE.
From a general standpoint, strict legislation or none at all results in the risk of hindering the healthy growth of any industry. We have noted, that all regulators in the UAE are keeping a watchful eye on fintech activities in their respective jurisdictions. It is customary for regulations to lag behind developments in emerging technologies as regulators need to first assess the legal implications and consequences of such technology. These may be far-reaching, as illustrated by the emergence of AirBnb and Uber in their respective industries. It is expected that over the next couple of years, additional regulations will be issued by regulators to provide structure and clear policies in relation to the fintech market.
Although the current eligibility requirements under the 2017 Regulations restricts ownership of payment services providers, it is still possible for fintech entrepreneurs to enter joint ventures as minority shareholders with more established partners or establish themselves as Technical Service Providers. However, the provision of fintech services on mainland of the UAE may be considered limited by regulations pertaining to the offshoring of data. It is arguable that the current legislative structure offers a compromise between encouraging innovation and ensuring the retention of control by UAE financial institutions.
The SCA’s adoption of fintech regulatory sandbox guidelines pursuant to the Board of Directors’ resolution no. 28/R.M of 2018 set out a platform upon which fintech companies can test and launch modern technological initiatives in the securities sector. This structure includes the obtaining of an experimental license from the Ministry of Economy for a period between six to twelve months, under terms and conditions to be determined by the government commission upon evaluation of their business model and other factors.
Financial Free Zones
The Financial Free Zones have taken an early-on approach to invite emerging companies, existing companies and individual projects to be able to apply for their own set of experimental licenses under their accelerator programs, Fintech Hive and RegLab (please refer to our answer under question 6 for more details about this).
The implementation of BEPS, CRS standards, the exchange of information according to the FATCA and implementation of the FATF principles significantly complicate the compliance procedures passed by the companies when they open bank accounts and start cooperating with the banking institutions. However, it is not a local problem of the Ukrainian jurisdiction, it is rather a global trend that influences, among other things, the fintech industry.
In 2017, Switzerland was the second-biggest ICO location (after the US). Recent statistics show that the number of new ICOs in Switzerland has reduced significantly. This may be due to the fact that most ICOs are done offshore, today, that Switzerland was one of the first jurisdictions to have introduced a regulatory framework for ICOS but possibly also to the fact that there were high-profile disputes, such as in the Tezos or the Envion cased. On the other hand, the crypto-infrastructure was expanded significantly with a number of crypto-brokers and crypto-exchanges. There continues to be a high number of fintech start-ups and inhouse fintech projects due to the strong Swiss financial market and the continuing political support for such projects.
Swiss banks participate in the R3 initiative building the Corda platform, the corresponding initiative in the insurance industry, the B3i, which aims to explore the potential of using distributed ledger technology in the insurance industry, is based in Zurich, Switzerland.
Hence, the Swiss fintech market is bound to continue to grow, in spite of the fact that the ICO hype of 2017 may be history.
The most imminent risk would be the fate of the national ‘Aadhar’ biometric identification system. As the vast majority of Indians already possess an Aadhar number, the system had become an indispensable tool in the hands of fintech enterprises as it allowed for a seamless, instant electronic KYC using the fingerprint and iris scans of individuals. A recent ruling by the Supreme Court of India has now ruled that Aadhar can no longer be used for purposes of electronic authentication by private entities (including fintech enterprises) for KYC purposes. Thus, there has been an adverse short term impact on the fin-tech space especially smaller fintech players and start-ups, that almost exclusively relied on the use Aadhaar for low-cost digital customer verification and acquition.
Next, regulatory authorities in India have also taken a very strict view on crypto-assets. The Government and the RBI have taken steps which could affect the future of cryptocurrency businesses in India. These steps have been discussed in detail in question 14 below.
One of the obvious risks is Brexit. This is for three main reasons.
The first and most frequently cited is the potential loss of the passporting regime, under which firms that are authorised to carry out a regulated activity in one Member State of the EU are permitted to carry out that activity in other Member States on the basis of a registration in that Member State, rather than having to go through a full authorisation process, and without having to have an establishment in that jurisdiction. However, this will of course affect only those fintechs that operate in multiple jurisdictions, and which are carrying out regulated activities - so its effect may be limited in practice.
The second and more real risk is around immigration and access to talent. Fintech businesses need a wide range of skills that are sometimes quoted as not being available from within the UK in large enough numbers to support the UK’s thriving fintech ecosystem, particularly around experienced software engineers. As such, the immigration controls on talent of this type are likely to be key to the success of the UK fintech ecosystem as we go through the Brexit process, and many are watching this particular issue with keen interest.
The third is the potential for regulatory divergence. In many respects, divergence from the rest of European law could of course be a disadvantage, but as with passporting this is likely to affect mainly those aspects of financial services that inherently operate on a cross-border basis, such as international payments. However, for non-international fintechs, there is every possibility that the divergence could be beneficial, allowing UK legislators to create laws that track innovations in financial services more quickly than has been possible at a European level, and perhaps providing templates for other legislators in the process.
However, as set out in answer to question 10 below, they are a great many reasons why the fintech ecosystem should continue to thrive in the UK, and none of the above is likely in our view to damage this materially in practice.
We do not foresee any imminent risks to the growth of the fintech market in the Netherlands. However, DNB has raised the potential vulnerabilities that emerge as a consequence of the increased usage and storage of data. This risk might not threaten the growth of the fintech market directly, but DNB does view this risk as prominent since it raises new supervisory questions. Other potential risks are:
a) Some fintechs may be too occupied with achieving fast growth and market share and are less concerned about mitigating potential risks and compliancy with the applicable laws and regulations.
b) Incumbents may lose considerable part of their market share if bigtechs – with their massive client base – will for example claim their role within the payments chain or will start granting consumer credit. Since such parties are currently subject to lighter regulation in comparison to banks, this could potentially result in financial instability.
c) Since bigtechs and other fintechs will most likely monetize payment service users’ data, this could lead to privacy infringements and other unethical behavior.
d) The rise of new, innovative services and service providers makes the financial system more complex and less transparent. This in turn makes supervision more difficult and raises a series of legal issues, such as consumer protection.
e) The increase of the number of actors in the payment chain (e.g. banks and PIs (acting as acquirer or issuer), card schemes, clearing institutions, AISPs and PISPs) makes it more difficult to establish who is responsible and/or liable vis-à-vis the end user.
Obviously, since no one can predict what will happen in the (near) future, it remains to be seen whether any of these risks will actually materialize.
The imminent risks may come from two aspects:
(a) Industrial risk: Chinese players in the fintech market are immature and the national, or industrial standards, in certain sectors are still developing, or even there are no standards in place to follow, which would post a remarkable challenge to the healthy and ordered development of fintech in China (using the P2P industry as an example, in the past 2 years China has launched a campaign to clean up the P2P market, as a result of which almost 75%-80% P2P service providers who are not qualified have been swept out of the market);
(b) Legal risk: The legislation on China’s fintech industry always falls behind its market practice. A contradiction could arise, being that, on the one hand, the lack of highest-level legislation on the fintech market makes the operators in many areas in “supervision vacuum”; and on the other hand, for particular areas of fintech tight regulation is often seen, where China follows the old way of its supervision on traditional financial industry. China’s current supervision and judicial system seems to have difficulty in accommodating to the fast growth of its fintech market.
The development of the fintech market in Taiwan is still in its early stages. Compared to the other economies in Asia, the developments in Taiwan are comparatively slow. Although the government has started to liberalize the regulations, the major obstacle to the development of the fintech market in Taiwan is still the strict regulations on the financial industry, which may be the major risk for all fintech players.
One notable example is “Cherry Pay”. Cherry Pay was chosen as one of the top 10 fintechs by Startupbootcamp in Singapore in 2017. It was established by a Taiwanese and was once deemed the “pride of Taiwan”. It provides services to facilitate the payments for cross-border e-commence activities, which inevitably would involve foreign currency related activities. In August 2018, right before the grand opening of the FinTech Space (Cherry Pay was one of the applicants), the Prosecutor Office conducted a search at Cherry Pay's premises due to allegations of breach of the Banking Act, which prohibits non-banks from operating foreign exchange related business, unless otherwise permitted under the laws. The founder of Cherry Pay expressed that he was surprised and disappointed by the action of the prosecutors as the FSC is familiar with Cherry Pay and had previously deemed Cherry Pay a leading example of the Taiwan fintech industry. Cherry Pay was applying to enter into the “sandbox” at the time when the criminal investigation was launched and its entry into the sandbox has yet to be approved.
We do believe that there are no imminent risks to the local fintech market at present. However, based on the recent study done, it was revealed that fintech find talent shortages an acute issue, with over half saying that there was a lack of startup or fintech talent in the markets they operate in. Based on the survey, all the Malaysian fintech firms say that they have trouble hiring talent to meet the needs and growth of the industry. The sophisticated new technology requires people with the expertise to use it properly, something frequently seen as lacking in the Malaysian financial services sector. The top three areas of talent shortage for Malaysian fintech are in technology, software, sales and compliance.
A recent study by Frost & Sullivan indicated that the potential economic loss in Malaysia due to cyber-security incidents can reach up to 4% of Malaysia’s Gross Domestic Product (“GDP”). This situation is made worse by the fact that due to shortage of cyber-security professionals in Malaysia, banks may soon find that it will become increasingly difficult and expensive to fully manage cybersecurity in-house. Hence, through the facilitation of Malaysia Digital Economy Corporation Sdn Bhd (“MDEC”) PRIDE programme, MDEC will increase the industry-readiness of our graduates with ‘ELITE’, the Educational Outreach initiative from cyber security industry provider, TecForte which will feature a live learning Security Information Event Management (“SIEM”) platform. The students will be introduced to hands-on cybersecurity operations and exposed to real-time event analytics, global threat intelligence, and incidents handling framework within the campus environment.