IFLR Fintech Europe: key takeaways

Author: IFLR Correspondent | Published: 31 Mar 2017
Email a friend

Please enter a maximum of 5 recipients. Use ; to separate more than one email address.

Key regulation and best practice in Europe

  •  Although many see the Second Directive on Payment Services (PSD2) as putting companies at a significant disadvantage, it will create a level playing field across those providing payment services;
  • Open access requirements in PSD2 will force banks to provide access to account information to third parties. This is likely to increase competition;
  • The requirement comes with the proviso that third parties will themselves need to comply with identification and authentication requirements set out in PSD2 and implementing legislation;
  •  Elsewhere, the General Data Protection Regulation (GDPR) was discussed. The GDPR introduces the concept of data portability, which can create supply chain liability.
  • This occurs when parties hand over data – for instance to mortgage providers – making them a data processor and picking up supply chain liability in the process. That needs to be worked through on the GDPR consultation process;
  • The rules, unsurprisingly, are affected by Brexit. If the UK does enshrine GDPR in full, it doesn’t mean that adequacy will be granted. Securing adequacy agreements involve a lengthy process, as illustrated by the US Privacy Shield process.

Leveraging regtech to support growth and compliance

  • Regtech isn’t new but the scope of new regulations has led to increased time and costs being spent on it, opening up new opportunities for the sector;
  • There’s a lot of potential in filing, verification and approval processes which are incredibly time-consuming and can be easily automated;
  • Trump and the possible repeal of Dodd-Frank are not good for regtech as they introduce uncertainty about what the problems that need to be solved are;
  • Brexit has generated a lot of headlines but there is already a highly fragmented regulatory environment in Europe;
  • For many fintech firms the biggest Brexit-related threat is free movement of labour;
  • Both providers and buyers of regtech need to communicate and be realistic about expectations.

What it takes for a start-up to be successful and financing options

  • It’s difficult to grow organically without external investment – start-ups need to show they have traction to become healthily capitalised;
  • If capital is somewhat scarce it can be a good idea to establish and advisory board to legitimise the company – surround yourself with good people;
  • Many fintech firms can be structured in a certain way to avoid the burden and cost of financial regulation – but there are some areas where being regulated is a good thing;
  • Increasingly entrepreneurs are mixing different types of financing together, for example a crowdfunded tranche alongside a venture capital or corporate venture tranche;
  • A-round funding is often the highest hurdle for start-ups and is more difficult in smaller jurisdictions – often firms will need to travel to either London or Berlin to access the right people;
  • Where initial coin offerings are concerned the desire to be innovative has raced ahead of legal and compliance and some light-touch approaches in the market have raised concerns.

Intellectual property: protecting innovation

  • Copyrights protect the expression of ideas rather than the ideas themselves – so lines of code that achieve functionality, and not the functionality itself;
  • Copyright automatically belongs to the author so companies must make it clear that this is not the case in employment contracts;
  • Patents are for new inventions on the whole and so many algorithms, computer programmes and business methods cannot be protected by them;
  • Freedom to operate checks are important but could go on forever – some firms don’t see any use in pursuing issues until they have reached a critical size anyway;
  • On third party collaborations it’s in the interests of both parties to sign a non-disclosure agreement;
  • Often the difficulty is financing enforcement, though if there is a clear case and a market value behind it often it will get support.

Breakout clinics

Structuring the investment opportunity

  • The initial valuation of a fintech startup will be more magic than science;
  • It is advisable to delay a startup valuation for as long as possible – options available until then are self-funding, or, more commonly, convertibles notes. These are simpler and cheaper than other forms of financing, but they are debt so can be risky;
  • App-based savings businesses will have a valuation based on number of users, and/or future revenues while other businesses can be valued based on what they can help achieve in savings for a larger bank;
  • Family-owned offices are going to look for more seasoned entrepreneurs as they will typically provide financing and little to no business advice. VC funds are different, and will look for return within a fixed period of time.

Exit strategies for investors

  • The term sheet is a critical point – entrepreneurs need to think critically about these from the start, even before exiting their business;
  • It’s never too early to formulate an exit strategy, entrepreneurs should prepare it on day one;
  • Keeping control of the board and following the money were two pieces of advice given.

Customer due diligence – examining requirements

  • If you’re running a fintech business, subject to anti-money laundering (AML) laws, appointing an AML and/or compliance officer isn’t enough – board/senior management need to take responsibility to manage AML risk by carrying out a risk assessment;
  • The company then has to put systems and controls in place to manage this risk – these include transaction monitoring and account monitoring. This is risk-based due diligence;
  • The level of due diligence is proportional to the level of risk – this includes knowing the identity of customers, of the beneficial owner, not using bearer shares, keeping a register of ownership;
  • The 5th AML directive provides more detail on risk-based due diligence

Beyond blockchain – distributed ledger and smart contracts

  • There is a whole spectrum of approaches taken – from the UK’s regulation-light regime to New York City’s bit licence regime. Four of these bit licences have been granted so far out of 15 applications. But all fintech startups have left New York as they can’t comply with the very burdensome regime;
  • When the FSA split, the FCA gained a new competition objective which it using in the fintech space – its approach is using competition remedies in the sector rather than draft new rules to;
  • The FCA has avoided regulating of crypto-currencies as there is not sufficient risk to intervene yet, but it has gone down the AML route;
  • Fintech isn’t only about digital currency but also distributed ledger technology and smart contracts;
  • One of the key issues is main issue is: how can blockchain companies take into account the interest of parties?
  • What happens to the legal profession? Will developers need a smart contract licence in the future, will they need to learn how to code?

Cyber security and data protection – navigating risk

  • GDPR is going to impose changes to obligations and liabilities. Fines of up to 4% of global turnover contemplated.
  • Technology is advancing more quickly than our regulators. Reviewing history of GDPR shows how little it took into account fintech when initially proposed in 2012. It was created to deal with the internet boom.
  • Firms are conducting data mapping exercises to see what data is being captured and, crucially, where it is being stored.
  • GDPR is not sector-specific and some firms are unsure of its implications to their particular business models.
  • The industry can play a role. In Article 42 of GDPR there is reference of certification marks that denotes in-scope firms adhere to a certain standard. The sooner the industry can come together and agree on what those icons look like, the sooner the consumers will have comfort.