The legal side of a Fintech company – How to be legally compliant and keep the business moving?

5 min READ

Posted 19. Sep 2017
By Tobias Holger Hansen
Tobias Holger Hansen

Tobias Holger Hansen is Chief Legal Officer and responsible for managing legal risks within the Cardlay group. Tobias has previously worked as a banking and finance lawyer at a tier one law firm in Copenhagen and as Vice President for Legal & Compliance in a Danish payment institution.

It is exciting times for the Fintech industry, which is under constant development. But what are the key legal issues companies that provide financial technology products or services need to consider to help ensure success?

Fintech as such is not subject to a specific legal framework, neither in Denmark nor in the EU. However, for a Fintech company, there are many legal questions that need to be answered. One of the main questions is, if an authorisation is needed and, if so, what impact will the regulatory requirements have on the business? 

To be or not to be regulated – That is the question

Regulatory compliance is fundamentally important to Fintech companies and can be a key competitive advantage, but navigating the relevant regulatory regimes is a significant headache for many Fintech companies.

In this respect, it is advisable that Fintech companies undertake a detailed analysis of their business model against applicable financial regulation to fully understand what can be achieved without becoming a regulated entity, or, conversely, to help them seek appropriate licenses or approvals.

Attempts to map regulation can be complicated by the fact that it can be very hard to assess whether innovative new products fall within the regulatory regimes and if they do, how the various requirements might apply.

Mapping innovative new products to financial regulation is not only a challenge for Fintech companies but also a struggle for the Financial Supervisory Authorities.

In the UK, the Financial Conduct Authority (FCA) has been very supportive of Fintech, laying on significant support for start-ups going through the regulatory process for the first time. The FCA has set up a “regulatory sandbox”, which allows unauthorised firms to obtain restricted authorisation to test innovative products or services in a live environment. FCA also assists authorised firms in a number of ways to test innovative products or services that may not easily fit into the existing regulatory framework.

The Danish Financial Supervisory Authority has also put together a dedicated Fintech task force to ensure that Fintech companies receive appropriate guidance and it is likely that a similar sandbox initiative also will be implemented in Denmark.

In this respect, it is recommended to enter into a constructive and open dialogue with the Financial Supervisory Authorities and use the regulators as a valuable sparring partner. New initiatives from the regulators should be embraced and used in order to clarify if a business is subject to supervision.

Many Fintech companies do not need a license, simply because they merely are considered a software or technology company. Nevertheless, it is prudent to carry out the analysis even though it can be time-consuming and costly. Get it wrong and you could face difficulty raising finance, criminal and regulatory sanctions, as well as damage to the value and reputation of the business.

Other legal issues to be considered

However, it is not just financial regulation that Fintech companies need to take into account. Issues such as protection of personal data, negotiation of funding agreements, intellectual property rights, entering into licensing and partnership arrangements, structuring corporate documentation, and possibly going through due diligence and sales processes should also be part of the legal strategy for a Fintech company.

The first things to be addressed is choosing the right corporate vehicle for the business, putting in place an appropriate shareholders agreement, an efficient tax structure, employee incentive plans, and getting the supply chain contracts in order.

Secondly, it is important to prepare appropriate terms and conditions for the supply of the company’s products or services. In particular, businesses dealing with consumers need to ensure that the terms comply with applicable financial regulation and consumer protection law in each market. It’s not just to avoid legal and regulatory sanctions. Obtaining and maintaining customer trust is vital. Reputational damage could be significant if your product, service, or business is not viewed as one that treats customers fairly or if the terms and conditions are poorly drafted.

For many Fintech companies, much of the value of the business is in the customer data that the company collects and processes. Furthermore, many Fintech companies are directly based on the innovative use of data. In such situation, it is important to ensure compliance with applicable privacy law and regulation and especially with the new EU General Data Protection Regulation (GDPR) entering into force on 25 May 2018.

The GDPR is yet another ingredient for the compliance melting pot that Fintech companies need to navigate in and which could have a big impact for Fintech companies. By proactively preparing for the GDPR to mitigate risk and maintain compliance, Fintech companies have a golden opportunity to profit from getting its data in better shape, and early preparation for the GDPR could be key to success by offering a GDPR compliant product or service.

In this age of increased cyber-attacks, Fintech companies also need to ensure that they take appropriate steps to protect the security of their data and systems. It’s more than a question of compliance – Being able to demonstrate that you take privacy and security seriously will also help build your reputation as a trusted player in the sector.

Finally, as with most technology businesses, a significant portion of the value of Fintech companies often relates to the technology, name, and logo. Thus, part of the legal strategy of any Fintech company should be to ensure that these are properly protected. This can be achieved by filing relevant patents, registering trademarks, ensuring all IPR developed is owned by the company, and by protecting confidential information and trade secrets by entering into non-disclosure agreements.

As the Fintech market matures, survival or failure for a Fintech company can increasingly be ascribed to having a fixed legal strategy in place and getting regulatory compliance right from the outset.

About the author

Tobias Holger Hansen

Tobias Holger Hansen is Chief Legal Officer and responsible for managing legal risks within the Cardlay group. Tobias has previously worked as a banking and finance lawyer at a tier one law firm in Copenhagen and as Vice President for Legal & Compliance in a Danish payment institution.

← View all articles