I OVERVIEW

There is currently no special legal regime applicable to fintech companies. Whereas ‘regulatory sandboxes’ are now being considered for fintech, these businesses are presently subject to the same regulatory and financial services framework as other market participants. Once such regulatory sandboxes are introduced, certain regulated activities could potentially be provided by fintech companies (presumably for a limited time) without licensing requirements. With the new government being sworn in only in December 2017, however, the introduction of such sandboxes may take some time.

Furthermore, at present there are no special tax incentives available for fintech companies. Fintech start-ups, however, will benefit from the same incentives as other start-ups. These incentives apply, inter alia, when companies are newly founded and the core of these incentives is the release from certain statutory taxes and stamp duties.

Generally, the Austrian financial services market is known for its rather strict licensing requirements. While not targeted at fintech in particular, depending on a fintech’s proposed activities, they may impact its business model. Also, the Austrian Financial Market Authority (FMA) is known for its rather strict administrative practice when evaluating whether market participants provide regulated services without a licence. Fintech companies are therefore well advised to carefully scrutinise their business models against regulatory requirements applicable in Austria.

Nevertheless, the Austrian Financial Market Authority is aware of the need for fintech companies to obtain legal certainty about the applicable regulatory framework, which can be overwhelming for market participants who are unfamiliar with financial services regulation. The FMA has therefore launched a dedicated web-based platform for fintech companies, the FMA FinTech Navigator,2 which allows fintech companies to liaise with the FMA on questions concerning the supervisory laws (e.g., whether a proposed business activity may trigger licensing requirements or the like). Also, in a Q&A-style questionnaire fintech companies can self-check certain standard business models against possible licensing requirements under Austrian law.

The Authority tends to be supportive when approached in a respectful and constructive manner. If a business model is subject to licensing requirements, the FMA will clearly say so. Should this be the case, fintech companies should explore potential alternatives, including partnering up with licensed market participants (which could act, for example, as fronting banks or the like).

ii REGULATION

i Licensing and marketing

Licensing requirements and marketing restrictions will very much depend on a fintech company’s business model and the scope of proposed activities.

Generally, different licensing requirements may apply under (1) the Austrian Trade Code or (2) financial supervisory laws.

The Austrian Trade Code will apply whenever (1) the activity is of a commercial nature and (2) is provided in Austria, as long as no regulated activity is conducted (i.e., because in this case special financial supervisory rules apply). Depending on the activities to be provided, the trade licence may be free or regulated. A regulated trade licence bears additional burdens (such as the requirement to set up a branch or subsidiary in Austria). Firstly, the manager under trade law has to meet specific professional qualification requirements. Moreover, the appointment of a manager under trade law is subject to approval by the competent trade authority. Finally, the service provider must refrain from commencing any business activities prior to the formal approval of its licensing application by the competent trade authority.

If the proposed activities are regulated under financial services laws, specific licensing requirements will apply. In a nutshell, Austria has transposed the relevant EU framework legislation under the Markets in Financial Instruments Directive (MiFID II) and the Payment Services Directive II (PSD II). In addition, as a general guideline, fintech companies should be aware that almost all of the services listed in Annex 1 to the Capital Requirements Directive (CRD IV) require a banking licence in Austria. This may be significantly more burdensome than expected as compared to their home state legislation. For instance, such activities include trading with currencies and financial instruments.

Setting up an investment management company or automated digital advisory company will trigger licensing requirements as an investment firm in Austria under the MiFID II implementing legislation, the Austrian Securities Supervision Act 2018 (WAG 2018).

Special restrictions on marketing fintech services (besides general requirements under competition laws) generally do not apply as long as the activities are not regulated or the products do not constitute financial instruments or securities. Restrictions will apply if regulated services or securities and financial instruments are involved. It is recommended that fintech companies explore specific marketing restrictions that may apply to their specific use case.

ii Cross-border issues

The Single European Passport is available for regulated companies under, inter alia, CRD IV, MiFID II and PSD II. This means that fintech companies that are regulated under their home Member State laws and possess a banking licence, a licence as a payment services provider pursuant to PSD II or a licence as an investment firm under MiFID II, may passport their licence into Austria and provide their services in Austria without having to first obtain a licence from the FMA.

Where fintech companies do not provide regulated services and are not licensed under their home Member State legislation, no passport is generally available. To the extent that the Austrian Trade Code applies (see Section II.i above), services may be provided in Austria on a temporary basis only under the EU freedom of services without a trade licence. If a service is targeting the Austrian market on a continuous basis or if the services are continuously provided in Austria, a trade licence will be required (see Section II.i above).

Generally, no reverse solicitation exemption will apply. This means that licensing requirements will generally apply when a foreign person is acting in Austria. The FMA’s approach appears to be much stricter than that of the trade authority. As regards regulated services, in order to determine whether a regulated business is conducted in Austria, regulatory practice as applied by the FMA focuses on the place where the offer to enter into a contract is made or where the offer is accepted. As a general rule, market operators will be deemed to carry out licensed banking activities in Austria as soon as any counterparty located in Austria is in a position to enter into relevant commitments legally binding on it.

This approach applies irrespective of the means of communication involved. In terms of traditional mail, it will therefore be sufficient if the place of sending and posting the offer to enter into a relevant contract or the acceptance thereof is in Austria. With regard to services offered via the internet, licensing requirements will usually be triggered if clients located in Austria find themselves in the position – technically and legally – to enter into relevant commitments legally binding on it.

This view has further been corroborated by the Austrian Supreme Court in a decision regarding loans granted cross-border by a Swiss bank. Furthermore, case law with respect to a securities portfolio of an Austrian client that was managed outside of Austria (in this instance, the United States) confirmed that advisory services in respect of such portfolio have to be considered to be provided at the place where the customer at the time of provision of these services is located, irrespective of whether such service is provided from outside of Austria via telephone, facsimile, letter, email or similar. Case law further held that the conclusion of an agreement on portfolio management services (to be provided abroad) in Austria was sufficient to conclude that financial services were subject to Austrian licensing requirements.

The MiFID II reverse solicitation exemption will only be available to regulated entities from non-EEA Member States.

iii DIGITAL IDENTITY AND ONBOARDING

There is no generally recognised digital identity in Austria. However, the Austrian government has long used the ‘citizen card’ to allow for a secure and authentic electronic signature, including by way of mobile signature. A person may officially sign documents via authentication by smartphone app or via a dedicated website. By law this electronic signature has the same effect as a handwritten signature.

The electronic citizen card is also available to non-Austrian citizens, although the person must be a permanent resident of Austria. The card can be obtained in various ways, for example via the online tool of the Austrian tax authorities or in certain Austrian banks or authorities acting as registrars.

Fully digitised onboarding of clients should generally be feasible but will very much depend on the technical infrastructure available. Banks, for example, are already onboarding clients and conducting anti-money laundering and know-your-customer checks via online services usually provided by third-party providers. Such onboarding is most commonly conducted via video-conference, where an operator verifies the identity of the customers.

IV DIGITAL MARKETS, FUNDING AND PAYMENT SERVICES

i Collective investment schemes

Collective investment schemes are largely regulated under Austrian law:

In the form of a fund or AIF

Depending on how they are structured, collective investment schemes may qualify as UCITS under the Austrian Investment Fund Act or an alternative investment fund (AIF) under the Austrian Alternative Investment Fund Manager Act.

An AIF can take whatever legal form possible and is not limited to fund instruments smiliar to UCITS. For instance, some forms of private equity instruments (e.g., shares in private limited partnerships) may qualify as AIFs under Austrian law. When managing or offering an AIF, licensing or registration requirements will apply.

Securities

The offering of tradeable securities, such as bearer shares or bonds, is subject to prospectus requirements under the Austrian Capital Markets Act, implementing the Prospectus Directive.

Exemptions to the prospectus requirements are available and following the exemptions contained in the Prospectus Directive.

Investments

Furthermore, besides the offering of securities the public offering of investments is also subject to prospectus requirements under the Austrian Capital Markets Act. An investment is the offer of any form of right that is not a tradeable security, provided that a group of persons invests in a project or company or asset and shares the risk associated with the investment. An investment prospectus is considerably less burdensome than a security prospectus and follows the scheme as outlined by an annex to the Austrian Capital Markets Act. Generally, the same exemptions to prospectus requirements as with respect to securities also apply to the offering of investments.

Alternative financing instruments

In 2015, the Austrian legislator introduced the Austrian Alternative Financing Act.

The Alternative Financing Act was introduced to help small and medium-sized enterprises (SMEs) conduct crowdfunding by a set of rules allowing easier access to funding.

If alternative financing instruments other than securities are issued by SMEs (e.g., a subordinated loan or non-certificated participation rights), they may be offered freely (subject to simplified information requirements) up to €1.5 million per issuance. There are limits to the amounts that retail investors may invest in alternative financing instruments (generally €5,000 in a 12-month period), which will need to be taken into account when determining the target market for such an instrument.

If an SME has outstanding alternative financing instruments and these existing together with a new issuance would result in the outstanding financing alternative instruments reaching €5 million over a period of seven years, such new issuance will require an investment prospectus under the Capital Markets Act.

If securities are issued from €250,000 up to €1.5 million, only a simplified prospectus will be required. The prospectus will not follow the schemes under the Prospectus Directive, but a specific scheme as annexed to the Capital Markets Act.

ii Lending

Lending is a licensable banking activity under Austrian law. There are no exemptions for peer-to-peer lending or start-up companies; however, the FMA does not appear to pursue private individuals who participate in peer-to-peer lending platforms. It should be noted that the intermediation of loans can also be a licensable banking activity, unless certain exemptions apply, in which case only a regulated trade licence will be required (see Section I, above).

Furthermore, factoring is a licensed banking activity under Austrian law. More precisely, the purchase of receivables, including loans, requires a banking licence. The assignment of receivables is also subject to an ad valorem stamp duty in the amount of 0.8 per cent of the assigned value. Certain exemptions to the stamp duty may apply, for example, assignments in the course of a factoring transaction or an assignment of receivables to a securitisation special-purpose entity. No perfection requirements apply with respect to an assignment of receivables. The assignment will be valid once agreed between the parties or in accordance with the terms of the contract. However, a third-party debtor may raise defences and may also declare set-off against the new assignee until being notified of the assignment.

iii Payment services

Payment services are regulated under the Payment Services Act, implementing PSD II. Certain services, such as issuing payment instruments or providing money transfers, are regulated and require a payment services licence.

Exemptions as outlined in the PSD II also apply in Austria. The most important exemption relates to the provision of payment services in a limited network. This means, for example, where a payment instrument is only accepted by very few vendors for a specific product (e.g., gas payment cards issued by gas station operators for payment of gas only) or by one vendor for a limited number of products or services or in a limited number of places (e.g., its stores), the issuance of such instruments will not necessarily trigger licensing requirements.

Since 2018, upon request of the customer, banks are required to provide third parties access to a customer’s account data to facilitate new business models that depend on access to such data.

V CRYPTOCURRENCIES AND INITIAL COIN OFFERINGS

There is no specific regulation of blockchain technology in Austria. The FMA considers the current legislation to be technology neutral.

i Bitcoin and Ether

Cryptocurrencies without an issuer that are generated via a blockchain protocol using mining and the distributed ledger technology – such as Bitcoin and Ether – are not considered currencies or financial instruments in Austria.

This means that trading in such cryptocurrencies is not a regulated activity, but depending on the business model, a trade licence may be required (see Section I above). Nevertheless, if the underlying asset of a derivative instrument consists of cryptocurrencies, this derivative instrument will be qualified as a financial instrument under MiFID II. It may be assumed that the same should apply if the value of a token is linked to cryptocurrencies such as Bitcoin or Ether.

ii Fundraising via tokens

Fundraising via tokens is generally subject to the same rules as any other form of fund raising (see Section IV.i above). These rules apply when funds are raised in Austria irrespective of whether the issuer or offeror is domiciled in Austria or acting from abroad:

Securities in token form

If tokens are structured like tradeable securities, they may be qualified as financial instruments and transferable securities, provided such tokens are freely tradeable similar to securities (presumably the case with any ERC-20 token). Hence, the public offer of such tokens may be subject to prospectus requirements (see Section IV.i on securities). However, there is also a significant advantage for issuers when tokens are considered as securities, as they will be able to benefit from prospectus passporting rules that would otherwise not be available for initial coin offerings (ICOs). On the other hand, such qualification might adversely impact certain business models of fintech companies. For example, trading in such tokens may require a banking licence in Austria, advising customers on such token investments might be considered as investment advice under MiFID II, and accepting and transmitting orders for such tokens may also be regulated under the Austrian Securities Supervision Act 2018.

Investments in token form

As outlined in Section IV.i on investments, the offering of investments is subject to investment prospectus requirements under the Capital Markets Act.

Whenever such investments are represented in token form, particular scrutiny must be applied. This is because the FMA considers investments that are ‘tokenised’ (i.e., issued in token form) to be tradeable securities for the purposes of prospectus requirements (see Section IV.i on securities). This means that such ICOs will require a full securities prospectus instead of the more simplified investment prospectus (see Section IV.i on investments).

All exemptions from prospectus requirement and the easements contained in the Alternative Financing Act should also apply to ICOs.

Utility tokens

Utility tokens are usually structured like vouchers and grant holders the right to exchange their tokens against goods or services (of the issuer or service partners). Such tokens are qualified as payment instruments by the FMA. However, the FMA considers the limited network exemption under PSD II to be applicable, provided that the tokens are only accepted by the issuer of the tokens and a limited number of service partners (see Section IV.iii). Otherwise, a licence under the Payment Services Act, implementing PSD II, may be required.

iv Tax treatment
Income tax and capital gains tax

Cryptocurrencies are treated as immaterial and non-consumable assets for income tax purposes. Interest and gains resulting from cryptocurrencies are subject to capital gains tax.

The mining of cryptocurrencies is considered a commercial activity subject to income tax. The same applies to trading cryptocurrencies or operating a Bitcoin ATM.

VAT

According to the Austrian Ministry of Finance, in accordance with C-254/14 of the European Court of Justice, exchanging fiat currency (e.g., the euro) against cryptocurrencies is not subject to VAT. The same applies to cryptocurrency mining.

If goods and services are delivered in exchange for Bitcoin or other cryptocurrencies, the goods and services are taxed the same way as payment effected in fiat currency (e.g., the euro). The amount of tax is calculated in accordance with the value of the cryptocurrency at the time of the exchange.

VI OTHER NEW BUSINESS MODELS

i Self-executing contracts

There is currently no special legal framework in place for self-executing contracts. Like any other form of contract, if one party wishes to enforce its rights under the contract in Austria, it will need to prove that the other party in fact entered into it. It is largely unclear how such evidence capable of standing up before an Austrian court could be produced in case of self-executing contracts (smart contracts), but this is ultimately a question about what is technically feasible in order to prove the identity of the contracting parties, for example, the implementation of an authentic electronic signature (see Section III).

ii Fully automated investment process

For licensing purposes under the Austrian Banking Act or the Austrian Securities Supervision Act 2018, it does not matter whether regulated activities are provided in fully automated form or whether an employee is acting on behalf of the investment company. Hence, entities that offer fully automated investment advice or fully automated portfolio management services will also require the respective licences under Austrian law.

iii Websites comparing products

There is no general rule prohibiting a website that compares different financial products. However, there is a thin line between the mere comparison of the features of regulated products and being seen to offer or market those products to the public. Website operators are well advised to take into account the specific marketing rules in the various legal acts applicable to financial products, including the Securities Supervision Act 2018, the Investment Fund Act or the Capital Markets Act.

VII INTELLECTUAL PROPERTY AND DATA PROTECTION

i Intellectual property

A business model as such can hardly be protected under Austrian law. However, depending on the business model, some aspects relating to it (such as software solutions or inventions necessary to facilitate the business activities) may be subject to protection under local Austrian intellectual property rules:

ii Patent

Patent protection will be available for all inventions in the technical sector that are new, do not derive from prior art in an obvious manner and can be commercially used.

The Austrian Patent Act excludes certain inventions, products and methods from patent protection, including scientific theories and mathematical methods, aesthetic creative forms, plans and methods for intellectual activities, for games or for business activities and computer programs.

Patent protection grants protection for up to a maximum of 20 years.

iii Utility patent and design patent

Protection as a utility patent will be available for all inventions in the technical sector that are new, derive from an inventive step and can be commercially used. Excluded from protection are, inter alia, scientific theories and mathematical methods, aesthetic creative forms, plans and methods for intellectual activities, for games or for business activities and computer programs. However, unlike patents, utility patents may also be used to protect programming logic underlying data processing software. A utility patent is granted for a maximum period of 10 years.

Protection as a design patent is available for new and characteristic designs. If a design results solely from a technical function, no protection will be granted. A design patent is granted for a period of five years, which can be extended by further five-year periods up to a maximum term of 25 years.

iv Copyright

Unique intellectual creations are protected by the Austrian Copyright Act. Besides works of art (paintings, films, etc.) and literature, copyright protection may extend to software (including source codes) and databank solutions under Austrian law, provided that these achieve the status of unique intellectual creations.

The copyright ends 70 years after the (last) creators’ death.

v Employee inventions
Patents and utility patents

Generally, an employee who creates an invention while being employed by his or her employer nevertheless has the right to patent protection. A contractual arrangement to the contrary is possible, but will only be valid to the extent that it concerns ‘service inventions’. A service invention is any invention (1) whose creation was part of the activities that the employee was tasked to provide, (2) which was inspired by the services provided by the employee to his or her employer, and (3) which was facilitated to a substantial extent through use of the resources of the employer.

The employee is nevertheless entitled to appropriate additional compensation for each invention, unless the employee was expressly employed for the purpose of creating inventions for the use of the employer. Ultimately, the employment contract will need to be analysed under labour law to determine whether compensation is owed by the employer to the employee.

The rules applicable to patents will also apply mutatis mutandis to utility patents.

Design patens

If the creation of the design patent was part of the activities that the employee was tasked to provide and the design patent is part of the business area of the employer or if the design patent was created by the employee by order of the employer, the employer will have the right of protection. There is no provision in the Austrian Design Patent Act that would provide for additional remuneration of the employee. Hence, questions of additional remuneration will predominantly be a question of employment or labour law with a specific focus on the contractual arrangement between the parties.

Copyright

An employer will be granted an unlimited right of usage for computer programs that are created by an employee in fulfilling his or her duties in relation to the employer. However, the employee retains the right to be named as the creator. There is no provision in the Austrian Copyright Act that would provide for additional remuneration of the employee. Hence, questions of additional remuneration will predominantly be a question of employment or labour law with a specific focus on the contractual arrangement between the parties.

vi Data protection

Currently, the Austrian Data Protection Act 2000, implementing Directive 95/46/EC, is still applicable until May 2018. As of May 2018, Regulation 2016/679 (GDPR) will apply directly on an EU level.

The existing Data Protection Act 2000 will be replaced by the Austrian Data Protection Act that will enter into force on 25 May 2018. This Act supplements the GDPR.

Profiling of client data will be covered by the GDPR. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling will be subject to specific regulation under the GDPR, including the right of the client to object.

In addition, strict banking secrecy applies under Austrian law. All client banking data is protected, even the information that a certain person is a client of a bank. Unlike the GDPR, banking secrecy will also protect legal persons. Any service provider acting for a bank in Austria (e.g., a fintech company providing outsourcing services for a bank) will be bound by banking secrecy by law. Hence, the outsourcing provider will be directly subject to the sanctions of a breach of banking secrecy, including criminal liability.

VIII YEAR IN REVIEW

Over the past 18 months, the FMA has clarified its regulatory approach towards ICOs and cryptocurrencies. It concluded that current legislation is technology neutral. This clarification followed the explosion in interest in ICOs in Austria over the past eight to 12 months.

IX OUTLOOK AND CONCLUSIONS

There are currently no detailed plans on how to implement the above-mentioned ‘regulatory sandboxes’ for fintech companies (see Section I). Until these sandboxes are clarified and introduced, fintech companies will need to adhere to the same regulatory rules as any other market participant.

Depending on a fintech company’s exact business model, licensing requirements may apply. One possible solution for fintech would be to partner up with existing and regulated market participants. Any licensable activities would formally be provided by the regulated partner entities, while fintech companies would undertake to provide those entities with specific fintech solutions or act as an outsourcing provider. This would allow them to establish unique and innovative business models while adhering to the regulatory framework. If a business model proves successful, fintech companies could decide at a later stage to seek the required licences themselves.

As all applicable major EU framework legislation (MiFID II, PSD II) has been implemented, there is currently no further legislation to be expected.

1 Stefan Paulmayer is counsel at Schönherr Rechtsanwälte GmbH.