I OVERVIEW

Fintech is considered by the Italian regulators as an acronym standing for the technological development of finance and referring to the use of high-tech information equipment to deliver financial solutions. More specifically, in Italy, policymakers are seeking to bring innovative solutions offering financial services within the scope of supervision. Therefore, Italian supervising authorities are analysing the innovations brought by fintech, considering them as a wide range of activities (from data management to teleconnection systems, to digital applications and other software) useful (or rather usable) by any bank or financial intermediary (such as crowdfunding and peer-to-peer lending, digital payment services and Bitcoin).

Though the pivotal moment that gave rise to fintech was the end of the last financial crisis, Italy has only recently addressed this topic. In the past few months, the supervising authority has started hypothesising certain incentives to promote a change in the business model of banks, aimed at overcoming the difficulties as a result of the credit crunch. Although the interaction between finance and technology has a long history (for instance, ATMs started emerging in the late 1960s), it is only nowadays that Italian authorities are focusing on the wired society of ‘digital natives’ that started taking advantage of the network generated by the development of a global financial network that crosses the planet.

Therefore, looking at fintech, these authorities exploited the existence of a network of legal relations made in the e-space of the digital financial services that improved the efficiency of the circulation of capital and the emergence of new entrants (such as start-ups). The same is true for fintech opportunities, which are increasingly widespread in various aspects of financial services. The Italian regulator is starting to look at those opportunities and whether it is sufficient, for instance, to consider them as new forms of financial services such as the lending-based crowdfunding, robo-advice or distributed ledger technology (DLT).2 Furthermore, they are now aware that fintech is significantly expanding to the insurance sector (insurtech) and to wealth management services (including work pensions). This has led (and is still leading) to the understanding of the level of fragmentation and heterogeneity characterising the services of fintech, not only because of the diversity of national legislations, but also due to the emergence of new actors.

In Italy, fintech is still in its infancy. However, there is a significant number of projects that have been launched or are about to be launched this year. Non-banking intermediaries have focused their attention on the same needs, demands and issues of banks; however, their involvement in investment projects is still limited from a quantitative point of view, focusing mainly on payment services, ‘transversal’ technologies and crowdfunding. In this context, we shall highlight that, from a general perspective, the approach of the supervising authorities to fintech initiatives is looking for a solution to the lack of a uniform and overall-comprehensive legal framework, in order to face uncertainty.

ii REGULATION

From a regulatory perspective, it is essential to outline that, notwithstanding efforts at a supranational level (i.e., the recent European Commission’s Action Plan on Fintech, dated 8 March 2018),3 no uniform legal framework has been established yet neither in the European Union nor in Italy. Furthermore, we expect to observe further difficulties in regulating fintech at an overall level, given the diversity and fragmentation of the legislative corpus on the financial services. No special fintech licences have been required for banks, financial intermediaries or insurance companies, nor special conditions needed to use high-tech mechanisms in the financial industry.

In March 2018, Consob started a special initiative aimed at promoting applied research into fintech in order to regulate this phenomenon and understand more about the aspects that could influence the financial system.4 Consob began this as a result of the need to understand the size and depth of the changes promoted by the application of technology to business models and applied to run the regulated activities. This follows another initiative of Consob, published in December 2017, which reconnoitred the application of fintech within the scope of its supervision.

In practice, it is not easy to understand whether and how the legal framework applying to financial services will influence fintech services.5 The Italian legal framework is specifically addressed to regulate the main features of any service, and it focuses on the ‘traditional’ or ‘classical’ issues due to the need for protection of the clients (be they consumers or savers). The legislation lacks flexibility and therefore Italian supervisors are having difficulty expanding its scope.6 Therefore, as usual, the legislator will follow this innovation, to avoid any negative externality from the increasing use of high-technology mechanisms.

In light of the above, the current Italian legislator’s approach to fintech seems to be driven by the intention to adapt and harmonise the already-existing rules applying to the ‘traditional’ financial and banking services, with a view to integrating the new technologies available with the pre-existing information systems (known as the legacy systems). This objective is being carried out mainly through consultations and coordination between national and supranational authorities. According to the Bank of Italy, ad hoc legislation for fintech would be counterproductive in efficiency terms since innovative start-ups differ in their activities and the way they are carried out.

The idea driving Italy’s approach to fintech can be easily detected by analysing the specific financial markets sector. For example, in 2016 the Bank of Italy launched a roundtable on blockchain technology.7

On 29 November 2017, the Bank of Italy launched a website for fintech, thereby establishing an innovation hub for enterprises and actors in the financial services,8 under the auspices of the European Security Markets Authority (ESMA).9 The main purpose of the fintech channel is to bolster the innovation processes from a legal perspective by involving recipients in a productive dialogue with the national authority, which is considered essential to the gradual development and innovation of the legal framework.10 Within the fintech channel, moreover, a sub-section will include in-depth studies and the major regulatory innovations, both at the national and European level. The overall purpose of the fintech channel is to establish a flourishing landscape for innovative start-ups and, ultimately, to attract innovative start-ups seeking to establish their activities within the Italian boundaries.

By virtue of these objectives, the Bank of Italy is about to publish FAQs on access to the market. This soft-law instrument will facilitate financial operators’ access to the authorisation procedure before the national authority.

We shall consider also that, more recently, on 13 March 2018 the Ministry of Economy and Finances (MEF) established a Coordination Committee11 with the purpose of favouring the introduction of innovative services and models in the financial and insurance sectors. This Committee is the result of a memorandum of understanding between the MEF and the Bank of Italy, as well as other national authorities and entities.12 The Committee will constitute a venue for the participants that will enable the exchange of ideas, considerations and proposals with a view to contributing to the gradual development of fintech in Italy. Furthermore, the Committee will monitor the evolution of fintech among the authorities, in order to develop general principles and propose amendments to the legal framework. The Committee will also exchange information with the relevant actors at the European level, as well as national authorities of the EU’s Member States.

In this context, all activities shall comply with standard regulation, considering the application of a high level of technology as a mere characteristic of the business model used for performing such activity. Thus, automated digital advice or asset management shall comply with the current Italian implementing regulation of MiFID II and UCITS/AIFMD (where applicable). The same is true for credit (which shall be within the scope of implementing the rules of the CRD IV/CRR) and for the marketing of financial activities provided through high tech. This means that any cross-border activities could rely on the passporting provision (for the exercise of the freedom of providing services and the right to establish) set by EU directives for the underlying activity.

iii DIGITAL IDENTITY AND ONBOARDING

According to the general approach of the Italian regulator to the technological evolution of the business model, even the regulation of digital identity is not advanced. However, the public digital identity system (SPID) implemented by the Italian government is the first solution for accessing all the public administration’s online services with a single digital identity that can be used on computers, tablets and smartphones.13 The SPID system, in short, will lead to reductions in time and costs and, more broadly, will strengthen the relationship between the user and the PA.

There is no specific provision relying on digital identity in banking and financial regulation. Indeed, the onboarding of client has been regulated as a face-to-face procedure (i.e., requiring a physical presence). Having said that, we should take into account certain considerations on digital identity published by the Bank of Italy with respect to money laundering,14 based on the use of the client’s IBAN and on a previous in-person identification made by another intermediary.

With regard to the provisions concerning the distance provision of financial services, the Italian regulatory framework is still implementing Directive 2002/65/EC, and so it is addressed to the safeguarding of the interest of consumers to have access to the widest possible range of opportunities available in the EU internal market, so that they can choose those that are best suited to their needs. Thus, fully digitalised onboarding of clients shall not only comply with anti-money laundering provisions, but also with the need for protection of the consumers set by the current rules implementing the Directive.

IV DIGITAL MARKETS, FUNDING AND PAYMENT SERVICES

As anticipated previously, in 2016 the Bank of Italy organised a conference on the impact of blockchain technology to financial markets,15 allowing in-depth analysis on the peculiarities of this technology and the perspectives for financial institutions. Italian supervising authorities have taken into account the impact of the use of blockchain as the core of the mechanism used to issue virtual currencies (i.e., cryptocurrencies), such as Bitcoins.16

In this context, we shall consider that, on the one hand, monetary sovereignty has been placed at EU supranational level (under the economic and monetary union) and, on the other, the regulation of electronic money has been harmonised by Directive 2009/110/CE. This explains why the Italian regulator did not provide any specific regulation on blockchain technology.

That said, the Bank of Italy provided a specific direction on this topic, considering lawful the purchase, use and acceptance of virtual currency for payment services.17 However, the Bank of Italy included a caveat on the way such virtual currencies should be used, since they could potentially result in a breach of national provisions (having criminal relevance) such as Articles 130, 131, 131 ter of the Italian Consolidated Banking Act,18 as well as Article 166 of the Italian Consolidated Finance Act.19 Moreover, absent an EU legal framework in this respect, several risks are associated with the use of virtual currencies, such as the lack of any control and supervision (not only from the Bank of Italy, but from any supervisory authority), a risk of the loss of the sums, the absence of any contractual protection or guarantee. Other risks associated with the absence of a national legal framework are linked to the uncertainty of the taxation addressees, as well as the possibility that virtual currencies might be used for illicit activities such as money laundering or the financing of terrorism. More recently, the Bank of Italy issued a communication20 declaring its adherence to the European Supervisory Authorities (ESAs) warning on virtual currencies.21

As regards the necessity and feasibility of a national legal framework regulating blockchain technology and virtual currencies, some have argued that a legal framework with supranational authority may best suit the needs and demands of both the financial actors and the consumers:22 in this respect, the initiatives of the European Parliament and the Commission are welcomed.23 We expect that the Italian regulatory framework will be implemented following the results of the cooperation between the Commission and the ESAs aimed at regulating cryptocurrencies.24

V CRYPTOCURRENCIES AND INITIAL COIN OFFERINGS (ICO)

Evidence shows how fintech influences collective investment schemes, both under the UCITS Directive and AIFMD regulatory framework. Undertakings, in fact, are both investing in fintech undertakings and using online platforms to invest. According to the aforementioned approach, Italy was one of the first Member States to consider several phenomena as special forms of financial activity that require ad hoc, specific and organic regulation.

Unlike other European countries (where the phenomenon of crowdfunding has not yet been regulated), the ‘seeds’ of regulation can be traced back to 2012 with Decree Law No. 179/2012; moreover, in June 2013, the Regulation on Equity Crowdfunding was issued by the Consob25 and in January 2018 the Regulation’s most recent amendment harmonised the provisions on the management of online platforms.

In the view of Consob, equity crowdfunding is perceived as a useful tool for fostering the establishment and development of innovative start-ups: therefore, the relevant regulation aims to set down rules and operative procedures that contribute to the expansion of capabilities and the potential of internet.26 The main feature of this approach is the establishment of portals that (under the approval and supervision of the national authority) contain information on investments offered by start-ups, thereby facilitating the crowdfunding activity in a safe and conscious environment for investors.

With regard to lending-based crowdfunding, the Italian approach has gradually shifted from an exclusionary approach27 towards a slow but gradual recognition of the lawfulness of such financial activity, allowing e-platforms to operate both as payment institutions and non-banking intermediaries.28

Another recent innovation in the financial market is the invoice trading service. From 2013 to the present day, new companies have been established to provide this service, and Italy is expected to carry out a comprehensive legislative and fiscal reform that will formally recognise such actors, while at the same time removing the disadvantages such actors face and guaranteeing sufficient transparency.

With respect to the payment services, it is important to remember the enforcement of the new Payment Service Directive (PSD2).29 Italian implementing rules pave a stable path towards further innovation by regulating the activity of third-party providers (TPPs).30 These should be considered as fintech firms that (after authorisation and under the supervision of the national authority) offer payment initiation and account information services by exploiting the new business opportunities provided by technological innovation.31 Although it is still too early to determine whether those rules have efficiently managed the new challenges of fintech in the industry of payments, it is noteworthy that the Directive has introduced stringent obligations and requirements for the protection of consumers.

VI OTHER NEW BUSINESS MODELS

In the Italian banking industry, fintech is boosting ‘pure digital’ banks. Certain scholars consider Fineco Bank and Widiba (the online bank of the MPS group) as forerunners. Pure digital banks are intermediaries that lack a physical presence, thus enabling a significant reduction of management costs. Despite the modernisation process that is being carried out, however, the Italian banking system is still tied to the traditional concept that banks need physical branches spread throughout the territory. In any case, in order to face the aforesaid challenges, traditional banks are gradually reconsidering their business models with a movement towards digitalisation.

With respect to the rise of a new business model for the circulation of capital, we shall consider social-lending crowdfunding as a significant innovation for the Italian market. It was introduced by the regulation of ‘peer-to-peer lending’, which is a peculiar form of crowdfunding that permits money lending between stakeholders sharing similar characteristics. This exchange between lenders and borrowers is made on an e-platform, thereby reducing the costs associated with the traditional financial intermediation of banks. Moreover, the force driving social lending is the higher remuneration deriving from the lending activity. Hence, these features, together with the capacity of peer-to-peer lending to adapt to different legal systems, have made this form of service particularly attractive to investors and financial actors.

From a regulatory perspective, peer-to-peer lending is still under the scrutiny of the European Commission, the European Parliament and other EU authorities (EBA and ESMA), although France and the United Kingdom have already adopted some legislative measures. In Italy, the collection of savings is still managed by the traditional financial intermediaries, and pursuant to Article 106 of the Consolidated Banking Act, such intermediaries require an ad hoc authorisation issued by the Bank of Italy that is necessary for registration. However, the new provisions issued by the Bank of Italy (applicable from 1 January 2017) on the collection of savings by non-banking intermediaries now provide an ad hoc section for social lending,32 setting the foundation for formal recognition of this financial activity. Therefore, although operators cannot ‘freely’ collect savings from the public, they can receive funds and subsequently transfer them to payment accounts for payment service purposes.33

Concluding on this point, we shall assess the risk associated with the use of technology in financial services, as well as the threat of cyberattacks. In this respect, no specific cybersecurity legislation is in force for financial institutions. However, in its Strategic Plan 2017–201934 the Bank of Italy included initiatives to improve the security and business continuity of the Italian financial sector by implementing a cyber-resilience strategy for Italy’s financial market infrastructure. In line with the aforementioned Strategic Plan, the Bank of Italy and the Italian Banking Association have sponsored the establishment of the Italian Financial Cybersecurity unit (CERTFin), which coordinates information sharing and cyber-threat intelligence among the participating financial companies, allowing them to share critical information and enhance the awareness of cyber risk beyond what would be possible within the confines of their own organisations. From a broader European perspective, the Italian Council of Ministers has been delegated to adopt a legislative decree transposing Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the European Union.

VII INTELLECTUAL PROPERTY AND DATA PROTECTION

A crucial consideration that comes into play when fintech is discussed is the capacity of financial institutions to develop technologies to acquire clients’ information and, ultimately, to use such information to ameliorate the quality of the services they provide. Obviously, the use of high-tech tools helps intermediaries in the collection and processing of an enormous amount of information (known as ‘big data’). Therefore, the relationship between fintech and data protection is essential. Technology has shaped the relationship between the intermediaries and their clients, gradually determining the loss of loyalty. And this is particularly true with respect to the ‘new’ actors of the financial market (i.e., start-ups), which already use such technologies to collect big data.35

The use of technologies in the context of financial markets is likely to satisfy several aspects of the regulated activities, such as a more precise customer profiling, a more satisfying offering of financial instruments and, in general, proper financial advice for the single client’s necessities.

The European legislator has already paved the way in this respect, as the new Directive 2014/65/EU (MiFID 2) has introduced mandatory, specific obligations aimed at aligning the use of big data with customers’ need for safe and adequate investments. However, data collection must comply with the new provisions set out in the new EU Regulation on Data Protection (Regulation (EU) 2016/679 – GDPR), which shall apply from 25 May 2018. In the domestic legal framework, the Italian regulation has enforced such information obligations, and in May all operators shall comply with the new regime.

VIII YEAR IN REVIEW

In May 2017, the Bank of Italy launched a survey on the innovative technologies applying to financial services. The results, which were published at the beginning of this year,36 have shown an overall interest in fintech by the actors of the financial market; however, very small amounts of financial resources have been allocated for such investments.37 As a consequence, only a limited number of enterprises exploit potential synergies with fintech companies.

The main sectors in which investments have been carried out are technologies for facilitating the conclusion of cross-border contracts and operations; supporting technologies; payment services; robo-advisers; crowdfunding; Bitcoin; DLT and smart contracts, primarily with a view to gradual dematerialisation and alignment of their internal regulatory framework with the rules and principles as defined both at the national and supranational level. Such investments, however, have been carried out mainly within the national boundaries.

The report has shown that, from a general perspective, Italian financial institutions have opted for a wait-and-see approach. Furthermore, the report highlights the ‘digital divide’ between banks and other intermediaries, as the former have proved to be more sensitive (or at least more responsive) to the challenges brought by fintech.

Moreover, on 8 March 2018, the European Commission launched an Action Plan on fintech, aiming, inter alia, to supporting innovative business models, encouraging the uptake of new technologies in the financial sector and increasing cybersecurity in and the integrity of the financial market.38 This Action Plan sets out clear and concrete steps to make the most of rapid advances in technology and an expert group will be established to support the Commission in this plan. The Action Plan is divided into three sections and aims to:

  1. enable innovative business models to scale up through clear and consistent licensing requirements (i.e., facilitate the emergence of innovative business models through innovation facilitators)39 (especially for businesses pursuing crowdfunding activities,40 for which a proposal for a regulation has been drafted).41 This objective may be pursued in a new area of competition ruled by common standards and interoperable solutions;
  2. support the uptake of technological innovations in the financial sector. The Commission highlights the obstacles encountered in this field (citing issues related to blockchain and the qualification issue of smart contracts); and
  3. enhance the security and integrity of the financial sector. In this respect, the Commission is about to establish a workshop with the purpose of strengthening cooperation on cybersecurity.

    IX OUTLOOK AND CONCLUSIONS

European and Italian regulators are going to monitor the development of fintech, collecting data and information to gain a deeper knowledge of the industry and its potential risks. This activity is the basis for regulating and harmonising the EU internal market with regard both to the safeguarding of European citizens and the functioning of the circulation of capitals.

The importance of this activity has been confirmed both by the recent European Commission’s Action Plan on fintech (dated 8 March 2018), and the last available ECB Economic bulletin (dated 22 March 2018), which analysed the innovative forms of finance and banking.

In recent years, the ECB, the Bank of Italy and Consob have clearly illustrated the importance of monitoring innovations. In this context, we expect the development of new rules aiming to regulate a system in which firms can negotiate interest rates lower than those used by commercial banks (because of the reduction of operating costs due to high technology). The above confirms that further investigation of the fintech industry will clarify the path that EU and Italian regulators shall follow to standardise this system and to provide a minimum level of safety.

1 Alessandro Engst is a partner and Valerio Lemma is a senior associate at Eversheds Sutherland.

2 See F. Panetta, Vice Direttore Generale della Banca d’Italia, hearing before the VI/6th Commission (Finance) of the Italian Deputees’ Chamber dated 29 November 2017, ‘Indagine conoscitiva sulle tematiche relative all’impatto della tecnologia finanziaria sul settore finanziario, creditizio e assicurativo’, pp. 3-4.

3 See European Commission’s Action Plan on how to harness the opportunities presented by technology-enabled innovation in financial services (fintech), 8 March 2018.

4 See VV. AA., ‘Lo Sviluppo del FinTech’, March 2018, No. 1, passim.

5 See Panetta supra note No. 2, pp. 6-7.

6 A typical example of the ‘inadequacy’ in regulating the new financial services is the lending-based crowdfunding, which lacks a legal framework both in Italy and in the European Union, despite the general acknowledgement on how this financial service is offered and operates.

9 See ESMA’s Response to the Commission Consultation Paper on fintech. A more competitive and innovative financial sector, 2017 https://www.esma.europa.eu/press-news/esma-news/esma-
responds-commission-consultation-fintech.

10 More specifically, a dialogue between the national authorities and enterprises will likely support the former in understanding and detecting the market needs; whereas, with respect to the latter, such dialogue will provide the actors of the financial market in acquiring sure and reliable information, with the consequence of protecting consumers and providing them with sufficient information. See Panetta, supra note No. 2,
p. 9.

12 The Memorandum has been signed by the Bank of Italy, the Ministry of Economy and Finance, the Italian Securities and Exchange Commission (CONSOB), the Antitrust authority (AGCM), the Italian Insurance Supervision Authority (IVASS), the Authority for the protection of personal data, the Digital Agency for Italy and the Italian Revenue Agency). The Committee is composed of one member representing each authority.

16 A definition of ‘virtual currencies’ is provided in article 1, comma 2, lett. qq) of Legislative Decree of 21 November 2007, No. 231 (as amended by Legislative Decree 25 May 2017, No. 90), as ‘the digital representation of value, not issued by a central bank or a public authority and not necessarily linked to a value having a legal tender, that is used as a means of exchange for the purchase of goods and services and that is transferred, stored and traded through electronic devices’. The same definition has been provided by the Bank of Italy in its Communication of 30 January 2015: https://www.bancaditalia.it/pubblicazioni/bollettino-vigilanza/2015-01/20150130_II15.pdf.

18 See Legislative Decree No. 385/1993. More in detail, such articles punish respectively: the abusive activity of collection of savings (article 130); the abusive banking activity (article 131); the abusive activity of rendering payment services.

19 See Legislative Decree No. 58/1998. More in detail its article 166 punishes the abusive activity of rendering investment services.

20 See Bank of Italy, ‘Avvertenza per i consumatori sui rischi delle valute virtuali da parte delle Autorità europee’, 19 March 2018: http://www.bancaditalia.it/compiti/vigilanza/avvisi-pub/avvertenza-valute-virtuali-2018/avvertenze-valute-virtuali-2018.pdf.

22 See ‘fintech – Introduzione ai profili giuridici di un mercato unico tecnologico dei servizi finanziari’, edited by M.-T. Paracampo, 2017 G. Giappichelli Editore – Torino, pp. 227-228.

24 On 26 February 2018 the Vice-President of the European Parliament hosted a roundtable on cryptocurrencies.

26 CONSOB has also a web page with all the relevant information on crowdfunding, available at this link: www.consob.it/web/investor-education/crowdfunding#c2.

27 In 2009 Bank of Italy expelled the social lending platform Zopa Italia finding a violation of articles 11 and 130 of the Consolidated Banking Act.

28 See E. Macchiavello, ‘La problematica regolazione del lending-based crowdfunding in Italia’ in Banca Borsa Titoli di credito, fasc. 1, 2018, raises concerns on the difficulties facing the regulation of this financial service. In this dissertation, the Author welcomes an ad hoc discipline for lending-based crowdfunding.

29 In Italy, the Directive has been enforced by Legislative Decree No. 218/2017.

30 Typical TPPs are PISPs (Payment Initiation Service Providers) and AISPs (Account Information Service Providers).

31 See I. Visco (Governor of the Bank of Italy), Welcome address at the European Central Bank (ECB) and Banca d’Italia joint conference on ‘Digital transformation of the retail payment ecosystem’, pp. 3-4.

32 https://www.bancaditalia.it/compiti/vigilanza/normativa/archivio-norme/disposizioni/raccolta-risparmio-
soggetti-diversi/disposizioni.pdf. Section IX of such text has ‘mere acknowledgement purposes’, according to the Bank of Italy Report on this document.

33 In other words, intermediaries can exercise social lending activity provided that they are authorised as payment institutions or electronic money institutions pursuant to Article 114 novies, comma 4, of the Consolidated Banking Act.

35 A definition of ‘Big Data’ is provided by the European Commission in its ‘Communication on Data Economy’, available at this link: https://ec.europa.eu/digital-single-market/en/news/communication-
data-driven-economy.

37 The results show that only €135 million has been allocated for the financing of fintech. Moreover, in the Ernst & Young ‘EY fintech Adoption Index 2017’, the Italian market is not even mentioned.

38 Back in 2016, the Commission set up an internal task force on financial technology to address potential opportunities and challenges posed by fintech.

39 Such as innovation hubs and regulatory sandboxes.

40 These are the European crowdfunding service providers (ECSP).

41 See the Proposal for a Regulation of the European Parliament and of the Council on European Crowdfunding Service Providers (ECSP) for Business – 2018/0048 (COD).