Fintech is radically innovating the way financial services are designed and offered. It represents an evolving phenomenon that involves several market segments (e.g., banking activities, payment services, virtual currencies, crowdfunding, peer-to-peer lending and investment services), and heterogeneous tools and techniques (e.g., robo-advice and artificial intelligence).

Although the benefits of technological changes may take some time to fully materialise, innovation can contribute to reducing costs and information asymmetries, increasing efficiency and competition, and widening access to financial services. In this regard, Italian competent authorities appear to be aware that fintech developments could deeply affect the ability of the financial industry to evolve and prosper. At the same time, they are also concerned about the potential risks that might emerge regarding, among other things, consumer protection. Despite efforts to arrive at a harmonised approach to fintech regulation, the current legal framework governing fintech is still largely incomplete. Moreover, doubts exist as to how to interpret existing rules, as fintech activities are often difficult to classify based on traditional principles.

The payment services sector appears to be the area that has experienced major developments as, following the Second Payment Services Directive's (PSD II's) entry into force and implementation within the Italian legal framework at the beginning of 2018, new business opportunities are offered to fintech companies. In this context, 2019 is expected to witness the IPO of Nexi SpA, one of the Europe's biggest players in the payment services market. Other developments are also taking place in the credit sector, securities trading and risk management.

The Italian government and competent authorities are establishing an increasingly fintech-friendly environment. More specifically, in 2017:

  1. the Bank of Italy (BoI) demonstrated its forward-looking approach by launching a fintech hub on its website to support innovation processes in the regulatory arena;2 and
  2. the Italian Companies and Stock Exchange Commission (Consob) launched several initiatives, including research programmes concerning robo-advice, blockchain and, more generally, the relationship between fintech businesses and traditional financial activities. The initiatives are aimed at understanding more about the aspects that can influence the financial system and at regulating the fintech phenomenon.3

In March 2018, the Ministry of Economy and Finance (MEF) established a coordination committee in response to a memorandum of understanding between the MEF, the BoI, Consob and other national authorities. The Committee's purposes are:

  1. to encourage the introduction of innovative services and models in the financial and insurance sectors;
  2. to monitor fintech developments; and
  3. to develop general principles applicable to fintech and propose appropriate amendments to the current legal framework.4

Furthermore, the increasing attention to cyberspace and technological developments brought the Italian government to recently issue innovative regulations governing blockchain, cryptocurrencies and crowdfunding (see Sections IV and V); and establish specific funds to support fintech developments and encourage investments in areas connected to artificial intelligence, blockchain, internet of things and cybersecurity.

Finally, with regard to tax incentives, fintech companies can benefit from, among other things:

  1. an innovative start-up regime, according to which – direct or indirect – investments in innovative start-up companies are partially deductible (if certain conditions are met);
  2. a patent box regime that provides for a 50 per cent exemption from corporate tax in relation to those incomes arising from direct use or licensing of qualified intangible assets (e.g, patents, know-how); and
  3. tax credit on research and development activities, according to which companies can benefit from a tax credit equal to 50 per cent (or 25 per cent depending on the kind of expense) of the incremental R&D expenses.


i Licensing and marketing

Currently, the Italian regulatory framework provides no definition of 'fintech' business. Therefore, no specific fintech licence or regulatory framework exists for fintech sector activities. The only exception is the management of crowdfunding portals, which is regulated by Article 50 quinquies of Legislative Decree No. 58 of 24 February 1998 (the Italian Financial Act) and Consob Regulation No. 18592 of 26 June 2013, which requires an authorisation for portals' managers other than banks and investment firms (see Section IV).

As a general rule, specific authorisation is always required for activities that qualify as reserved activities under Italian law, regardless of the (technological) means used to carry out them. Therefore, fintech firms that perform banking activities, investment services and asset management activities (including automated digital advisory (robo-advice) and digital asset and wealth management services), payment services or insurance activities are subject to the general Italian and European regulatory framework; thus, they must have obtained authorisation from the competent supervisory authorities (the BoI, European Central Bank, Consob and the Italian Insurance Supervisory Authority (IVASS)) and comply with the relevant legal framework (including prudential and governance requirements and business conduct rules).

Considering the absence of a clear and all-encompassing Italian regulatory framework applicable to fintech activities, the marketing of fintech products and services provided by regulated fintech entities is currently governed by the same rules applicable to any other regulated entity (e.g., Italian consumer protection law and BoI regulations on the transparency of banking and financial transactions and services).

With regard to credit information services, the Italian framework sets out different rules depending on the private or public nature of the credit information system. Notably, private information systems contain information on credits provided by participating companies, but registration is not mandatory for banks or financial intermediaries. Conversely, these intermediaries are required to enrol with the Central Credit Register,5 an information system regarding customers' risk position managed by the BoI, that is intended to, among other things, improve the quality of credit provided by intermediaries. The Central Credit Register can be accessed only by registered intermediaries and, on request, by individuals or entities. The register contains information on credit amounting to €30,000 or more.

ii Cross-border issues

In Italy, regulated activities can be carried out either through the establishment of a branch or under the regime of the freedom to provide services. As outlined in Section II.i, Italy has no ad hoc regulatory framework in place – or passporting procedure – that specifically governs the provision of fintech products and services. Therefore, if a fintech company intends to offer products or services in Italy that – regardless of the technology used – fall within the definition of a reserved activity, the company will need to comply with all the relevant regulations. More specifically, EU-licensed companies, regardless of their fintech nature, benefit from the passporting procedure set out by the main EU directives governing the provision of regulated activities (e.g., the Fourth Capital Requirements Directive, the Second Markets in Financial Instruments Directive (MiFID II), Solvency II, the Undertakings for Collective Investment in Transferable Securities Directive, the Alternative Investment Fund Managers Directive or PSD II). These passporting procedures require, among other things, a simple notification to the competent authorities of the home and host Member States, without, in principle, the need to obtain a local licence in the host Member State.

If non-EU companies wish to provide fintech products or services that fall within the definition of a reserved activity in Italy, they will need to obtain prior authorisation from the relevant Italian competent authority (the BoI, Consob or IVASS, depending on the type of activity).

Furthermore, companies wishing to actively market services and products in Italy might be required to obtain prior authorisation and meet specific requirements depending on, among other things, the type of services and products, the level of information provided on such services and products and whether the marketing activity is targeted at Italian residents.

In Italy, foreign exchange and currency controls are not subject to restrictions except for those concerning banknote circulation.6 Additionally, as a general rule, the Italian legal framework does not limit foreigners' rights to own Italian companies. However, if a foreigner wishes to acquire a significant holding in a supervised entity (e.g., bank, financial intermediary, investment firm or asset management company), specific rules set out in the Italian Banking Act and in the Italian Financial Act apply. These rules require the potential acquirer to, among other things, file a prior authorisation application with the relevant competent authority and meet specific integrity, fairness, transparency and professionalism requirements.7


The Italian government has been implementing a digital identity public system (SPID) through the Agency for Digital Italy (AGID) since 2016. SPID allows citizens (including those resident in other countries) to access (through personal login credentials) online services provided by public and private entities.

Personal login credentials for SPID are provided by private identity providers licensed by the AGID. Citizens are therefore free to decide which entity to entrust their digital identity. SPIDs can be implemented inside a business under a specific agreement with the AGID and an agreement with identity providers. Examples of both agreements are available on the government's website. Payment terms and conditions are set out in the agreement with the AGID and cannot be amended by the parties. Few private parties are currently implementing SPIDs because of the high cost of doing so.

Furthermore, banking and investment services providers can implement fully digitalised onboarding of clients, provided that additional requirements to the physical onboarding are met. These requirements, which are generally set out for the provision of banking and investment services through long-distance communication, mainly concern transparency (e.g., sending pre-contractual and contractual documents through a durable medium),8 anti-money laundering (AML) identification duties (e.g., double checking of identification data)9 and consumer's protection (e.g., client's right withdraw within 14 days from entering into the contract).10

An innovative remote video-identification procedure to meet customer due diligence requirements for AML purposes is expected to be specifically regulated in the near future following the BoI's draft regulations published for public consultation in April 2018.11


i Crowdfunding

Italy was one of the first countries in Europe to introduce specific legislation governing equity crowdfunding, which is laid down in the Italian Financial Act12 and Consob Regulation No. 18592 of 26 June 2013.13 Under this legislation, the management of equity crowdfunding portals is limited to:

  1. investment firms and banks authorised to provide investment services, which are considered 'de facto managers' and require no specific licence; and
  2. portal managers other than those under point (a), which need to be duly authorised and enrolled on a special register managed by Consob.

Equity crowdfunding portals may only be used to offer to the public financial instruments that are issued by small and medium enterprises (SMEs), collective investment schemes and social enterprises.

In this respect, Law No. 145/2018 (the 2018 Budget Law) recently introduced the possibility to also offer debt instruments, provided that this is carried out through a separate area of the portals and these instruments are addressed only to professional investors and other categories of investors identified by Consob. To date, the relevant implementing regulation of the 2018 Budget Law is yet to be published.

ii Debt financing and lending platforms

One main area in which Italian fintech companies are growing is debt financing, which includes lending activities and secondary market trading using online platforms.

More specifically, peer-to-peer lending and social lending have experienced rapid growth in recent years and represent one of the more mature fintech sub-sectors, even though no specific regulation governs them so far. At the end of 2016, the BoI clarified that peer-to-peer lending and social lending may fall under the definition of the following activities, which are reserved to duly authorised entities: lending, collection of savings and payment services.14

Additionally, the BoI defines lending-based crowdfunding as an activity carried out through an online platform that allows several parties to collect repayable funds and clarifies, among other things, that the following activities do not constitute 'collection of savings':

  1. managers of the online platforms: if they receive funds to be held in payment accounts that can be used only to provide payment services by entities authorised to carry out payment services or to issue electronic money; and
  2. borrowers:
    • individual lenders (following personalised negotiations) that are supported by the platform manager only to enable the execution of the agreement; or
    • entities subject to prudential supervision.

Invoice lending and invoice trading are other businesses that an increasing number of online platforms are breaking into. Fintech firms involved in these activities adopt business models that normally require prior authorisation to operate as banks or financial intermediaries. However, limited cases exist of non-regulated fintech firms managing online platforms without entering into any lending agreements with the final customers.

With regard to trading loans on a secondary market, purchasing receivables qualifies as a lending activity that may be performed only by banks, financial intermediaries enrolled on the BoI's register under Article 106 of the Italian Banking Act, and alternative investment funds that invest in receivables.15 Furthermore, as to securitisations, special purpose vehicles may purchase receivables under a simplified procedure that reduces transfer costs. This also ensures that all charges and guarantees retain their validity and priority, without the need for any additional formality, provided that all notification duties are complied with.16

iii Payment services

Innovative payment services represent one of the most prominent and widespread fintech developments in Italy. The provision of payment services in Italy is subject to the BoI's prior authorisation under Article 114 novies of the Italian Banking Act.

Following PSD II's implementation in Italy with Legislative Decree No. 218/2017, the Italian Banking Act now includes two new payment services: payment initiation and account information services. Italian implementing rules introduced a specific regulation governing third-party providers (TPPs), which are typically payment initiation service providers (PISPs) and account information service providers (AISPs). PISPs and AISPs are fintech companies that must be duly authorised and comply with the regulatory framework on payment services; and must offer payment initiation and account information services by exploiting the new business opportunities provided by technological innovation. These new services require access to data and accounts held by credit institutions or other payment services providers. Therefore, as the BoI recently pointed out, each payment service provider with payment accounts accessible online (mainly banks) is now required to provide access – through at least one access interface – to their clients' data and accounts to other TPPs to enable them to carry out their business effectively.17

iv Collective investment schemes

Collective investment schemes are mainly regulated in Italy under the Italian Financial Act and its implementing regulations, which do not envisage any ad hoc provisions applicable to fintech entities falling under the definition of managers of collective investment schemes. Therefore, these fintech entities must comply with the general legal framework on asset management activities under the Italian Financial Act.


In February 2019, Law No. 12/201918 introduced the definition of distributed ledger technology (DLT) to recognise the legal effects of electronic time stamps under Article 41 of EU Regulation No. 910/2014 and the storage of an electronic document through a DLT. To date, the implementing technical standards providing the DLT requirements that ensure these transactions have legal effect are yet to be published. However, the new provisions mark a significant step forward in developing blockchain technology in Italy and follow Italy's subscription to the European Blockchain Partnership Initiative in September 201819 and the signing of the Southern European Countries Ministerial Declaration on Distributed Ledger Technologies in December 2018.20

With regard to virtual currencies, the first relevant and binding definition of virtual currency was introduced by Legislative Decree No. 90/2017, which implemented Anti-Money Laundering Directive (AMLD) IV and amended Italian AML law (Legislative Decree No. 231/2007 – the AML Decree). This defines virtual currencies as 'the digital representation of value, not issued by a central bank or a public authority and not necessarily linked to a value having a legal tender, that is used as a means of exchange for the purchase of goods and services and that is transferred, stored and traded through electronic devices'.21

The AML Decree expressly defines also virtual currency service providers as:

each natural or legal person providing to the third parties, in a professional manner, useful services to use, exchange, store the virtual currencies or to convert them in fiat currencies.22

Under the AML Decree, these providers are subject to specific notification and enrolment requirements, which will be set out in a decree from the MEF (currently available only in its draft version).23 Once this Decree enters into force, virtual currency service providers will be required to:

  1. notify the MEF of the commencement of their activities; and
  2. enrol with a special section of the currency exchangers' register.

Failure to comply with the notification duty under point (a) may result in the application of specific administrative penalties.

Additionally, even before the AMLD V's entry into force, Legislative Decree No. 90/2017 extended AML compliance obligations (i.e., customer due diligence, storage of data, notification of suspicious transactions and abstention in case of impossibility to carry out the customer due diligence) to providers engaged in exchange services between fiat currencies (i.e., currencies having legal tender) and virtual currencies (exchanges). This extension – and in general the application of AML duties to parties operating in the cryptocurrencies and tokens field – have raised concerns, at both European and national level, owing to the volatility of virtual currencies.24

The above definition of virtual currencies first appeared in a communication published by the BoI in 2015,25 which contained clarifications of the characteristics of virtual currencies; and, in line with the European Banking Authority (EBA),26 a warning about the use of these currencies, as they could result in a breach of Italian regulations with the risk of criminal penalties.27

In 2018, the BoI issued another communication declaring its adherence to the European Supervisory Authorities (ESAs) warning on virtual currencies28 and discouraging Italian banks, other supervised entities, and consumers from buying or selling virtual currencies following several scandals involving cryptocurrencies.29 The BoI also highlighted that several non-regulated entities are involved in trading virtual currencies and, as they are not subject to AML regulations, their activity could pose risks. Moreover, Consob recently published a consumer warning regarding the cryptocurrencies-related risks.30 Additionally, in 2018 Consob adopted several measures regarding companies that offer investments in cryptocurrencies and initial coin offerings (ICOs), qualifying their activity as public offering of financial products (i.e., financial instruments and any other form of financial investment)31 without the necessary prior authorisation.32 Furthermore, on 19 March 2019, Consob published for consultation a discussion paper on the possibility to regulate cryptoassets and ICOs.

As of today, there are no specific tax provisions governing cryptocurrencies in Italy. However, the Italian tax authority has recently issued some resolutions providing preliminary guidelines on the tax treatment of cryptocurrencies.

According to the Italian tax authority, any gains deriving from the disposal or the conversion of cryptocurrency shall be treated as foreign currencies and therefore:

  1. individuals shall be taxed – at 26 per cent tax rate – if, during the fiscal year and for at least seven consecutive days, the threshold of ownership of cryptocurrency exceeds €51,645.69; and
  2. companies are subject to tax under the general corporation tax regime for profits and losses (currently, corporate income tax rate is 24 per cent).

With reference to VAT, the Italian tax authority is aligned with the position of the European Court of Justice – the Skatteverket case (C-264/14) – according to which, cryptocurrency trading is a commercial activity that falls within the scope of VAT but shall be considered as exempt from VAT by virtue of Article 135(1)e of the VAT Directive, which deals with currency-related transactions.

The Italian tax authority has also provided some guidelines with reference to the 'utility token' (those that enable the token's holder future access to the products or services offered by the token's issuer or a third party). These financial instruments are assimilated to 'vouchers' from the token's issuer perspective and, as such, are taxed when the goods (or services) are transferred to the token's holder. Any gains deriving from the disposal of utility token are subject to tax in the hand of the holder; the latter could be either an individual or a company. In the first case, the relevant gains are subject to 26 per cent tax rate, otherwise they are subject to corporate taxation at a 24 per cent tax rate.


Law No. 12/2019 also introduced the definition of smart contracts as part of DLT. Indeed, smart contracts are defined as 'a computer program that works through distributed ledger technology and whose performance automatically binds two or more parties based on effects defined by the parties themselves'.

Smart contracts on a DLT are considered entered into in writing if the AGID's guidelines are complied with. However, the AGID has yet to issue any such guidelines. Moreover, to ensure that smart contracts are concluded in writing, an electronic signature system that is able to identify the parties must be in place. The system must be an advanced electronic signature or a qualified one; both are envisaged by European Regulation No. 1999/93 and Italian Legislative Decree No. 82/2005.

Thus, smart contracts are currently specifically defined as operating only through a DLT, but this does not mean that their use is prohibited elsewhere. Indeed, smart contracts are generally defined as:

an automatable and enforceable agreement. Automatable by computer, although some parts may require human input and control. Enforceable either by legal enforcement of rights and obligations or via tamper-proof execution of computer code.33

Unless specifically prohibited, smart contracts can be used provided they meet the certainty requirements set out by law.

In general, fintech encompasses a wide range of financial services and products that intersect with technology. Banks and other traditional players are gradually evolving their business models by increasing the level of their services. Innovations related to, among other things, mobile and digital payments, cloud computing, data governance and risk management software have increased the efficiency of banking activities and allow cost reductions regarding the material provision of some services. Indeed, banks are reducing their territorial presence in favour of more digitalised business models. Although the effects of digitalisation in an economy based on territorial rooting are yet to be proven, several banks have started to develop full-service banking businesses almost exclusively based on digitalised platforms.34 Furthermore, to accelerate this process, many banks are likely to create partnerships with existing fintech companies. This would allow them to immediately acquire the know-how needed to implement digitalised business models.

At the same time, fintech companies frequently need to rely on banks or other supervised entities to implement business models – such as digital payments or financing platforms – that require authorisation from the competent supervisory authorities. In this respect, the main regulatory issue raised by new digitalised services performed by fintech companies concerns identifying those businesses that could fall within the scope of reserved activities, particularly if these businesses are operated without reliance on supervised entities.  

In this context, social-lending and digital lending platforms represent a new funding model for individuals and SMEs that sometimes face difficulties in accessing traditional bank funding. In these cases, the transfers between lenders and borrowers are carried out through a digital platform, thereby reducing the costs associated with the traditional financial intermediation of banks and increasing the remuneration deriving from lending activities (see Section IV).

The range of fintech products and services also covers the use of artificial intelligence to support the entire investing process (e.g., robo-advice and algorithmic trading). In this respect, although robo-advice is not expressly regulated under the Italian legal framework, from a regulatory standpoint, it could fall within the definition of investment advice (see Section II.i). On this basis, it could therefore be considered a reserved activity that only duly authorised subjects are permitted to carry out and that must comply with the Italian regulatory framework on investments services.35 As to algorithmic trading, under the Italian Financial Act36 and Consob Regulation No. 20249 of 28 December 2017, banks and investment firms can engage in algorithmic trading or high-frequency algorithmic trading, thus operating with minimal or no human intervention, subject to notification and recording duties to Consob.

Cyberattacks are one of the main emerging risks associated with the use of technology in financial services. To address this issue, Legislative Decree No. 65 of 18 May 2018 implemented EU Directive (EU) 2016/1148 concerning measures for a high common level of security for network and information systems across the European Union. In addition, in its Strategic Plan 2017–2019,37 the BoI included initiatives to improve the security and business continuity of the Italian financial sector by implementing a cyber-resilience strategy for Italy's financial market infrastructure. In line with the Strategic Plan, the Bank of Italy and the Italian Banking Association (ABI) have sponsored the establishment of the Italian Financial Cybersecurity unit, which coordinates information sharing and cyber-threat intelligence among participating financial companies, allowing them to share critical information and enhance the awareness of cyber risk beyond what would have otherwise been possible within the confines of their own organisations.38

With regard to websites comparing financial products offered or providing information about the financial products themselves, there are no specific privacy provisions or competitive rules, but these legislative provisions can be relevant. In addition, websites covering the insurance sector feature tight regulation that requires comparison websites to be authorised by IVASS,39 as also provided by the Insurance Distribution Directive.40 Conversely, banking and financial fields do not include any ad hoc regulation for third-party product-comparison, if no banking or financial products marketing is carried out.


It is essential for fintech businesses to generate the most possible value from the innovative and technological tools and systems they use. Therefore, protecting these tools and systems with intellectual property rights when possible is extremely important.

Software patentability is generally excluded because software cannot be considered an invention per se (Article 45 of the Italian Industrial Property Code). Although software is sometimes patent eligible, patents are excluded in most cases in the fintech field. However, Italian law envisages software safeguards through copyright protection (Article 64 bis of the Italian Copyright Law), which is granted if the software meets the creative requirements set out in the copyright law.

Fintech businesses are increasingly using open source software or standard software as a base on which to develop customised solutions for their businesses. In these cases, attention must be paid to the presence of copyleft clauses that often impose to disclose the source code of the developments made. According to the applicable terms, obligations to disclose may vary.

Furthermore, business knowledge can be protected as a business secret. This protection ensures that no-one can use secret information developed for business purposes. The fact that the information is secret ensures protection is granted.

Specific rules must be set out in agreements between parties to ensure that the owner of the IP rights over any invention or software created under a contractual relationship is clear.

The following rules apply to employment relationships:

  1. inventions by the employee in performing his or her work duties: the employer is the owner of IP rights over the employee's inventions;
  2. inventions by the employee in performing his or her work duties, even if invention is not a specific work duty: the employer is the owner of IP rights over the employee's inventions, but the employee has the right to be fairly remunerated for the invention; and
  3. inventions by the employee outside his or her work duties, but connected with the employer's field of business: the employee is the owner of IP rights over the inventions, but the employer has a pre-emptive right over the inventions.

In the fintech field, it is necessary to ensure that personal data is lawfully processed in compliance with European Regulation 2016/679 (General Data Protection Legislation – GDPR, which came into force on 25 May 2018) and Italian legislation (specifically Legislative Decree No. 196/2003, the Privacy Code, recently amended by Legislative Decree No. 101/2018). Indeed, sensitive information relating to the financial assessment of natural persons are frequently processed, and a large amount of correct information is gathered to ensure the legal obligations imposed on financial intermediaries are met. The legal obligations deriving from MiFID II and from AML legislation are a prime example. Both require that information be gathered to profile clients and conduct risk analysis to provide the most profitable investment portfolio for both financial intermediaries and clients. Although profiling is mandatory by law, the GDPR must be complied with, particularly information and transparency duties that require disclosure of the rules governing the profiling system if requested by the data subject or client. This is a very sensitive area because complying with the data subject's right could contrast with the legal entity's right to protect business information and keep it secret.

Big data plays a strategic role in the fintech field and, to ensure business growth, fintech businesses need to have access to advanced technology and well-structured databases. Credit and commercial information systems also play a strategic role in this sector by providing information and thus meeting fintech operators' business needs. The activities performed by these systems are regulated by law and, within the privacy legislation, by specific codes of conduct. It must be underlined that large differences exist between the two information systems. As outlined in Section II.i, credit information systems can be public (i.e., the Central Credit Register managed by the BoI) or private, and only financial intermediaries (and other entities under the BoI's control) may supplement the databases and ask for information to be extracted from the databases. Conversely, commercial information systems provide information collected from public sources and are available to the public. Commercial information systems are thus clearly fundamental for payment institutions and, especially since PSD II's entry into force, their importance in the fintech field continues to increase.


As highlighted in the results of a survey launched by the BoI and published at the beginning of 2018,41 financial sector players' interest in fintech is growing. The main sectors to have seen investments are technologies that facilitate the conclusion of cross-border contracts or transactions, supporting technologies, payment services, robo-advisers, crowdfunding, cloud computing, cybersecurity, cryptocurrencies, DLT and smart contracts. The ultimate aim behind investment in these sectors is to gradually dematerialise and align their internal regulatory frameworks with rules defined at a national and supranational level.

Traditional financial institutions such as banks or insurers no longer regard fintech companies as competitors, but rather increasingly view them as potential partners in developing and improving new or existing business models. In fact, traditional banking operators are responding with the following strategies to adapt their current market demands:

  1. development of platform services;
  2. acquisitions or alliances with fintech companies; and
  3. pure digital banks.

A significant number of projects have been launched or are about to be launched in Italy. Non-banking intermediaries have focused their attention on the same needs, demands and issues that banks are concerned with. However, their involvement in investment projects is still limited from a quantitative point of view, with the focus for now being mainly on payment services, 'transversal' technologies and crowdfunding. The BoI is about to launch a new financial sector survey to record any new fintech initiatives and projects.

Against this backstop, the Italian regulatory framework has undergone significant reforms that have impacted the fintech sector. More specifically, throughout 2018 and 2019, the following regulations (among others) were issued or placed under consultation to comply with the EU framework and establish a fintech-friendly environment:

  1. the Italian Financial Act, Consob's Intermediaries Regulation and Consob's Regulation No. 20249 of 28 December 2017 were amended and supplemented to implement MiFID II;
  2. the Italian Banking Act and the BoI's supervisory instruction to payment institutions was placed under consultation from July to September 2018 to implement PSD II (see Section IV);
  3. the 2018 Budget Law introduced the possibility for crowdfunding portals to offer also debt instruments, and Consob's Regulation No. 18592 of 26 June 2013 was amended and supplemented to implement MiFID II (see Section IV);
  4. Law No. 12/2019 introduced the definitions of distributed ledger technology and smart contracts (see Section V); and
  5. the BoI's provisions on customer due diligence duties for AML purposes were placed under consultation from April to June 2018 (see Sections III and V).

At European level, in March 2018, the European Commission launched a fintech action plan, aimed at, among other things:

  1. supporting innovative business models;
  2. encouraging the uptake of new technologies in the financial sector;
  3. increasing cybersecurity in the financial market; and
  4. improving the integrity of the financial market.42

According to the action plan, the European Commission will, among other things:

  1. host an EU fintech laboratory where European and national authorities will engage with tech providers in a neutral, non-commercial space;
  2. present a blueprint with best practices on regulatory sandboxes, based on guidance from ESAs; and
  3. report on the challenges and opportunities of cryptoassets later in 2018 in the framework of its Blockchain Observatory and Forum, which was launched in February 2018 for a two-year period.

Additionally, the EBA published a fintech roadmap setting out its priorities for 2018 and 2019, including the establishment of a FinTech Knowledge Hub to enhance knowledge sharing and foster technological neutrality in regulatory and supervisory approaches.43


Technology-enabled innovation in financial services is fast developing and offers numerous advantages. Indeed, fintech has the potential to:

  1. increase efficiency and reduce costs;
  2. improve access to, and provision of, financial services;
  3. enhance the customer experience; and
  4. create markets for new and innovative financial services and products.

As technology continues to break down the barriers to entry in the bank and financial services markets, banks and other regulated entities are reacting to this changing environment and adopting online banking offerings. This involves them shifting the distribution of their standard services to online platforms via multichannel networks, thereby reducing the number of physical branches, which allows the remaining branches to specialise in high value-added services (e.g., private banking, corporate finance and advisory). Technology is being leveraged to improve the efficiency of middle- and back-office processes, and to provide more effective risk management tools.

Fintech technologies and products offer a wide range of possibilities and can be instrumental in improving the quality of services offered to clients and market players an important competitive edge. They can also present further opportunities to fully exploit the advantages of an integrated European financial services market, since they facilitate the distribution of retail products and services on a cross-border basis. Although the benefits of technological change could take some time to fully materialise, innovation is contributing to cost savings, reduced information asymmetry, increased efficiency and competition, and wider access to financial services.

A wide variety of fintech businesses are currently operating in Italy in almost every sub-sector of the fintech industry. According to the most recent information, almost 150 fintech companies are based in Italy, and this number continues to grow. Crowdfunding is the largest sub-sector of the fintech industry, with 51 active companies, followed by payment services, asset management, blockchain, virtual currencies, insurance and peer-to-peer lending. A wide range of innovative fintech solutions have recently been developed in the Italian payment services sector, mainly through apps that provide alternatives to traditional banking channels. The local insurance and asset management sectors are also very interested in fintech solutions. Domestic banks have also recently started seeing fintech as a way to innovate their everyday business, and plan investments that take advantage of fintech solutions.

Combined with the increasing interest expressed by the European and Italian regulators in the sector, fintech will likely be thoroughly regulated in the short- or medium-term. In this regard, it can reasonably be expected that many new initiatives will result from the action plan on fintech launched by the European Commission in March 2018 (see Section VIII).

Further regulatory changes also arrived with the entry into force of the GDPR and the PSD II. The most significant disruption to the global financial sector is still expected to be from ledger technologies such as blockchain. Although the use of this type of technology is not yet widespread, it is expected to emerge in Italy in many areas and, in light of the newly introduced definitions of DLTs and smart contracts, looks set to go beyond cybersecurity and cryptocurrencies.

Even though financial services are still predominantly distributed through traditional channels, technology-enabled innovation in financial services is fast developing and offers numerous advantages as technology dramatically reduces the costs of transmitting, processing and storing data, pushing towards new forms of financial intermediation.


1 Giuseppe Rumi, Federico Vezzani and Tommaso Faelli are partners at BonelliErede.

3 See, for example, the series of contributions and documents dedicated to fintech launched by Consob, in collaboration with the main Italian universities, in March 2018.

5 The rules on the BoI's Central Credit Register are set out in BoI Circular No. 139 of 11 February 1991, as subsequently amended and supplemented.

6 e.g., the cross-border transport limits on physical currency and its equivalents (no more than €10,000) and limits on cash payments (no more than €3,000).

7 See Article 25 of the Italian Banking Act and its implementing regulations.

8 See: (1) BoI's transparency provisions of 29 July 2009, as subsequently amended, for banking and payment services; and (2) Consob's Intermediaries Regulation No. 20307 of 15 February 2018, for investment services.

9 See the BoI's provisions of 3 April 2013 on customer due diligence and the BoI's new provisions published for consultation in April 2018.

10 See Legislative Decree No. 206 of 6 September 2005 (Italian Consumers Code).

11 See Annex 3 to the BoI's new provisions on customer due diligence published for consultation in April 2018.

12 As amended by Law Decree No. 179/2012, converted into Law No. 221/2012.

15 See Article 106 of the Italian Banking Act.

16 See Article 4, Paragraph 1, of Law No. 130 of 30 April 1999 and Article 58 of the Italian Banking Act.

18 That converted into law, with amendments, Decree Law 14 December 2018, No. 135.

21 See Article 1, Paragraph 2, let. qq) of Legislative Decree No. 231 of 21 November 2007, as amended by Legislative Decree No. 90 of 25 May 2017.

22 See Article 1, Paragraph 2, let. ff) of the AML Decree.

23 In January 2018, the MEF published a decree for consultation setting out the timing and conditions for the notification of the commencement of virtual currency activities by service providers. However, the final version of this decree has yet to be published.

24 Indeed, the volatility of virtual currencies and the difficulties in identifying the virtual wallet's owner appear inconsistent with AML duties (see, for example, Question No. 3-2018/B of the Italian National Council Notaries).

26 See EBA warning on the use of virtual currencies at the following link: https://eba.europa.eu/documents/10180/598344/EBA+Warning+on+Virtual+Currencies.pdf.

27 See Articles 130 (abusive activity of collection of savings), 131 (abusive banking activity) and 131 ter (abusive provision of payment services) of the Italian Banking Act, and Article 166 (abusive provision of investment services) of the Italian Financial Act.

29 i.e., the bankruptcy of the well-known Japanese exchange facility MtGox and, more recently, in January 2019, the bankruptcy of the Italian company BG Services S.r.l., which managed the BitGrail exchange in Nano cryptocurrency.

31 In several resolutions and communications Consob clarified that 'any other form of financial investment' refers to investments that include: (1) the use of capital; (2) an expectation of return; and (3) the related risk. See, among other things, Consob Communication No. DEM/3082035 of 19 December 2003 and Consob Resolution No. 14422 of 13 February 2004.

32 See, for example, Consob Resolutions No. 20693 of 14 November 2018 and No. 20741 of 12 December 2018, whereby Consob suspended an offer of tokens and an offer of virtual currencies under Article 99 of the Italian Financial Act.

33 Smart Contract Templates: foundations, design landscape and research directions; Christopher D Clack, Vikram A Bakshi, Lee Braine; arXiv:1608.00771v3 [cs.CY], 15 March 2017.

34 See, for example, Buddybank (the digital bank powered by Unicredit), CheBanca! (part of Mediobanca's group) and Widiba (part of MPS group).

35 See Consob Regulation No. 20307 of 15 February 2019.

36 See Article 67 ter of the Italian Financial Act.

39 See Articles 106 and 108 of Legislative Decree No. 209 of 7 September 2005.

40 See Article 2, Paragraph 1, No. 1 of Directive 2016/97/EU.

42 See the European Commission's Action Plan published on 8 March 2018.

43 See EBA's Roadmap on FinTech, published on 15 March 2018.