The Financial Technology Law Review: Denmark

Overview

The Danish financial sector has experienced fast-moving developments in the light of digitalisation. As a result, fintech has become an integrated part of the financial sector in Denmark. The ecosystem and the many fintech start-ups create jobs and value in the financial sector while also contributing to the digitalisation of the Danish business environment in general.2 Denmark was ranked number four in the latest Ease of Doing Business rankings3 and number three in the Digital Economy and Society Index (DESI) 2020.4

The Danish fintech market is increasing rapidly and aiming at creating new commercial opportunities by establishing unique connections between start-ups, corporates, investors and academia and by linking the Nordic fintech ecosystem with the global fintech ecosystem.5

Because of the development of Denmark as one of the leading fintech hubs in the global financial services industry, the Danish government has decided that it should be easier for fintech entrepreneurs to get started in Denmark,6 deeming Denmark very fintech-friendly.

To keep up with the development, the Danish Financial Supervisory Authority (the DFSA) has set up a dedicated fintech unit, the Division of Fintech, Payment Services and Governance. The team works to ensure that growth and regulation pull in the same direction while also ensuring that entrepreneurs can embrace and adapt to financial legislation more easily. Furthermore, the DFSA has, for example, created the following initiatives to put Denmark on the map for fintech-friendly jurisdictions: (1) the Fintech Forum, (2) FT-lab (regulatory sandbox) and (3) guidance services.

The DFSA has published an ambition of minimising regulatory uncertainty for financial companies using new technology by assisting financial entrepreneurs through the licensing process, as we elaborate upon in Section II.i.

With regard to taxation, there are no specific incentives aimed at fintech companies. This approach is quite common in Denmark as it is rare that specific companies or sectors are granted tax advantages.

Regulation

i Licensing and marketing

Danish law has not implemented any specific fintech licence. As a rule of thumb, the traditional financial regime applies to any 'financial activity' carried out by means of technology. The licence and marketing requirements for a fintech company therefore depend on the specific type of envisaged activities and in the end is most often based on harmonised European Union (EU) legislation.

The primary Danish laws currently applicable to fintech are:

  1. the Payments Act of 27 November 2020, as amended from time to time;
  2. the Money Laundering Act of 27 November 2020, as amended from time to time;
  3. the Financial Business Act of 11 September 2020, as amended from time to time;
  4. the Capital Markets Act of 27 November 2020, as amended from time to time;
  5. the Data Protection Act of 23 May 2018, as amended from time to time;
  6. the Marketing Act of 3 May 2017, as amended from time to time; and
  7. the Consumer Contracts Act of 17 December 2013, as amended from time to time.

Payment services

Payment services can be provided by non-banks either by an electronic money institution or by payment institution pursuant to Section 9 in the Danish Payments Act. These institutions must apply for a specific licence with the DFSA. It is possible to apply for two types of licences, either a full licence or a restricted licence when certain specific thresholds are being observed. The requirements as to documentation and the scope with respect to the restricted licence are less rigorous and the process of obtaining a licence is deemed correspondingly faster. The DFSA will have three months to process the application from the date of the receipt of a complete application (i.e., an application that contains all the required information and appendices that are necessary for the DFSA to process the application). There will be no initial fees that need to be paid to the DFSA with respect to the application. However, once the licence has been granted, the entity in question will be subject to an annual fee adjusted on a yearly basis.

Credit information services

Companies that provide credit information services must be licensed with the DFSA pursuant to Section 60 of the Payments Act. The application process is somewhat similar to the process regarding licensing for entities providing payment services, but less demanding. Once the licence has been granted, companies providing credit information services are treated as payment services companies. Such companies will need to comply with the rules set out in the Payments Act; however, subject to certain exemptions. Furthermore, they will be required to hold a business insurance covering the company's liabilities because of unauthorised use of the services or fraudulent access.

The DFSA has emphasised that this area is still new and new business models are emerging on an ongoing basis.7

Asset management

The Financial Business Act and several executive orders issued on the basis thereof regulate investment firms (MiFID II).8 Financial institutions that provide investment services or carry out investment activities must be licensed as such pursuant to the provisions in Section 9 of the Act.

More specifically, such entities must obtain a licence to operate as an investment firm in respect of the activities mentioned in Appendix 4(A) of the Act regardless of the automated or digital character of the service (e.g., investment advice). Thus, digital financial advisory or transactional services are subject to the same regulatory requirements as traditional financial services. However, in a statement of 21 December 2020, the DFSA announced that it will sharpen its focus towards automated advisory services.9

Managers of alternative investment funds regulated by the AIFMD10 and undertakings for collective investment in transferable securities (UCITS) operatives are not specifically singled out in relation to financial technology apart from a distinct opinion issued by the DFSA stating that even though investment decisions are made by, for instance, a fully automated algorithm or AI, it will always be deemed to be ultimately operated by a natural person, employed in a company holding the applicable relevant authorisation for the financial service involved. In other words, you cannot 'outsource to a machine' to avoid personal liability and responsibility.

Marketing rules

The Marketing Act is the general legislation regulating the marketing of goods and services in all industries. The Act applies to private business activities as well as to public activities, to the extent that products and services are offered on the market no matter by which means.

Marketing of MiFID-services, payments services or AIFM-services, for instance, entails an obligation to observe specific requirements to that extent based on harmonised EU legislation. In addition to these requirements, general rules on marketing as set out in the Marketing Act must also be observed. If a fintech company offers services or products not regulated by the financial regime, such as crypto assets, the marketing of those services will only be subject to the general rules in the Marketing Act.

ii Cross-border issues

EU investment firms, credit institutions and other financial undertakings11 may passport their local European licence into Denmark12 as may similar firms from the European Economic Area (EEA) and third countries that have applied the DFSA to do so depending on the type of service offered. Provision of investment services in Denmark may be carried out: (1) on a cross border basis; (2) through a branch; or (3) through a tied agent.

EU undertakings authorised to provide the activities in their home country may start providing services in Denmark when the DFSA has received notification of this from the supervisory authorities in the home country (passporting).13

Third country credit institutions and investment firms may also apply for a licence with the DFSA to provide investment services on either a cross-border basis or through a branch.14 Both procedures require a formal application with the DFSA and are not covered by the passport option for EU firms.

Furthermore, electronic money institutions or payment institutions in the EU can provide payment services in Denmark by offering cross-border payment services, setting up a branch or through an agent, when the DFSA has received notification of this from the supervisory authority in the home country.15

Physical presence is required for certain types of financial activities. The Act on Managers of Alternative Investment Funds etc. states that an AIFM must appoint a depositary for each individual fund managed by the AIFM. If the fund is established in an EU country, the depositary must be established in the same Member State as the fund.16 The same applies in relation to the appointment of a custodian for all UCITS.

In certain cases, the licence will not be required even though the services fall within the scope of the licence-based activities. This approach is, however, only reserved to a specific situation and on the condition of an assessment of whether the contact between the entity and the customer or investor has been established exclusively on its own initiative (reverse solicitation) or if the service is indeed delivered in another jurisdiction – which may, for instance, be the case for deposits and custody or trading facilities.

Because Danish legislation does not contain a definition of 'reverse solicitation', an assessment shall always be made on a case-by-case basis. Furthermore, it is the entity in question that is solely responsible to document to the DFSA that no marketing toward customers has taken place (e.g., in a form of a written declaration from the investor supplied by other documentation).

In conclusion, Danish law does not permit undertakings to provide financial services cross-border without obtaining a relevant licence or passporting a local licence into Denmark. Thus, it is of the utmost importance to carry out a case-by-case assessment of the specific service provided by a fintech company to determine whether it falls under the financial regime. If the fintech falls within the scope, it will be subject to the licensing requirement regimes with cross-border possibilities.

Digital identity and onboarding

The first digital identity signature in Denmark boarded in 2003 and is now known as 'NemID'.17 NemID is issued to citizens and legal entities by the Danish state and consists of a user ID, a password and a key card with one-time codes. When a person logs in, they must first enter user ID and password and then a code from the key card. NemID is owned and run by a private company, Nets DanID A/S18 (Nets). The identity signature technology is also used in Norway and Sweden.

NemID ensures the identification of citizens and legal entities when executing documents and communicating with authorities etc., without physical presence (i.e., online). Usually, a person would put a signature on a piece of paper as a guarantee that he or she is who they say they are. However, when business affairs and models move from paper to digital communication, a tool used to sign those electronic documents online becomes necessary. NemID is an important tool used widely by companies in Denmark for this purpose. Further, NemID is the common digital signature used in Denmark, which means that one must use the same login everywhere. For instance, the DFSA has announced that requirements for a signature in connection with the handling of board documents and resolutions can be carried out using digital signature solutions.19

NemID can also be used as a secure login on different platforms of the internet, including: (1) access to online banking, securities trading facilities; (2) access to information from authorities; (3) communication with companies; (4) crypto-currency transactions; and (5) access to personal filings and info at the Danish Tax Agency (SKAT), and more.

Undertakings can enter into an agreement with Nets to be a NemID service provider. After granting the right to be a NemID service provider, the undertaking can use NemID for the following purposes:

  1. Identification: secure identification of user logging into a website.
  2. Validation: when the user validates himself or herself with NemID, the company is assured that the user is who they say they are.
  3. Signing: the possibility to offer digital signatures to an agreement. NemID is a legally valid digital signature.

This solution is attractive for companies that wish to onboard clients digitally. As previously mentioned, NemID enables companies to identify customers, users, representatives and employees etc. digitally when entering into any agreements or engaging digitally.

Digital markets, payment services and funding

i Digital marketplaces

Operators of marketplaces are subject to rules in the Danish Capital Markets Act, which entered into force on 3 January 2018 and implements relevant parts of MiFID. Operators of marketplaces need, among others, to apply for a licence with the DFSA. The scope of the requirements applicable differ depending on the services provided by an operator to its members.

Because a marketplace is defined as either (1) a regulated market, (2) a multilateral trading facility (MTF) or (3) an organised trading facility (OHF),20 the regulations apply only to platforms where third parties can buy and sell financial instruments.

Due to the fact that crypto assets are generally not categorised as either a currency or a security or financial instrument,21 the rules applicable to digital marketplaces do not apply to the provision of crypto assets unless these can be categorised as financial instruments. Operators of such digital platforms are subject to the general regulations on competition, marketing, consumer protection, the General Data Protection Regulation (GDPR), protection of intellectual property rights, etc. and the assessment of applicability of financial regulation will be based on the characteristics of both the crypto assets and the services offered on the marketplace.

ii Loan-based crowdfunding

Loan-based crowdfunding typically involves a platform on which either private or professional investors can provide loans directly to project owners (peer-to-peer lending). Peer-to-peer lending is the most frequently used crowdfunding in Denmark.22

Loan-based crowdfunding may require one of two licences: either (1) a payment institution or (2) a credit institution. The decisive factor is whether the company operating the crowdfunding platform only transfers funds or whether the company provides the loans.

If the company only transfers funds between parties, the company will most likely need to apply for a licence as a payment institution.23 With a licence to provide payment services, it will be possible to carry out intermediary activities related to payments between two parties, for example by transferring: (1) an initial loan from an investor to a project owner; 2) interest; and (3) repayments. The transfer of funds can be initiated in several ways, where the specific way the service is provided will be decisive for what permission is required under the Payments Act.

If the company actually provides the loans (after syndication of the loan givers by receiving deposits from the public), the company will be required to apply for a licence as a credit institution.24

The DFSA has emphasised that the financial legislation, besides the aforementioned licence requirements, also imposes further requirements aimed at providers of such platforms and the project owners. These include, among others, (1) a requirement to draft a prospectus (conditions precedent); (2) to observe MiFID requirements regarding investor protection (including suitability tests etc.); as well as (3) observing anti-money laundering (AML)-related requirements.25

iii Equity-based crowdfunding

Equity-based crowdfunding allows investors to invest in specific projects in exchange for ownership of shares or other forms of ownership from the project owner. In this connection, investor protection rules will often apply to equity-based crowdfunding. For example, a project owner or the provider of the platform may be required to prepare a prospectus and carry out suitability tests of the investors before the project can be financed. There are different types of permissions depending on the activity being performed because equity-based crowdfunding may both involve a single-purpose initial public offering (IPO)-type transaction and also collective investment scheme related transactions. AML and know-your-customer (KYC)-related requirements shall as always be observed.

Marketplace operators

With a licence as operator of (1) a regulated market,26 (2) an MTF27 or (3) an OHF28 it is possible to provide a platform that connects different project owners, sellers, intermediaries' and investors' interests in buying and selling financial instruments.

The decisive factor for which of the three above permits is relevant to the provider of the platform is how the marketplace is set up and which types of financial instruments are traded on the marketplace.

Manager of alternative investment funds

With a licence as a manager of alternative investment funds (AIFM)29, it is possible to establish a crowdfunding platform that intends to raise capital from a number of investors to invest the capital in a selection of projects on the platform. Investments must be made in accordance with a defined investment policy for the benefit of investors. Like AIFM, it is also possible to obtain a permit for ancillary services, which, inter alia, includes investment advice and the receipt and dissemination of orders relating to financial instruments.30

Investment company

A licensed investment company31 may, in relation to a crowdfunding platform, be responsible for receiving, transmitting and executing orders relating to financial instruments issued by selected project owners as well as providing investment advice to investors. Platforms that have a licence as an investment company can also obtain a licence to participate in the investments with their own funds and to operate an MTF.

iv Other liabilities and relevant legislation for crowdfunding

Depending on the type of licence, providers of crowdfunding platforms may need to comply with investor protection rules such as customer categorisation, customer agreements, information obligations, requirements for suitability tests, etc.32

Crowdfunding platforms are typically covered by the Money Laundering Act. Companies subject to the Act must prepare a risk assessment and, based on this, companies must prepare internal policies and procedures that specifically describe how the company will manage and prevent the risk of being misused for money laundering and terrorist financing.

The company providing a crowdfunding platform must comply with the requirements set out in the Consumer Contracts Act.33 Because peer-to-peer lending platforms usually offer their services online, the consumer protection rules on distance selling must be respected. Pursuant to Section 14 of the Act, the provider must give the consumer certain information before entering into a distance selling agreement regarding a financial service.

v Collective investment schemes

Collective investment schemes can take many forms including that of an alternative investment fund (AIF) as described above or as an UCITS. It is not possible to locate any special provisions applicable to fintech models falling under the definition of a UCITS. Thus, these activities must be considered under the applicable regime for the collective investment scheme in question. The legislation and the directives they implement are 'technology neutral', which means that the use of financial technology does neither qualify nor disqualify application of either regulation. In other words, the categorisation must be based upon whether the characteristics are defined in the legislation or not, regardless of the use of technology. This assessment is based on the Act on Investment Associations, etc.34 for UCITS or the AIFM Act for AIFs as described above.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

i The current regulatory situation

The DFSA has announced that cryptocurrency is currently not categorised as either a currency or a security or financial instrument under the applicable financial regulatory regime in Denmark. As such, there are no specific regulations that apply to the blockchain technology or cryptocurrency. Cryptocurrency is only mentioned in the Danish AML Act, which transposes the latest changes set out in the EU Anti-Money Laundering Directive (5th AMLD). Crypto assets may be financial instruments or securities as they may very well possess the characteristics of such. If a crypto asset has the same aim as a financial instrument, it matters not that it is based on distributed ledger technology (DLT). If the crypto asset as an issuance involves a financial aim, is standardised, is transferable and is negotiable, it will most probably be viewed as a financial instrument. Again, the regulation is 'technology neutral'.

Regulatory initiatives from the EU are escalating this area and currently there is a proposal for a regulation on markets in cryptoassets published 24 September 2020 together with an amending directive.35 The latest developments within the area will undoubtedly be considered as a game changers and contribute to the creation of a level playing field or enhancement of the investor protection, as many of the existing participants will potentially fall under supervision because of a licence requirement. Denmark is expected to implement new EU harmonisation well within deadline.

Due to the absence of a specific regulatory regime, platforms based on trading or exchange of crypto assets (not categorised as financial instruments) are currently not covered by the Danish financial regulation. Thus, provision of services with regard to crypto assets does not require any licence etc. Nevertheless, companies providing cryptoasset services must be aware of other applicable legislation such as AML laws, the general Danish marketing regime, contractual regimes, GDPR regimes, consumer protection regimes etc. when providing services in Denmark.

With that being said, it should be repeated that digital assets could be categorised as financial instruments. As such, a provider should always assess whether the criteria for qualifying a token or crypto asset as a financial instrument are present (see below).

ii Security tokens

Cryptocurrencies that are exclusively a means of payment are still not regulated under the financial legislation in Denmark. However, certain tokens can be acknowledged as financial instruments (security tokens) and be covered by financial legislation.

Thus, security tokens should be assessed on a case-by-case basis as tokens may be viewed as financial instruments if they (1) involve a financial aim, (2) are standardised, (3) negotiable and (4) transferable.

It will depend on an individual assessment whether a token fulfills the listed criteria for financial instruments and consequently is regulated by the DFSA. An example could be a token that acts as a derivative linked to an underlying financial instrument.

iii Initial coin offerings

The term initial coin offering (ICO) refers to the event where a company offers its own cryptocurrency on a blockchain that the public can buy. Companies dealing with ICOs and cryptocurrencies in general should carefully consider whether their activities fall within the scope of financial legislation. This could, for example, be legislation on alternative investment funds, prospectus regulation and AML etc. It will depend on an individual assessment whether an ICO is regulated by financial regulation.

However, few ICOs are regulated and raising capital may in those instances therefore be started quickly and cheaply, because the company does not have to obtain regulatory approval. Another advantage is that the company simultaneously raises capital and builds a user base to purchase the company's goods or services.

As investing in ICOs may be a high-risk investment, most often settled with another high-risk product (e.g., a widespread cryptocurrency such as Bitcoin or Ether), the DFSA encourages consumers to carefully examine the risks associated with the investment and gain the necessary understanding of the underlying business model and technology before investing.36

It is important to state that the very construction behind the offering of tokens through an ICO and investments in an ICO may be regulated by other legislation, even though the token offered is not a financial instrument.

iv Money laundering registration

The fifth AMLD is partly implemented in the Danish Act on Preventive Measures against Money Laundering and Financing of Terrorism (the Money Laundering Act).37

Providers of crypto assets and digital asset service providers are covered by the Act38 and providers of such assets must be registered with the DFSA. In connection with the AML registration, members of the company's management and beneficial owners must be considered 'proper' prior to the registration with the DFSA. For this purpose, the company will be obliged to submit criminal records for both members of the board of directors and the executive board as well as the ultimate beneficial owners.

When the company is registered, it is obliged to ensure that employees, including management, have received adequate training in the requirements of the AML Act and rules issued pursuant thereto as well as relevant data protection requirements.

v Tax and VAT

When an individual buys or sells cryptocurrency it is generally considered speculation. Therefore, generally, a Danish domiciled buyer or seller must also report the profit or loss to the Danish Tax Agency when selling cryptocurrency. In other words, tax must be paid if the cryptocurrency has been purchased for the purpose of making a profit.

Currently no specific VAT-rules or exemptions apply with regard to crypto assets or services. Hence, the question of whether VAT applies shall be assessed on a case-by-case basis in the light of the harmonised rules as set out in the VAT Directives. As such, a VAT exemption may apply if a financial technology is applied or included in a VAT-exempted service such as fund administration.39

Based on the recent court practice, there might be a presumption that trading in certain crypto assets can fall under the VAT exemption as the European Court of Justice has stated that transactions to exchange traditional currencies for units of Bitcoin are exempted from VAT under the provision concerning transactions relating to 'currency, bank notes and coins used as legal tender'.40

Other new business models

Denmark has not implemented specific rules on self-executing contracts or fully automated investment processes, but judicial practice on the subject is plentiful as the concept of 'machine induced will' is not accepted unless it can be attributed as the manifestation of a physical person's will. The concept of self-awareness is generally not accepted by law of contract unless it can be linked to, for instance, the implementation and responsibility of a legal person.

As outlined above, new ways of conducting business are continuously arising in the fintech industry. The most recent business models observed include: (1) automated investment advisory; (2) open banking platforms; (3) credit information services; (4) crowdfunding platforms; (5) crypto asset services; (6) initial coin offerings; (7) digital marketplaces; and (8) digital identity services. Copenhagen Fintech has created an overview of the different areas and the companies involved that can be found on their website.41

The general starting point applicable for all these fintech models is that they must be assessed on a case-by-case basis as regulation is intended to be technology neutral. The traditional financial regime applies for all models in which financial instruments or services are present. Therefore, it is decisive for the regulatory requirements to determine whether a financial instrument is involved in the specific service or vice versa. Fintech companies can apply the following steps in the assessment: (1) does the service involve financial instruments or payments; (2) if yes, is it subject to financial regulation?; (3) if yes, what specific financial field does it concern and does a special legal framework apply; and (4) can other relevant legislation apply (e.g., GDPR, competition, consumer protection, marketing, etc.)?

If the first step is confirmed, one must thereafter examine the specific financial field in which the service operates. As an example, automated investment advisory services fall under the scope of MiFID and the corresponding Danish Financial Business Act. In consequence of this, the fintech company must be aware of investor protection regimes and other obligations applicable to MiFID investment companies.

After confirming the relevant financial field involved, another important point to bear in mind is that additional requirements may apply for certain services. As an example, all securities traders who perform algorithmic trading on marketplaces in Denmark must notify the activities with the DFSA.42 This applies to Danish as well as foreign securities traders. In addition, MiFID implements a number of requirements for securities traders who use algorithmic trading or offer direct electronic access (e.g., in the form of risk frameworks and controls). Furthermore, the DFSA has issued a memorandum on good practice, which financial companies should follow if they use supervised machine learning.43 The DFSA recommends companies to be clear about the purpose of using machine learning to make proper decisions.

After concluding the scope of activities within the financial field, the company will have to consider other relevant legislation such as GDPR, competition, consumer protection, marketing, taxation etc. As an example, one or more of the mentioned regimes will apply to third-party websites comparing products or providing information about financial products. Different regimes entail different requirements, and that ultimately affects the costs involved. The scope of requirements can therefore be important for evaluating the desired purpose of the fintech company.

Thus, a fintech company will always have to examine the specific field of activity to get an idea of the applicable regulatory framework. It is not possible to establish a clear or general framework for all fintech models and, with new models arising, one must conduct a specific analysis in each case by linking the service to the traditional financial regime and other relevant regimes.

Having the fast-paced development in mind, fintech companies must be aware of new and forthcoming regulatory initiatives in the fintech field, a recent example being the proposed regulations on crypto assets presented by the EU Commission.

Intellectual property and data protection

i Copyright protection of software

Digital data and material will usually be one of fintech companies' key assets. Therefore, it is important to outline the legal scope for protection of such assets.

There have been debates on whether computer programs (software) are protected as a copyright or patent right. In the EU, the copyright model has been the legal approach for dealing with this situation. In that sense, computer programs are protectable by copyright as literary works if they express the intellectual creation of an author.44 In that regard, the source code and object code of the software are protected by copyright.

Copyright protection extends to any element of expression of the creativity of its author, but not to the ideas behind it, procedures, methods of operation, or mathematical concepts as such. Therefore, an algorithm will not be protected by copyright. The main legal argument for this conclusion is that it is a factual concept and not an expression of the intellectual creativity of its author.

If an employee of a fintech company develops software during the performance of his work or according to the employer's instructions, the copyright will automatically be granted to the employer.45 This rule applies only to 'employees'. Consequently, consultants and software developers entering into a separate agreement with the company will attract the copyright as creators of the work. Therefore, it is important to manage the rights to such software in the contract under which it is developed.

ii Patent protection of software

The European Patent Convention and the Danish Patent Act excludes software from patentability if a patent application relates to a computer program 'as such'. It is therefore necessary to distinguish between 'software patents' that are excluded and 'computer-implemented inventions' that are accepted patentable subject matters.

In this respect, patent protection can be granted to inventions that involve the use of a computer, a computer network or other features realised by means of a computer program. Therefore, patentability is not denied on the sole basis that a computer program is involved. The decisive factor for patent protection of software is that the invention must contain or possess a technical character. This technical character must be present in all variants covered by the patent claim.

iii Database protection

Certain fintech business models have an interest in protecting the database they created. Protection can be obtained either as copyright protection or the unique sui generis protection offered by the directive on legal protection of databases.46 The latter protection type is, seemingly, easiest to access, as it only requires a substantial investment (qualitatively or quantitatively) in either obtaining, verifying or presenting the data.

The copyright protection demands that the selection or arrangement of the contents of the database be the author's own intellectual creation. Hence, protection will only apply to the selection and arrangement or structure of the material contained in the database and not the data itself.

The sui generis right on the other hand does not protect the structure or arrangement of the database but protects the contents of the database. Thus, if a company is protected by the sui generis right, it has the right to prohibit any acts of extraction or reutilisation of the whole, or a substantial part, of the contents of a database.

iv GDPR

Providers of financial services in Denmark are subject to the EU GDPR and the Danish Data Protection Act.47 It is necessary for fintech companies to ensure that personal data is processed lawfully in the light of the data protection rules.

As an example, companies must gather information about their customers in accordance with the Danish AML Act and about their investors pursuant to the suitability test carried out by MiFID companies. When companies gather the aforementioned information, obligations under the GDPR regime are triggered and the companies must comply with these rules to avoid any sanctions.

Year in review

Denmark is considered to be at the forefront in the fintech area and has historically been a first mover in, for example, the creation of NemID, Dankort, MobilePay, public digital rights registers and notaries, digital vaccine passports and driver's licences. The development is continuing to grow, with strong initiatives from both authorities and the private sector.

However, most recent developments in the regulation and legal treatment of fintech in Denmark will be derived from regulations and directives from the EU as Denmark is reluctant to implement national regulation proceding forthcoming and awaited EU harmonisation. The implementation of the EU legislation on fintech has primarily been transposed in Denmark in the Payments Act, Money Laundering Act and Financial Business Act. Furthermore, the DFSA has published a number of statements the past year providing information as to how certain legal fintech issues should be dealt with.

The Danish government and DFSA have a clear vision to make it easier for fintechs to establish and grow in Denmark. With the DFSA's regulatory sandbox – the FinTech Lab – selected companies can test their innovative business models in a safe environment. The FinTech Lab ensures that companies can test new technologies and business models more quickly (e.g., by testing on a limited number of customers). This can help both the companies and the DFSA to understand the use of new technology and business models within the financial area.

Private institutions are also contributing to successful development in the Danish fintech field. The organisation Copenhagen Fintech contributes to this progression by developing the community and ensuring growth within fintech innovation. The organisation hosts a yearly Copenhagen Fintech Week, which creates connections between different parties and connects the Nordic fintech ecosystem with the global fintech ecosystem.48 The most recent event took place in September 2020 with a focus on sustainability, its impact on businesses and society, and the UN's sustainable development goals (SDGs).49

The use of new technology and new business models in the financial sector may in some cases be difficult to place within existing financial legislation. The rise of new ways of conducting businesses in the fintech field requires regulators and practitioners to carry out individual assessments for the specific model in question and consider many different regulatory approaches. This applies not least for ICOs and crypto assets that may still raise legal uncertainty. The DFSA is not only keeping a close eye on the development but is also participating in it directly on the practical level by offering various test environments.

To keep up with the most relevant developments in the regulation and legal treatment of fintech in Denmark, it is essential to follow the announcements from the DFSA and keep track on the regulatory initiatives from the EU.

Outlook and conclusions

Having strong initiatives from both authorities and the private sector in mind, the Danish fintech sector is expected to surge in innovation and development in the years to come. Industriens Fond (The Danish Industry Foundation) has released a report in cooperation with Ernst & Young depicting Copenhagen fintech's journey to becoming one of Europe's leading clusters and incubation environments for fintech start-ups in just a few years.50

The DFSA supports the fintech environment within the framework provided by the legislation. It arranges special meetings where specific topics can be discussed as needed and it is possible for anyone interested to participate.51

The aim and vision for fintech in Denmark is designed to make it easier for companies to grow within the field but also entails a duty to prepare and adapt to new models, especially in the areas of crypto assets, artificial intelligence, big data processing, payment service solutions and digital marketplaces.

As a result of recent regulatory initiatives on the cryptoasset field, clear and specific requirements can be expected for these assets. With the proposal for a regulation on markets in crypto assets, fintech companies dealing with crypto assets can expect detailed regulation of the field. Thus, companies can already start assessing the proposed licence requirements applicable to issuers of cryptoassets and cryptoasset service providers to prepare their business model.

By amending the MiFID II definition of 'financial instruments' to specifically include instruments issued by means of DLT, the regulatory uncertainty for these assets will be removed, which can give rise to new and more innovative fintech models dealing with such instruments. The regulators in Denmark are keeping track on the development and companies are advised to be particularly aware of statements issued by the DFSA.

Footnotes

1 Kim Høibye is a partner, Jakub Zakrzewski is an attorney-at-law and Christian Brynning Petersen is an associate at NJORD Law Firm.

2 The Danish Industry Foundation, 'Copenhagen Fintech: Successful cluster development', 2021 http://www.industriensfond.dk/sites/default/files/copenhagen_fintech_playbook_eng.pdf.

6 The Danish FSA, 'Hvem er vi, og hvad er vores formål?', 7 December 2017, http://www.finanstilsynet.dk/Tilsyn/Information-om-udvalgte-tilsynsomraader/Fintech/Formaal.

8 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU.

9 The Danish FSA, 'Investeringsrådgiveren skal kende kunden - også når rådgiveren er en robot', 21 December 2020 http://www.finanstilsynet.dk/Nyheder-og-Presse/Pressemeddelelser/2020/Investeringsraadgiveren_skal_kende_kunden_161220.

10 Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No. 1095/2010.

11 See the entities mentioned in Sections 7–11 of the Danish Financial Business Act.

12 See Sections 30–32 of the Danish Financial Business Act.

13 See Section 31 of the Financial Business Act.

14 See Section 33 of the Financial Business Act.

15 See Sections 46–49 of the Payments Act.

18 Nets is a leading provider of digital payment services and related technology solutions across Europe.

20 See Section 3, No. 5 in the Capital Markets Act.

21 The DFSA, 'Fintech – spørgsmål og svar', 16 March 2018, http://www.finanstilsynet.dk/Tilsyn/Information-om-udvalgte-tilsynsomraader/Fintech/QandA.

23 See Section 9 of the Payments Act.

24 See Section 7 of the Financial Business Act.

26 A licence as an operator of a regulated market is an independent licence pursuant to section 59 of the Capital Markets Act.

27 Permission as an MTF is required in cases where a marketplace is operated in accordance with the rules in Chapters 17, 18, 20, 22 and 23 of the Capital Markets Act.

28 Permission as an OHF is required in cases where a marketplace is operated which is neither a regulated market nor an MTF. In this type of marketplace, only bonds, structured financial products, issue quotas and derivatives may be traded.

29 The conditions for obtaining a licence as managers of alternative investment funds are set out in the AIFM Act, Section 11, Subsection 3.

30 See the AIFM Act, Annex 1, Point 3b.

31 The conditions for obtaining a securities company licence are set out in Sections 9 and 14 of the Financial Business Act.

32 See the rules in Executive Order No. 2092 of 14 December 2020 on Investor Protection.

33 Act No. 1457 of 17/12/2013.

34 Act No. 1718 of 27/11/2020.

35 COM(2020) 596 final.

36 The DFSA, 'Orientering om ICO'er', 13 November 2017, http://www.finanstilsynet.dk/Nyheder-og-Presse/Sektornyt/2017/Orientering-om-ICO.

37 Act No. 1782 of 27/11/2020.

38 Section 1 (1), Points 23 and 24 of the Danish Money Laundering Act.

39 See the EUC BlackRock case of 2 July 2020.

40 C-264/14 (Hedqvist).

43 The Danish FSA, 'God praksis ved brug af superviseret machine learning', 10 July 2019, http://www.finanstilsynet.dk/Nyheder-og-Presse/Pressemeddelelser/2019/Machine_learning_10719.

44 See Recital 8 and Article 1(1) and 1(3) in the Software Directive (Directive 2009/24/EC).

45 See Section 59 in the Danish Copyright Act.

46 Directive 96/9/EC.

47 Act No. 502 of 23/05/2018.

49 The conference had 1400 attendees, 170 speakers from 40 countries, and more than 300 startups from around the world.

50 The Danish Industry Foundation, 'Copenhagen Fintech: Successful cluster development', 2021, http://www.industriensfond.dk/sites/default/files/copenhagen_fintech_playbook_eng.pdf.

51 Information about special meetings will appear on the DFSA's website and in the DFSA's newsletter: Danish FSA, 'Fintech Forum', 24 February 2020, http://www.finanstilsynet.dk/Tilsyn/Information-om-udvalgte-tilsynsomraader/Fintech/Fintech-Forum.

Get unlimited access to all The Law Reviews content