The Financial Technology Law Review: Russia

Overview

Digital transformation continues to rapidly impact the financial industry in Russia. The year 2020 was designated as the stress test year for accelerating transformation processes and highlighting systematic problems in the financial technology market2 for both banks (and other credit institutions) and pure fintech players. These global changes compel Russian financial service providers to continue with constant experiments in new technologies and business models, thus paving the way for a growing interest in fintech.

Even though there are some obstacles and uncertainties that may impact certain business models, overall Russia can be categorised as a fintech-friendly jurisdiction with no unusually burdensome requirements on companies involved in this field of commerce. Moreover, since July 2020, digital transformation has been outlined as one of the five key strategic goals for the country's development until 2030,3 thus making it clear that the Russian regulatory framework for digital economy and financial technologies will rapidly change.

The main regulator, the Central Bank of Russia (the Central Bank), also demonstrates an open-minded approach towards new financial technologies and maintains an informative website in English.4 Intending to increase availability of information concerning financial market players, the Central Bank plans to unite all the existing registers of financial organisations and create a unified register (URUFR), which will contain information about all companies entitled to provide financial services.

On 1 January 2021, the law establishing tax incentives for IT companies5 entered into force. According to the 'tax manoeuvre' provisions: first, the insurance payments rate for IT companies has been reduced from 14 per cent to 7.6 per cent; second, the income tax rate has been reduced from 20 per cent to 3 per cent; and, finally, there is no obligation for an IT company to pay VAT if the company is accredited in the Ministry of Digital Development, Communications and Mass Media of the Russian Federation, provided that its software products are included in the Unified Register of Russian Programs for Electronic Computers and Databases.

On 9 September 2021, the Action Plan (road map) entitled 'Creating additional conditions for the development of the information technology industry'6 was adopted as the second package of measures to support the Russian IT industry.

Despite certain bureaucratic obstacles, these legal benefits will certainly help large fintech companies and small start-ups develop the Russian IT industry and will attract more big players on to the market.

Regulation

i Licensing and marketing

'Fintech' companies provide financial services using big data, artificial intelligence (AI), machine learning, robotisation, blockchain, cloud technologies, biometrics, etc. Thus, the business models range drastically from traditional payments and collective investments to such novel areas as cryptocurrencies, initial coin offerings (ICOs) and robo-advisers. Each business model is subject to a specific set of regulations and licensing requirements.

Given this fact, as at January 2022, there is no universal fintech licence in Russia. Instead, each fintech business model is regulated separately. However, as illustrated in the Central Banks' advisory report,7 the main regulator plans to change the current approach based on the global trends towards financial services market reforms. Instead of separate requirements for each type of financial service, it is proposed to group financial activities into 'blocks'8 and elaborate regulation based on unified licences. The exact timeline for the changes is not set but the Central Bank's representatives presume that at least a year is needed to prepare for the first step of norms unification.

Apart from the main financial regulator, there are other authorities that have adjacent functions in the regulation of fintech:

  1. the Ministry of Finance is responsible for general financial policy and overall management in the field of finance in Russia;
  2. the Federal Tax Service is part of the Ministry of Finance and supervises compliance with taxation rules, including taxation of cryptocurrency mining and transactions with cryptoassets;
  3. the Federal Financial Monitoring Service (Rosfinmonitoring) is mainly tasked with anti-money laundering (AML) and counter-terrorism financing functions; and
  4. the Federal Anti-Monopoly Service enforces regulations applicable to fair competition and advertising, including those related to financial products and services.

Despite the leading role of the Central Bank, with the adoption in 2015 of the Federal Law on Self-Regulated Organisations in Financial Markets,9 certain regulatory functions have been delegated to self-regulated organisations (SROs). As at January 2022, there are 14 SROs in the field of finance approved by the Central Bank. In addition to SROs, there are also industry organisations and unions active in the fintech area, such as the Association for Financial Technologies Development,10 launched by the Central Bank, and the Russian Association for Cryptocurrency and Blockchain.11

In line with global practice, the Central Bank and other regulatory authorities in Russia place special emphasis on consumer protection. This is achieved through the enforcement of rules applicable to the marketing and advertising of financial products. The principal source of these rules is the Federal Law on Advertising,12 which sets basic principles, bans misleading and unfair advertising practices and provides for specific rules applicable to financial services and securities. In addition to this, the Federal Law on Consumer Protection13 sets forth detailed rules aimed to protect consumers.

When it comes to competition, the main act is the Federal Law on the Protection of Competition,14 which prohibits unfair competitive practices and outlaws abuse of dominant position, with special rules for financial organisations.

Following the adoption of the Federal Law on Credit Histories15 in 2004, there is now a legal framework for credit information services provided by credit history bureaus. These are private companies providing information services about the creditworthiness of borrowers. Professional lenders are required to submit information about individual borrowers to at least one such credit history bureau. As at January 2022, there are seven credit history bureaus registered with the Central Bank.

ii Cross-border issues

Unlike in some other jurisdictions, regulated or licensed financial activities may not be passported from other countries into Russia (i.e., companies incorporated abroad and licensed or regulated under their local rules may not automatically become licensed or regulated in Russia). A certain level of passporting may become possible in the future among countries that are members of the Eurasian Economic Union (Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova and Russia).

Traditional financial services that are subject to licensing or registration, such as banking, insurance, brokerage and dealing in securities, require a licence and may be carried out only via a local legal presence. Active targeting of Russian customers may result in liability and blocking of a perpetrator's website in the territory of Russia. Certain industries are also protected against foreign competitors willing to enter the Russian market. For example, there is a 50 per cent quota on the aggregate amount of foreign capital for banking and insurance industries. Otherwise, there are no restrictions on foreign investors willing to explore fintech opportunities via a local legal presence, nor are there requirements to partner or engage with local companies to enter the Russian market.

There is a general rule that foreign organisations engaged in regulated activities on the securities market under their local laws may carry out these activities in the territory of Russia only subject to prior accreditation with the Central Bank of their representative offices in the Russian Federation. However, the accreditation guidance developed in 2015 has not yet been adopted, which makes this rule of little practical value.

Despite the lack of passporting and certain restrictions, many fintech services are offered to Russian customers from abroad. This is particularly the case for unregulated segments of fintech, such as cryptocurrencies and ICOs. By way of example, until 2015, the trading of foreign currencies, universally known as forex, was unregulated in Russia and was actively marketed by offshore companies to a Russian audience.

In addition to unregulated business, there are also examples of foreign financial service providers being available to Russian consumers, without being legally present on the Russian market. This may be the case when a consumer only needs to be able to speak English to access a website where a fintech product is offered, whereas the website itself may not necessarily be actively marketed to the Russian audience. As an example, many foreign crowd-investing and automated investment adviser platforms are available to Russian consumers, even though they are likely offering regulated services. In the era when many financial services are offered through desktop or smartphone application interfaces, one must take active steps to not to be present in a particular market, such as blocking by IP addresses, limiting traffic-generating campaigns to select areas or limiting incoming payments to certain banks.

Digital identity and onboarding

Over the past couple of years, the Russian government has made significant efforts to introduce a digital identity for individuals and companies. This was initially driven by the desire to improve and ensure access to public services via the internet, which required a stable identity management system to be in place. This system, the Unified System of Identification and Authentication (USIA), was created in 2010 to provide access to Gosuslugi, an online portal of public services.

Nowadays, the use of the USIA as a method of identification has been extended beyond public services. Certain financial service providers that were previously required by AML or know-your-customer (KYC) laws16 to identify clients in their presence may now use the USIA as a gateway. For example, this applies to consumer (micro) loans, brokerage, securities trust management and certain other financial services, thereby allowing full digital onboarding.

On 2 July 2018, the Unified Biometric System (UBS) was put into operation. The UBS allows customers to undergo the biometric identification procedure. Customers need to visit one of the partner banks once,17 and can then use their unique biometric profile to access financial products remotely. Since the end of 2019, the UBS has been used to open bank accounts, obtain credit and carry out transactions for individuals in any bank.18 Since 1 January 2021, banks, insurance companies, microfinance organisations and securities market professionals have been legally empowered to establish the identity of legal entities' agents via the UBS or USIA.19 On 30 December 2021, the UBS became the 'state information system' integrated with other governmental digital systems.

Digital markets, payment services and funding

i Digital marketplaces

Digital marketplaces correspond to platforms where entrepreneurs place commercial offers for an indefinite range of consumers, who then select goods that best suit their needs. In the financial sector, marketplaces are used to conclude transactions between consumers (individuals) and financial institutions or issuers.20 These transactions include the provision of banking, insurance, the securities market and other services with the exception of bank account agreements for entrepreneurial activities. With the adoption of Federal Laws Nos. 211-FZ and 212-FZ, dated 20 July 2020,21 all the above-mentioned activities on financial marketplaces in Russia have been put into the legal framework.

According to the adopted legislation, to become a financial platform operator a Russian legal entity in the form of a joint-stock company must comply with a set of obligatory requirements, namely:

  1. inclusion in the Central Banks' Register of Financial Platform Operators;
  2. possession of a minimum amount of equity capital of 100 million roubles;
  3. not combining its activities with those of a credit institution or a non-banking financial institution, except for conducting activities as a trade organiser, depository, specialised depository or registrar;
  4. implementing an internal control system and a risk management system;
  5. having a hardware and software complex located in Russia;
  6. complying with information protection requirements established by the Central Bank; and
  7. complying with qualification requirements for members of its management bodies and for individual employees, and with requirements for shareholders of the marketplace operator (e.g., a shareholder with more than 10 per cent of voting shares cannot be a company registered in an offshore zone).

As at January 2022, five financial marketplaces22 are registered as financial platform operators. New companies wishing to create a platform must also take into account the requirements for the relevant activity. With the growing popularity of goods marketplaces in the Russian market, the creation and development of financial marketplaces certainly has significant consumer potential.23

ii Digital and cryptoassets

Regulators all over the world are experimenting with the adoption of tokenised digital currencies. Russia is no exception. On 1 January 2021, legal regulation on digital and cryptoassets came into effect.24 The law permits the sale and purchase of digital financial assets (DFAs), as well as the exchange of DFAs for other DFAs or for other digital rights.

DFAs are defined as digital rights, which include:

  1. monetary claims;
  2. ability to exercise rights attached to issuable securities;
  3. interest in the capital of a non-public joint-stock company; and
  4. right to demand a transfer of issuable securities.

Instead of the term 'cryptocurrency', the law introduces a definition of 'digital currency': 'a series of digital data (digital code or reference) contained in the information system that is offered and/or can be accepted as a means of payment not constituting a monetary unit of Russia, a foreign country or an international monetary unit or a payment unit and/or as an investment'. The definition of digital currency therefore encompasses classic cryptocurrencies (payment tokens), in particular, Bitcoin and Ether. Digital currency ('digital rouble') and the circulation thereof is likely to be regulated by a separate federal law. However, the existing Law contains the basis for this regulation:

  1. Russian legal entities, Russian branches or representative offices of foreign legal entities and individual Russian tax residents may not make or accept payment for works or services in digital currency; and
  2. digital currency may not be advertised as a means of payment for goods, works or services; this may be inconsistent with its definition, which states that digital currency 'is offered or may be accepted as a means of payment'.25

Separately, it is worth noting the reservation according to which a cryptocurrency is not a digital currency if it has an obligated person attached to it (except for nodes and operators of information systems). This means that centralised stablecoins, such as USDC and USDT, fall outside this regulation as these are not digital currency within the meaning of the law. These tokens are more akin to electronic money, which is subject to separate regulation.

iii Collective investment schemes

Several legal forms can be used for collective investment purposes in Russia, ranging from purely contractual, such as 'investment partnership agreements', to corporate ones, such as joint-stock companies or incorporated investment funds. At the same time, available legal forms are not very well suited for modern-day crowd-investing purposes. The main hurdles are high incorporation costs, restrictions on the transfer of investment interests or other burdensome requirements.

The standard choice for a large-scale collective investment scheme remains a 'unit investment fund'. This legal form has been successfully used in the domain of collective real estate investments. The fund must be run by a professional investment management company.

Another option that is suitable for small-scale collective investments is a typical limited liability company (LLC). In this case, investment opportunities are marketed on an online platform, but actual transactions take place offline, because the transfer of interest in an LLC is subject to notary certification. The total number of members in the LLC is capped at 50.

iv Crowdfunding and crowd-lending

The law regulating crowdfunding and crowd-lending (or peer-to-peer lending)26 in Russia entered into force on 1 January 2020. The law determines the definition of an investment platform; establishes requirements for operators (that must: be included in the Central Bank's register; prepare annual reports on the results of their activities; and possess capital of no less than 5 million roubles), investors (for unqualified investors – no more than 600,000 roubles of investments per year) and persons attracting investments; and introduces a restriction on the total amount of attracted investments by one person (no more than 1 billion roubles per year). Crowdfunding and crowd-lending activities in Russia are not subject to licensing or consumer lending regulations.

v Payment services

Payment services is a regulated activity in Russia. The main piece of legislation is the Federal Law on the National Payment System (the NPS Law),27 which is supplemented by numerous detailed regulations. The NPS Law describes different types of activities within the national payment ecosystem and imposes requirements depending on the type of activity. Credit institutions, including banks, may engage in most types of payment activities, whereas non-banking credit institutions are limited to certain activities (such as payment-clearing services and processing). As at January 2022, there are 28 active payment systems listed in the register maintained by the Central Bank.28

Pursuant to the Central Bank's road map of 2018–2020, the Faster Payments System (FPS) and the National Payment Card System have been fully operational since 28 January 2019. As at January 2022, 205 banks are participating in the system. The FPS enables private consumers to make instant online payments 24/7 using simple identifiers (e.g., mobile number, QR code) regardless of the banks with which the senders or recipients hold accounts.

Notably, since the grace period began in 2019, FPS transfers between individuals have been free of charge for banks, but banks will incur charges from 30 June 2022. Rates have been established for fund transfers from legal entities to individuals since 1 April 2020.

Since the adoption of several federal laws in 2019,29 there have been other noteworthy developments concerning foreign payment systems operating in Russia (Visa, MasterCard, etc.), which prohibit foreign payment systems from refusing to provide services to Russian banks (since April 2020) and oblige them to create separate subdivisions in Russia and register with the Central Bank (since July 2020).

vi Open API

Unlike the European Union, where Payment Services Directive II obliges banks to provide access to their customers' account information through application programming interfaces (API) to third parties, banks in Russia are not presently subject to such an obligation. Nonetheless, the Central Bank has already produced Standards on Open API,30 which are currently used in creating partner services. Also, on 10 December 2021, the draft guidelines for the digitalisation of the financial market for the 2022–2024 period31 was published, which includes the implementation of open APIs.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

As early as 2014, various regulators in Russia for the first time acknowledged the existence of Bitcoin by demonstrating their negative views towards it. In 2017, the attitude of regulators towards Bitcoin shifted from 'banned, unrecommended' to 'the concept is under investigation, regulation will come soon'.

Since 1 October 2019, under Russian law tokens have been legalised as objects of civil rights and are considered 'digital rights'.32 As described in Section IV.ii, a legal framework now exists for tokens and cryptocurrencies (digital currency). At present, security tokens (both shares tokens and tokenised securities) deriving their value from real assets (e.g., gold or nickel) constitute DFA and have legal value.

Internationally, one of the most widely discussed legal aspects of token sales was whether tokens constitute securities. Following the report of the US Securities and Exchange Commission on the DAO project,33 many global regulators agreed that certain tokens may qualify as securities or other financial instruments. In Russia, the issue was resolved with the adoption of the Federal Law on DFA, which assigns tokens to the category of 'DFA'.

Russian securities law limits the circulation of foreign financial instruments, with the Central Bank having a final say on whether a particular instrument may be allowed onto the public market. Unless cleared by the Central Bank, foreign securities may only be offered to accredited investors in Russia and no general solicitation (public advertisement) is permitted.

AML and KYC rules apply to transactions with cryptocurrencies to the extent these transactions are carried out via 'organisations carrying out transactions with monetary funds and other property' as defined in Article 6 of the Federal Law on Combating Legalisation (Laundering) of Illegally Gained Income and Financing of Terrorism.34

Other new business models

New business models in the area of fintech appear intermittently. Most of the time these models are beyond existing regulations and fall in one of the following two groups:

  1. unregulated models, which may be implemented within the existing legal framework; and
  2. prohibited models, which are explicitly outlawed.

Most new models fall within the unregulated domain. We briefly cover several such business models below.

i Smart or self-executing contracts

Until recently, there was no specific mention of smart contracts in Russian law. As of October 2019, Article 309 of the Civil Code provides that 'within the occurrence of certain circumstances, legal transaction may be executed without additionally expressed will of its parties by applying information technologies under the terms of transaction'.

Certification of Masterchain, an Ethereum-based blockchain developed by the consortium of major Russian banks cooperating within the Association for Financial Technologies Development, was achieved on 7 October 2019 and demonstrates the readiness of blockchain technology (and smart contracts, in particular) to be used in the financial sector. Masterchain's white paper names several use cases, such as a decentralised depository of mortgages, a distributed ledger of digital bank guarantees and electronic letters of credit.35

ii Automated digital advisory

Since 21 December 2018, automated digital advisory services (robo-advisers) have been subject to regulation. Specifically, Article 6.2 of the Federal Law on the Securities Market imposes mandatory accreditation for software used to provide investment advice.

iii AI

Currently, there are no special rules applicable to the use of AI in financial products. However, this does not preclude it from being actively developed. In early November 2019, Sberbank, Gazprom Neft, Yandex, Mail.ru Group, MTS and Russian Direct Investment Fund created the Russian AI Alliance. The parties joined forces to create technological components that will stimulate the development of AI. The president of Russia also instructed the government to stimulate investments into the implementation of domestic AI software.36 Thus, there are great drivers to develop legal regulations for AI in finance.

iv Financial product comparison

No specific regulation applies to websites comparing financial products or services. These websites are nonetheless subject to general advertising and fair competition principles.

v Binary options

The Central Bank has not yet taken any stance on binary options. However, it did announce in its regulatory strategy for 2016–2018 that it would provide guidance on this issue. This announcement was made in the document's section on consumer protection and gambling.

Intellectual property and data protection

i Intellectual property

Russian law is familiar with all standard concepts of intellectual property (IP) used to protect business. The most commonly used concepts are:

  1. patents (protecting inventions, utility models and industrial designs);
  2. trade secrets;
  3. copyright; and
  4. trademarks, including service marks.

Information of any nature relating to the results of intellectual activity may be treated as a trade secret and is protected provided confidentiality conditions are met.

Software and databases are usually protected under copyright laws. Copyright is acquired automatically as of the date a copyright object is created. Registration is optional.

Rights over trademarks are granted by virtue of registration with Rospatent,37 a local patent and trademark office. Alternatively, rights may also be acquired by virtue of international agreements to which Russia is a party, such as the Madrid Convention.38 Russia is a 'first-to-file' jurisdiction.

Any foreign company may seek protection of its intellectual property in Russia provided national law requirements are met. Russia is also a signatory to most international treaties covering intellectual property protection.

Disputes often arise in the context of employment relationship as to who owns newly created IP. For an employer to acquire rights over IP, it is important that an employment contract or a job assignment explicitly states that the creation of IP falls within the duties of an employee.

ii Data protection

Overall, Russian data protection law is in line with international standards. The Strasbourg Convention of 1981 (ratified by Russia in 2005) laid the foundation for Russian personal data protection legislation, which was adopted in 2006.

The main pieces of legislation governing the collection, storage and use of personal data in Russia are the Federal Law on Personal Data39 and the Federal Law on Information, Information Technologies and Data Protection.40

Unlike in some other jurisdictions, there is currently no general obligation to report cybercrimes, although legislation for this was proposed in 2017 and may be adopted soon.

Year in review

The most relevant global fintech market developments in 2020 included the growth of contactless payments, branchless banking and parametric insurance. According to EY,41 Russia is in the top three countries with a growing interest in fintech. As at 2020, there were over 400 fintech start-ups in Russia.

The fintech agenda in Russia in 2020 and 2021 was primarily focused on developing the legal framework for the digital era of finance. Specifically, the main achievement of Russian fintech legislation in 2020 was the adoption of the Law on DFA,42 which gave rise to numerous other developments, described in Sections IV and V. 2021 has also seen the beginning of a programme to increase the attractiveness of the Russian jurisdiction for IT companies and to 'land' foreign companies.43

Outlook and conclusions

The changes in the global financial industry will take place gradually in 2022. Analysts see the greatest potential in 2022 in areas such as biometrics, digital profiles, digital assets and tokenisation (in particular, there is growing interest in non-fungible tokens and ways to tokenise company shares). We will see changes in value chains, new business models and the types of players and products on the market.

Among other developments, the Bank of Russia is considering the possibility of issuing the central bank digital currency (CBDC), a 'digital rouble', as an alternative to cryptocurrencies, following the objective to develop the NPS.44 This will stimulate innovations both in retail payments and in other areas and support the development of the digital economy.

Also, we believe that the trend of embedded finance development in 2021−2023 will lead to lower marketing and branding costs for traditional banks because aggressive promotion will not be necessary. As a result, some of the large banks that are driving this technology development will become invisible to the consumer.

Footnotes

1 Roman Buzko is a partner and Vasily Agateev is a lawyer at Buzko Krasnov.

3 Decree of the President of the Russian Federation No. 474 on the Russian Federation's National Development Goals until 2030.

5 Federal Law No. 265-FZ on Amendments to the Second Part of Russian Tax Code dated 31 July 2020.

7 The Central Bank's Advisory Report for Public Consultations on Improving the Admission Process to the Financial Market. New Opportunities for Players. Available at www.cbr.ru/Content/Document/File/116463/Consultation_Paper_22122020.pdf.

8 The current edition of the Advisory Report allocates eight 'blocks': (1) banks and microfinance organisations; (2) insurance; (3) property storing and accounting; (4) asset management; (5) agency; (6) microlending; (7) infrastructure; and (8) information services and estimation.

9 Federal Law No. 223-FZ on Self-Regulated Organisations in Financial Markets dated 13 July 2015.

12 Federal Law No. 38-FZ on Advertising dated 13 March 2006.

13 Law of the Russian Federation No. 2300-1 dated 7 February 1992.

14 Federal Law No. 135-FZ on Protection of Competition dated 26 July 2006.

15 Federal Law No. 218-FZ on Credit Histories dated 30 December 2004.

16 Federal Law No. 115-FZ on Combating Legalisation (Laundering) of Illegally Gained Income and Financing of Terrorism dated 7 August 2001.

17 As at January 2022, there are 215 partner banks (available in Russian at www.cbr.ru/fintech/digital_biometric_id/credit/).

18 At the end of 2020, these services were provided by 11 banks.

19 Federal Law No. 479-FZ on Amendments to Certain Legislative Acts of the Russian Federation dated 29 December 2020.

20 As at February 2022, the draft bill allowing legal entities to use financial marketplaces is under consideration in the State Duma.

21 Federal Law No. 211-FZ on Concluding Financial Transactions Using a Financial Platform dated 20 July 2020 and Federal Law No. 212-FZ on Amendments to Certain Legislative Acts of the Russian Federation Concerning the Conclusion of Financial Transactions Using a Financial Platform dated 20 July 2020.

22 Moscow Exchange, VTB Registrar, Special Depositary INFINITUM, marketplace Sravni.ru and Open Financial Marketplace.

24 Federal Law No. 259-FZ on Digital Financial Assets, Digital Currency and Amendments to Certain Russian Legislation dated 31 July 2020.

26 Federal Law No. 259-FZ on Investments Through Investment Platforms and Certain Amendments to Other Laws of the Russian Federation dated 2 August 2019.

27 Federal Law No. 161-FZ on National Payment System dated 18 July 2011.

28 Available in Russian at www.cbr.ru/registries/nps/rops.

29 Federal Laws No. 33-FZ dated 18 March 2019, No. 166-FZ dated 3 July 2019, No. 173-FZ dated 3 July 2019 and No. 264-FZ dated 2 August 2019.

31 Available in Russian at https://cbr.ru/press/event/?id=12518.

32 Federal Law No. 34-FZ on Amendments to Parts One, Two, and Article 1124 of Part Three of the Civil Code of the Russian Federation dated 18 March 2019.

33 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, www.sec.gov/litigation/investreport/34-81207.pdf.

34 Federal Law No. 115-FZ on Combatting Legalisation (Laundering) of Illegally Gained Income and Financing of Terrorism dated 7 August 2001.

36 List of Instructions Following the AI Conference approved by the President of Russia (No. Pr-2242) dated 31 December 2020.

37 Federal Service for Intellectual Property, Patents and Trademarks.

38 The Madrid Agreement Concerning the International Registration of Marks of 1989.

39 Federal Law No. 152-FZ on Personal Data dated 27 July 2006.

40 Federal Law No. 149-FZ on Information, Information Technologies and Data Protection dated 27 July 2006.

41 Available in Russian at www.tadviser.ru/index.php/??????:??????-?????_(FinTech).

42 See footnote 24.

43 According to Federal Law No. 236-FZ on Activities of Foreign Persons in the Internet on the Territory of Russia dated 1 July 2021, foreign internet companies with more than 500,000 daily users must open authorised representative offices in Russia. Roskomnadzor (the data protection authority) has already published a list of companies that are required to open representative offices, which includes Google, Apple, Meta Platforms, Twitter, TikTok and Telegram.

The Law Reviews content