The Financial Technology Law Review: Russia
Digital transformation greatly impacts the financial industry. Banks and other credit institutions in Russia know this first-hand, as they face greater competition and more demanding customers. This compels financial service providers to constantly experiment with new technologies and business models, thus paving the way for a growing interest in fintech. This makes particular sense when you consider how attractive the customer base is in Russia, where there are more than 146.7 million citizens and a high internet penetration rate of 76 per cent.
Overall, Russia can be categorised as a fintech-friendly jurisdiction with no unusually burdensome requirements on companies involved in this field of commerce. There are some obstacles and uncertainties that may impact certain business models, but we expect this to change soon because of recent efforts aimed to upgrade Russian regulatory framework for digital economy (see Sections VIII and IX for details).
The main regulator, the Central Bank of Russia (the Central Bank), also demonstrates an open-minded approach towards new financial technologies and maintains an informative website in English.2 Interested parties may engage with the regulator in several forums, such as Finopolis,3 an annual fintech conference organised by the Central Bank in Sochi, the Association for Financial Technologies Development4 and in various smaller working groups.
Big banks in Russia lead the innovation race by leveraging existing relationships and data about their customers. For example, the largest banks are building their own financial marketplaces and peer-to-peer lending platforms. However, there are also many smaller companies and start-ups trying to challenge incumbents, especially in such areas as point of sale technologies and payment solutions.
Supporting fintech companies with economic incentives would certainly help, as there are currently no specific tax incentives for fintech companies in Russia. Fintech start-ups, however, may take advantage of benefits available for IT companies, such as reduced social security contribution rates of 14 per cent on employees' wages (instead of 30 per cent for other companies) or even more substantial tax privileges for residents of 'technoparks' (Skolkovo, for example).
i Licensing and marketing
'Fintech' companies provide financial services using big data, artificial intelligence (AI), machine learning, robotisation, blockchain, cloud technologies, biometrics, etc. Thus, the business models range drastically from traditional payments and collective investments to such novel areas as cryptocurrencies, initial coin offerings (ICOs) and robo-advisers. Each business model is always subject to its specific set of regulations and licensing requirements.
Given this fact, there is no universal fintech licence in Russia. Instead, each business model of fintech is regulated separately. Some business models, such as payments, are subject to established regulations that were adopted several years ago, while many others are subject to no regulation at all or operate in the grey area of the law.
The main financial regulator is the Central Bank, which oversees the monetary policy and regulates the financial industry. The Central Bank is the main licensing authority for banks, insurance companies, broker-dealers, investment advisers, payment systems, etc.
Apart from the Central Bank, some other authorities have adjacent functions in the regulation of fintech:
- the Ministry of Finance is responsible for general financial policy and overall management in the field of finance in Russia;
- the Federal Tax Service is a part of the Ministry of Finance and supervises compliance with taxation rules, including taxation of cryptocurrency mining and transactions with cryptoassets;
- the Federal Financial Monitoring Service (Rosfinmonitoring) is mainly tasked with anti-money laundering (AML) and counter-terrorism financing functions; and
- the Federal Anti-Monopoly Service enforces regulations applicable to fair competition and advertising, including those related to financial products and services.
Despite the leading role of the Central Bank, with the adoption in 2015 of the Federal Law on Self-Regulated Organisations in Financial Markets,5 certain regulatory functions have been delegated to self-regulated organisations (SROs). As of February 2020, there are 24 SROs in the field of finance approved by the Central Bank. In addition to SROs, there are also industry organisations and unions active in the fintech area, such as the Association for Financial Technologies Development,6 launched by the Central Bank, and the Russian Association for Cryptocurrency and Blockchain.7
In line with global practice, the Central Bank and other regulatory authorities in Russia place special emphasis on consumer protection. This is achieved through the enforcement of rules applicable to marketing and advertising of financial products. The principal source of such rules is the Federal Law on Advertising,8 which sets basic principles, bans misleading and unfair advertising practices and provides for specific rules applicable to financial services and securities. In addition to that, the Federal Law on Consumer Protection9 sets forth detailed rules aimed to protect consumers.
When it comes to competition, the main Act is the Federal Law on the Protection of Competition,10 which prohibits unfair competitive practices and outlaws abuses of dominant position, with special rules for financial organisations.
Since 2015, after the adoption of the Federal Law on Credit Histories,11 there is now a legal framework for credit information services provided by credit history bureaus. These are private companies providing information services about the creditworthiness of borrowers. Professional lenders are required to submit information about individual borrowers to at least one such credit history bureau. As of February 2020, there are 11 credit history bureaus registered with the Central Bank.
ii Cross-border issues
Unlike in some other jurisdictions, regulated or licensed financial activities may not be passported from other countries into Russia (i.e., companies incorporated abroad and licensed or regulated under their local rules may not automatically become licensed or regulated in Russia). A certain level of passporting may become possible in the future among countries that are members of the Eurasian Economic Union (Armenia, Belarus, Kazakhstan, Kyrgyz Republic, Moldova, and Russia).
Traditional financial services that are subject to licensing or registration, such as banking, insurance, brokerage and dealing in securities, require a licence and may be carried out only via a local legal presence. Active targeting of Russian customers may result in liability and blocking of a perpetrator's website in the territory of Russia. Certain industries are also protected against foreign competitors willing to enter the Russian market. For example, there is a 50 per cent quota on the aggregate amount of foreign capital for banking and insurance industries. Otherwise, there are no restrictions on foreign investors willing to explore fintech opportunities via a local legal presence; nor are there requirements to partner or engage with local companies to enter the Russian market.
There is a general rule that foreign organisations engaged in regulated activities on the securities market under their local laws may carry out such activities in the territory of Russia only subject to prior accreditation with the Central Bank. However, the accreditation guidance developed in 2015 has not yet been adopted, which makes this rule of little practical value.
Despite the lack of passporting and certain restrictions, many fintech services are offered to Russian customers from abroad. This is particularly the case for unregulated segments of fintech, such as cryptocurrencies and ICOs. By way of example, until 2015, the trading of foreign currencies, universally known as 'forex', was unregulated in Russia and was actively marketed by offshore companies to a Russian audience.
Besides unregulated business, there are also examples of foreign financial service providers being available to Russian consumers, without being legally present on the Russian market. This may be the case when a consumer only needs to be able to speak English to access a website where a fintech product is offered, whereas the website itself may not necessarily be actively marketed to the Russian audience. As an example, many foreign crowd-investing and automated investment adviser platforms are available to Russian consumers, even though they are likely offering regulated services. In the era when many financial services are offered through desktop or smartphone application interfaces, one must take active steps to not to be present in a particular market, such as blocking by IP addresses, limiting traffic-generating campaigns to select areas or limiting incoming payments to certain banks.
Digital identity and onboarding
Over the past couple of years, the Russian government has made significant efforts to introduce a digital identity for individuals and companies. This was initially driven by the desire to improve and ensure access to public services via the internet, which required a stable identity management system in place. Such a system, the Unified System of Identification and Authentication (USIA), was created in 2010 with a view to providing access to an online portal of public services, Gosuslugi. As of the beginning of 2018, more than 100 million Russian citizens are registered in the USIA.
Nowadays, the use of the USIA as a method of identification has been extended beyond public services. Certain financial service providers that were previously required by AML or KYC laws12 to identify clients in their presence may now use USIA as a gateway. For example, this applies to consumer (micro) loans, brokerage, securities trust management, and certain other financial services, thereby allowing full digital onboarding.
On 2 July 2018, the Unified Biometric System (UBS) was put into operation. UBS allows customers to undergo the biometric identification procedure. Customers need to visit one of the partner banks once, and can then use their unique biometrical profile to access financial products remotely. Since the end of 2019, UBS has been used to open bank accounts, obtain credit and carry out transactions in any bank. It is expected that UBS will be rolled out for other financial products, such as insurance and microfinancing, allowing for full digital onboarding.
Digital markets, payment services and funding
i Digital marketplaces
Digital marketplaces correspond to platforms where entrepreneurs place commercial offers for an indefinite range of consumers, who then select goods that best suit their needs. Currently, special rules establishing procedures to monitor the operation of marketplaces are lacking. Each operator develops its own terms of service, to which sellers and consumers must adhere in accordance with the Article 428 of the Civil Code of the Russian Federation. It is often the case that marketplace operators fix their roles as aggregators and provide that they are not responsible for the quality, time limits and other parameters of sales of goods. However, the rights, obligations and responsibility of trade aggregators are still subject to the provisions of the Federal Law on the Protection of Consumers and the Federal Law on Personal Data.
In the short term, the Central Bank will also launch a marketplace operating in the sphere of financial transactions. The integral part of the marketplace's system will be taken by electronic platforms, where financial service providers (credit and non-credit institutions, as well as securities issuers) put their offers of financial services for authorised consumers. Such platforms will be managed by providers, established under the Russian law and listed in the Central Bank's register. The future legislative framework for addressing this marketplace will be based on a special law.13 As of February 2020, relevant bills are at the initial stage of adoption in the State Duma of the Russian Federation.
ii Digital and cryptoassets
For the last two years, the legal framework for digital and cryptoassets has been actively developed. The provisions of the bill are generally accepted by the Ministry of Finance and other competent bodies. However, the Bank of Russia's representatives expressed their concerns over the circulation of cryptocurrencies, as they pose a high risk of enabling the laundering of illegal funds.
Nevertheless, the Central Bank's criticism relates only to certain aspects of the circulation of cryptocurrencies that are not backed by an underlying asset (e.g., as with stablecoins) or are not guaranteed by any state.
iii Collective investment schemes
There are several legal forms that can be used for collective investment purposes in Russia, ranging from purely contractual, such as 'investment partnership agreements', to corporate ones, such as joint stock companies or incorporated investment funds. At the same time, available legal forms are not very well suited for modern-day crowd-investing purposes. The main hurdles are high incorporation costs, restrictions on the transfer of investment interests or other burdensome requirements.
The standard choice for a large-scale collective investment scheme remains a 'unit investment fund'. This legal form has been successfully used in the domain of collective real estate investments. The fund must be run by a professional investment management company.
Another option that is suitable for small-scale collective investments is a typical limited liability company (LLC). In this case, investment opportunities are marketed on an online platform, but actual transactions take place offline, since the transfer of interest in an LLC is subject to notary certification. The total number of members in the LLC is capped at 50.
iv Crowdfunding and crowd-lending
The law regulating crowdfunding and crowd-lending (or peer-to-peer lending)14 in Russia entered into force on 1 January 2020. Existing platforms must comply by 1 July 2020. The new law determines the definition of an investment platform; establishes requirements for operators (that must be included in the Central Bank's register, prepare annual reports on the results of their activities and possess capital of no less than 5 million roubles), investors (for unqualified investors – no more than 600 000 roubles in a year) and persons attracting investments; and introduces restrictions on the total amount of investments (no more than 1 billion roubles in a year). It is worth mentioning that crowdfunding and crowd-lending activities in Russia are not subject to licensing or consumer lending regulations.
Despite the fact that the new law has finally provided for a legal framework in crowdfunding relations, it primarily focuses on protecting retail investors rather than simplifying the investment process and eliminating barriers. This may limit the potential for crowdfunding as an alternative to traditional sources of capital for businesses. Moreover, according to the Central Bank's report,15 in the first three quarters of 2019 the Russian crowdfunding market decreased by more than 40 per cent (peer-to-peer lending suffered a decrease of 70 per cent, from 268 million to 80.6 million roubles). The reasons for the decrease are the active involvement of banks in the process and the decline in investors' activities. However, experts predict the crowdfunding market's recovery in 2020 thanks to the emergence of more than 10 new players, including Sberbank and Alfa-Bank.
v Payment services
Payment services is a regulated activity in Russia. The main piece of legislation is the Federal Law on the National Payment System16 (the NPS Law), which is supplemented by numerous detailed regulations. The NPS Law describes different types of activities within the national payment ecosystem and imposes requirements depending on the type of activity. Credit institutions, including banks, may engage in most types of payment activities, whereas non-banking credit institutions are limited to certain activities (such as payment-clearing services and processing). As of February 2020, there were 51 active payment systems listed in the register maintained by the Central Bank.17
Since 28 January 2019, following the Central Bank's roadmap of 2018–2020, the Faster Payments System (FPS) along with the National Payment Card System are fully operated. As of February 2020, 44 banks are participating in the system. The FPS enables private consumers to make instant online payments 24/7 using simple identifiers (e.g., a mobile number, QR code) regardless of in which banks the senders or recipients have their accounts.
Notably, since the grace period of 2019, the FPS transfers between individuals are free of charge for banks, but from 30 June 2022 banks will have to pay rates. Nowadays, rates are established for funds transfers from legal entities to individuals, effective from 1 April 2020.
Since the adoption of several federal laws18 in 2019, there are other noteworthy developments concerning foreign payment systems (Visa, MasterCard, etc.) operating in Russia that prohibit foreign payment systems from refusing to provide services to Russian banks as of April 2020, and oblige them to create separate subdivisions in Russia and register with the Central Bank as of July 2020.
vi Open API
Unlike the European Union, where PSD2 will oblige banks to provide access to their customers' account information through application programming interfaces (API) to third parties, banks in Russia are not presently subject to such obligation. Nonetheless, the Central Bank expects a law establishing the obligation of open API for all banks to be adopted by the first quarter of 2021.19
Cryptocurrencies, initial coin offerings (ICO) and security tokens
As early as 2014, various regulators in Russia for the first time acknowledged the existence of Bitcoin by demonstrating their negative views towards it. In 2017, the attitude of regulators towards Bitcoin shifted from 'banned, unrecommended' to 'the concept is under investigation, regulation will come soon.'
Regarding tokens and ICOs, it should be noted that since 1 October 2019 under Russian law tokens are legalised as objects of civil rights and are considered 'digital rights'.20 Furthermore, the draft bill on digital financial assets is expected to outline the legal framework for blockchain ('distributed registry system'), tokens and cryptocurrencies ('digital currency').
In its current form, the bill provides for 'digital financial assets' to be determined as 'digital rights, including monetary claims, the possibility of exercising rights on equity securities, the right to demand the transfer of equity securities […] issuing, accounting and circulation of which is possible only by registering (changing) entries in the information system based on a distributed registry'. It means that security tokens (both shares tokens and tokenised securities) deriving their value from real assets (e.g., gold or nickel) could be considered 'digital financial assets' and will receive legal status after the adoption of the bill. For reference, utility tokens will also be legalised as 'digital operation signs' defined as 'a set of electronic data (digital code or symbols) obtained by the rules of information systems, within which digital financial assets are issued. Such 'digital operation signs' fall out of the 'digital financial assets' definition. Their issuing and usage will be determined by the Central Bank. In this context, experts tend to agree that all tokens are different and thus should be treated according to their substance rather than form.
Internationally, one of the most widely discussed legal aspects of token sales was whether tokens constitute securities. Following the report of the US Securities and Exchange Commission on the DAO project,21 many regulators all over the world agreed that certain tokens may qualify as securities or other financial instruments. In Russia, the Central Bank has not taken a position on this issue yet. In fact, it is problematic to qualify a token as a 'security' under Russian law, since the Civil Code defines security by listing specific financial instruments in an exhaustive manner. Thus, unless specifically listed in Article 142, other instruments should not be considered securities. This approach contrasts with that in the United States, where courts lean towards a more flexible approach using the Howey test.
Russian securities law limits the circulation of foreign financial instruments, with the Central Bank having a final say on whether a particular instrument may be allowed to the public market. Unless cleared by the Central Bank, foreign securities may only be offered to accredited investors in Russia and no general solicitation is permitted.
AML and KYC rules apply to transactions with cryptocurrencies to the extent such transactions are carried out via 'organisations carrying out transactions with monetary funds and other property' as defined in Article 6 of the Federal Law on Combating Legalisation (Laundering) of Illegally Gained Income and Financing of Terrorism.22
Other new business models
New business models in the area of fintech appear every now and then. Most of the time such models are beyond existing regulations and fall in one of the following two groups:
- unregulated models, which may be implemented within the existing legal framework; and
- prohibited models, which are explicitly outlawed.
Most new models fall within the unregulated domain. We will briefly cover several such business models below.
i Smart or self-executing contracts
Until recently, there was no specific mention of smart contracts in Russian law. As of October 2019, Article 309 of the Civil Code provides that 'within the occurrence of certain circumstances legal transaction may be executed without additionally expressed will of its parties by applying information technologies under the terms of transaction'.
Certification of Masterchain, an Ethereum-based blockchain developed by the consortium of major Russian banks cooperating within the Association for Financial Technologies Development, was made on 7 October 2019 demonstrates the readiness of blockchain technology (and smart contracts, in particular) to be used in the financial sector. Its White Paper names several use cases, such as a decentralised depository of mortgages, a distributed ledger of digital bank guarantees and electronic letters of credit.23
ii Automated digital advisery
Since 21 December 2018, automated digital advisory services (robo-advisers) have been subject to regulation. Specifically, Article of 6.2 of the Federal Law on Securities Market imposes mandatory accreditation for software used to provide investment advice. However, at this stage, the Central Bank has not yet adopted the procedure for such accreditation and, accordingly, no robo-advisers have been accredited.
Currently, there are no special rules applicable to the use of AI in financial products. However, this does not preclude it from being actively developed. In early November 2019, Sberbank, Gazprom Neft, Yandex, Mail.ru Group, MTS and Russian Direct Investment Fund created the Russian AI Alliance. The parties joined forces to create technological components that will stimulate the development of AI. Thus, there is a great driver to develop legal regulations for AI in finance.
iv Financial product comparison
No specific regulation applies to websites comparing financial products or services. Such websites are nonetheless subject to general advertising and fair competition principles.
v Binary options
The Central Bank has not yet taken any stance on binary options. However, it did announce in its regulatory strategy for 2016–2018 that it would provide guidance on this issue. This announcement was made in the document's section related to consumer protection and gambling.
Intellectual property and data protection
i Intellectual property
Russian law is familiar with all standard concepts of intellectual property (IP) used to protect business. Most commonly used are:
- patents (protecting inventions, utility models and industrial designs);
- trade secrets;
- copyright; and
- trademarks, including service marks.
Information of any nature relating to the results of intellectual activity may be treated as a trade secret and be protected as IP provided basic confidentiality conditions are met.
Software and databases are usually protected under copyright laws. Copyright is acquired automatically as of the date a copyright object is manifested in objective form. Registration is optional.
Rights over trademarks are granted by virtue of registration with Rospatent,24 a local patent and trademark office. Alternatively, rights may also be acquired by virtue of international agreements to which Russia is a party, such as the Madrid Convention.25 Russia is a 'first-to-file' jurisdiction.
Any foreign company may seek protection of its intellectual property in Russia provided national law requirements are met. Russia is also a signatory to most international treaties covering intellectual property protection.
Disputes often arise in the context of employment relationship as to who owns newly created IP. For an employer to acquire rights over such IP, it is important that an employment contract or a job assignment explicitly states that the creation of IP falls within the duties of an employee.
ii Data protection
Overall, Russian data protection law is in line with international standards. The Strasbourg Convention 1981 (ratified by Russia in 2005) laid the foundation for the Russian personal data protection legislation, which was adopted in 2006.
The main pieces of legislation governing the collection, storage and use of personal data in Russia are the Federal Law on Personal Data26 and the Federal Law on Information, Information Technologies, and Data Protection.27
Unlike in some other jurisdictions, there is currently no general obligation to report cybercrimes, although such legislation was proposed in 2017 and may be adopted soon.
Year in review
The fintech agenda in Russia in the context of the Central Bank's implementation of the Guidelines for Financial Technology Development for 2018–2020 was primarily focused on developing the legal framework for the digital era of finance. Specifically, the Bank of Russia has launched the regulatory sandbox as an isolated environment for piloting and modelling processes of new financial services, requiring changes in legal regulation. As of February 2020, the use of digital financial assets and biometric technologies, implementation of digital technologies in customer service processes and peer-to-peer insurance services are being successfully piloted in this regulatory sandbox.
Other than those specified in Sections III-VI, significant developments in the regulation and legal treatment of fintech include updates to the consumer lending legal framework, effective from 1 October 2019.28 Relevant changes cover remote customer identification for microcredit companies. Prior to that, all MFOs had to either delegate the simplified identification of customers to credit organisations (banks) or use the unified identification and authentication system (UIAS).
All recent developments are in line with the internationally accepted trends of the digitalisation of financial technologies.
Outlook and conclusions
We expect the plans following the general trends of 2018 to be finalised in 2020. Specifically, we believe that the current trends will continue to evolve in 2020, with market participants focusing more on decentralisation and availability of market instruments for individuals and businesses.
Further, we predict that current global trends on RegTech (regulatory technology) and SupTech (supervision technology) development will continue to evolve in Russia. Basic business models have already been developed, and regulators need to understand how to control them. Financial institutions will continue to use innovations in order to comply with the regulator's requirements, and regulators will implement Big Data, machine learning, AI, etc. to conduct effective supervision.
1 Roman Buzko is a partner at Buzko Legal.
5 Federal Law No. 223-FZ on Self-Regulated Organisations in Financial Markets dated 13 July 2015.
6 See footnote 4.
8 Federal Law No. 38-FZ on Advertising dated 13 March 2006.
9 Law of the Russian Federation No. 2300-1 dated 7 February 1992.
10 Federal Law No. 135-FZ on Protection of Competition dated 26 July 2006.
11 Federal Law No. 218-FZ on Credit Histories dated 30 December 2004.
12 Federal Law No. 115-FZ on Combating Legalization (Laundering) of Illegally Gained Income and Financing of Terrorism dated 7 August 2001.
13 The Bill on Federal Law No. 617867-7 on Transactions using Electronic Platform, the Bill on Federal Law No. 617880-7 on Amendments in certain legislative acts of the Russian Federation due to the adoption of Federal Law on Transactions using Electronic Platform.
14 Federal Law No. 259-FZ on Investments Through Investment Platforms and Certain Amendments to Other Laws of the Russian Federation dated 2 August 2019.
16 Federal Law No. 161-FZ on National Payment System dated 18 July 2011.
18 Federal Laws No. 33-FZ dated 18 March 2019, No. 166-FZ dated 3 July 2019, No. 173-FZ dated 3 July 2019 and No. 264-FZ dated 2 August 2019.
20 Federal Law No. 34-FZ on Amendments to Parts One, Two, and Article 1124 of Part Three of the Civil Code of the Russian Federation dated 18 March 2019.
22 Federal Law No. 115-FZ on Combating Legalization (Laundering) of Illegally Gained Income and Financing of Terrorism dated 7 August 2001.
23 Masterchain's whitepaper is available in English at: http://fintechru.org/documents/Masterchain_whitepaper_v1.1_en.pdf.
24 Federal Service for Intellectual Property, Patents and Trademarks.
25 Madrid Agreement Concerning the International Registration of Marks of 1983.
26 Federal Law No. 152-FZ on Personal Data dated 27 July 2006.
27 Federal Law No. 149-FZ on Information, Information Technologies, and Data Protection dated 27 July 2006.
28 Federal Law No. 71-FZ on Amending Certain Legislative Acts of the Russian Federation Aimed at Improving Microfinance Activities.