FinTech in Italy: overview

A Q&A guide to FinTech in Italy.

The Q&A provides a high level overview of the financial services sector; the FinTech sector; regulatory environment for alternative finance activities, payment platforms, investment/asset management and Insurtech; regulatory compliance; government initiatives; cross-border provision of services and the future of FinTech. This Q&A is part of the global guide to FinTech.

To compare answers across multiple jurisdictions, visit the FinTech Country Q&A tool. For a full list of jurisdictional Q&As visit global.practicallaw.com/fintech-guide.

Overview of financial services sector

1. What are the types of entities that form the financial services sector in your jurisdiction?

The following entities form the financial services sector in Italy:

Banks.
EU banks.
Non-EU banks authorised to provide financial services or activities in Italy through a branch.
Financial intermediaries enrolled in the register specified by Article 106 of the Consolidated Banking Act (Legislative Decree No. 385/1993, as amended).
Investment firms (Società di intermediazione mobiliare) (SIM).
Asset management companies (Società di gestione del risparmio) (SGR).
EU investment companies.
Non-EU investment companies authorised to provide financial services or activities in Italy through a branch.
EU asset management companies authorised to provide financial services or activities in Italy through a branch.
Insurance companies.
Investment advisory firms.
Multilateral trading facilities management companies.
Organised trading facilities management companies.
Systematic internalisers.
Market makers.
Payment institutions.
Electronic money institutions.
Money brokers.

2. What are the key regulatory authorities that are responsible for the financial services sector?

Ministry of Economy and Finance (Ministero dell’Economia e delle Finanze) (MEF)

The MEF is responsible for budgeting, tax policies, economic policy and financial policy. Additionally, the MEF co-ordinates public spending and oversees public investments, as well as monitoring and overseeing public financial management, public debt management and state stockholdings.

For banking and financial services, the MEF is the national competent authority for short selling and certain aspects of derivative contracts for hedging credit default swap risks (in conjunction with the Bank of Italy and CONSOB). It exercises powers of temporary suspension of the restrictions and intervention in exceptional circumstances relating to sovereign debt and credit default swaps of sovereign issuers, and lays down regulations on financial advisory firms’ capital and independence requirements.

Bank of Italy (Banca d’Italia)

In addition to being the central bank of Italy and forming part of the Eurosystem, the Bank of Italy is the lead supervisory authority in the banking and financial services sector. Its main goals are to ensure monetary and financial stability (also contributing to the decisions on the single monetary policy of the eurozone) and promote the smooth functioning of the payment system. It is responsible for:

Risk containment.
Asset stability.
Sound and prudent management of intermediaries.
Compliance with the rules and regulations of those subject to supervision.

It contributes to banking and financial regulation by participating in international committees and co-ordinating its activity with the other supervisory authorities.

Financial Intelligence Unit (Unità di Informazione Finanziaria) (FIU)

Italy’s Financial Intelligence Unit was established at the Bank of Italy by means of Legislative Decree No. 231 of 21 November 2007, in accordance with the international rules and criteria envisaging the presence in each state of a financial intelligence gathering unit, with complete operational and administrative autonomy, and responsible for combating money laundering and terrorist financing.

As part of the wider efforts to prevent money laundering and terrorist financing, the FIU:

Collects data on financial flows and information, mainly through the suspicious transaction reports transmitted by financial intermediaries, professionals and other operators.
Analyses the information, drawing on the available sources of intelligence and using the powers at its disposal.
Assesses its relevance for possible transmission to investigative bodies and co-operation with the judicial authorities.
Collaborates with the investigative and judicial bodies in the identification and analysis of anomalous financial transactions.
Attends the global network of the financial intelligence units active around the world for the exchange of vital information for combating such transnational phenomenon.

National Commission for Companies and the Stock Exchange (Commissione Nazionale per le Società e la Borsa) (CONSOB)

CONSOB is the supervisory authority competent for investor protection and supervision of the Italian securities market. In co-ordination with other EU and Italian competent authorities, it:

Regulates the provision of investment services and activities to ensure transparency and correctness of conduct with investors, as well as efficiency, integrity and development of the financial market.
Manages reporting obligations of companies listed on regulated markets and appeals for public investments.
Monitors market management companies and the transparency and orderly performance of negotiations.
Sanctions the monitored entities.

Insurance Supervisory Authority (Istituto per la Vigilanza sulle Assicurazioni) (IVASS)

IVASS is the supervisory authority for the Italian private insurance market. In this role, in co-ordination with other EU and Italian competent authorities, it:

Authorises undertakings to pursue insurance and reinsurance business, carries out inspections at insurance and reinsurance groups and undertakings and the other supervised entities.
Supervises technical, financial assets/liabilities management of insurance and reinsurance undertakings, groups and intermediaries, and transparency and fairness of behaviours by market participants.
Ensures a suitable protection of policyholders, as well as of persons entitled to insurance benefits, through the pursuit of the sound and prudent management of the supervised entities.

Overview of FinTech sector

3. What areas of the financial services sector has FinTech significantly influenced so far?

The term “FinTech” represents a vast array of innovative ways of using technology and operating in the field of financial services.

FinTech is an inter-sectoral phenomenon and includes both financial services and information technologies, and invests in the banking, financial and insurance intermediation sectors.

The main areas affected include:

Credit (crowdfunding and peer-to-peer lending).
Payment services (instant payments).
Virtual currencies (Bitcoin).
Investment advisory (robo-advisor).
Asset management.
Insurance services (InsurTech).
Market infrastructures.

Additionally, decentralised validation technologies that apply to transactions (blockchain or distributed ledger technology (DLT)), biometric identification (retinal or facial recognition) and the provision of financial services (cloud computing, big data, and automated scoring) fall within the scope of FinTech.

According to the Bank of Italy, the following are recognised as the most relevant categories of financial services impacted by the FinTech revolution:

Technologies for contracts and remote operations, which are related to the management of electronic identity and remote recognition of the customer used for the subscription of financial services.
Peer-to-peer payment platforms.
Instant-payment related services (including virtual wallets on the app).
Robo-advisory services.
Lending and crowdfunding platforms for individuals and SMEs (including those that make use of the sale of commercial credits (so-called invoice crowdfunding)).
Wealth and asset management services.
RegTech services, aimed at simplifying and automating the compliance processes.
InsurTech services, aimed at innovating the insurance world.
Comparison portals relating to the offer of financial or insurance services.
Information services on customer accounts.
Automated customer relationship management services through artificial intelligence solutions (ChatBox).

(FinTech in Italy – Survey on the adoption of innovation technologies applied to financial services, December 2017, Bank of Italy, see https://www.bancaditalia.it/compiti/vigilanza/analisi-sistema/stat-banche-intermediari/Fintech_in_Italia_2017.pdf.)

4. How do traditional financial services entities engage with FinTech?

The recent advent of the digital revolution and FinTech has brought both challenges and opportunities, particularly to traditional banks and financial intermediaries. Enhanced connectivity, new communication and logistic channels, and a dramatically rapid evolution of our lifestyle, mostly driven by technology, are also the basis for restructuring the banking and financial services sector.

Since the end of the last decade, the role of banks in financing the economy has gradually decreased, while the weight of capital markets and non-bank operators has increased, carrying out some functions typical of traditional credit intermediation. The rapid development of technology is opening up the credit and brokerage markets to competition from new players, including FinTech companies that offer innovative and low-cost services particularly with regard to electronic payments, asset management and securities brokerage. Major international technology companies are also rapidly entering the world of credit and finance (that is, the “Big Techs” such as Apple, Amazon, Microsoft, Google, Alibaba and Facebook).

In this context, activities and services in the financial industry traditionally carried out by a single intermediary have become fields of experimentation and competition by new specialised operators. Specialised operators strive to make financial services more efficient by:

“Disrupting” them (that is, breaking them down and redesigning them).
Introducing innovative financial services for different users.
Intercepting even needs that are still in progress for consumers and businesses.
Opening additional channels for the intermediation of savings.

This leads to a micro-segmentation of the reference markets, in which a growing number of FinTech operators offer increasingly specialised and highly innovative financial services. Consequently, we are seeing an extensive use (and sometimes abuse) of the information collected with the aim to profile potential customers through technology and data processing methods (such as data mining), and an unprecedented operational flexibility made possible by digital technology.

Recent market analyses show that traditional banks and intermediaries consider a proportion of their business at risk, for about a quarter of their revenue over a five-year period. For example, 82% of the Italian banks consider FinTech as a possible threat, in particular in the areas of electronic payments, robo-advisory and wealth and asset management (PWC’s Global FinTech report 2017). For further information on PWC’s Global FinTech report 2017, see https://www.pwc.com/gx/en/industries/financial-services/assets/pwc-global-fintech-report-2017.pdf.

However, some existing operators are ready to meet this challenge by exploring possible partnerships or collaborations with FinTech companies operating in Italy. There are currently around 300 FinTech companies operating in Italy (FinTech in Italy – Survey on the adoption of innovation technologies applied to financial services, December 2017, Bank of Italy; see https://www.bancaditalia.it/compiti/vigilanza/analisi-sistema/stat-banche-intermediari/Fintech_in_Italia_2017.pdf).

Traditional banks that want to invest in FinTech can follow either one of the following approaches:

Licensing. Licensing involves obtaining a licence to use a particular technology. This strategy requires a limited investment in financial terms, but the risk is that innovation will be underexploited due to contractual obligations of use. Licensing is mostly used by local or small banks that have little exposure to FinTech trends.
Outsourcing. Outsourcing involves a modest financial investment, but can create dependence on the supplier. Local and small banks usually resort to outsourcing.
Collaboration. In this case, investments and risks are shared between the parties of the agreement, but the biggest challenge is the compatibility of strategic aspects and decision-making processes. Both the most small and universal banks exposed to FinTech trends use this approach.
Internal development. The company bears the entire financial outlay and related investment risks, but enjoys complete control and confidentiality of the result. This approach is traditionally used by Big Tech and FinTech startups. (Source: Italian Banking Association (IBA)’s report, Banks and Fintech: strategies and business models, 14 May 2019).

Compared to the new entrants, traditional banks enjoy stable customer relationships and information assets gathered over the years. However, those benefits may be limited by the rapidly spreading use of technology as tech-literate consumers are turning to online competitors (for example, millennials and digital natives have little or no experience with physical banking channels). Therefore, banks will only enjoy an expanded range of services offered, an increase in the quality of the client relationship and a more effective risk management if they make smart use of information assets through new technologies.

This technological challenge requires huge investments. However, in Italy they remain very limited due to difficulties in adapting existing organisational structures and operating processes, finding the necessary skills and integrating with present IT infrastructures.Among the areas of major investments, the following are favoured:

High-tech innovative services.
Internal processes optimisation.
IT security measures.
Development of technologies for the conclusion of contracts at a distance.
Customer recognition and instant payment order tools.

The above areas of investment prevail over others (such as automated customer services, access to aggregated information online, Blockchain, Big Data, artificial intelligence (AI), cloud computing and Internet of Things).

In terms of organisational structure, banks have established online platforms, reduced physical branches and assigned the remaining ones to value-added services (for example, private banking, corporate finance, and so on), improving the efficiency of middle and back office processes and risk management tools.

Consequently, banks currently face a serious financial challenge to recover efficiency margins and sustain profitability by diversifying revenues and containing administrative costs. It is therefore easy to foresee the advent of a new phase of M&As and consolidation in the sector that will permit the exploitation of economies of scale and the absorption of excess capacity.

Regulatory environment

Alternative finance

5. How is the use of FinTech in alternative finance activities regulated?

In alternative finance activities, the use of FinTech is most evident in marketplace lending platforms and crowdfunding platforms.

While the emergence of these platforms has enabled new operators to smoothly enter the financial services sector, it has emphasised obsolete existing legislation due to technological developments. This has presented challenges in framing FinTech services within the regulatory and legislative framework for traditional financial services.

The access to alternative sources of finance brings with it an automatic benefit for customers, both as a source of finance and because of the greater competition that it will cause among traditional banks. However, some risks are involved, which could undermine the stability of the global financial system.

In Italy, there is no specific legislation governing alternative finance activities. They are regulated at national level and the competent authorities are the Bank of Italy and the National Commission for Companies and the Stock Exchange (CONSOB).

The first regulatory approach to peer-to-peer lending is contained in the “Provisions on the collection of savings by subjects other than banks”, published by the Bank of Italy on 9 November 2016 and entered into force on 1 January 2017 (seehttps://www.bancaditalia.it/compiti/vigilanza/normativa/archivio-norme/disposizioni/raccolta-risparmio-soggetti-diversi/index.html). Under Section IX (on social lending) of the Provisions on the collection of savings by subjects other than banks, lending based crowdfunding (LBC) is defined as a means of stakeholders requesting repayable funds for personal use or for financing a project through online platforms.

By means of peer-to-peer (P2P) lending companies, investors may obtain a higher return on their capital than, for example, savings, thanks to the higher interest rates. Similarly, funded entities tend to receive loans that traditional financial companies are likely to have denied. The higher rate of return under a P2P loan is justified by the higher risk that investors contributing to the financing of the loan accept (as there is often no guarantee or security for this type of loan).

The rules on payment institutions (PIs) apply also to P2P lending platforms.In fact, to operate in the P2P lending sector, a company must comply with the relevant provisions of the Consolidated Banking Act, as well as with the Supervisory Provisions for PIs issued by the Bank of Italy on 17 December 2013, as lately amended on 17 September 2019 (see https://www.bancaditalia.it/compiti/vigilanza/normativa/archivio-norme/circolari/c285).

Conversely, LBC is an alternative funding channel (as compared to the traditional credit intermediaries’ one) through which families and small businesses are financed directly by many investors.

The provisions of the Bank of Italy provide limits and conditions to be respected by market operators so that the activity of collective financing is consistent with the rules on the collection of public savings. Moreover, the acquisition of funds by the borrowers through platforms must be carried out based on individual negotiations with the lenders.

All the subjects involved in the LBC (that is, platforms, lenders and, to a limited extent, borrowers) are under some level of control and must comply with the rules governing the various asset reserves (including the collection of public savings, banking activity, granting of loans to the public, credit mediation and payment services). In particular, those authorised to operate as payment institutions must guarantee the net separation between their assets and those of investors. Additionally, the absence of specific legislation favours the self-regulation option. Through their own decisions (that is, codes of conduct, standards to be respected, and so on), LBC platforms are no longer just entities to be regulated, but effectively become part of the regulatory process.

In future, according to the Bank of Italy, LBC will most likely not pose a significant threat to the banking system, for it has the potential to stimulate traditional intermediaries to improve their business models and operations.

The main models of crowdfunding are:

Investment-based (or equity-based) crowdfunding. The online investment acquires a quota or a shareholding in a company. In this case, the “reward” for the loan is represented by the set of ownership and administrative rights deriving from participation in the company. The instruments acquired can be held by investors directly or indirectly through a separate legal entity (for example, a special purpose vehicle or a collective investment scheme).
Invoice trading crowdfunding. Companies finance themselves by selling off the credits produced in the exercise of a business activity (for example, unpaid commercial invoices or other credits), individually or en bloc, to a group of investors through an online platform.
Social lending and/or lending-based crowdfunding. Many different subjects can request many different potential lenders, through online platforms, repayable funds for personal use or to finance a project.

Additionally, other models of crowdfunding can be identified from the type of relationship established between the subject who finances and the one that requested the financing, for example:

Donation based model. A platform where donations can be made to support a given cause or initiative without receiving anything in return.
Royalty based model. A platform in which a particular initiative is financed, receiving in return a part of the profits.
Reward based model. A platform where one participates in the financing of a project and receives a prize or a specific non-cash reward in return.

In response to a lack of common rules among the EU member states, on 8 March 2018, the European Commission presented a new set of provisions, which will allow crowdfunding platforms to grow across the EU’s single market by offering their services more easily (for example, through the use of an EU label) and improving access to it by investors. The investors will also be protected by clearer rules on disclosure, governance and risk management and a more consistent approach to supervision.

In July 2013, Italy was the first European country to adopt an ad hoc regulation on equity crowdfunding, by means of a CONSOB’s regulation on the raising of venture capital by innovative start-ups through online portals. However, the regulation was heavily criticised, as it only allowed the use of equity crowdfunding for innovative start-ups, and imposed a 5% minimum requirement for the subscription by professional investors (including banking foundations or incubators) of the start-ups’ stock capital for the related tender offer to be completed.

As a result, some important regulatory changes have been introduced to enable innovative SMEs (established as “simplified” s.r.l.), mutual funds and social enterprises to access this risk capital channel, in addition to innovative start-ups (established as “società a responsabilità limitata” or s.r.l.). SMEs must satisfy at least two of the following criteria:

Number of employees lower than 250.
Total assets not exceeding EUR43 million.
Annual net turnover not higher than EUR50 million.

Additionally, the following entities are permitted to raise capital through online portals, solely in relation to the offer of units of foreign undertakings for collective investments (UCIs) that mainly invest in SMEs:

Asset management companies (società di gestione del risparmio) (SGRs).
Investment companies with fixed capital (società di investimento a capitale fisso) (SICAFs).
Investment companies with variable capital (societe d’investissement a capitale variable) SICAVs.

The expansion has required a strengthening of investor protection measures, as well as an increase of CONSOB’s regulatory powers over the portal managers entered in an ad-hoc register under Article 50-d, paragraph 6, of the Consolidated Financial Act, including the authority to convene their directors, internal auditors (sindaci) and staff members, as well as to suspend their activity by means of a precautionary measure, under certain circumstances.

Further, due to the transposition of Directive 2014/65/EU on markets in financial instruments (MiFID II) in Italy, the operation of crowdfunding portals has been submitted to stricter conditions, such as the:

Obligation to join a compensation scheme or enter a professional liability insurance scheme to protect investors.
Obligation to implement a more detailed conflicts of interest policy.
Delegation to CONSOB for the adoption of implementing provisions concerning internal whistleblowing.

During the revision of the Regulation on crowdfunding, CONSOB reduced the threshold of the financial instruments to be subscribed from qualified investors in certain specified circumstances. Specifically, there is a lower threshold, equal to 3% (and no longer to 5%), for offers made by SMEs in possession of certified financial statements relating to the two financial years preceding the offer.

In financial terms, according to a report recently presented by Milan Polytechnic, equity crowdfunding has already exceeded, in the first semester of 2018, the total volumes achieved in 2017: more precisely, EUR14.2 million collected (that is, subscription of risk capital) and over EUR94 million in social lending (loan financing), bringing the totals to EUR33.3 and EUR216.9 million, respectively. In numbers, portals are constantly increasing (at present, 27 in the equity segment and 11 in the lending one). Additionally, the extension of equity crowdfunding to all SMEs and the application of 26% replacement withholding tax on natural persons for income deriving from lending crowdfunding activities are likely to further enlarge the investor base, although it is necessary to involve more and more institutional investors, especially in lending.

To improve investor protection, CONSOB Resolution No. 21110 of 10 October 2019 (published in Official Gazette No. 251 of 25 October 2019), amended Regulation No. 18592 of 26 June 2013 on venture capital raising through online portals (Crowdfunding Regulation), issued in implementation of the 2019 Budget Law (Law No. 145 of 30 December 2018). Among the main novelties, it is worth mentioning:

The underwriting of bonds and debt securities issued by SMEs, up to a maximum amount of EUR8 million, is reserved solely to:
- professional investors;
- banking foundations;
- start-up incubators;
- investors in support of SMEs;
- those who hold a financial portfolio of more than EUR260,000;
- those who commit to invest at least EUR100,000 and declare in writing, in a separate document, that are aware of the risks associated with such investment; and
- to retail investors who are the recipients of a portfolio management or an investment advice service.
The provision of web boards is included among the activities related to crowdfunding platforms’ management.
The offers of financial instruments issued by SMEs and innovative start-ups (that are incorporated as companies under the laws of an EU member state or an EEA country), promoted through online crowdfunding portals.

Payment platforms

6. How is the use of FinTech in payments-related activities regulated?

The impact of the FinTech revolution on payments-related activities concern:

Instant peer to peer payment solutions. Electronic payment solutions that, mostly based on mobile devices (for example, smartphones or tablets) and active at any time, make sums sent immediately available to the beneficiary, regardless of the underlying payment instrument and the clearing and settlement interbank agreements.
Service for placing payment orders (or payment initiation service). This allows the payment order to be arranged at the request of the payment service user, in relation to a payment account held with another payment service provider. It implies direct or indirect access of the service providers to the payer’s account and offers a low-cost solution allowing users to make online purchases even without payment cards.
Account information service. This allows the user to have immediate access to an overview of its economic and financial situation at any given time, through access to aggregate online information relating to current accounts held at one or more payment service providers.

A common feature of the above services is that the related providers do not hold client funds at any time, and are therefore not required to comply with their own funds requirements. However, they must provide a third-party liability policy or a similar form of guarantee for damages caused in the exercise of the activity deriving from their own or third-party conduits.

Another key feature is that authorised third party service providers will have permission to access all financial data concerning a given consumer, which is currently only accessed by banks and financial intermediaries. Financial data will be accessible to subjects already active in the data market (small, large or very large) and/or to newcomers, allowing a full profiling of the consumer (from a simple categorisation to a prediction of behaviour based on the processing of occurrences of time, place, context and relational network).

On 13 January 2018, Directive (EU) 2015/2366 on payment services in the internal market (PSD2) came into force, which promotes greater competition, efficiency and innovation in the EU payment services market, while strengthening the protection of payment service users, as well as the transparency and security of electronic payments.

In Italy, PSD2 was implemented by means of Legislative Decree of 15 December 2017, No. 218, which modified the Consolidated Banking Act and Legislative Decree 27 January 2010, No. 11 (that transposed PSD1).

In implementing PSD2, as well as in light of the technical regulatory standards developed by the European Banking Authority (EBA) and the EU Commission, the Bank of Italy has recently amended the Supervisory Provisions for PIs and Electronic Money Institutions (IMELs), with regard to, among others, the payment initiation service (provided by the Payment Initiation Service Providers (PISPs)) and the account information service (provided by the Account Information Service Providers (AISPs)). The above amendments, issued on 23 July 2019, were published in the Official Gazette No. 193 of 19 August 2019 (see https://www.bancaditalia.it/compiti/vigilanza/normativa/archivio-norme/disposizioni/disp-ip-20120620/Provvedimento_del_23_luglio_2019.pdf). The main amendments include the following:

The content of the schedule of activities, to be filed together with the authorisation application, has been enriched with detailed information, as well as updated in compliance with the new requirements introduced by PSD2.
The application to PIs and IMELs of the definition of “own funds” introduced for banks and investment firms by Regulation (EU) 575/2013 on prudential requirements for credit institutions and investment firms (Capital Requirements Regulation), which imposes more stringent criteria for the inclusion of various instruments in the supervisory stock capital and harmonises the treatment of deductions.
The requirement to adopt a more effective security system against risks, in particular as far as payments are concerned. In this regard, PIs and IMELs must adopt:
- specific risk management policies and procedures for security;
- systems for the prevention and monitoring of security incidents and frauds; and
- procedures for archiving, monitoring, tracing and limiting access to sensitive data relating to payments.
The updating and integration of the information that Italy-based PIs and IMELs must provide to the Bank of Italy when they intend to operate abroad. EU operators wishing to provide payment services in Italy through agents are also required to designate a central contact point therein.
New detailed regulation of the payment initiation service and the account information service, as well ad of the providers of the latter services.

According to the Bank of Italy’s survey on FinTech, payment services represent the field in which traditional banks and intermediaries are currently making more investments, in particular on:

Peer-to-peer (P2P) payments initiatives.
Payment order services.
Instant payment services.
Projects that allow the use of payment instruments, mainly payment cards, in an innovative way.

Such effort is aimed at responding to the threat posed by the Big Techs, already equipped to enter the payments business. However, most of the intermediaries have preferred to adopt the instant payment service already offered by the Big Techs, to reduce the costs, avoid the intrinsic complexity of significant technological interventions and, above all, accelerate the launch of the service on the market.

Among the most active Italy-based start-ups, it is worth mentioning Satispay, active in the payment services sector since January 2015, with more than 340,000 users and 44,000 physical and online affiliated sales points throughout Italy. The company has recently announced the launch of a new service called “Savings”, which will be added to the tools that allow the use of an electronic wallet for phone top-ups and payments of public administration related bills (that is, fines, taxes and stamps).

Investment/asset management

7. How is the use of FinTech in the securities market regulated, if at all?

In the securities market, FinTech technologies and products can be instrumental to improving the quality of services offered to clients, providing an important competitive edge. They can also open opportunities to fully exploit the advantages of an integrated EU market for financial services, since they facilitate the distribution of retail products and services on a cross-border basis.

To date, in Italy no specific regulation is envisaged relating to the use of technologies in the securities market sector and general rules apply.

Within the ambit of the automated services, a key-role is played by automated financial advice, which includes any form of financial advice aimed at providing notices or recommendations to customers (including that to buy or sell a specific financial instrument) without using individuals and relying on algorithms. Robo-advisory is the most common financial automated service and includes all online services for automated management of the financial portfolio that integrate or replace the work of a financial adviser.

Further, there are comparative offer portals (that is, online portals enabling clients a real-time comparison of all the features characterising a given product/service presented by different providers (insurance policy, consumer loan, account deposit, and so on), bots or chat-bots (that is, software designed to simulate a conversation with humans, based on a talk-reply-talk-reply pattern. In the banking services context, chat-bot is commonly used for a “cross-talk” chat, allowing a clearer identification of the customer’s requests and/or management of online routine operations and mobile banking transactions). In addition, technologies for authentication of electronic identity are rapidly spreading, which comprise electronic procedures and tools used for online identification and verification (for example, via webcam) of the client’s personal details, as well as for the validation of credentials’ authentication, allowing the initial registration of the customer and the entire management of the contractual relationship exclusively through remote channels.

InsurTech

8. How is the use of FinTech in the insurance sector regulated?

In Italy, the InsurTech phenomenon (that is, digital technologies applied to the insurance market) continues to have great potential for expansion, for it has more than doubled since the beginning of the decade, although it remains small compared to the total insurance market.

Technological innovations in this sector are particularly visible in processes, offers of insurance products and their distribution methods, relations with consumers, and even in advertising. To penetrate the market, insurance companies can exploit the constant flow of information on the habits, purchasing trends, lifestyles and physical health of their actual and potential clients, to which they have access.

The approach taken so far by global insurance companies has been to seek agreements with young technology start-ups, or buy them, to acquire innovative know-how or simply remove competitors. The ultimate goal is to keep the customer hooked up with additional services, while extending the classic value chain of the insurance business beyond the compensation/indemnity phase.

At international level, the task of regulators and supervisors in the face of these trends isto protect consumers from insurance companies’ unfair behaviour or from marginalisation due to the digital divide. To do this, they apply the principle of neutral regulation, whereby technological developments do not impact on insurance services regulation, so they apply the same rules to the same activities and risks, but rules should not hinder new technology-driven services that can benefit consumers.

In light of the foregoing, to date there are no regulatory provisions in force in Italy for the InsurTech sector. Along with the Italian Government, the Insurance Supervisory Authority (IVASS) is active at international level (in particular, the EU one) where new rules and technological standards are being defined. The aim is to maintain an adequate level of market and consumer protection, guaranteeing a fair regulatory treatment of existing and new operators, while avoiding regulatory arbitrage, without stopping innovation. To this end, IVASS has started a dialogue with the industry and is striving to raise the quality of the rules and the supervisory action, even through innovative technologies (under the so-called “RegTech”, that is the application of digital technologies to the rules produced by the supervisory authorities).

Blockchain-based solutions

9. How is the use of blockchain in the financial services sector regulated?

The most commonly recognised blockchain-based solutions are:

Distributed ledger technology (DLT). All the nodes of a system share a common database and contribute to its keeping and updating in a non-centralised way, using cryptography (for example, computer data encryption techniques) for the authentication of transactions. DLT is associated with a possible significant increase in operating efficiency, due to a strong reduction of steps and interventions in the chain of securities brokerage, which can be now overcome by technology. DLT’s applications range from a use limited to specific post-trading activities (clearing and settlement, in the first instance), intrinsically linked to registration and database functions, to a more general use throughout the entire life cycle of the securities, starting from their issue.
Smart contracts. Contracts written in computer language, intelligible by special software and able to execute and enforce their clauses automatically without human intervention. They are frequently used in the context of DLT or the execution of transactions involving “virtual currencies” (see below).
Virtual currencies (cryptocurrencies). Digital representations of value, used, on a voluntary basis, as a means of exchange for the purchase of goods and services, mainly in e-commerce and for gaming activities, especially online. Despite being electronically transferrable, storable and negotiable, they are not issued by central banks (or public authorities), do not constitute legal tender and are not comparable to electronic money. To date, there are over 500 types of virtual currency globally (the most common of which is “Bitcoin”), usually subject to strong price fluctuations and high transaction costs that make them unsuitable to play the role of money as a shared payment method, reserve and measure of value.

The exchange of virtual currencies takes place through digital portfolio service providers (also called e-wallets). It is distinguished between two types of wallets:

Hot wallets. Hot wallets are connected to the internet and allow not only the collection of crypto assets, but also their exchange in blockchain.
Cold wallets. Cold wallets are off-line portfolio safekeeping, which prevents to use the virtual currencies sored in it.

There are two ways to obtain virtual currencies:

From another user
By converting legal tender money into digital value from dedicated operators (called exchangers).

The exchangers base their business on the sale on their own account and on behalf of others of cryptocurrency in exchange of legal currency, or on connecting their buyers and sellers

Their use has been recently subject to anti-money laundering and terrorist financing provisions.The anonymity of those who work in the network and the real beneficiaries of transactions carried out online with virtual currencies (often based in countries or territories at risk) increases the possibility of violating the applicable anti-money laundering laws.

For this reason, regulatory authorities must provide necessary arrangements to counter the mass use of virtual currencies, protect investors and ensure that they do not consolidate and become a risk to global financial stability.

Initial coin offering (ICO). Through this it is possible to collect, in digital form, capital for business purposes based on blockchain technology. Specifically, investors pay financial means (generally in the form of cryptocurrencies) to the ICO organiser and receive blockchain-based “coin” and/or “tokens”, created and saved at a decentralised level on a new blockchain developed in this context or, through a smart contract, on an existing blockchain.

The following have been object of some legislative and regulatory interventions in Italy:

DLT and smart contracts. DLT is defined for the first time as “computer technologies and protocols that use a shared, distributed, replicable, simultaneously accessible, architecturally decentralised and cryptographically based register, allowing for the recording, validation, updating and storage of both unencrypted and further encrypted data that can be verified by each participant, and that cannot be altered or modified” (Article 8-ter, Law No. 12 of 11 February 2019, converting Law Decree No. 135 of 14 December 2018 (Simplifications Decree)).
A “smart contract” is a computer programme running on DLT and whose performance automatically binds two or more parties based on parameters defined by the parties themselves. Smart contracts meet the written form requirement after computer identification of the parties involved, through a process that meets the requirements set out by the Agency for Digital Italy (www.agid.gov.it), with guidelines to be adopted within ninety days from the entry into force of Law No. 12/2019. Therefore, smart contracts are currently specifically defined as operating only by means of a DLT, but this does not mean that their use using other technologies is prohibited.
Virtual currencies. In order to prevent that the virtual currency’s system could facilitate money laundering and terrorist financing, the FIU has recently clarified (see Communication of 28 May 2019) that financial intermediaries must carefully assess cash withdrawals and/or deposit transactions, as well as prepaid credit card ones, connected to the purchase or sale of virtual currencies, carried out for significant amounts in a limited period of time.
ICO. Consob, in its discussion paper of 19th March 2019 entitled “The Initial Coin Offering and the cripto-assets trades” whose outcome is still pending, has pointed out that the ICOs are subject to financial markets regime and are characterised by:
- use of blockchain technology;
- payment of tokens with virtual currencies;
- online advertising and promotion; and
- the publication of a white paper in which the main characteristics of the proposed transaction and the object of the offer are described in detail.

Financial services infrastructure

10. What types of financial services infrastructure-related activities of FinTech entities are regulated?

To date, there is no specific regulation in Italy of technologies and support services in the financial services sector. The most common infrastructure-related activities are:

Big data. A huge set of data, also stored in various archives, analysed by inferential statistics tools and concepts of identification of non-linear systems to deduce regressions, causal effects and relationships. Unlike traditional management systems, which deal with structured (or structurable) data in relational tables, Big Data also includes semi-structured or unstructured data (for example, data from the internet, such as comments on social media, text documents, audio, videos available in different formats, and so on). A fundamental element of the digitalisation process that is affecting the financial services sector is the ability of companies to acquire necessary technologies to transform the amount of data they hold into useful information to implement their business. Today’s challenge isknowing how to exploit the potentials of Big Data. This will not only contribute to improving the quality of products and services by making them more personalised and responsive to the needs of individuals, but will also enable service providers to comply with the high standards set by most recent EU laws in this sector, through a greater knowledge of their clients. In this respect, MiFID 2 has increasingly oriented towards investor protection that is no longer limited to the final moment, when the product is recommended or sold, but also applicable to the previous phases, requiring the intermediary to also adopt important measures during the phase of construction, development and marketing of the product (part of the so-called “product governance”). In addition, one of the most problematic profiles linked to Big Data technology is the impact on personal data protection. Despite not containing specific provisions on Big Data, Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation (GDPR)) aims at establishing a climate of trust, designed to guarantee the development of a digital economy, by allowing individuals to maintain control over the “processing” of their data by third parties. The informed consent principle has been confirmed as the cornerstone of the privacy regulation, especially in respect of the “profiling” process (that is, data analysis and processing oriented to divide users into homogeneous groups or “profiles”, accompanied by behaviour or characteristics, more and more stringent, to identify the user of that particular terminal).

It should be noted that the Bank of Italy is currently testing techniques to improve prevention and identification of risks to financial stability, by using innovative methodologies, such as Big Data and machine learning. Moreover, the Bank of Italy has recently launched a project to integrate traditional data control programmes with new machine learning and artificial intelligence techniques (see Head of the Directorate General for Financial Supervision and Regulation at the Bank of Italy’s paper entitled “FinTech: the role of the supervisory authority in a changing market“of 8 February 2019; https://www.bancaditalia.it/pubblicazioni/interventi-vari/int-var-2019/Barbagallo-08022019-eng.pdf?language_id=1).
Artificial intelligence. Hardware and/or software systems designed to perform tasks that are typically associated with human intelligence. Among the main applications, there is machine learning (that is, the development of algorithms and learning processes of an information system for the realisation of applications whose performances automatically improve with time, thanks to the development of new data).
On 10th May 2019, the so-called Group of 30’s experts, established upon initiative of the Ministry of Economic Development at the beginning of 2019 with the task of developing a national strategy on artificial intelligence and contributing to the European Commission’s Coordinated Plan, issued a document that provides for:
- measures aimed at contrasting the concentration of data in the hands of a few companies, as well as potentially deceptive forms of advertising, whilst guaranteeing appropriate penalties and compensation forms for damaged persons;
- measures aimed at protecting private individuals’ (whether employed and not) right to access professional refresher courses;
- the creation of a national governance for science and technology; and
- some priority investment areas (e.g. IoT, manufacturing and robotics, financial and health services, transport, agrifood and energy, public administration, culture and digital humanities).
Cloud computing. A model to enable, through the network, widespread access, easy and on demand, to a shared and configurable set of processing resources (for example, networks, servers, memories, applications and services), which can be acquired and quickly released with minimal management effort or interaction with the service provider. Three types of cloud computing can be distinguished according to the services offered:
- Software as a Service (SaaS);
- Platform as a Service (PaaS) (Platform as a Service); and
- IaaS (Infrastructure as a Service).
Open banking. Provision of banking services through open standards application programming interfaces (open standard APIs) that allow the development of applications and services that make use of the data and functions offered by a financial institution’s technological infrastructure.

The PSD2 gave European legal citizenship to open banking models, based on the sharing of bank data among different operators. PSD2 requires banks to allow third party providers access to payment accounts, thereby breaking banks’ monopoly on payment data, thereby reducing the cost of financial services.
Internet of Things (IoT). Sensors and actuators connected by computer systems networks, able to monitor and/or manage actions related to objects and machines. The sensors are also able to monitor the natural world, including people and animals.

Regulatory compliance

11. What are the key regulatory compliance issues faced by FinTech entities?

General

For the Fintech regulatory framework, market operators experience uncertainty, coupled with the need to update the current regime with a more definite, consistent and harmonised set of rules. In particular:

FinTech start-ups face the challenge of entering a market that is not regulated as such, but is generally governed by the same rules that apply to traditional financial services.
Crowdfunding platforms emphasise the difficulty of clearly defining the borders beyond which regulated banking and financial services are performed, thereby incurring the risk of criminal penalties. The rules governing the provision of banking and financial activities were conceived for a traditional type of operation, and do not consider the innovative methods of today. The lack of incentives for investing through crowdfunding platforms also restricts the growth of crowdfunding in Italy.
Payment services and automated customer services providers ask for standard rules governing the use of biometric technologies and customer authentication, and a simplification of the anti-money laundering obligations of identification and customer due diligence. They suffer the uncertainty of the regulatory framework for digital signatures and no globally harmonised regulation on the use of useful technological tools for customer identification (for example, webcams). Also, the rules laid down to combat tax evasion at cross-border level are perceived as an obstacle to the adoption of Fintech solutions, since they complicate operations in the relevant markets and indirectly hinder the use of tools and technologies for the conclusion of contracts and remote operations.

In the field of privacy and data protection, the recent introduction of the General Data Protection Regulation (GDPR) is an important change, which goes well beyond the EU and into the intersection between data and finance. Indeed, the GDPR has strengthened some general and fundamental privacy law principles (that is, limitation of legitimate grounds for collecting data, minimisation of the latter, time reduction for their conservation and reinforcement of safety measures), constituting both a challenge and an opportunity for all financial intermediaries (banks, asset managers and investment firms). In this context, to tackle competition from market entrants, traditional banks that have so far “sold security” in various forms (that is, value (deposits), physical (safety boxes), economic (maturity transformation), transactional (payment system), and so on), must acquire investors’ trust as a new form of security that puts them on the same level with entrants. Further, while for incumbents the requirement to verify and update information assets they hold is a last call to recover lost ground in data management, for entrants it is an additional opportunity to enter the market, as they are more used to exploiting data.

With regard to anti-money laundering, Legislative Decree 25 May 2017, No. 90 (implementing Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (Fourth EU Anti-Money Laundering Directive) in Italy) has anticipated some of the rules contained in the proposed amendments to the Directive, which aim at combating the illicit use of virtual currencies.

As a result, service providers, “limitedly to the performance of the virtual currency conversion from or into currencies with a forced rate” (i.e. so-called exchanger), must satisfy anti-money laundering requirements. Subsequently, by means of Directive (EU) 2018/843 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (Fifth Anti-money Laundering Directive), recently transposed into Italian law by means of Legislative Decree No. 125 of 4 October 2019 (published in Official Gazette No. 252 of 26 October 2019), e-wallets is included into the category of the devices falling within the scope of anti-money laundering provisions. Exchangers and wallet providers must register in a special section of the register kept by UIF, subject to compliance with certain requirements, as well as to exchange information aiming to trace flows of money entering and leaving the relative circuit. In addition, MEF is in charge for identifying modalities and timing by which communicating transaction carried out in Italy, as a condition of lawfulness for the exercise of the related activity, the information of which may be made available by MEF in the event of investigations performed by national competent authorities (NCAs). Moreover, Legislative Decree No. 125/2019 has provided for, inter alia:

The identification of a set of suitably tested measures and periodic reporting requirements, to be implemented by banking and financial intermediaries in relation to clients operating in countries at high risk of money laundering.
Amendments to the treatment of sanctions and procedures for imposing sanctions.
The prohibition on the issuance and use of anonymous electronic money products.
The refusal of the authorisation of the activity or the opening of branches of Italian intermediaries in countries with a high risk of money laundering.

In relation to the know-your-customer (KYC) rule, one of the main advantages of FinTech in the short term is the potential facilitation of online relationships with customers, to the extent to which it allows companies to establish mere digital relationships with their customers. This is essential for the creation of an EU single market for retail financial services. However, the cross-border provision of financial services cannot take place until customers go to the suppliers’ offices and are duly identified, receive paperwork information and sign the contracts. In this respect, the innovators are developing new ways of identifying and authenticating customers and RegTech is working on changing markets by automating controls on companies, people and identification documents to meet the KYC requirements through remote identification and addressing fraud issues. In particular, the use of electronic identity schemes under eIDAS would make it possible to open an online bank account, by satisfying the actual requirements for checking and verifying the customer’s identity for know-your-customer or adequate verification purposes, and strengthening the security of electronic transactions. However, market operators face the uncertainty of the timing for the issue of EBA’s technical standards and guidelines and the operational complexities associated with the performance of the Account Information Service (AIS) and the Payment Initiator Service (PIS). In addition, the importance of the clarity and completeness of the information to be provided to consumers is generally perceived, especially in a context where discussion with customers takes place through virtual channels. Therefore, it is important to define a specific regime that takes into account the new requirements for consumer protection and overcomes the uncertainty of interpretation of the current rules.

Cyberattacks

A particular issue is the risk of cyberattacks (that is, malicious actions that exploit the vulnerabilities of an IT device, or of the code that allows its functioning, to stop the operation, obtain undue access to the data that it holds or compromise its integrity). The financial system is a prime target for cyberattacks, which are normally motivated by profit or by the intention to disturb its orderly functioning. The target is wide because of its intensive use of information technology, the damage a cyberattack can cause is great and a systemic fallout is always possible. For this reason, the supervisory authorities pay growing attention to cyber risks: there are many joint initiatives to strengthen the IT security of the financial and insurance system (such as, for instance, a survey of traditional banks, financial and insurance intermediaries on the prevention of IT risks).

For some types of cyberattacks, the security measures planned at national level proved to be inadequate, thereby requiring a co-ordination between the NCAs to facilitate an integration of national cyber security frameworks (see Fintech: Supervisory Authority’s role in a changing market“, https://www.bancaditalia.it/pubblicazioni/interventi-vari/int-var-2019/Barbagallo-08022019-eng.pdf?language_id=1). On 24 June 2018 Legislative Decree no. 65/2018 entered into force, which transposed Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (Network and Information Security Directive) (NIS) into national law. NIS imposes measures that organically establish a common level of network security and information systems in the EU, with the aim to reduce the risk of cyber incidents, as well as to promote the continuity of essential services (energy, transport, health, and finance) and digital ones (search engines, cloud services, and e-commerce platforms). A special feature is the notification obligation to the Essential Service Operators (Operatore di servizi essenziali) (OSEs), public or private organisations operating in energy, transport, banking, financial market infrastructure, digital infrastructure, healthcare and the supply and distribution of drinking water. Additionally, Digital Service Providers (that is, e-commerce, search engines, and cloud computing) must adopt technical and organisational measures appropriate to the risk management and prevention of IT incidents.

As far as banking and financial market infrastructures are concerned, the Ministry of Economy and Finance is the competent governmental authority in the field of cyber security, in collaboration with the Bank of Italy and CONSOB. Under the NIS implementing decree, by 9 November 2018, the Ministry must identify OSEs based on the importance of the service provided, dependence on the provision of the service from networks and IT systems, as well as the relevance, on the provision of the service, of the effects deriving from an accident. The Department for Security Information (DIS) has been designated as a single point of contact within the Ministry. It is responsible for ensuring, at national level, the co-ordination of issues related to the security of networks and information systems and, at European level, the necessary link to guarantee the cross-border co-operation of the competent Italian NIS authorities with those of the other EU member states, as well as with the Co-operation Group (established by the European Commission).

In its Strategic Plan 2017-2019, the Bank of Italy launched some initiatives aimed at improving the security and business continuity of the Italian financial sector as a whole, by means of the implementation of a cyber-resilience strategy for Italy’s financial market’s infrastructure. As a result, the Bank of Italy and the IBA have recently sponsored the establishment of the Italian Financial Cybersecurity Unit, which co-ordinates information sharing and cyber-threat intelligence among participating financial companies, allowing them to share critical information and raise the awareness of cyber risks.

In addition, the Bank of Italy presides alongside with IBA over the computer emergency readiness team for the financial sector (CERTFin), whose members also include other sectoral authorities and most financial and technological operators aimed at supporting operators in the event of incidents, as well as at helping improve the effectiveness of the system’s defence tools.

12. Do FinTech entities encounter any additional regulatory barriers in entering into partnerships or other arrangements with traditional financial services providers? How common are these arrangements in your jurisdiction?

FinTech entities do not encounter any additional regulatory barriers in entering into partnerships with traditional financial services providers. These arrangements are becoming increasingly common as a way for incumbents to tackle the risk of losing market shares in favour of new operators that are often equipped with more agile structures and an ability to quickly adapt to a changing environment. Further, FinTech firms have a competitive advantage in dealing with massive volumes of data on firms and individuals, which can then be used in providing banking and financial products (for example, for credit screening purposes).

13. Do foreign Fintech entities intending to provide services in your jurisdiction encounter regulatory barriers that are different from domestic Fintech entities?

The rules applying to foreign entities in the FinTech industry are the same as those that must be complied with by domestic Fintech entities.

The Head of the General Directorate for Financial Supervision and Regulation at the Bank of Italy has recently pointed out that “the desired outcome is the development of a more future-oriented regulatory framework embracing digitisation in order to create an eco-system in which FinTech can develop and spread, benefiting from the European single market without compromising financial stability or consumer and investor protection”. The EBA has also taken steps in this direction, constructing, at the request of the European Commission, the FinTech Roadmap, which sets out the FinTech priorities for 2018/2019.

However, for the time being, since rules and practices are not yet harmonised at both EU and international level, intermediaries can choose to establish themselves in an EU member state where the regulations allow for greater flexibility, and then operate in other EU countries by taking advantage of the EU passport. The Bank of Italy has therefore highlighted that this may threaten the stability of financial firms and, in turn, that of their clients. Indeed, an excessively restrictive regulatory environment or an excessively rigid approach on the part of NCAs risks to create a situation that encourages new firms to relocate and digital expertise to flee. The PSD2 therefore strengthened the framework for co-ordination among NCAs and has introduced measures to limit “licence shopping” (for example, by requiring an operator that receives an authorisation in a given EU member state to conduct its business only in that state) (see Question 11 and Fintech: Supervisory Authority’s role in a changing market).

14. What steps can be taken in your jurisdiction to protect FinTech innovations and inventions?

FinTech innovations and inventions cannot usually be patented in Italy.

Financial schemes, plans, principles or methods are therefore excluded as such from the concept of “patentable invention”.

European patents can be granted for any inventions in all fields of technology if they are new, involve an inventive step and are capable of industrial application (Article 52, European Patent Convention (EPC)).

An invention is to be considered as involving an inventive step if, having regard to the state of the art, it is not obvious to a person skilled in the art (Article 56, paragraph 1, EPC). In light of this, the use of technical means in a “commercial method” (that is, a broad concept that includes payment systems and a large part of the activities concentrated in the FinTech sector) involving only economic or business concepts, or financial and commercial practices, does not necessarily confer a technical content to the method itself.

If, in fact, the distinctive element of a proposed activity is represented exclusively by the procedures by which a company sells traditional goods and services with innovative features that give them a competitive edge, this does not necessarily amount to a “patentable” activity, as it lacks the inventive step (see above).

The guidelines issued by the European Patent Office (EPO) suggest that business methods can be patented if they have a technical character.In most cases, the EPO’s examination boards and boards of appeal refuse patent applications on commercial methods due to lack of inventive activity under Article 56 of EPC.

The requirement of inventive activity serves to exclude from the sphere of patentability everything that is only a manifestation of the normal technical progress, even if it is new. An invention lacks the inventive step if it substantially reproduces the same function or the same result as described in a previous document (although not in an identical manner).

Banks and FinTech companies cannot therefore easily protect technological innovations with patents. As a result, the innovations in the sector can easily be imitated by competitors.

Government initiatives

15. To what extent have governments and/or regulators in your jurisdiction sought to create a more favourable regulatory environment for FinTech entities?

Regarding FinTech, public authorities must carefully analyse existing examples and identify initiatives and projects that protect public interest, ensuring a proper balance between the opportunities and the risks of the innovation process.

The Bank of Italy has taken an active role on international committees and bodies to establish a framework of harmonised rules supporting the development of financial innovation. Opening new dialogue with operators who want to propose innovative technological and organisational solutions in financial services, also aiming to make the domestic market more attractive, is the option chosen so far. The Bank of Italy’s “FinTech Channel” (Canale FinTech), an initiative that seeks to support innovation processes in the regulatory arena, has a forward-looking approach. Through it, operators can present financial services projects that contain innovative features with regard to the type of services offered and the technology used to deliver them. The applications submitted are scrutinised by the Bank of Italy and given feedback through meetings and telephone calls, in particular as far as applicable rules and regulations, business models and potential compliance issues are concerned.

The Ministry of Economy and Finance has recently established the Co-ordination Committee for Fintech, involving the Bank of Italy, CONSOB, the Insurance Supervisory Authority (IVASS) and other authorities. Further, IVASS has created a sandbox dedicated to blockchain technology.

A crucial point is still licensing (that is, the authorisation that the supervisory authorities issue to companies that want to operate in the FinTech sector). In particular, the licensing process allows the Bank of Italy a unique insight into developments in this field, where the push for innovation meets the need to protect the public interest. The various FinTech initiatives usually generate projects that require a bank licence or, more often, an authorisation to operate as payment or e-money institutions. The launch of FinTech initiatives through payment or e-money institutions is the most frequent way to enter the financial services market, in particular those consisting of creating a payment institution to support lending crowdfunding platforms, where payments can then be completed using electronic money products.

CONSOB is also proactively contributing to the definition of the regulatory framework at various levels (also through the launch of initiatives with the academic world), with attention to the correct development of the market, while taking into account the access of new entrants and the respect of the level playing field with the incumbents. At the same time, the Commission is called on to verify the correct information provided to the investor and, within the enforcement field, can use the new tools of product governance and product intervention introduced by MiFID 2. It seeks institutional collaborations, aimed at achieving a convergence of actions among the various independent authorities and the judicial authority. (https://www.bancaditalia.it/pubblicazioni/interventi-vari/int-var-2019/Barbagallo-08022019-eng.pdf?language_id=1.)

16. Are there any special regimes in place to facilitate access to capital for FinTech entities?

There are no special regimes in place to facilitate access to capital for FinTech entities.

17. Is the government taking measures to encourage foreign FinTech entities to establish a domestic presence?

See Question 15.

Cross-border provision of services

18. Are there any special rules that affect the cross-border provision of financial products or services by both domestic and foreign FinTech entities?

There are no special rules that affect the cross-border provision of financial products or services by both domestic and foreign FinTech entities.

The future of FinTech

19. Are there any ongoing regulatory measures or initiatives that may affect FinTech in your jurisdiction?

In his Concluding Remarks for 2018, presented together with the Annual Report on 31 May 2019, the Governor of the Bank of Italy pointed out that “in recent years, incentives have been introduced to support investments, research and development, and innovative start-ups. Some of these incentives were confirmed in the latest Budget Law, as well as in the Growth Decree issued in April 2019, recalibrated mostly in favour of small and medium-sized firms. To be effective, industrial policy requires a stable legislative framework that facilitates change in the economy as a whole“.

Even though the strengthening of the balance sheets of Italian banks continued in 2018, the effects of the crisis have not yet been fully absorbed and slow down the reaction of intermediaries to profound changes in market structure, customer habits, financial regulation and technology.

In his speech, the Governor also stressed the growing importance of the prevention and control of cyber risks.

The Bank of Italy is also actively involved in international co-operation initiatives, in particular in the Financial Stability Board (FSB), the Bank for International Settlements and the G7, which are aimed at defining common standards and lines of action to contain cyber risks at national and global level (see the Bank of Italy’s Governor’s Concluding Remarks of 31 May 2019, https://www.bancaditalia.it/pubblicazioni/interventi-governatore/integov2019/en-cf_2018.pdf?language_id=1).

In addition, the Bank of Italy is committed to making its contribution so that Innovative financial intermediation can foster sustainable development and generate benefits for households, firms and general government, in the context of a market ecosystem in which the technological revolution advances to promote social growth, while protecting individuals.

In this context, particular attention is given to the financial and digital literacy of citizens. Increasing the skills of potential savers, users of FinTech, is essential to fully grasp the advantages in terms of financial inclusion and foster their development through the trust system. In the domestic sphere, the scarce financial and digital literacy of the average Italian and reduced capacity to invest online significantly influence the interest in innovation. The National Commission for Companies and the Stock Exchange’s report on the investment choices of Italian families for 2015 has shown that the majority of Italian savers are not well-disposed towards these investment methods, not only because they lack knowledge of this phenomenon (more than 70% of them claim to have never heard of it), but also for the fear of online scams (more than 60% of respondents). In this respect, the definition of a national strategy for the dissemination of finance, insurance and social security education, submitted to the related Committee established by Law of 17 February 2017, no. 15 may play a crucial role.

Contributor profile

Giovanni Carotenuto

Carotenuto Studio Legale

T +39 8557912
E gcarotenuto@carotenutolex.com 
W www.carotenutolex.com

Professional qualifications. Admitted to appear before the Italian Supreme Court, 2013. Admitted to the Italian Bar, 1999

Areas of practice. Banking and financial services regulation; FinTech; corporate/M&A; securities litigation.

Non-professional qualifications. LLM, European Law, Queen Mary College, University of London, UK (with merit), 1997; JD, Law, Università degli studi di Napoli “Federico II”, Naples (summa), 1995

Recent transactions

Regularly assisting global financial institutions, investment firms, asset management companies and large corporations doing business in Italy, on various contentious and non-contentious matters, including:
- drafting and negotiation of contracts;
- assistance in licensing procedures before EU and Italian competent authorities;
- advising on new products, internal organisational models, corporate governance policies, compliance and anti-money laundering procedures; and
- representing clients before independent authorities within the ambit of administrative sanctioning proceedings, as well as in court for alleged breach of applicable laws and regulations (for example, rules of conduct, investor protection, short selling, and market abuse).
Assisting in corporate/M&A transactions, group reorganisations, sales of a going concern, and transfer of fund portfolio investment management contracts.

Languages. Italian, English

Professional associations/memberships. Pro Bono Italia, Co-founder and Chairman; IBA; Simpson Thacher & Bartlett LLP Alumni Association; Queen Mary College Alumni Association; AEDBF (Associazione Europea per il Diritto Bancario e Finanziario).

Publications.

“Product intervention under MiFID II/MiFIR”, Diritto Bancario (Sept. 2017).
“Fundraising Terms and Conditions: Legal Development in Key Countries”, in “Private Equity and Venture Capital: Regulation and Good Practice”, Risk books (Apr. 2014).
“How Italy’s new anti-money laundering laws affect you”, Law360° (Feb. 2014).