A Q&A guide to FinTech in Italy.
The Q&A provides a high level overview of the financial services sector; the FinTech sector; regulatory environment for alternative finance activities, payment platforms, investment/asset management and Insurtech; regulatory compliance; government initiatives; cross-border provision of services and the future of FinTech. This Q&A is part of the global guide to FinTech.
Overview of financial services sector
1. What are the types of entities that form the financial services sector in your jurisdiction?
The following entities form the financial services sector in Italy (in alphabetical order):
-
Asset management companies (including Società di gestione del risparmio(SGR) and EU asset management companies authorised to provide financial services or activities in Italy through a branch).
-
Banks (including Italian banks, EU banks and non-EU banks authorised to provide financial services or activities in Italy through a branch).
-
Crowdfunding portals.
-
Electronic money institutions.
-
Financial intermediaries enrolled in the register specified by Article 106 of the Consolidated Banking Act (Legislative Decree No. 385/1993, as amended).
-
Insurance companies.
-
Investment advisory firms.
-
Investment firms (including Società di intermediazione mobiliare (SIM), EU investment firms and non-EU investment firms authorised to provide financial services or activities in Italy through a branch).
-
Market makers.
-
Money brokers.
-
Multilateral trading facilities management companies.
-
Organised trading facilities management companies.
-
Payment institutions.
-
Pension funds.
-
Systematic internalisers.
2. Which key regulatory authorities are responsible for the financial services sector?
Ministry of Economy and Finance (Ministero dell’Economia e delle Finanze) (MEF)
The MEF is responsible for budgeting, tax policies, economic policy and financial policy. Additionally, the MEF co-ordinates public spending and oversees public investments, as well as monitoring and overseeing public financial management, public debt management and state stockholdings.
For banking and financial services, the MEF is the national competent authority for short selling and certain aspects of derivative contracts for hedging credit default swap risks (in conjunction with the Bank of Italy and CONSOB).
Bank of Italy (Banca d’Italia)
In addition to being the central bank of Italy and forming part of the Eurosystem, the Bank of Italy is the lead supervisory authority in the banking and financial services sector. Its main goals are to ensure monetary and financial stability (also contributing to the decisions on the single monetary policy of the eurozone) and promote the smooth functioning of the payment system. It is responsible for:
-
Risk containment.
-
Asset stability.
-
Sound and prudent management of intermediaries.
-
Compliance with the rules and regulations of those subject to supervision.
National Commission for Companies and the Stock Exchange (Commissione Nazionale per le Società e la Borsa) (CONSOB)
CONSOB is the supervisory authority competent for investor protection and supervision of the Italian securities market. In co-ordination with other EU and Italian competent authorities, it:
-
Regulates the provision of investment services and activities to ensure transparency and correctness of conduct with investors, as well as efficiency, integrity and development of the financial market.
-
Manages reporting obligations of companies listed on regulated markets and appeals for public investments.
-
Monitors market management companies and the transparency and orderly performance of negotiations.
-
Sanctions the monitored entities.
Insurance Supervisory Authority (Istituto per la Vigilanza sulle Assicurazioni) (IVASS)
IVASS is the supervisory authority for the Italian private insurance market. In this role, in co-ordination with other EU and Italian competent authorities, it:
-
Authorises undertakings to pursue insurance and reinsurance business, carries out inspections at insurance and reinsurance groups and undertakings and the other supervised entities.
-
Supervises technical, financial assets/liabilities management of insurance and reinsurance undertakings, groups and intermediaries, and transparency and fairness of behaviours by market participants.
-
Ensures a suitable protection of policyholders, as well as of persons entitled to insurance benefits, through the pursuit of the sound and prudent management of the supervised entities.
Pension Fund Supervisory Commission (Commissione di vigilanza sui fondi pensione) (COVIP)
COVIP is the supervisory authority responsible for the Italian pension funds system. With the aim of ensuring its proper functioning, as well as the adequate protection of pension funds, it supervises their:
-
Sound and prudent management.
-
Transparency and fairness towards actual and potential members, and beneficiaries.
Financial Intelligence Unit (Unità di Informazione Finanziaria) (FIU)
FIU is responsible for combating money laundering and terrorist financing.
As part of the wider efforts to prevent money laundering and terrorist financing, the FIU:
-
Collects data on financial flows and information, mainly through the suspicious transaction reports transmitted by financial intermediaries, professionals and other operators.
-
Analyses the information, drawing on the available sources of intelligence and using the powers at its disposal.
-
Assesses its relevance for possible transmission to investigative bodies and co-operation with the judicial authorities.
-
Collaborates with the investigative and judicial bodies in the identification and analysis of anomalous financial transactions.
-
Attends the global network of the financial intelligence units active around the world for the exchange of vital information for combating such transnational phenomenon.
Competition Authority (Autorità Garante della Concorrenza e del Mercato) (AGCM)
AGCM is the supervisory authority responsible for competition and consumer protection
Data Protection Authority (Garante per la Protezione dei Dati Personali) (DPA)
DPA is the supervisory authority responsible for monitoring application of the Personal Data Protection Code (Legislative Decree No. 196 of 30 June 2003, as amended by Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation (GDPR)).
Overview of FinTech sector
3. What areas of the financial services sector has FinTech most significantly influenced?
FinTech is an inter-sectoral phenomenon, and includes both financial services and information technologies. Most significantly affected sectors are banking, and financial and insurance intermediation.
The main areas affected include:
-
Credit (crowdfunding and peer-to-peer (P2P) lending).
-
Payment services.
-
Investment advisory (robo-advisor).
-
Asset management.
-
Insurance services (InsurTech).
-
Market infrastructures.
-
Cryptocurrencies.
-
The decentralised validation technologies that apply to transactions (blockchain or distributed ledger technology (DLT)).
-
Biometric identification (retinal or facial recognition)
-
Provision of financial services (cloud computing, big data, and automated scoring).
The Bank of Italy recognises the following as the most relevant categories of financial services impacted by the FinTech revolution:
-
Technologies for contracts and remote operations, which are related to the management of electronic identity and remote recognition of the customer used for the subscription of financial services.
-
P2P payment platforms.
-
Instant-payment related services (including virtual wallets on the app).
-
Robo-advisory services.
-
Lending and crowdfunding platforms for individuals and SMEs (including those that make use of the sale of commercial credits (so-called invoice crowdfunding)).
-
Wealth and asset management services.
-
RegTech services, aimed at simplifying and automating the compliance processes.
-
InsurTech services, aimed at innovating the insurance world.
-
Comparison portals relating to the offer of financial or insurance services.
-
Information services on customer accounts.
-
Automated customer relationship management services through artificial intelligence solutions (ChatBox).
4. How are traditional financial services firms engaging with FinTech?
The recent advancement of the digital revolution and FinTech (accelerated by the 2019 novel coronavirus disease (COVID-19) pandemic) has brought both challenges and opportunities, particularly to traditional banks and financial intermediaries (also called incumbents). Enhanced connectivity, new communication and logistic channels, and a dramatically rapid evolution of our lifestyle, mostly driven by technology, are also the basis for restructuring the banking and financial services sector.
Since the end of the last decade, the role of banks in financing the economy has gradually decreased, while the weight of capital markets and non-bank operators has increased, carrying out some functions typical of traditional credit intermediation. The rapid development of technology is opening up the credit and brokerage markets to competition from new players, including FinTech companies that offer innovative and low-cost services particularly with regard to electronic payments, asset management and securities brokerage. Major international technology companies are also rapidly entering the world of credit and finance (such as Apple, Amazon, Microsoft, Google, Alibaba and Facebook).
In this context, activities and services in the financial industry traditionally carried out by a single intermediary have become fields of experimentation and competition by new specialised operators. Specialised operators strive to make financial services more efficient by:
-
Disrupting them.
-
Introducing innovative financial services for different users.
-
Intercepting even needs that are still in progress for consumers and businesses.
-
Opening additional channels for the intermediation of savings.
This leads to micro-segmentation of the reference markets, in which a growing number of FinTech operators offer increasingly specialised and highly innovative financial services. There is extensive use (and sometimes abuse) of the information collected with the aim to profile potential customers through technology and data processing methods (such as data mining), and an unprecedented operational flexibility made possible by digital technology.
Recent market analyses confirm that incumbents consider a proportion of their business at risk, for about a quarter of their revenue over a five-year period.
However, some existing operators are ready to meet this challenge by reviewing their business models, as well as by exploring possible partnerships or collaborations with FinTech companies operating in Italy. There are currently around 345 FinTech start-ups operating in Italy.
Traditional banks that want to invest in FinTech can follow one of the following approaches:
-
Licensing. Licensing involves obtaining a licence to use a particular technology. This strategy requires a limited investment in financial terms, but the risk is that innovation will be underexploited due to contractual obligations of use. Licensing is mostly used by local or small banks that have little exposure to FinTech trends.
-
Outsourcing. Outsourcing involves a modest financial investment, but can create dependence on the supplier. Local and small banks usually resort to outsourcing.
-
Collaboration. In this case, investments and risks are shared between the parties of the agreement, but the biggest challenge is the compatibility of strategic aspects and decision-making processes. Both the most small and universal banks exposed to FinTech trends use this approach.
-
Internal development. The company bears the entire financial outlay and related investment risks, but has complete control and confidentiality of the result. This approach is traditionally used by Big Tech and FinTech startups.
Compared to the new entrants, traditional banks enjoy stable customer relationships and information assets gathered over the years. However, those benefits may be limited by the rapidly spreading use of technology as tech-literate consumers are turning to online competitors (for example, millennials and digital natives have little or no experience with physical banking channels). Therefore, banks will only enjoy an expanded range of services offered, an increase in the quality of the client relationship and a more effective risk management if they make smart use of information assets through new technologies.
This technological challenge requires huge investments. However, in Italy they remain very limited due to difficulties in adapting existing organisational structures and operating processes, finding the necessary skills and integrating with present IT infrastructures. Among the areas of major investments, the following are favoured:
-
High-tech innovative services.
-
Internal processes optimisation.
-
IT security measures.
-
Development of technologies for the conclusion of contracts at a distance.
-
Customer recognition and instant payment order tools.
The above areas of investment prevail over others (such as automated customer services, access to aggregated information online, blockchain, Big Data, artificial intelligence (AI), cloud computing and Internet of Things).
In terms of organisational structure, banks have established online platforms, reduced physical branches and assigned the remaining ones to value-added services (for example, private banking, corporate finance, and so on), improving the efficiency of middle and back office processes and risk management tools.
Consequently, banks currently face a serious financial challenge to recover efficiency margins and sustain profitability by diversifying revenues and containing administrative costs. It is therefore easy to foresee the advent of a new phase of M&As and consolidation in the sector that will permit the exploitation of economies of scale and the absorption of excess capacity.
Regulatory environment
5. What regulatory initiatives have been introduced to support technology innovation and development in the financial services sector?
The Digital Agenda for Europe (DAE) is by the EU Commission’s Communication No. 245 of 20 May 2010 to (among others) maximising the potential growth of the digital economy, by promoting digital skills, digitising industry, as well as by developing AI.
The EU Commission adopted on 24 September 2020 the Digital Finance Package, which sets out the digital finance strategy, whose main goals are to:
-
Remove fragmentation in the digital single market by allowing consumers to have access to financial services and start-ups to scale up and grow.
-
Adapting the EU regulatory framework to facilitate digital innovation, for applications such as AI and blockchain.
-
Promoting data-driven finance, while maintaining high standards on privacy and data protection.
-
Ensuring a level playing field among all providers of financial services based on the “same activity, same risks, same rules” principle.
(2019-2024 Europe fit for the digital age.)
The establishment of “innovation facilitators” (which may take the form of either “innovation hubs” or “regulatory sandboxes”) is noteworthy. In Italy, a regulatory sandbox was introduced, entrusting the MEF with the task of adopting one or more regulations to define conditions and modalities for carrying out the testing of FinTech applications (Article 36, paragraph 2 bis, Law Decree No. 34 of 30 April 2019 (Growth Decree)). This, through the use of new technologies (such as artificial intelligence and distributed registers, can foster innovation of services and products in the financial, credit, and insurance and other regulated markets.
Such testing must be characterised by:
-
A maximum duration of 18 months.
-
Reduced capital requirements.
-
Simplified formalities.
-
Reduced timing for the granting of an authorisation.
-
Defined operating perimeters.
A public consultation launched by the MEF itself on a draft regulation containing, among other things, the criteria for testing FinTech initiatives in a sandbox environment ended in 2020. It specified:
-
The scope of the testing.
-
The specific activities for which it may be required.
-
Subjective and objective requirements for admission thereto.
-
The modalities of access.
-
The procedure to be followed at the end of the testing.
Finally, as an example of application of the regulatory sandbox, it must be noted the DLT successful testing of insurance products in the Italian market, carried out under the supervision of IVASS, within the so-called Insurance Blockchain Sandbox (IBS).
Alternative finance
6. How is the use of FinTech in alternative finance activities regulated?
In alternative finance activities, the use of FinTech is most evident in marketplace lending platforms and crowdfunding platforms.
In Italy, there is no specific legislation governing alternative finance activities. They are generally regulated at national level and the competent authorities are the Bank of Italy and the National Commission for Companies and the Stock Exchange (CONSOB).
P2P lending
The first regulatory approach to P2P lending is set out in the Provisions on the collection of savings by subjects other than banks, published by the Bank of Italy on 9 November 2016 and entered into force on 1 January 2017 (seehttps://www.bancaditalia.it/compiti/vigilanza/normativa/archivio-norme/disposizioni/raccolta-risparmio-soggetti-diversi/index.html). Under Section IX (on social lending) of the Provisions on the collection of savings by subjects other than banks, P2P lending is defined as a means of stakeholders requesting repayable funds for personal use or for financing a project through online platforms.
P2P lending is an example for lending-based crowdfunding. Through P2P lenders, investors can obtain a higher return on their capital than savings. This is thanks to the higher interest rates, which reflects the higher risk (there is often no guarantee or security for such a loan). Funded entities tend to receive loans that traditional financial companies are likely to have denied.
The rules on payment institutions (PIs) also apply to P2P lending platforms. To operate in the P2P lending sector, a company must comply with the relevant provisions of the Consolidated Banking Act and with the Supervisory Provisions for PIs issued by the Bank of Italy on 17 December 2013, as amended on 17 September 2019 (see https://www.bancaditalia.it/compiti/vigilanza/normativa/archivio-norme/circolari/c285).
The Bank of Italy sets out limits and conditions for market operators so that the activity of collective financing is consistent with the rules on taking deposits from the public. Moreover, the acquisition of funds by the borrowers through platforms must be carried out based on individual negotiations with the lenders.
All parties involved in the P2P lending (that is, platforms, lenders and, to a limited extent, borrowers) are under some level of control and must comply with the rules governing the various asset reserves (including taking deposits from the public , banking activity, granting of loans to the public, credit mediation and payment services). In particular, those authorised to operate as payment institutions must guarantee the segregation of its funds from those of investors. Additionally, the absence of specific legislation favours the self-regulation option. Through their own decisions (that is, codes of conduct, standards to be respected, and so on), P2P lending platforms are no longer just entities to be regulated, but effectively become part of the regulatory process.
According to the Bank of Italy, P2P lending will most likely not pose a significant threat to the banking system, as it has the potential to stimulate traditional intermediaries to improve their business models and operations.
Crowdfunding
To help crowdfunding services to function smoothly in the national market and foster EU cross-border businesses funding, for crowdfunding offers up to EUR5 million, the EU Commission recently adopted Regulation on European crowdfunding service providers for business ((EU) 2020/1503) (Crowdfunding Regulation). Among others, the Crowdfunding Regulation introduces:
-
A single set of rules (that is, about the organisation, operation and so on) that will apply to crowdfunding services in the EU.
-
A requirement to publish a key investment information sheet for each crowdfunding offer or at platform level.
To ensure consistent application of the Crowdfunding Regulation and Directive 2014/65/EU on markets in financial instruments (MiFID II), and ensure that the same investment activity is not subject to multiple authorisations in the EU, legal persons authorised as crowdfunding service providers under the Crowdfunding Regulation will not be subject to MiFID II’s application.
It is important to point out that Italy was the first EU country to adopt an ad hocregulation on equity crowdfunding (namely, CONSOB’s regulation “on the collection of capital via online platforms”, adopted by means of Resolution No. 18592 of 26 June 2013, as amended).
Initially envisaged for innovative startups only (Law Decree No. 179 of 18 October 2012), equity crowdfunding was gradually extended first to innovative SMEs (established as “simplified” S.r.l), undertaking for collective investments and corporations (società di capitali) that invest in innovative startups (established as “società a responsabilità limitata” or S.r.l.) and in social enterprises (Law Decree No. 3 of 24 January 2015) and, then, to all SMEs (Law No. 232 of 11 December 2016). In particular, SMEs must satisfy at least two of the following criteria:
-
Less than 250 employees.
-
Total assets up to EUR43 million.
-
Annual net turnover not higher than EUR50 million.
Additionally, the following entities can raise capital through online portals, solely in relation to the offer of units of foreign undertakings for collective investments (UCIs) that mainly invest in SMEs:
-
Asset management companies (società di gestione del risparmio) (SGRs).
-
Investment companies with fixed capital (società di investimento a capitale fisso) (SICAFs).
-
Investment companies with variable capital (società d’investimento a capitale variabile) SICAVs.
The expansion has required a strengthening of investors protection measures (that is, the portal mangers’ duty to inform retail professional investors on the right to withdraw (granted solely to the latter) and that to revoke the order (envisaged for all kinds of investors)), as well as an increase of CONSOB’s regulatory powers over the portal managers entered in an ad-hoc register under Article 50-d, paragraph 6, of the Consolidated Financial Act, including the authority to convene their directors, internal auditors (sindaci) and staff members, as well as to suspend their activity by means of a precautionary measure, under certain circumstances.
Following the transposition of MiFID II in Italy, the operation of crowdfunding portals has been submitted to stricter conditions, such as the:
-
Obligation to join a compensation scheme or enter a professional liability insurance scheme to protect investors.
-
Obligation to implement a more detailed conflicts of interest policy.
-
Delegation to CONSOB for the adoption of implementing provisions concerning internal whistleblowing.
During the revision of its regulation on crowdfunding, CONSOB reduced the threshold of the financial instruments to be subscribed by qualified investors in certain specified circumstances. Specifically, there is a lower threshold, equal to 3% (and no longer to 5%), for offers made by SMEs in possession of certified financial statements relating to the two financial years preceding the offer.
According to a report recently presented by Milan Polytechnic, during the first COVID-19 pandemic’s wave, crowdinvesting played a key role in providing liquidity to enterprises, in comparison to the slowness of public and banking bureaucracy. In particular, it deployed about EUR908 million (of which EUR159 million through equity portals and EUR749 million through P2P lending portals).
In relation to crowdfunding, up until November 2020 collection amounted to EUR76.6 million.
To improve investors protection, CONSOB Resolution No. 21110 of 10 October 2019 (published in Official Gazette No. 251 of 25 October 2019), amending its regulation on crowdfunding, was issued in implementation of the 2019 Budget Law (Law No. 145 of 30 December 2018). Among the main novelties, it is worth mentioning:
-
The underwriting of bonds and debt securities issued by SMEs, up to a maximum amount of EUR8 million, is reserved solely to:
-
professional investors;
-
banking foundations;
-
start-up incubators;
-
investors in support of SMEs;
-
those who hold a financial portfolio of more than EUR260,000;
-
those who commit to invest at least EUR100,000 and declare in writing, in a separate document, that are aware of the risks associated with such investment; and
-
to retail investors who are the recipients of a portfolio management or an investment advice service.
-
-
The provision of web boards is included among the activities related to crowdfunding platforms’ management.
-
The offers of financial instruments issued by SMEs and innovative start-ups (that are incorporated as companies under the laws of an EU member state or an EEA country), promoted through online crowdfunding portals.
To ensure that crowdfunding portals are not used for illicit purposes, customer due diligence, data recording and reporting of suspicious transactions to UIF must also be complied with by the financial intermediaries that assist portal managers. In respect of P2P lending, the above obligations must be satisfied directly by crowdfunding portal managers.
Payment platforms
7. How has FinTech resulted in innovations to payment services and how is it regulated?
The impact of the FinTech revolution on payments-related activities concern:
-
Instant P2P payment solutions. Electronic payment solutions that, mostly based on mobile devices (for example, smartphones or tablets) and active at any time, make sums sent immediately available to the beneficiary, regardless of the underlying payment instrument and the clearing and settlement interbank agreements.
-
Service for placing payment orders (or payment initiation service). This allows the payment order to be arranged at the request of the payment service user, in relation to a payment account held with another payment service provider. It implies direct or indirect access of the service providers to the payer’s account and offers a low-cost solution allowing users to make online purchases even without payment cards.
-
Account information service. This allows the user to have immediate access to an overview of its economic and financial situation at any given time, through access to aggregate online information relating to current accounts held at one or more payment service providers.
A common feature of the above services is that the related providers do not hold client funds at any time, and are therefore not required to comply with their own funds requirements. However, they must provide a third-party liability policy or a similar form of guarantee for damages caused in the exercise of the activity deriving from their own or third-party conduits.
Another key feature is that authorised third party service providers will have permission to access all financial data concerning a given consumer, which is currently only accessed by banks and financial intermediaries. Financial data will be accessible to subjects already active in the data market (small, large or very large) and/or to newcomers, allowing a full profiling of the consumer (from a simple categorisation to a prediction of behaviour based on the processing of occurrences of time, place, context and relational network).
On 13 January 2018, Directive (EU) 2015/2366 on payment services in the internal market (PSD2) came into force, which promotes greater competition, efficiency and innovation in the EU payment services market, while strengthening the protection of payment service users, as well as the transparency and security of electronic payments.
In Italy, PSD2 was implemented by means of Legislative Decree of 15 December 2017, No. 218, which modified the Consolidated Banking Act and Legislative Decree 27 January 2010, No. 11 (that transposed PSD1).
In implementing PSD2, as well as in light of the technical regulatory standards developed by the European Banking Authority (EBA) and the EU Commission, the Bank of Italy has recently amended the Supervisory Provisions for PIs and Electronic Money Institutions (IMELs), with regard to, among others, the payment initiation service (provided by the Payment Initiation Service Providers (PISPs)) and the account information service (provided by the Account Information Service Providers (AISPs)). The above amendments, issued on 23 July 2019, were published in the Official Gazette No. 193 of 19 August 2019 (see https://www.bancaditalia.it/compiti/vigilanza/normativa/archivio-norme/disposizioni/disp-ip-20120620/Provvedimento_del_23_luglio_2019.pdf). The main amendments include the following:
-
The content of the schedule of activities, to be filed together with the authorisation application, has been enriched with detailed information, as well as updated in compliance with the new requirements introduced by PSD2.
-
The application to PIs and IMELs of the definition of “own funds” introduced for banks and investment firms by Regulation (EU) 575/2013 on prudential requirements for credit institutions and investment firms (Capital Requirements Regulation), which imposes more stringent criteria for the inclusion of various instruments in the supervisory stock capital and harmonises the treatment of deductions.
-
The requirement to adopt a more effective security system against risks, in particular as far as payments are concerned. In this regard, PIs and IMELs must adopt:
-
specific risk management policies and procedures for security;
-
systems for the prevention and monitoring of security incidents and frauds; and
-
procedures for archiving, monitoring, tracing and limiting access to sensitive data relating to payments.
-
-
The updating and integration of the information that Italy-based PIs and IMELs must provide to the Bank of Italy when they intend to operate abroad. EU operators wishing to provide payment services in Italy through agents are also required to designate a central contact point therein.
-
New detailed regulation of the payment initiation service and the account information service, as well ad of the providers of the latter services.
According to the Bank of Italy’s survey on FinTech, payment services represent the field in which traditional banks and intermediaries are currently making more investments, in particular on:
-
P2P payments initiatives.
-
Payment order services.
-
Instant payment services.
-
Projects that allow the use of payment instruments, mainly payment cards, in an innovative way.
Such effort is aimed at responding to the threat posed by the Big Tech, already equipped to enter the payments business. However, most of the intermediaries have preferred to adopt the instant payment service already offered by the Big Tech, to reduce the costs, avoid the intrinsic complexity of significant technological interventions and, above all, accelerate the launch of the service on the market.
Among the most active Italy-based start-ups, it is worth mentioning Satispay, active in the payment services sector since January 2015, with more than 340,000 users and 44,000 physical and online affiliated sales points throughout Italy. The company has recently announced the launch of a new service called “Savings”, which will be added to the tools that allow the use of an electronic wallet for phone top-ups and payments of public administration related bills (that is, fines, taxes and stamps).
Investment/asset management
8. How is the use of FinTech in the retail investment market regulated?
In the securities market, FinTech technologies and products can be instrumental to improving the quality of services offered to clients, providing an important competitive edge. They can also open opportunities to fully exploit the advantages of an integrated EU market for financial services, since they facilitate the distribution of retail products and services on a cross-border basis.
To date, in Italy no specific regulation is envisaged relating to the use of technologies in the securities market sector and general rules apply.
With regard to investment management, for example, investment services can be provided by FinTech companies only after they have been granted ad hocauthorisation by CONSOB and/or the BoI, as the case may be.
As a key principle, FinTech companies licensed to provide for the above services must act diligently, fairly and transparently (Article 21, letter a), Consolidated Financial Act).
To carry out the receipt and transmission of orders, trading on own account and placing of financial instruments, fintech companies must comply with the appropriateness test principle; and in order to provide portfolio management and/or investment advice services, with the suitability test principle (Articles 40 and 42, Intermediaries Regulation).
FinTech companies providing collective asset management services must also:
-
Operate with diligence, fairness and transparency.
-
Ensure that asset management is performed independently.
-
Acquire knowledge and adequate understanding of the conditions of marketability of financial instruments, assets and other valuables in which it is possible to invest the assets managed.
-
Ensure equal treatment of all investors.
-
Acquire reliable, up-to-date information necessary to formulate provisions and conduct analysis, and define the consequent general investment strategies
(Articles 97 and 98, Intermediaries Regulation.)
Roboadvice is governed by the same provisions that regulate investment advice in general, as it concerns a well-defined transaction relating to specific financial instruments, characterised by a personalised recommendation addressed to a client or group of clients.
The intermediary providing roboadvice is responsible for monitoring and testing the underlying algorithms (Final Report dated 28 May 2018, the European Security and Markets Authority).
Retail investors in Italy still seem reluctant to use roboadvice, due to both an insufficiently sophisticated financial culture and the risks associated with digital investments (such as cybersecurity and improper data processing). Roboadvice is mainly addressed to professional investors.
There are also comparative offer portals (that is, online portals enabling clients a real-time comparison of all the features characterising a given product/service presented by different providers (insurance policy, consumer loan, account deposit, and so on), bots or chat-bots (that is, software designed to simulate a conversation with humans, based on a talk-reply-talk-reply pattern. In the banking services context, chat-bot is commonly used for a “cross-talk” chat, allowing a clearer identification of the customer’s requests and/or management of online routine operations and mobile banking transactions). In addition, technologies for authentication of electronic identity are rapidly spreading, which comprise electronic procedures and tools used for online identification and verification (for example, via webcam) of the client’s personal details, as well as for the validation of credentials’ authentication, allowing the initial registration of the customer and the entire management of the contractual relationship exclusively through remote channels.
9. How is the use of FinTech in wholesale securities markets regulated?
See Question 8.
InsurTech
10. How is the use of FinTech in the insurance sector regulated?
In Italy, the InsurTech phenomenon (that is, digital technologies applied to the insurance market) continues to have great potential for expansion, as it has more than doubled as compared to the last decade, although it remains small compared to the total insurance market.
Technological innovations in this sector are particularly visible in processes, offers of insurance products and their distribution methods, relations with consumers, and even in advertising. To penetrate the market, insurance companies can exploit the constant flow of information on the habits, purchasing trends, lifestyles and physical health of their actual and potential clients, to which they have access.
The approach taken so far by global insurance companies has been to seek agreements with early-stage technology start-ups, or buy them (to acquire innovative know-how or simply to remove competitors). The ultimate goal is to keep the customer with additional services, while extending the classic value chain of the insurance business beyond the compensation/indemnity phase.
At international level, the task of regulators and supervisors in the face of these trends is to protect consumers from insurance companies’ unfair behaviour or from marginalisation due to the digital divide. To do this, they apply the principle of neutral regulation, whereby technological developments do not impact on insurance services regulation, so they apply the same rules to the same activities and risks, but rules should not hinder new technology-driven services that can benefit consumers.
In light of the foregoing, to date there are no regulatory provisions in force in Italy for the InsurTech sector. Along with the Italian Government, the Insurance Supervisory Authority (IVASS) is active at international level (in particular, the EU one) where new rules and technological standards are being defined. The aim is to maintain an adequate level of market and consumer protection, guaranteeing a fair regulatory treatment of existing and new operators, while avoiding regulatory arbitrage, without stopping innovation. To this end, IVASS has started a dialogue with the industry and is striving to raise the quality of the rules and the supervisory action, even through innovative technologies (under the so-called “RegTech”, that is the application of digital technologies to the rules produced by the supervisory authorities).
Examples of InsurTech applications include:
-
The spread of short-term and low-cost policy offers through smart contracts covering driver’s liability
-
Claims handling process of travel insurance (through an interface that also includes the use of WhatsApp).
Innovative models of insurance brokerage are currently being tested, including the offer of policies together with consumer goods sold through online portals or apps.
Cryptoassets
11. What is the legal status of cryptoassets?
There is no national legal framework regarding cryptoassets.
12. How are cryptoassets regulated?
There have been only some legislative initiatives. The general approach focuses on interventions (relating, for example, to supervisory, tax and anti-money) in terms of certain activities with cryptoassets, such as:
-
ICOs.
-
Cryptocurrencies.
-
Cryptoasset platforms and exchanges.
Cryptocurrencies
Cryptocurrencies have raised significant attention so far. The Regional Administrative Court of Lazio held that (see Decision No. 1077 of 27 January 2020), the use of cryptocurrencies is subject to taxation when it generates income.
The Court of Cassation recently ruled (see Decision No. 26807 of 17 September 2020) that the sale of a cryptocurrency (such as Bitcoin) promoted as an investment proposal is regulated by the Consolidated Financial Act governing the public offering of financial instruments (such as prior notice to CONSOB attaching the prospectus to be published). The infringement of those provisions is (according to the Supreme Court) an unauthorised activity, and therefore subject to criminal sanctions.
The Digital Finance Package adopted by the EU Commission also contains legislative proposals on cryptoassets aimed at the regulation on markets in cryptoassets (MICA) and a pilot regime for market infrastructures based on DLTs.
Both proposals will have an immediate impact on each EU member state’s regulatory framework as, once issued in their final version, they will be directly applicable in the EU.
Through them, the EU Commission aims to set out the basis for the development of an EU crypto-asset market, and to become the first major jurisdiction to regulate the latter. It follows a “light approach”, to the extent that it applies requirements already in place in the traditional financial services sector, such as prior authorisation and the obligation to publish an information document (white paper) before to the public offering of crypto-assets.
At national level, on 2 January 2020, CONSOB published its final report on initial coin offerings (ICOs) and cryptoassets exchanges, which follows the public consultation launched in March 2019 (see http://www.consob.it/documents/46180/46181/ICOs_20200102.pdf/cfd5527f-1b49-4937-8ab5-68ae0e2af99f). CONSOB stated that cryptoassets are deemed to be investments as they consist in the digital representation of rights linked to investments in entrepreneurial projects, to be stored and then distributed by means of DLT technologies.
In terms of the offer of tokens on dedicated platforms, and their trading, CONSOB considers it appropriate to adopt a solution that can ensure both the liquidity of investments in cryptoassets and the reliability of the trading platform. Therefore, the token subject to the offer must be admitted to trading on a cryptoassets trading platform listed in a register kept by CONSOB and based outside Italy (if it is subject to a regulatory and supervisory regime equivalent to the Italian one).
13. Have specific anti-money laundering measures been introduced in relation to cryptoasset activities?
Legislative Decree 25 May 2017, No. 90 (implementing the Fourth EU Anti-money Laundering Directive) and Legislative Decree No. 125 of 4 October 2019 (implementing the Fifth Anti-money Laundering Directive ((EU) 2018/843)) extended to exchangers and e-wallet providers, respectively the application of anti-money laundering provisions. Accordingly, exchangers and e-wallet providers must comply with the duties of customer’ due diligence, data storage and reporting of suspicious transactions to the national FIU.
Distributed ledger technology solutions
14. How is the use of blockchain in the financial services sector regulated?
The most commonly recognised blockchain-based solutions are:
-
Distributed ledger technology (DLT). The Group of 30 (which includes experts appointed by the Ministry of Economic Development (MiSE) with the task of developing the Italian Strategy on Blockchain and DLTs) has recently issued some guidelines on DLTs application aimed at ensuring a competitive regulatory framework in Italy (https://www.mise.gov.it/images/stories/documenti/Proposte_registri_condivisi_e_Blockchain_-_Sintesi_per_consultazione_pubblica.pdf).
-
Smart contracts.
-
Virtual currencies (cryptocurrencies). Despite being electronically transferrable, storable and negotiable, they are not issued by central banks (or public authorities), do not constitute legal tender and are not comparable to electronic money.
The exchangers base their business on the sale on their own account and on behalf of others of cryptocurrency in exchange of legal currency, or on connecting their buyers and sellers.
The use of exchangers has been recently subject to anti-money laundering and terrorist financing provisions. The anonymity of those who work in the network and the real beneficiaries of transactions carried out online with virtual currencies (often based in countries or territories at risk) increases the possibility of violating the applicable anti-money laundering laws.
Regulatory authorities must therefore have processes in place to monitor the mass use of virtual currencies, protect investors and ensure that they do not consolidate and become a risk to global financial stability.
-
Initial coin offering (ICO). ICOs make it possible to collect, in digital form, capital for business purposes based on blockchain technology. Specifically, investors pay financial means (generally in the form of cryptocurrencies) to the ICO organiser and receive blockchain-based “coin” and/or “tokens”, created and saved on a new (decentralised) blockchain developed in this context or, through a smart contract, on an existing blockchain.
The following have been object of some legislative and regulatory interventions in Italy:
-
DLT. DLT is defined for the first time as “computer technologies and protocols that use a shared, distributed, replicable, simultaneously accessible, architecturally decentralised and cryptographically based register, allowing for the recording, validation, updating and storage of both unencrypted and further encrypted data that can be verified by each participant, and that cannot be altered or modified” (Article 8-ter, Law No. 12 of 11 February 2019, converting Law Decree No. 135 of 14 December 2018(Simplifications Decree)).
-
Smart contracts. A “smart contract” is a computer programme running on DLT and whose performance automatically binds two or more parties based on parameters defined by the parties themselves. Smart contracts meet the written form requirement after computer identification of the parties involved, through a process that meets the requirements set out by the Agency for Digital Italy (www.agid.gov.it), with guidelines to be adopted within ninety days from the entry into force of Law No. 12/2019. Therefore, smart contracts are currently specifically defined as operating only by means of a DLT, but this does not mean that their use using other technologies is prohibited. Regardless of that legislative effort, some issues relating to the use of smart contracts remain unsolved, including:
-
the difficulty of identifying the applicable provisions in case of lack of consent;
-
how the identity and capacity of the parties to the relevant agreement should be verified;
-
compliance with general principles under the Civil Code, such as good faith, diligence and force majeure; and
-
consumer protection-related issues.
-
-
Virtual currencies. In order to prevent that the virtual currency’s system could facilitate money laundering and terrorist financing, the FIU has recently clarified (see Communication of 28 May 2019) that financial intermediaries must carefully assess cash withdrawals and/or deposit transactions, as well as prepaid credit card ones, connected to the purchase or sale of virtual currencies, carried out for significant amounts in a limited period of time.
-
ICO. In its Final Report on initial coin offerings (ICOs) and cryptoassets exchanges CONSOB pointed out that the ICOs are subject to financial markets regime and are characterised by:
-
use of blockchain technology;
-
payment of tokens with virtual currencies;
-
online advertising and promotion; and
-
the publication of a white paper in which the main characteristics of the proposed transaction and the object of the offer are described in detail.
-
Financial services infrastructure
15. What types of financial services infrastructure-related activities of FinTech businesses are regulated?
To date, there is no specific regulation in Italy of technologies and support services in the financial services sector. The most common infrastructure-related activities are set out below.
Big data
A huge set of data, also stored in various archives, analysed by inferential statistics tools and concepts of identification of non-linear systems to deduce regressions, causal effects and relationships. Unlike traditional management systems, which deal with structured (or structurable) data in relational tables, Big Data also includes semi-structured or unstructured data (for example, data from the internet, such as comments on social media, text documents, audio, videos available in different formats, and so on). One of the most problematic profiles linked to Big Data technology is the impact on personal data protection. Despite not containing specific provisions on Big Data, the GDPR aims at establishing a climate of trust, designed to guarantee the development of a digital economy, by allowing individuals to maintain control over the “processing” of their data by third parties. The informed consent principle has been confirmed as the cornerstone of the privacy regulation, especially in respect of the “profiling” process (that is, data analysis and processing oriented to divide users into homogeneous groups or “profiles”, accompanied by behaviour or characteristics, more and more stringent, to identify the user of that particular terminal).
The Regional Administrative Court of Lazio recently issued two important decisions (namely No. 260 and No. 261 of 10 January 2020), qualifying Big data as an asset with monetary value. In particular, in terms of agreements for the access and the use of a social network service, the economic value of subscribers’ personal data must be deemed as having an economic value. Therefore, the social network providers must comply with the duties of transparency, completeness and accuracy of the information to be provided to subscribers for consumer protection purposes. They must also inform end users in advance that their personal data may be also used for commercial purposes.
The Bank of Italy is currently testing techniques to improve prevention and identification of risks to financial stability, by using innovative methodologies, such as Big Data and machine learning. Moreover, the Bank of Italy has recently launched a project to integrate traditional data control programmes with new machine learning and artificial intelligence techniques.
Artificial intelligence
A National Strategy on Artificial Intelligence, recently issued on the basis of a work carried out by the “Group of 30” experts appointed by the MiSE, aims at drawing up a coherent plan to allow Italy to maximise the benefits of digital and technological transformation (which is one of the key points of the action identified by MiSE itself to promote innovation and competitiveness of enterprises within Italy).
Cloud computing
-
Three types of cloud computing can be distinguished according to the services offered:
-
Software as a Service (SaaS).
-
Platform as a Service (PaaS) (Platform as a Service).
-
IaaS (Infrastructure as a Service).
Under Regulation (EC) 593/2008 on the law applicable to contractual obligations (Rome I), cloud computing agreements must apply the law of the EU member state in which the consumer resides. Accordingly, the Consumer Code (Legislative Decree 206/2005) applies to such technology if such a service is provided to a consumer based in Italy.
Open banking
Provision of banking services through open standards application programming interfaces (open standard APIs) that allow the development of applications and services that make use of the data and functions offered by a financial institution’s technological infrastructure.
The PSD2 gave European legal citizenship to Open banking models, based on the sharing of bank data among different operators. PSD2 requires banks to allow third party providers access to payment accounts, thereby breaking banks’ monopoly on payment data, thereby reducing the cost of financial services.
The EU Commission has recently announced the launch, by the end of 2021, of a comprehensive review of PSD2, as well as a legislative proposal for a new “Open Finance” framework by mid-2022.
Regulatory compliance
16. What are the key regulatory compliance issues faced by FinTech businesses?
For the FinTech regulatory framework, market operators experience uncertainty as the regulatory regime evolves towards a more definite, consistent and harmonised set of rules. In particular:
-
FinTech start-ups face the challenge of entering a market that is not specifically regulated, but is generally governed by the same rules that apply to traditional financial services.
-
Crowdfunding platforms emphasise the difficulty of clearly defining the borders beyond which regulated banking and financial services are performed, thereby incurring the risk of criminal penalties. The rules governing the provision of banking and financial activities were conceived for a traditional type of operation, and do not consider the innovative methods of today. The lack of incentives for investing through crowdfunding platforms also restricts the growth of crowdfunding in Italy.
-
Payment services and automated customer services providers ask for standard rules governing the use of biometric technologies and customer authentication, and a simplification of the anti-money laundering obligations of identification and customer due diligence. They suffer the uncertainty of the regulatory framework for digital signatures and no globally harmonised regulation on the use of useful technological tools for customer identification (for example, webcams). Also, the rules laid down to combat tax evasion at cross-border level are perceived as an obstacle to the adoption of FinTech solutions, since they complicate operations in the relevant markets and indirectly hinder the use of tools and technologies for the conclusion of contracts and remote operations
-
In terms of data protection, post-GDPR, for incumbents the requirement to verify and update information assets they hold is a last call to recover lost ground in data management, and for new market entrants it is an additional opportunity to enter the market, as they have higher capabilities to process data.
-
In terms of Open banking, there are challenges regarding the protection of payment account holders’ data, due to of their accessibility by third party-providers (TPPs), including payment initiation service providers and account information service providers. There is not only a risk of unlawful use of the above data by TTPs, but also that of fraud. In the event of an unauthorised transaction, TTPs are held liable to the account holders for any occurred losses, if they do not prove to have adopted adequate safety safeguards (strong customer authentication).
Anti-money laundering
Legislative Decree No. 125/2019 provides for:
-
The identification of a set of suitably tested measures and periodic reporting requirements, to be implemented by banking and financial intermediaries in relation to clients operating in countries at high risk of money laundering.
-
Amendments to the treatment of sanctions and procedures for imposing sanctions.
-
The prohibition on the issuance and use of anonymous electronic money products.
-
The refusal of the authorisation of the activity or the opening of branches of Italian intermediaries in countries with a high risk of money laundering.
On 29 July 2020 a public consultation ended, which was launched by the EU Commission on a draft AML Action Plan (adopted on 7 May 2020), by proposing a wide-ranging set of actions based on the following six pillars:
-
Effective implementation of existing EU rules.
-
A single EU rulebook.
-
EU-level supervision.
-
The establishment of a support and coordination mechanism for EU member states’ financial intelligence units.
-
Better use of information to enforce criminal law.
-
An enhanced role of the EU at global level.
Know-your-customer (KYC)
One of the main short-term advantages of FinTech is the potential facilitation of online relationships with customers, to the extent to which it allows companies to establish digital relationships with their customers. This is essential for the creation of an EU single market for retail financial services. However, the cross-border provision of financial services cannot take place until customers go to the suppliers’ offices and are duly identified, receive paperwork information and sign the contracts. In this respect, the innovators are developing new ways of identifying and authenticating customers and RegTech is working on changing markets by automating controls on companies, people and identification documents to meet the KYC requirements through remote identification and addressing fraud issues.
The use of electronic identity schemes under eIDAS will make it possible to open an online bank account, by satisfying the actual requirements for checking and verifying the customer’s identity for know-your-customer or adequate verification purposes, and strengthening the security of electronic transactions. However, market operators face the uncertainty of the timing for the issue of EBA’s technical standards and guidelines and the operational complexities associated with the performance of the Account Information Service (AIS) and the Payment Initiator Service (PIS). The importance of the clarity and completeness of the information to be provided to consumers is generally perceived, especially in a context where discussion with customers takes place through virtual channels. It is therefore important to define a specific regime that takes into account the new requirements for consumer protection and overcomes the uncertainty of interpretation of the current rules.
Cyberattacks
A particular issue is the risk of cyberattacks (that is, malicious actions that exploit the vulnerabilities of an IT device, or of the code that allows its functioning, to stop the operation, obtain undue access to the data that it holds or compromise its integrity).The financial system is a prime target for cyberattacks, which are normally motivated by profit or by the intention to disturb its orderly functioning. The target is wide because of its intensive use of information technology, the damage a cyberattack can cause is great and a systemic fallout is always possible.
For this reason, the EU institutions and the supervisory authorities pay growing attention to cyber risks.
On 24 June 2018 Legislative Decree No. 65/2018 entered into force, which transposed Network and Information Systems Directive ((EU) 2016/1148) (NISD) into national law. NISD imposes measures that organically establish a common level of network security and information systems in the EU, with the aim to reduce the risk of cyber incidents, as well as to promote the continuity of essential services (energy, transport, health, and finance) and digital ones (search engines, cloud services, and e-commerce platforms). A special feature is the notification obligation to the essential service operators (Operatore di servizi essenziali) (OSEs), public or private organisations operating in (among others) banking, financial market infrastructure and digital infrastructure. Digital service providers (that is, e-commerce, search engines, and cloud computing) must adopt technical and organisational measures appropriate to the risk management and prevention of IT incidents.
The Ministry of Economy and Finance is the competent governmental authority for banking and financial market infrastructures in terms of cybersecurity (in collaboration with the Bank of Italy and CONSOB).
The Bank of Italy and the IBA have recently sponsored the establishment of the Italian Financial Cybersecurity Unit, which co-ordinates information sharing and cyber-threat intelligence among participating financial companies, allowing them to share critical information and raise the awareness of cyber risks.
17. When traditional financial services firms and FinTech firms enter into partnerships or other arrangements, what are the key legal, regulatory and practical issues they need to consider?
FinTech entities do not encounter any additional regulatory barriers in entering into partnerships with traditional financial services providers. These arrangements are becoming increasingly common as a way for incumbents to tackle the risk of losing market share in favour of new operators that often have more agile structures and can quickly adapt to a changing environment. FinTech firms also have a competitive advantage in dealing with massive volumes of data on firms and individuals, which can then be used in providing banking and financial products (for example, for credit screening purposes).
As far as outsourcing is concerned, in the process leading to the identification of an eligible outsourcee, the outsourcer must assess if the outsourcee has the necessary competence, capacity and authorisations to carry out the outsourced functions in a professional and reliable manner. Once the relationship is established, the outsourcee must inform the outsourcer of any event that may affect its ability to efficiently perform its obligations.
The outsourcer, on the other hand, must put in place internal control systems designed to protect its clients from the risks from the outsourcing of back-office functions (as the outsourcer remains fully liable towards its clients in terms of the outsourced functions).
18. Do foreign FinTech entities intending to provide services in your jurisdiction encounter regulatory barriers that are different from domestic FinTech businesses?
The rules applying to foreign entities in the FinTech industry are the same as those that must be complied with by domestic FinTech entities.
The Head of the General Directorate for Financial Supervision and Regulation at the Bank of Italy has recently pointed out that “the desired outcome is the development of a more future-oriented regulatory framework embracing digitisation in order to create an eco-system in which FinTech can develop and spread, benefiting from the European single market without compromising financial stability or consumer and investor protection”. The EBA has also taken steps in this direction, constructing, at the request of the European Commission, the FinTech Roadmap, which sets out the FinTech priorities for 2018/2019.
However, as rules and practices are not yet harmonised at both EU and international level, intermediaries can choose to establish themselves in an EU member state where the regulations allow for greater flexibility, and then operate in other EU countries by taking advantage of the EU passport. The Bank of Italy has therefore highlighted that this may threaten the stability of financial firms and, in turn, that of their clients. Indeed, an excessively restrictive regulatory environment or an excessively rigid approach on the part of NCAs risks to create a situation that encourages new firms to relocate and digital expertise to flee. The PSD2 therefore strengthened the framework for co-ordination among NCAs and has introduced measures to limit “licence shopping” (for example, by requiring an operator that receives an authorisation in a given EU member state to conduct its business only in that state) (see Question 16 and Fintech: Supervisory Authority’s role in a changing market).
19. What steps can be taken in your jurisdiction to protect FinTech innovations and inventions?
FinTech innovations and inventions cannot usually be patented in Italy.
Financial schemes, plans, principles or methods are therefore excluded as such from the concept of “patentable invention”.
European patents can be granted for any inventions in all fields of technology if they are new, involve an inventive step and are capable of industrial application (Article 52, European Patent Convention (EPC)).
The guidelines issued by the European Patent Office (EPO) suggest that business methods can be patented if they have a technical character. In most cases, the EPO’s examination boards and boards of appeal refuse patent applications on commercial methods due to lack of inventive activity under Article 56 of the EPC.
Banks and FinTech companies cannot easily protect technological innovations with patents. Innovations in the sector can therefore easily be imitated by competitors.
The MiSE recently set some criteria for assigning vouchers to innovative start-ups to finance consulting services necessary to enhance and protect their innovation processes through a patent for industrial invention.
Government initiatives to support FinTech
20. To what extent has the government in your jurisdiction sought to create a more favourable regulatory environment for FinTech businesses?
According to the OECD Report on blockchain for SMEs and entrepreneurs in Italy dated 10 September 2020, there is a substantial separation so far between actions taken by the government (and the relevant Ministries, MEF and MiSE) and those of regulatory authorities in promoting and supporting the development of FinTech.
Government initiatives
The government set up (by means of the Growth Decree) the Fintech Committee, comprising representatives of MEF, MiSE, the BoI, CONSOB, IVASS, AGCOM, DPA, the Digital Agency for Italy and the Tax Agency. The FinTech Committee aims to identify objectives, define programmes, promote the boost of FinTech in co-operation with EU and foreign NCAs, and make law proposals to the government.
Moreover, for the purpose of establishing a competitive regulatory framework and enhancing public and private investment in blockchain and DLT, a public consultation by MiSE ended on 20 July 2020. It contains a proposal for an Italian strategy, for the adoption of the DLT and blockchain technology by enterprises, public administrations and citizens.
Regulatory initiatives
Regulatory authorities have been increasingly active in launching initiatives aimed at raising awareness on the topic both with the academic world and by organising FinTech roundtables.
BoI’s FinTech Milan Hub. Regulators officially launched on 4 December 2020 BoI’s FinTech Milan Hub, dedicated to experimentation, selection of contributions from independent Italian and international experts and enterprises, collaboration with institutions and universities, and dialogue with market operators. In this context, the BoI’s team of experts has already assessed 20 eligible projects in terms of their potential for innovation, and their compliance with the current regulatory framework. These projects involve the use of machine learning and/or big data for the automatic reading of provisions or macroeconomic analysis.
BoI’s Canale FinTech. In addition, through the BoI’s Canale FinTech, established on 29 November 2017, FinTech operators can present financial services projects that contain innovative features regarding the type of services offered and the technology used to deliver them. This is to ensure a forward-looking approach to encourage innovation processes at regulatory level.
A crucial point is still licensing. In particular, the licensing process allows the BoI a unique insight into developments in this field, where the push for innovation meets the need to protect the public interest. The various FinTech initiatives usually generate projects that require a bank licence or (more often) an authorisation to operate as payment or e-money institutions. The launch of FinTech initiatives through payment or e-money institutions is the most frequent way to enter the financial services market, in particular those consisting of creating a payment institution to support lending crowdfunding platforms, where payments can then be completed using electronic money products.
21. Are there any special regimes in place to facilitate access to capital for FinTech businesses?
The main initiatives to facilitate access to capital for FinTech businesses include the following:
-
Smart&Start Italia (established by means of a Ministry of Economic Development Decree of 24 September 2014). Smart&Start Italia introduced measures to promote entrepreneurship, and financing for the production of goods and exchange of services with high technological and innovative content. The Relaunch Decree (namely, Legislative Decree No. 34 of 19 May 2020) recently increased the Smart&Start Italia’s budget to EUR100 million. The Relaunch Decree allocated for 2020:
-
EUR10 million for the granting of facilities to innovative start-ups in the form of non-repayable contributions for the provision of services by incubators, accelerators, innovation hubs, business angels and other public or private entities; and
-
EUR200 million for the Venture Capital Support Fund (an alternative securities FIA set up and managed by an asset management company, reserved to professional investors, whose units are reserved for subscription to the MiSE).
-
-
The Central Guarantee Fund (Fondo Centrale di Garanzia) which consists of a public guarantee for financing from banks and other intermediaries in favour of (among others) start-ups.
22. Is the government taking measures to encourage foreign FinTech businesses to establish a domestic presence?
See Question 20.
Cross-border provision of services
23. Are there any special rules that affect the cross-border provision of financial products or services by both domestic and foreign FinTech businesses?
There are no special rules that affect the cross-border provision of financial products or services by both domestic and foreign FinTech entities.
The future of FinTech
24. What regulatory measures or initiatives may affect FinTech in your jurisdiction in the future?
In his concluding remarks, upon presentation of the BoI’s Annual Report on 29 May 2020, the Governor of the Bank of Italy pointed out that “the Authority is taking different actions in several way to tackle the changes led by technological innovation in financial services” (https://www.bancaditalia.it/pubblicazioni/interventi-governatore/integov2020/cf_2019.pdf).
In this respect, it remains to be seen how the establishment of the BoI’s Milan hub (see Question 20, Regulatory initiatives) will benefit actual and potential FinTech businesses in Italy.
Moreover, within the context of the ongoing health emergency, it is essential that incumbents and new FinTech businesses will co-operate with each other to meet the increasing enterprises’ need of liquidity. Banks can therefore simplify procedures to allow enterprises to have access to the liquidity measures set out by the Italian Government, while FinTech businesses can strengthen their efforts to innovate the credit market, leveraging on digitalisation. However, if partnerships between incumbents and new FinTech businesses can foster the development of flexible and innovative solutions, allowing them to quicky respond to market needs, there are potential risks, including cyber-risks. It will therefore be a challenge to focus on the interactions between digital and privacy breaches. This implies a strengthening of the compliance function (which will continue to be a key function for intermediaries).
Contributor profile
Giovanni Carotenuto
Carotenuto Studio Legale
T +39 8557912 E gcarotenuto@carotenutolex.com W www.carotenutolex.com
Professional and academic qualifications. Admitted to appear before the Italian Supreme Court, 2013. Admitted to the Italian Bar, 1999; LLM, European Law, Queen Mary College, University of London, UK (with merit), 1997; JD, Law, Università degli studi di Napoli “Federico II”, Naples (summa), 1995
Areas of practice. Banking and financial services regulation; FinTech; corporate/M&A; securities litigation.
Recent transactions
-
Regularly assisting global financial institutions, investment firms, asset management companies and large corporations doing business in Italy, on various contentious and non-contentious matters, including:
-
drafting and negotiation of contracts;
-
assistance in licensing procedures before EU and Italian competent authorities;
-
advising on new products, internal organisational models, corporate governance policies, compliance and anti-money laundering procedures; and
-
representing clients before independent authorities within the ambit of administrative sanctioning proceedings, as well as in court for alleged breach of applicable laws and regulations (for example, rules of conduct, investor protection, short selling, and market abuse).
-
-
Assisting in corporate/M&A transactions, group reorganisations, sales of a going concern, and transfer of fund portfolio investment management contracts.
Languages. Italian, English
Professional associations/memberships. Pro Bono Italia, Co-founder and Chairman; IBA; Simpson Thacher & Bartlett LLP Alumni Association; Queen Mary College Alumni Association; AEDBF (Associazione Europea per il Diritto Bancario e Finanziario).
Publications
-
On the sustainable finance disclosure obligations in the financial services sector, Mondaq (March 2021).
-
More stringent suitability requirements for Italian intermediaries’ corporate officers, Mondaq (February 2021).
-
How UK FinTechs (and InsurtTechs) may operate in Italy after Brexit? Mondaq (January 2021).
-
ITALY: The launch of the Bank of Italy’s “Milano Hub”, Mondaq (December 2020).
-
Towards a more digital Europe, Mondaq (October 2020).
-
The actual and potential use of blockchain by Italian entrepreneurs, Mondaq (September 2020).
-
“Product intervention under MiFID II/MiFIR”, Diritto Bancario (September 2017).
-
“Fundraising Terms and Conditions: Legal Development in Key Countries”, in “Private Equity and Venture Capital: Regulation and Good Practice”, Risk books (April 2014).
-
“How Italy’s new anti-money laundering laws affect you”, Law360° (February 2014).