FINTECH REPORT 2020 - setterwalls.se · Setterwalls FinTech Forum on 19 November 2020, Sturegatan...

FINTECH REPORT 2020

SETTERWALLS - FINTECH REPORT 2020 SETTERWALLS - FINTECH REPORT 2020

1 2

Fintech Report 2020 Joacim Johannesson, Andreas Löfholm, Fredrik Roos

FINTECH REPORT 2020

03

05

13

17

21

24

Introduction

Finding the right partner in times when cyber security threats and protectionism/national security is on the agenda – a matter for companies to prioritise

Virtual- and cryptocurrency – A guide to identify whether your business may be subject to anti-money laundering regulation

Five steps to facilitate service contract negotiations with the banks (and other large financial actors) – how to prepare for an optimal process

Oops, do we really need a SFSA license?

Fair treatment of customers in financial services in the new technology era


3 4

In light of this, our FinTech Report 2020 has this year focused on things that we believe are ”hot” and interesting to share from a legal point of view in a post COVID-19 era. Thus, we hope you enjoy the following articles: I. Finding the right partner in times when cyber security threats and protectionism/

national security is on the agenda – a matter for companies to prioritise II. Virtual- and cryptocurrency – A guide to identify whether your business may be

subject to anti-money laundering regulationIII. Five steps to facilitate service contract negotiations with the banks (and other

large financial actors) – how to prepare for an optimal process IV. Oops, do we really need a SFSA license?V. Fair treatment of customers in financial services in the new technology era

In addition, we will after the summer publish an article on the new EBA guidelines coming into force this summer, which further affects IT outsourcing in the financial sector. Stay tuned!

Last but not least, we want to give you a heads up to save the date for our next Setterwalls FinTech Forum on 19 November 2020, Sturegatan 10, in Stockholm. Depending on the situation at the time, the Fintech forum may take place both physically or electronically or both – in either case, put it in your calendar!

We hope you enjoy the Setterwalls FinTech Report 2020 and we look forward to seeing you at the Setterwalls FinTech Forum this fall.

Yours sincerely,Joacim JohannessonPartner, and Head of Setterwalls’ FinTech team

FinTech Report 2020 – 2020 is the year of COVID-19 and its effect has been significant on people, business and legal issues (I say no more on that since so many others have already said it all). But 2020 has so far, for those who act within the fintech sector, also been the year of nationalism, cybersecurity and more regulatory burden than ever – all of which require great skills of the business facilitators to make necessary deals come through.

We have the pleasure to present yet another issue of Setterwalls’ FinTech Report in which members of the Setterwalls FinTech team comment on topics in relation to the different areas of the sector.

Even though it has been a tough start for entrepreneurs as well for the fintech sector as a whole in 2020, things are moving forward but at a different pace and yet there is much to expect for the future when things go back to normal. Not only have we seen the Central Bank of Sweden (Sveriges Riksbank) initiate a pilot of a potential issue of e-currency (the e-krona) but also nations and companies have started building walls and protections against unwanted partners/investors (i.e. restrictions for Huawei) plus that the burden of getting the deal done and all aspects to consider have never been more challenging. The latter has been far from easy for companies striving for better services and values, yet tomorrow is another day and those who are well prepared and have done their homework will overcome barriers and competition (and even Covid-19) in the end.

Introduction


5 6

Finding the right partner in times when cyber security threats and protectionism/national security is on the agenda – a matter for companies to prioritise Digitisation is probably the biggest factor of change in our time and it has affected every part of modern society. At a staggering rate, it has paved the way for huge advances in many fields, such as communications, fintech, healthcare and scientific research. The advances in technology have also improved availability and ensured operational benefits at reasonable costs. In this COVID-19 era it has never been more relevant, and it will be interesting to see what post COVID-19 will offer.

Around the world, companies, banks and authorities are seeing the benefits of using streamlining technology – such as cloud services – in their day-to-day business. However, the increased use has resulted in a debate, both in Sweden and within the EU as well as in the USA, of whether such usage – where cloud service providers are located outside of the EU – is consistent with national and EU law with regard to matters such as privacy and classified information. The debate has in turn contributed to raise the level of awareness among companies and authorities that are about to enter into new collaborations.

In general, there is a high maturity on the market when it comes to negotiating new cooperation and commercial agreements. Provisions that govern issues such as service levels, liability, strategies for exit etc. can typically be found in any template cooperation agreement. The importance of addressing such issues is thus widely known. At the same time, we believe that issues of equal importance are often overlooked. While a tailored and airtight agreement can serve as a stable foundation

for a new partnership, it is just as important to bear the bigger picture in mind, to look beyond the written agreement and to consider issues such as finding the right partner and making high-level risk assessments, even for issues/circumstances which have not been on the agenda historically but certainly is on the agenda today.

Another issue that in our view, at least in the past, has been devoted little attention is cyber security. Due to the increasing number of Swedish companies that have experienced repeated exposure to cyber attacks – not seldom from foreign, state owned companies – it has become a hot topic for discussion. Among the issues that currently and for some time are debated is the suitability of Swedish companies and authorities providing data (perhaps even data that can be critical to the public) to private companies or other countries. Transfer of such data could open up for a general vulnerability, increased risks for unauthorised access and difficulties with security clearance. In order to minimize such risks, the Swedish legislature has in recent years taken steps towards passing a number of laws that directly aim at cyber security and the possibilities of reviewing foreign direct investment in Swedish companies.

Conflict of interest between cyber security and foreign direct investment

With cyber security raised on the political agenda, issues such as outsourcing and ownership of procured companies are discussed at an ever-growing rate, not only in Sweden but within the EU. The issues discussed are also intertwined with the question of foreign direct investment in IT infrastructure and businesses related to activities that are, or can be, of a security sensitive nature.


7 8

For a country like Sweden – with a small open economy – trade with other countries is essential for maintaining high competitiveness. Trade is also a prerequisite for making the economy grow and develop. Economic growth is in turn dependant on foreign direct investment since it helps create new jobs and increase incentives for employment in general.

Even though foreign direct investment is important and contributes to a flourishing economy, higher attention has been brought to the risks involved when foreign companies (with a large state ownership) acquire or invest in companies who are active in more security-sensitive sectors, such as IT and communications services or construction of defence facilities. Depending on the activity in question, foreign ownership could potentially have a lasting impact on a country’s cyber security and general vulnerability. The weighing of such factors thus creates a conflict of interest between, on the one hand, attracting greater foreign investments and, on the other, keeping a robust cyber security and reducing the general vulnerability.

The rise in discussions regarding cyber security and foreign direct investment in recent years has prodded the Swedish Government to initiate a series of Official reports in order to propose new mechanisms for screening foreign direct investment.

Current legislation on screening mechanisms in Sweden

In Sweden, screening mechanisms that restrict the right for companies to transfer or acquire certain property are uncommon. Unlike other European countries, Sweden has no general mechanism for screening investments in all security sensitive or supply critical business areas. Furthermore, Sweden has no tradition of applying so called ”golden shares” that hold special rights and would entail, for instance, that the government would have control over the ownership structure and/or decision-making in a company.

During the 1980’s, provisions in the Act (1982:617) on Foreign Acquisitions of Swedish Companies etc. made it possible for the Government to restrict foreign companies from purchasing shares in limited companies, partnerships and businesses conducted in Sweden. The screening mechanism applied, however, only to the purchase of shares in existing companies; there were no limitations on the right to form new companies.

The Act from 1982 was repealed a decade later after a new Government had taken office. At the time, the Government’s outspoken goal was to fully bring Sweden into the European Community and to break the economic stagnation and re-establish Sweden as a business nation with a strong and growing economy. Investments in the country were therefore considered to have precedence over the screening mechanisms that previously had been introduced.

At present, there are only limited possibilities to influence or prevent foreign direct investment in companies or businesses that handle critical infrastructure and security sensitive data and technologies. Swedish authorities have however, for a long time emphasised that security issues may arise when foreign companies invest in security sensitive sectors. They have also addressed the lack of a regulated screening mechanism as a significant shortcoming.

Development within the EU

The development within the EU in recent years has resulted in an increasing number of Member States to introduce, or that are about to introduce, screening mechanisms for direct investment from third countries. The European Commission has also highlighted that the new international investment patterns, from e.g. state controlled and state funded companies, impose increased demands on ensuring that foreign direct investment does not threaten public security or public order in the EU and its Member states.


9 10

It is against this background that the European Parliament on 19 March 2019 adopted Regulation (EU) 2019/452 on establishing a framework for the screening of foreign direct investment into the Union. One of the main goals of the regulation is to create a legal framework for the screening of foreign direct investment in the Union with regard to security or public order. The regulation clarifies the legal situation regarding the right of Member States to introduce, maintain and amend national screening systems. It also establishes certain minimum requirements. For example, the regulation stipulates that member states have the right to review foreign direct investment for security or public order in accordance with the general and security exceptions provided for in the WTO agreements. Apart from security and public order concerns, reviews of foreign direct investments would thus be permitted if a member state deems it necessary in order to protect human or animal life or health, the privacy of individuals in relation to the processing of personal data and confidentiality of individual records and accounts, etc.

The regulation does not require member states to introduce national screening mechanisms for foreign direct investment. Nor does it circumvent the right of the member states to decide for themselves which foreign direct investment that should be allowed in their territory. However, if the Member states intend to introduce national screening mechanisms, the regulation provides that national legislation must comply with the requirements of the regulation.

The regulation furthermore requires that all member states, upon request, provide information to the other member states or the European Commission on planned or implemented foreign direct investment in the member state. The duty of disclosure relates to details such as the ownership structure of the foreign investor and the company covered by the investment, the business activities of the parties, the investment value and financing, the products and services sold, as well as information

in which member states they conduct relevant business activities. In addition to this disclosure, member states shall attempt to provide supplementary information to the extent available. The regulation also gives member states the right to request the same information as was requested from the foreign investor or from the company covered by the investment.

Member states, which have implemented national screening mechanisms, shall report annually on their application. All member states are also required to report, at an aggregated level, the investments made in their territories and to provide information on the petitions received from other member states in accordance with the information requirements of the regulation.

The regulation entered into force on 11 April 2019 and shall apply from 11 October 2020.

New legislative steps taken in Sweden

It is not only at an EU level that the new international investment patterns have led to an increase in legislative initiatives. Over the past year, no less than five official reports relating to the issues of foreign direct investment, its potential impact on securitysensitive activities and the introduction of screening mechanisms have been initiated by and presented to the Swedish Government. The Government has also, as a direct consequence of the new EU Regulation and COVID-19, presented many legislative proposals on the matter.


11 12

• In an official report regarding Sweden’s total defence, the appointed commission of inquiry has proposed that a government controlled screening mechanism should be introduced, giving the Government the possibility to review and ultimately condition or prohibit transfers of property that is considered to be of material interest to total defence. Such a screening system would apply to ports, airports and real estate in areas with geographical conditions of vital importance to the military defence.

• On 22 August 2019, the Government appointed an inquiry chair to investigate, analyse and give proposals as to the design of a Swedish screening mechanism for foreign direct investment. The purpose of the screening mechanism is to control the strategic acquisitions of companies based in Sweden whose business or technology has significance for security or public order.

• Under the Government directive, the inquiry chair shall present proposals as to

− which foreign direct investment should be subject to a screening mechanism,

− the conditions under which foreign direct investment could be prohibited and the possibilities to impose conditions for allowing a foreign direct investment,

− which existing authority should be responsible for reviewing foreign direct investment,

− necessary adjustments and supplementary provisions for the application of the EU regulation on establishing a framework for the screening of foreign direct investment into the Union, and

− the adoption of necessary statutory regulation.

The inquiry chair shall present its final proposals regarding the implementation of a Swedish screening mechanism by 2 November 2021.

• On 1 December 2019, new prerequisites for obtaining permission to use radio transmitters and permission to transfer or lease such permits were introduced in the Swedish Communications Act (2003:389). The law now provides that a permit to use radio transmitters shall be given if the radio use presumably will not cause harm to Sweden’s security. The law further states that a permit may be combined with certain requirements that are of importance to Sweden’s security. A permit or certain requirements may, however, be revoked or changed immediately if the radio use has harmed Sweden’s security or it can be assumed that the radio use will cause such harm.

• On 6 March 2020, the inquiry chair presented proposals on adjustments and supplementary provisions for the application of the EU Regulation. The inquiry chair also proposed that the Inspectorate of Strategic Products (“ISP”) should be the contact point in Sweden for issues related to the EU Regulation and the responsible authority in a future Swedish screening mechanism.

• On 4 June 2020, the Government instructed the Swedish Defence Research Agency to conduct a study regarding foreign direct investments in security sensitive activities in order to improve the knowledge of, and identify risks related to, such investments. The study is to be conducted in collaboration with the ISP, the Swedish Security Service and the Swedish Armed Forces. The study aims at presenting the inquiry chair with information regarding foreign direct investments in the work leading up to the final proposal in November 2021. The study will be concluded by 30 November 2020.

• The Government has further decided to follow the inquiry chair’s recommendation to appoint the ISP as contact point under the EU Regulation and has instructed ISP to make the necessary preparations for that assignment. In relation to this decision, the Government has issued a legislative proposal to the Council on Legislation, which includes provisions on the ISP’s mandate to request the foreign investor or the undertaking in which the foreign direct investment is planned, to provide certain information or documentation. The new legislation is proposed to enter into force on 1 December 2020.

The Government will also present new legislation that will give supervisory authorities the possibility prohibiting sale of companies, conducting businesses crucial to Sweden’s national security. Any sale of such a company in violation if the authority’s prohibition will be considered invalid. A legislative proposal to amend the Protective Security Act is to be presented after the summer.

Why cyber and national security may be a matter of priority for Swedish companies

From our view, it is apparent that the recent change in international investment patterns, along with an increase of cyber attacks, has attracted the attention of the


13 14

European Parliament as well as the Swedish Government and legislature. With an increased interest in the implementation of new screening mechanisms, it is also possible to detect a shift from the more investment friendly position in the early 1990’s, to a more protectionist approach.

As we have just stepped into a new decade of the 21st century, digitisation is moving faster than ever. Apart from the vulnerability of cyber security, digitisation has brought with it issues regarding privacy, processing of personal data and surveillance. Issues that are becoming increasingly important to ordinary citizens. Digitisation together with new investment patterns from countries like China and Russia – where matters regarding surveillance and privacy is handled somewhat questionable – has led to a higher awareness among EU member states. This awareness and reflection over the potential risks with foreign investments has in turn contributed to the demand for a new regulation.

While it still is important for Swedish companies to keep on being competitive and attract foreign investment in order to generate growth, the legislative steps taken recently both on a national and EU level, illustrate that it is of equal importance that companies make high-level risk assessments (especially with regard to cyber security) before entering new collaborations. Finding a trustworthy partner is just as important as managing the finer details of cooperation and commercial agreements. The pending legislation may serve as a foundation for reducing the general vulnerability from cyberattacks and unwanted influences from foreign states, but at the end of the day, it will still be up to the companies themselves to ensure that adequate measures are put in place to protect information that might be crucial to the company’s business or its customers. Measures that by default focus on cyber security should therefore not only be a matter of priority for the legislatures, but also among Swedish companies.

Joacim Johanneson PARTNER | STOCKHOLM

Rikard ArnörASSOCIATE | STOCKHOLM

Virtual- and cryptocurrency – A guide to identify whether your business may be subject to anti-money laundering regulationIntroduction

In January 2020, the fifth Anti-Money Laundering Directive was implemented in Sweden, (the “5AMLD”) through revision of 14 different laws. Revisions deemed necessary because of i.a. terrorist attacks in Europe and technological advancements regarding virtual financing where so-called virtual- and cryptocurrencies have been proven to be used by criminal networks.

The effect of the 5AMLD is that persons or companies offering i.a. currency exchange services or platforms for virtual and cryptocurrency, will have to comply and undertake the required actions as necessary in accordance with all anti-money laundering regulations. This guide may help you to identify whether the 5AMLD and its implementation in Swedish law applies to your business.

A step by step guidance

First step: what is deemed as virtual currency?

All virtual currencies have the following in common and this can be used as a checklist to identify whether the means of payment can be deemed as virtual currency. However, please note the exceptions in the second step. Virtual currencies;


15 16

• are not issued nor guaranteed by a central bank or a public authority,

• are not necessarily attached to a legally established currency (legal tender),

• do not possess the same legal status as currency or money,

• are accepted by natural or legal persons as a means of payment, and

• can be transferred, stored and traded electronically.

Cryptocurrency is a sub-group of virtual currencies. One of the best-known virtual currencies is Bitcoin, which is a decentralised virtual currency that can be exchanged for a legal tender, such as the euro. It was also the first cryptocurrency, i.e. a virtual currency based on encryption algorithms. A cryptocurrency is built on public and private keys by which value is transferred from one person to another and which are encrypted prior to every transaction.

Furthermore; virtual currencies can be roughly divided into three categories.

A. Payment instrument-like virtual currencies Virtual currencies originally planned as alternatives to traditional currencies as well as intended to be used as payment instruments elsewhere than together with and for its issuer’s services. The best-known payment instrument-like virtual currency is Bitcoin.

B. Virtual currencies used as payment for a certain commodity (utility coin) Virtual currencies that can be used to pay (only) for its issuer’s products or services. Like a coupon or a gift card, but virtual.

C. Financial instrument-like virtual currencies Virtual currency that have features in common with securities such as company shares, e.g. voting and ownership rights or expected returns. These kind of virtual currencies may also be referred to as “security tokens” or “virtual assets”.

In addition, hybrid models combining different features described in A-C above have also been observed on the market.

Second step: does an exception apply?

As have been explained above, virtual currency is a broad umbrella term for a lot of different kinds of virtual means of payment. 5AMLD has therefore outlined two exceptions. Do note that these exceptions have not explicitly been implemented in Swedish law and that Swedish law lacks a general definition of “virtual currency”. The preparatory work however mentions the definition of virtual currency and recital (10) of the 5AMLD, where the exceptions are outlined, as to how to define virtual currency in regard to the implementation and application of the 5AMLD in Swedish law.

With that said, if an exception applies, the means of payment may still be a virtual currency, but your business is not subject to the anti-money laundering regulations. These exceptions are:

• any in-game currencies, that can be used exclusively within a specific game environment. Take for example Riot Points - or RP – which are one of the main currencies in League of Legends, as well as,

• local currencies, also known as complementary currencies, that are used in very limited networks and among a small number of users.

Do note that “electronic money”, despite the misleading term, is a completely different type of legal creature from virtual currency. Electronic money is not a currency at all, but an electronically stored monetary value represented by a claim on the issuer, which is issued on receipt of funds for the purpose of making payment transactions, and which is accepted by a natural or legal person other than the electronic money issuer. To simplify, think of virtual currency as a commodity that can be purchased in physical currency or electronic money.

Third step: who may be deemed as a virtual currency provider?

A virtual currency provider is a natural or legal person, which as a business provides ser-vices that can be deemed as “virtual currency provision”. Virtual currency provision, ac-cording to the 5AMLD and the revised 1 § 2 of the Swedish Act on Currency Exchange and Other Financial Operations (1996:1006) as well as the Swedish Government bill 2018/19:150, includes:

• issuing of a virtual currency,


17 18

• virtual currency exchange services, which are either (a) the exchange of a virtual currency into a legal tender or another virtual currency or (b) the exchange of a virtual currency into another commodity or the exchange of another commodity into a virtual currency,

• operation of a marketplace where a provider’s customers may engage in the activities referred to in (a) and (b) above, and/or

• providing “wallets” for virtual currencies by holding the account of some other party or by providing storage or the transfer of virtual currency.

As a final note, it also pays to have in mind that the 5AMLD specifically states that the objective of the 5AMLD is to cover all of the potential uses of virtual currencies. Some-thing that has also been pointed out in the Swedish prepatory work. Meaning that the listed examples above shall not be seen as an exhaustive list of what may be deemed as virtual currency provision.

Conclusion: what obligations are you as a virtual currency provider required to fulfil according to the 5AMLD and its implementation in Swedish law?

As a virtual currency provider you will have to register at the Swedish Financial Supervisory Authority (the “SFSA”), sw: Finansinspektionen and comply with the anti-money laundering regulations. Meaning everything from undertaking customer due diligence, duly reporting to the SFSA as well as conducting risk-based assessments, internal instructions and training of personnel. Would you like to discuss with experts in the field what this means for your business, do not hesitate to contact our FinTech team.

Fredrik RoosPARTNER | GOTHENBURG

Emily PossfeltASSOCIATE | GOTHENBURG

Five steps to facilitate service contract negotiations with the banks (and other large financial actors) – how to prepare for an optimal processAs a fintech service provider, negotiating a service or co-operation contract with banks can be an equally rewarding as challenging process. In Setterwalls’ previous Fintech forums, we have discussed the pros and cons of the negotiation process with representatives from the major Scandinavian banks. In this article, we share some of the steps you can take to facilitate your negotiation process for the benefit of all parties involved.

Align interests and create common goals

A part which is equally fundamental as it is essential should be to set up a commercial and operative structure which involves shared strategic goals and interests (in contrast to a more traditional and standard service-for-payment offering). Without genuinely shared goals and interests, the potential for any deal to survive the negotiating process is in our experience low and it also significantly increases the risk that problems down the road may become unresolvable with much less room for a common middle ground.Interest alignment can be done in many different ways and may be more or less easy to achieve, depending on the type of deal and fintech solution at hand. Examples of some common alignment methods are bundling the service offering with a combined offer of shares, revenue or result sharing of the outcome of the co-operation, or shared end-customer values or synergy effects or in other ways. No matter how this is done, it is important that the parties can create and envision a strategic partnership through co-operation, which hopefully can last and grow over time.


19 20

Besides the obvious benefits of getting the optimal value out of the deal, creating common goals and interests may also be essential for facilitating the negotiation process both with your negotiating partner and within the bank’s organisation (which never shall be underestimated). Achieving and building these common goals may in short help to create and support a constructive dialogue on all levels.

Ensure sufficient stakeholder support and management on both sides

One particularly potential challenging issue in negotiating with large and heavily regulated organisations such as banks is to get the deal through all necessary levels and stakeholders of the organisation in an efficient way. It can be particularly damaging for a deal process if you don’t get the right people involved and engaged early on as you would need to revisit important issues at a later stage. Thus, the inevitable question that ought to be asked (to yourself) in a sales/negotiating process with a bank is – who really is your “sponsor” on the other side. Identify such a person and stay close to him/her(or at least always keep that person in the loop).

It is therefore essential that you meet and mirror the bank’s internal deal process in relevant sectors, for example when it comes to commercial, technical and legal/compliance aspects, in order to establish and maintain channels with the right parts of the bank’s organisation. If you structure your negotiating team appropriately information flow and deal progress can be facilitated and you may be notified on any potential bottleneck issues early on.

With the right stakeholder support, your negotiating partner on the bank side can act as an ambassador for the deal and navigate the process through the relevant forums, in an efficient and constructive way.

Prepare good and structured answers to expected questions

In addition to having good communication channels and providing support to relevant stakeholders, it is also important to ensure that you have prepared answers (which are structured in an easy to understand and pedagogical way) to potential questions on the fundamental issues of the intended deal.

Since there will likely be many different stakeholders involved there will also be a need to clearly explain the fundamentals of the deal for these different persons. Often misunderstandings can occur when the mechanisms of the deal are not clearly set out, which is time consuming and may even risk stalling negotiations.

Therefore, you should ensure that your negotiating contact, who will have to explain and sometimes defend the proposed deal, has the information and support needed to lead the deal through the bank’s internal organisation (which often can be in competition with other projects or processes that occur simultaneously in the bank).

It can often be useful to have ready and prepared documents which explain the


21 22

fundamentals in an understandable way, to be circulated to relevant persons at an early stage. Areas in which such ready and prepared answers are particularly important are such where the involved persons may not be deep into the main contract negotiations, such as compliance, privacy, information security or some management committees.

If stakeholders instead are provided with a good picture of the essentials of the deal early on, this will likely speed things up and significantly increase the chance of a successful outcome.

Present credible resources in the important sectors

Credibility is a very important factor when dealing with banks, as reputational damage from working with the “wrong” companies can be particularly high for these organisations. It is therefore important to not only have the right technical and commercial solutions at place, but also to show that you have the right resources available when any unforeseen issues occur (which they will).

Make sure that you have reputable persons engaged, both internally and as external consultants, to credibly show that you can be a stable and sustainable partner for the intended co-operation. According to our experience, in the fintech field the areas where the right people can have the most impact are compliance and legal (including privacy), information security and the core commercial/operational part of the fintech service.

Do not underestimate the potential positive impact of having experienced and renowned persons, whether as personnel, on the board or as advisors, in order to get the deal through.

Joacim Johanneson PARTNER | STOCKHOLM

Niklas FollinASSOCIATE | STOCKHOLM

Ensure that you have the endurance and resources for a longer process than planned

Unfortunately, in banks and similar organisations there will always be a wide range of hurdles, considerations, stakeholders, competing interests, technical aspects (particularly legacy) and necessary/formal signoffs to overcome before the contract can be signed. In Setterwalls’ recent fintech forums, this was something that the panel from the big Scandinavian banks stressed – things can take longer than expected.

The reasons for the long processes are several, and they may to some extent be mitigated by taking the steps suggested in this article. However, there may still be a need for persistence, perseverance and endurance to get the deal through. Therefore, you should ensure that you have both financial strength, fall back positions and alternative plans to set in motion should the deal not be ready when initially desired. But when the deal succeeds you will most likely be rewarded for the hard work you have invested in the negotiations and there will be great opportunities ahead.


23 24

Oops, do we really need a SFSA license?Background

The fintech sector has been growing with great speed the last couple of years. Sweden and especially Stockholm is one of the strongest growing fintech markets today with successful companies such as Klarna, Izettle and Tink. The Swedish Financial Supervisory Authority (the “SFSA”) has recognised this development and established an Innovation Centre that provides information and dialogue for the fintech market. During 2019, the Bank for International Settlements (“BIS”) began to establish innovation hubs in various parts of the world with the task of promoting international cooperation and research on innovative financial technology. Considering that Sweden is in the forefront with regards to research and analysis of technical financial services, the Riksbank has proposed to be a candidate for the BIS to establish an innovation hub in Sweden.

In addition to the Governmental Authorities, there are many initiatives from the business side to get the actors in the fintech market to collaborate and share ideas as well as receive guidance, e.g. the Stockholm Fintech week and Setterwalls‘ own Fintech Forum.

It is apparent that the need for information and advice regarding the regulatory requirements for innovative fintech companies is substantial. Often the business ideas do not fit into the normal regulatory model and quite complex regulatory

considerations need to be made. As a consequence, it is paramount that the viability of the business idea is validated in due time. Having worked in the fintech sector for some time, we would like to share some initial advice that could be helpful if you have an innovative t fintech business idea, but hesitate because of the complex regulatory landscape.

You are not alone

We believe a key success factor for fintech companies is collaborating and sharing ideas with other people in the forefront of the fintech space, learning from their experience on dos and don’ts. Listening to seminars on fintech will give you a good understanding of market practice. However, this will only give you a general understanding of whether your idea is viable. At a certain point there will be a need for more specific legal advice such as a legal opinion regarding what type of legal creature your business is and if it requires a license or registration from the SFSA.

Ask for regulatory advice early on

In our experience many fintech companies struggle with strategic questions – do we have a viable business model, can we earn enough money, will we get financing? Often focus is on the business side targeting potential earnings and financing. Sometimes regulatory considerations tend to be dealt with in detail too late along the road. As a result, they may come as an unpleasant surprise, and in some cases even be a deal breaker that makes private equity companies withdraw their funding.

What happens if a company by mistake performs regulated business without a license?

The SFSA’s mandate to intervene against companies performing regulated business without a license or registration depends on what type of license or registration the company has obtained. If a company for instance performs payment services without license or registration, the SFSA shall order the company to cease business. The order may be combined with imposing a fine.

In addition to this, having performed regulated business without a license or registration may be very detrimental for a company that later applies for obtaining such a license.

How much does it cost?

The costs of applying for a license or registration with the SFSA varies mainly with what type of license or registration you are applying for. The more extensive and complex the license is, the more work is needed for preparing the application.


25 26

Furthermorethe fee to the SFSA is correspondingly higher. As an example, the SFSA’s fees for a Payment Service Provider license is SEK 138 000 whereas the fee for a registration is SEK 84 000 for legal persons.

How long does it take?

The SFSA’s handling time of an application depends on the type of license or registration you have applied for. For applications for a license or registration as a Payment Service Provider the handling time is three months. It should be observed that this period starts from the point in time when the SFSA deems the application to be complete. However, acquired by experience the SFSA normally asks for supplementary information and documentation after the initial application has been filed, so the mentioned period of time will normally be somewhat longer.

You should not underestimate the time needed to prepare the business plan and policies and procedures that shall be filed to the SFSA in connection with the application. A common mistake is a company´s belief that the policies and procedures are just simple templates. Instead, an important factor for the SFSA is assessing that the documents are adapted to your specific business and risks.

Setterwalls will be there to assist you

Getting the right advice can be crucial in order not to make mistakes, lose valuable time or money. Setterwalls is recognised as one of the leading law firms in Sweden with respect to fintech matters. We have long standing experience from license applications and regulatory investigations as well as from negotiating the necessary business agreements. So, don’t let uncertainty get in your way - you are always welcome to contact us with questions on your business idea.

Andreas Löfholm COUNSEL | STOCKHOLM

Fair treatment of customers in financial services in the new technology eraIntroduction

Algorithmic decision-making is widely used across a vast range of businesses, both public and private. Many bank customers demand immediate answers, for instance when making a loan application via the bank’s online banking services. The decision of whether to grant the bank customer a loan or not, will be based on that individual customer’s financial data. In order for banks to meet this demand from customers, banks will need to assess risks and make decisions with the help of new technology. Such technology will likely be based on algorithmic decision-making incorporated as some form of Artificial Intelligence (AI) technology. The customer’s financial data will be inserted to the system and, by using above mentioned algorithms, the banks will be able to provide the requested answer immediately.

When is algorithmic decision making and AI technology used in financial services?

The basic process of AI technology is to give training data to a learning algorithm. Algorithms are, in short, a sequence of instructions used to solve a problem, i.e. algorithms organise large amounts of data based on certain instructions and rules. The technology will then, according to certain algorithms, be able to create a result or an output based on the data it has been provided with.


27 28

Using algorithms via AI technology enables financial service providers to make real-time rapid decisions, such as granting loans, without human involvement.1 Customers use their online bank services to request a loan. The customer is asked to insert relevant (financial) data and the bank’s algorithm tells the customer whether the bank will grant you the loan or not and gives the suggested interest rate.2

Legal risks from a data protection law and anti-discrimination perspective

AI technology is being used in an increasing number of sectors, both private and public. Banking and finance, is just one example of the fields where profiling is being carried out to facilitate decision-making.3 While the use of AI has the potential to lead to efficient, rapid and accurate decisions, there are legal risks that may arise under national as well as EU laws. For instance, although algorithmic decision-making can seem neutral and fair, it can also lead to unwanted discrimination.4

There is no AI specific legislation in most national legal systems, but there has been a number of ethical AI guidelines published, such as the European Commission’s High Level Expert Group on AI’s Ethics Guidelines for Trustworthy AI. This article will however only provide a brief overview of the legal aspects from a data protection law and a non-discrimination law perspective and will not touch upon AI from an ethical perspective.5

According to EU data protection law, corporations should use personal data in an open and transparent way. The General Data Protection Regulation (GDPR) contains specific rules for certain types of automated individual decision-making, with the goal of protecting people against unfair or illegal discrimination. The GDPR prohibits certain fully automated decisions. An example could be a decision by a bank to deny a loan to a customer. There are however exceptions to the prohibition of certain automated decisions. The prohibition does not apply if the individual has consented to the automated decision; or if the decision is necessary for the performance of a contract, or is authorised by law. Time will tell what the effects will be of the GDPR,6 but it is certain that banks will need to adapt in order to meet the requirements under GDPR.

Non-discrimination law is another alternative legal instrument to help protect customers against algorithmic discrimination. Using AI technology can, as mentioned above, perpetuate existing stereotypes, by grouping individuals into different categories and thereby restrict them to their suggested preferences. In some cases, AI technology can lead to inaccurate predictions. Under EU law, unfair discrimination is prohibited, for instance through the European Convention on Human Rights. Still, non-discrimination law has several weaknesses when applied to algorithms. The main issue is that it is a burdensome and, in most cases, expensive process for an individual to take a discrimination case to court and it may be very difficult to provide sufficient proof in court.7


29 30

Conclusion

To conclude, financial services providers that use AI technology in their decision making should not forget that certain legal risks remain with the new technology. Specifically, such companies should consider how to comply with the requirements set out in legislation. Decisions generated as a result of AI technology may be unfair, for example by denying people access to loans, insurances or other financial products. Personal data law and non-discrimination law prohibit many discriminatory effects of algorithmic decision-making but the current legislation has weaknesses. Banks, and other companies using AI technology, should therefore be attentive and give thorough thought to the advantages and justifications for using a particular data set or algorithm.

In the quest for finding a fair and balanced approach to automated decision-making, the legislator should keep in mind that even before AI technology was introduced as a part of decision-making in financial services, there was a risk for human bias. In order to meet regulatory requirements to treat customers fairly, banks must think carefully about the use of data and AI technology where decisions are based only on algorithms. Financial service providers must ensure that the risk of biases embedded in data sets are mitigated in order to avoid unfair decisions generated by AI and focus on the quality of algorithms or data sets to ensure that they use diverse information which provides a fair and balanced view of the customer.

Karolina JönssonASSOCIATE | STOCKHOLM

It is important to keep in mind that decisions by algorithms may lead to unwanted discriminatory effects, but AI technology, and the use of algorithms in decision-making, is not necessarily discriminatory. Algorithms are still likely to be more efficient and accurate than human decision-makers. So the question still remains, will AI technology reduce or increase the risk for human bias?

1 Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, published by the article 29 data protection working party.

2 Example from the European Commission; https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/can-i-be-subject-automated-individual-decision-making-including-profiling_en

3 Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, published by the article 29 data protection working party.

4 Please see “strengthening legal protection against discrimination by algorithms and artificial intelligence” in the International Journal of Human Rights

5 Please see for instance (i) the report “Discrimination, artificial intelligence, and algorithmic decision-making” published by the Council of Europe in 2018; and (ii) “strengthening legal protection against discrimination by algorithms and artificial intelligence” in the International Journal of Human Rights for more information.

6 Please see for more information “Strengthening legal protection against discrimination by algorithms and artificial intelligence” in the International Journal of Human Rights.

7 Please see for more information “Strengthening legal protection against discrimination by algorithms and artificial intelligence” in the International Journal of Human Rights.

https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/can-i-be-su




31 32

Setterwalls yearly held FinTech Forum is the meeting place for exchange of experience between us who are working within this field.

Depending on the situation at the time, the Fintech forum may take place both physically or electronically or both – in either case, put it in your calendar!

Save the date

Setterwalls FinTech Forum19 November 2020

Setterwalls FinTech Forum | 19 November 2020 | Sturegatan 10, Stockholm

SETTERWALLS - FINTECH REPORT 2020

STOCKHOLM

Sturegatan 10Box 1050

101 39 Stockholm

[email protected]

GOTHENBURG

Sankt Eriksgatan 5Box 112 36

404 25 Gothenburg

[email protected]

MALMOE

Stortorget 23Box 4501

203 20 Malmoe

[email protected]

setterwalls.se

mailto:stockholm%40setterwalls.se%20?subject=

mailto:gothenburg%40setterwalls.se%20?subject=

mailto:malmoe%40setterwalls.se?subject=

http://setterwalls.se

FINTECH REPORT 2020 - setterwalls.se · Setterwalls FinTech Forum on 19 November 2020, Sturegatan...

Documents

Transcript of FINTECH REPORT 2020 - setterwalls.se · Setterwalls FinTech Forum on 19 November 2020, Sturegatan...