Fintech’s innovation and protection balancing act

Regulators are seeking to remove barriers to fintech innovation while also protecting consumers, write Benjamin Lyon and John Young, international counsels at Debevoise & Plimpton.

Benjamin Lyon
Benjamin Lyon

Although there is no single regulatory framework for technology that improves and automates the delivery of financial services, there are some particular areas of focus for regulators. Here, we explore the current regulatory issues facing the fintech sector in the UK and the EU.

The UK’s Financial Conduct Authority, in common with its EU peers, is keen to harness the benefits of innovation and remove regulatory barriers, and at the same time understand the potential harm to consumers. While the FCA’s approach is that its rules are “technology neutral”, it is undertaking work in determining where certain types of fintech fall in the regulatory perimeter, with severe consequences for firms without authorisation that market or perform activities in relation to assets that fall within the regulatory perimeter.

John Young
John Young

In particular, in the cryptoassets field, the FCA has worked on guidance on different types of cryptoassets, distinguishing between security tokens, which are broadly treated as securities, and exchange tokens – cryptoassets that allow the exchange of payments outside the traditional banking network.

The application of the FCA’s regulatory perimeter does not determine whether a type of cryptoasset falls within the rules governing financial crime, in particular rules to combat money laundering.

Risk awareness

The fact that cryptoassets are held in an anonymous and decentralised form, making it difficult to track the transactions made, prompted regulators to bring providers of cryptoasset exchange services into the scope of the Fifth Anti-Money Laundering Directive, in force since the beginning of this year. There is also the overriding concern that cryptoassets are highly speculative and volatile investments, prone to hacking and misleading sales practices.

The FCA has also done work in the field of automated financial advice (roboadvice) – algorithms that ascertain the types of investments most appropriate for a given investor – as well as similar technology for automated discretionary investment management.

Risks remain of clients “gaming” the system to receive unsuitable or inappropriately risky advice. Fintech firms need to be mindful of the UK Payment Protection Insurance misselling scandal, which is still being felt by the UK’s banks, and ensure they do not unwittingly open up their firms to similar exposure.

A number of fintech innovators rely on so-called big data as part of their product or service offering, especially in the data-driven bank, credit and insurance sub-sectors of fintech. While this information may be of critical importance to the fintech industry, the legal protections afforded personal data under the EU’s General Data Protection Regulation set a high bar for compliance and significant liability for breaches.

Compliance with the GDPR and other local equivalent legislation is a challenge for fintech firms, especially when considered in light of the threat of cybersecurity issues.