Business trends and legal challenges facing start-up companies
Let’s face it—the infancy of the start-up era is over. The past years have been full of many hopes, bright ideas, expectations, competitions, and ups and downs. It has now been proven in practice that not every bright idea can be monetised and not every student’s dream can successfully enter the market, unless you are well prepared.
Start-up companies face new horizons and challenges, and this is particularly valid for companies in the tech field. Due to rapidly increasing digitalisation, tech start-ups are forced to develop more and more customer-centric ideas and to offer safe, innovative and well-presented ideas appealing to consumers.
Every new business trend created or adopted by fintech startups poses legal challenges. Corporate issues, compliance and consumer protection are the most critical regulatory topics that each start-up must carefully examine at a very early stage of its development.
1. Banking-as-a-Service (“BaaS“)
Tech-savvy consumers are hungry for offerings of virtual financial services. The providers of BaaS build a bridge between old-fashioned banking and cutting-edge modern financial services. Integrated digital banking services, which have recently been developed, are one example. Traditional banking institutions provide access to their systems and respectively to client accounts via an online interface, and while third-party providers (usually fintech companies) deliver tailored services and an improved experience directly to their customers. Providers of direct-debit services, for example, allow any business or individual to utilise financial service products such as direct-debit networks (e.g., GoCardless), outsourced payment solutions, subscription-based services management, crypto-processing (e.g., Bitpay), and mobile wallet providers.
The first reaction of the heavyweight banking institutions to the innovations was grumpy and jealous. However, even the biggest bank leviathans are now cooperating with fintech companies for BaaS services and even deliver their own platforms. In Europe, this decentralised financing was greatly facilitated by the implementation of the Open Banking regulations and especially the 2nd Payment Services Directive (“PSD II”), which provide for more secure payments and diversity of payment options together with better consumer protection.
2. Adoption of cloud and quantum computing
Cloud-based solutions have been denied by banking institutions for some years. Recently however traditional financial institutions have become more open and recognise that cloud computing solutions provide much more flexible, safe and even cheaper opportunities for collaboration with fintech start-ups. Although migration to the cloud has not been fully adopted by banks, more and more cloud solutions are finding their place in the collaboration between banks and fintechs.
Cloud computing poses many regulatory questions such as cybersecurity and data protection issues, especially in light of the recently issued Schrems II judgement repealing the Privacy Shield, thus removing one of the mechanisms to transfer data outside the EU.
Quantum computing, although still maturing and existing mainly in the realm of science fiction, has recently been explored by banks and financial institutions such as hedge funds. While research is still in the early stages, some voices say quantum computing will be the only computing option left in 20 years from the viewpoint of energy efficiency.
3. AI solutions
As customer authentication becomes an increasingly central topic, fintech start-ups strive to improve their approach toward the development of biometric (e.g., fingerprint/eyes) and voice identification. Still, any difficulties remain that hinder the full adoption of artificial intelligence solutions, as most current solutions are not user-friendly for consumers.
Financial and insurance services are two exciting and innovative fields for AI development, as AI offers incredible solutions for customer risk assessment and especially credit risk. The various software options allow for the preparation of tailored offers to clients in accordance to their specific needs.
4. Stablecoins – the cryptocurrency loved by alls
It would not be overstated to say that in the past few years there is no one in the fintech industry who has not been seduced by crypto. However, due to the volatility of cryptocurrencies, most market players lost interest. Despite its well-known advantages, such as transparency and security ensured by blockchain, crypto could not overcome its toddler phase. That is why, a new hope has appeared — stablecoins which are a hybrid between fiat currencies and pure crypto. Since the rise of Tether, stablecoins have developed as a new type of cryptocurrency, pegged to a stable fiat currency such as USD or backed by other assets, like gold.
Stablecoins are used in the supply chain as a service (ScaaS) model, as demonstrated by the recent offer of Bank Frick together with the Dutch technology provider Quantoz. The service enables clients to issue their own stablecoin and to integrate it into the existing token-based payment system.
Obviously fintech start-ups face many legal challenges, mainly regulatory. The most critical are:
1. Corporate issues and the absence of a shareholders’ agreement among the founders
Even in the very early stage, a shareholders‘ agreement is necessary to be in place among the partners (founders). It provides protection for the minority shareholders and outlines the manner of taking important decisions. As a private agreement that is not available to the public (as are articles of association), it may address matters such as achieving certain goals, settling additional voting quorums, etc. Further, it addresses buyback rights, the manner of exercising tag-along and drag-along rights, and non-competition obligations of the founders. A shareholders’ agreement also usually contains anti-dilution provisions that protect investors by allowing them to keep the proportional rate of their investment.
2. Compliance, compliance, compliance
The three main (but not only) pillars of compliance are: (i) proper licensing if necessary (often required for fintech companies); (ii) data protection compliance; and (iii) anti-money laundering (“AML”) and know-your-client (“KYC”) issues. Naturally, there are many other compliance issues (e.g., cybersecurity), but this triad forms the core of the compliance mechanism that every fintech start-up must implement.
Proper licensing became a hot topic after Brexit followed by the suspension of the passporting rights of fintech companies registered in the UK and providing financial services in the EU. It is now more important than ever that the activity of fintech start-ups are PSD II compliant.
As for GDPR/AML compliance, the situation has been further complicated by the outcome of the Schrems II judgement, as outlined above, and the relatively tough compliance requirements of the 5th AMLD. E-money issuers and payment providers, as well as wallet providers delivering custodian services, must make sure that they have implemented proper KYC mechanisms and AML systems.
3. New Deal for Consumers and protection of consumer rights
The level of consumer protection in the EU has recently been increased by the European Commission’s Enforcement and Modernisation Directive 2019/2161 (“Omnibus Directive“). The Directive focuses on various consumer issues including transparency in online marketplaces and the protection of consumers of digital services. It introduces penalties in case of infringements amounting to a certain percentage of the trader’s turnover. It remains to be seen how this directive will be implemented across Member States which should happen by November 2021.
In order to be prepared for the numerous legal challenges on the road, fintech start-ups are advised to consult a diligent legal counsel, preferably with experience in the start-up field.
About the author:
Maya Medzhedelieva is a Senior Associate in the Sofia TMT and corporate practices of Kinstellar. She assists clients with corporate transactions, M&A deals and regulatory matters. Maya advises on AML / CTF issues, including on compliance policies and audits of corporate internal compliance processes. A certified data protection officer, Maya assists with data processing agreements, data privacy, data transfer outside the EU and any other matters arising from the GDPR. Her experience also includes cyber security and antibribery regulations. Maya has a particular focus on technology and payments, including regulation of blockchain and crypto companies.