The first guest author in our brand new blog rubric 11 Series comes gently to crash the cliche that women shy away from fintech.

Guergana Stoichkova is a seasoned fintech expert, currently heading Bulgarian Fintech Association. Fintech dominates both her professional experience and side interests. She complied for us a ‘must read’ article that you need to check if you run a fintech company.

This article comes to you thanks to Visa Innovation Program, where Gery is also one of our dedicated mentors.  


Regulations to watch if you are a fintech

While many believe that fintech companies fall somehow outside the regulatory radar, it is in fact true that fintech businesses are strongly affected by regulations. Fintech companies, in their nature, deal with money and people. Therefore, in order to avoid any misconduct, an adequate regulatory frame is of upmost importance.

There are generally two types of regulations valid for European companies. Rules that are set by the EU and apply to all member states, as well as local legislations defined separately by each member state. As far as the first group is concerned, there can generally be differentiated between rules that are immediately effective in their entirety on all member states (“Regulations”) and such that give guidelines and general goals, but leave the particular actions for achieving these goals at the discretion of each member state (“Directives”).

Probably the two most widely discussed EU legislative acts that came into force in the past years are Payment Services Directive II (PSD II) and General Data Protection Regulation (GDPR). For Bulgarian companies specifically, apart from the general rules set out by the National Bank and the Commission for Financial Supervision, there are a number of regulations that define the business of fintech companies. This article will briefly touch on the Law on Measures Against Money Laundering and Regulation – 18.


PSD II was designed to address technological changes in the payments industry and expand the diversity of payment services providers. With the introduction of this directive a new term was born in Europe – Open Banking, which relates to the numerous applications that could be built on top of the existing financial institutions and enrich the value add for end-customers.

According to the new rules, banks have to set up communication channels that allow third-party service providers to access the data they need (For example via APIs). This also allows banks and third-party service providers to identify one another when accessing customer data, and to communicate through secure messaging. Banks may establish this communication channel either by adapting their customer online banking interface or by creating a new dedicated interface. Effective since 2018, PSD II has already begun to drastically change the banking sector as we know it and is the prerequisite for the emergence of various fintech applications around the banking industry.


GDPR became a hot topic, not only among fintechs but among EU businesses in general, as it imposes significant changes in companies’ privacy policies. One thing that visibly affected end customers are the numerous consents they need to provide with every new entry on a website. From companies’ point of view, they need to clearly demonstrate the integrity and validity of their customers’ consent to the sharing, marketing and commercial use of their personal information. Fintechs also have to tell customers the purposes for which they process and use their personal data and appoint a dedicated Data Protection Officer. Failure to comply with GDPR principles, including properly recording the customer journey and the registration process, will incur heavy penalties.

AML Directive (EU) 2015/849

It aims at combating money laundering and the financing of terrorism by preventing the financial market from being misused for these purposes.

Key points addressed relate to the identification and verification of customers, the related know-your-customer (KYC) practices and the recognition of ultimate beneficiary owner (UBO).

5 AMLD focuses specifically on ultimate beneficiary ownership for the purposes of risk mitigation and money laundering prevention. Among the measures that were introduced are:

    • UBO lists are to be made publicly accessible
    • Trusts must observe beneficial ownership regulations and will have that information made available to authorities or others demonstrating legitimate interest
    • UBO national registers must be inter-connected at an EU level
    • Member-states are to strengthen their UBO verification mechanisms
    • Member states must introduce separate UBO registers for bank accounts



Law On Measures Against Anti-Money Laundering

In Bulgaria, the anti-money laundering measures introduced in AMLD are covered in the Law on measures against anti-money laundering by the State agency of National Security. This legislative act introduces detailed requirements for KYC (necessary documentation and procedures to identify and verify customers) and regulates ultimate beneficiary ownership. In order to comply with the law, companies need to collect minimum two of the following documents when verifying their individual customers:

  • Official identification document with a security element
  • Official identification document with biometry
  • Qualified electronic signature
  • Other, as approved by the State Agency of National Security

Common practice in verifying Bulgarian citizens is to demand National ID card and a selfy with the National ID card that serve to prove identity, validity of document and address.

Regulation – 18

Issued by National Revenue Agency, this Regulation states that each merchant is obligated to register and report the sales they make by issuing a fiscal cash receipt from a fiscal device. The legislative act defines each step during the process of a commercial transaction and its subsequent accounting. Recent changes in the act suggest that merchants (both offline and online) will also need to integrate their CRM systems with the National Revenue Agency, so that the Agency has full transparency over sales.

EU FinTech Support Initiatives

The rapid development of the fintech sector predisposed the creation of different EU initiatives aimed at supporting fintech companies and regulators. Main goal is to provide tools for the adequate framing of the sector and its targeted regulation. Few of these initiatives are listed below:

  1. EBA FinTech Knowledge Hub
  2. EC Fintech action plan
  3. EU FinTech Lab
  4. European Commission group of experts “Regulatory obstacles to financial innovation” (ROFIEG)
  5. European Joint Platform for EU Sandboxes And Innovation Hubs



About the author:

Guergana Stoichkova is the Director of Bulgarian Fintech Association. She’s also part of Paynetics, where she’s been working on a strategy level for all companies from the group. She’s experienced in fintech, payments, blockchain, project management and investments. Guergana is also one of the co-founders and current Advisory Board member of 180 Degrees Consulting Sofia – a student-driven consultancy assisting socially-conscious organizations. She holds BSc in BA from LMU in Munich and MSc in Finance from Bocconi University in Milan.



Leave a Comment