Fintech and regulation – challenge or opportunity for the sector?


Paradoxically, while new regulations obviously pose several challenges, experience shows that the absence thereof can offer the opposite as well – new regulations have sometimes been proven to create business opportunities for the sector.

So the question remains – has regulation overall created challenges or opportunities for the fintech sector? And will it do so in the future?

The wave of 2017–2018

One of the biggest challenges encountered by the fintech sector in 2017 and 2018 was to keep track of, and implement, the enormous number of regulatory changes affecting them over a short period. Several pieces of EU legislation were due for transposition, or became applicable, during those two years, and all had a significant practical impact on the sector:

  • PSD2 (Directive of 5 November 2015 on payment services) and AMLD4 (Directive of 20 May 2015 on anti-money laundering and counterterrorism financing) seem to have been the most significant. Both had to be transposed into the national laws of the EEA member states within six months (by 26 June 2017 for AMLD4 and by 13 January 2018 for PSD2).
  • As with all other entities, fintechs also had to prepare for the entry into force of the GDPR (Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data) – which no one active in the legal sector could reasonably have ignored and which became applicable on 25 May 2018.
  • Finally, the sector had to implement several other specific pieces of legislation, such as MiFID II (Directive of 15 May 2014 on markets in financial instruments), PRIIPs (Regulation on key information documents for packaged retail and insurance-based investment products) and IDD (Directive of 20 January 2016 on insurance distribution). Each of these pieces of EU legislation represents huge implementation efforts for the entities subject thereto, but they seem to have received less attention from the fintech sector – probably because most developments in 2017 and 2018 in fintech occurred in the payment area, and those regulations were of less interest for them.

Overall, this legislation affected the sector on a variety of levels. It generally imposed changes on entities’ organisations, a revision of their business models, assessment of their products and services, important documentation work (drafting of processes and procedures), modifications to their IT systems and operations, and updates to customer contracts.

But the challenges did not stop there. When implementing the new rules, fintechs were expected not only to make a major effort and bear significant costs, but also to deal with interaction issues arising within the rules. One of the most acute issues, which remains unresolved in some aspects, is the interaction between PSD2 and GDPR: both use the same wording for different concepts and rules governing common situations, but with prescriptions that appear to be different – and even sometimes contradictory. They also impose notification obligations that apply to potentially overlapping situations, but to different entities and with different timings.

Additionally, several member states were late in their transposition of the EU directives. Statistics published by the European Commission are in that respect revealing: for instance, the European Commission opened infringement procedures for non-communication of transposition measures against 20 member states for AMLD4, while for PSD2 it did so against 16 member states – in some cases, more than one of the above-mentioned directives remains to be enacted. This situation put fintechs in a difficult situation, especially those offering cross-border services: they have to apply different rules for the same activities, depending on the member state concerned – and still sometimes they do not know when and how the new rules will apply in the member states that have yet to implement these directives into domestic legislation.

Finally, an important issue when addressing the regulatory changes of the past two years has proven to be the differences in their actual implementation throughout the member states. Despite the adoption of EU legislative instruments, experience shows that, in practice, harmonised rules are not applied consistently in all member states. This is especially the case for minimum harmonisation directives (such as AMLD4), where member states are allowed to adopt stricter rules (gold-plating provisions). A striking example is the application of AMLD4 to new payment services introduced by PSD2, payment initiation and account information. As AMLD4 only referred to payment services defined under the previous payment services directive (PSD1), the question had been raised as to whether AMLD4 is applicable to new payment services under PSD2. Depending on the country, the question was given a different answer: in Belgium AMLD4 applies to new payment service providers while under the French AML legislation, only payment initiation service providers are subject to anti-money laundering rules. This is also true for maximum harmonisation directives and regulations, due to different interpretations and regulatory practices among national regulators (see, for instance, the different interpretations of the concepts of agents or distributors under PSD2 and the e-money directive). This issue is well known by the European legislator, which has implemented several mitigating measures: adoption of regulations instead of directives; the favouring of closer cooperation between local regulators; mandates given to EU authorities to issue guidelines and technical standards commonly applicable in all member states; and so on. However, insufficiently harmonised practices remain an important obstacle for cross-border activities, as they impose on firms offering cross-border services legal costs and go-to-market delays relating to the screening of local rules and adaptation to the legal specifics of each local market.

What’s next?

The wave of regulatory changes seems to have decreased – although it has not yet died off. This does not mean, however, that the sector is no longer impacted by regulatory changes.

Fintechs are still dealing with the consequences of the various regulations of the past two years (ongoing licence application processes, discussions with regulatory authorities, modifications of their products, updating documentation and processes, and so on). Significant questions also remain open with regard to their implementation, and guidance from the regulators is still expected on various topics.

Further regulatory changes are also expected, which will continue to impact the fintech landscape: AMLD5 (adopted in May 2018 and to be transposed by January 2020) will for instance strengthen the rules applicable to prepaid cards and submit crypto-wallet providers and exchange platforms in crypto-assets to new obligations with regard to anti-money laundering. If adopted, the European regulation on European crowdfunding service providers will create a new regulatory framework for crowdfunding platforms, etc.

On the other hand, the absence of regulatory change can also be an issue. Innovation constantly brings new questions to which the existing regulations do not offer appropriate answers – or which sometimes slow down their development.

One key current example is the problem of client remote identification. While technical solutions have emerged and proven as reliable as face-to-face identification, the regulations have not yet adapted to them, thereby creating significant obstacles for the development of online financial services.

Regulators across the European Union are still struggling with other topics, such as blockchain and initial coin offerings, leading to important uncertainties (both for the fintechs and their potential clients) and to inconsistencies within the EU. Similar challenges arise with chatbots and robo-advising.

Of course, regulations will eventually be changed to reflect the latest developments in the field, but in the meantime there is a significant gap between market innovation and its treatment in legal texts.    

So… challenge or opportunity?

Overall, the trends in financial regulation seem to be moving towards more regulation and with ever greater detail. Without judging the appropriateness of such an approach, the fact is that in practice it represents a burden for the industry. Understanding the changes, assessing their impact on the business, implementing rules at all levels of the organisation, and reporting on their implementation to the regulators are costly and time-consuming tasks.

EU regulations have to find the right balance between consumer and market protection and fostering competition and innovation. In some cases, regulations create (or at least aim to create) opportunities, as was the case with PSD2: by forcing banks to share their customers’ data with new payment service providers (so-called open banking), PSD2 was clearly intended to encourage innovation and competition within the industry. After almost a year since its transposition, some could argue that the objective has not been fully achieved due to, among other factors, its limited scope (payment accounts only). Nevertheless, it cannot be denied that to some extent PSD2 opened up the market to innovative payment solutions and business models.

In addition, as burdensome as the new regulations may be, for some markets, such as cryptocurrencies, there is a significant number of players who are actually calling for regulation. The lack of transparency and accountability of cryptocurrencies has ultimately driven investors away from the market, and hindered the development of crypto-based projects. Since the crypto-hype dissipated, the market has suffered a major blow as investment and prices have dramatically decreased. The sense now is that regulation would rid the market of the numerous scams and other fraud schemes. Some also hope that a regulatory framework for crypto-markets will help to stabilise prices and counter the high volatility of the cryptocurrencies.

In any case, human nature is as it is, and business seems to always develop wherever it can. The fintech sector is certainly not an exception to this rule, and has recently seen new concepts such as regtech and suptech emerge, describing businesses whose services or products are designed to help regulated entities comply with their obligations under the new regulations – and regulators to supervise them. So, when it is time to assess whether regulation is a challenge or an opportunity for the fintech sector, we would personally conclude that it is a little bit of both – not just because regulation is designed to transform challenges into opportunities, but because human economy will always strive to do so.

Back to top

Follow us on LinkedIn

News & Features

Community News



Pro Bono

Corporate Counsel

Women in Law

Future Leaders

Research Reports

Practice Areas


The Who's Who Legal 100


Special Reports



About Us

Research Schedule

It is not possible to buy entry into any Who's Who Legal publication

Nominees have been selected based upon comprehensive, independent survey work with both general counsel and private practice lawyers worldwide. Only specialists who have met independent international research criteria are listed.

Copyright © 2019 Law Business Research Ltd. All rights reserved. |

87 Lancaster Road, London, W11 1QQ, UK | Tel: +44 20 7908 1180 / Fax: +44 207 229 6910 |

Law Business Research Ltd

87 Lancaster Road, London
W11 1QQ, UK