Skip to content

Legal and regulatory issues

The challenge faced by all those in the fintech market is how to capture innovation while preserving the stability of the banking network.

Facebook’s mantra, “Move fast and break things”, is a great one for many emerging companies – but perhaps more problematic for companies operating in highly regulated areas such as financial services. Within the Allen & Overy team we have the unique combination of resources to help market participants successfully navigate this path.

Fintech logo

Regulatory requirements

Regulatory requirements

Regulatory requirements Regulatory compliance is fundamentally important to fintech companies, and can be a key competitive advantage, but navigating the relevant regulatory regimes is a significant headache for many.

Most fintech companies will have undertaken a detailed analysis of their business model against applicable financial regulation to fully understand what can be achieved without becoming a regulated entity, or, conversely, to help them seek appropriate licenses or approvals. Some may have engaged in regulatory sandboxes to test their products, services or solutions in a circumscribed environment. However attempts to map regulation can be complicated by the fact that it can be very hard to assess whether innovative new products fall within the regulatory regimes, and if they do, how the various requirements might apply. This problem is compounded for fintechs that are scaling internationally, where regulatory approaches in multiple jurisdictions can create additional hurdles (albeit Fintech Bridges are one example of attempts to mitigate such problems).

Regulatory uncertainty makes business planning very difficult, and indeed the financial and compliance cost of regulation has been sufficient to see some new companies exit the market.

A clear-sighted assessment of regulatory risk is fundamental to fintech success.

Dealing with data

Dealing with data

Data is central to the business models of many fintechs, whether they are focusing on retail or investment banking. Companies that are able to derive business insights from financial services data can spot and maximise new opportunities and reduce risk. Meanwhile the trend to open finance is increasing the range of companies which collaborate to deliver financial services. Unlocking this value is however dependent on far more than clever algorithms and exponential processing power. It is also essential that companies in this space build and maintain the trust of consumers and other stakeholders and comply with increasing waves of regulation and regulatory activity.

For example, we have recently seen a clear demonstration of the power of the Cyberspace Administration of China and its interest in regulating cross border data transfers. While in Europe the activities of Austrian privacy activist Maximilian Schrems have, in the last few years, set off a chain of revisions to European approaches to cross border data transfers. This includes the publication of a new set of standard contractual clauses (and associated operational and technical measures) to bring more rigour to existing provisions.

Looking forward, Europe is also taking ground-breaking steps to regulate artificial intelligence. Fintechs and others in the financial services sector are firmly within the sights of the Commission’s draft AI Act where, for example, AI systems used to evaluate creditworthiness or establish credit scores look set to be pulled into a new strict regime.

Operational resilience

Operational resilience

Covid-19 brought home to many organisations the need to be prepared for disruption. Fintechs operate in evolving risk, compliance, IT and cyber security, and operations environments, and building operational resilience is essential for them, not only to meet regulatory demands but also to drive innovation and return on investment, and secure competitive advantage.

Since the pandemic struck, the UK’s Financial Conduct Authority and the Bank of England have both launched operational resilience regimes, while in Europe, 2020 saw legislative proposals on digital operational resilience (known as “DORA”) and in the U.S., a group of three regulatory agencies (the Federal Reserve, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency) published a joint paper outlining sound practices to strengthen operational resilience.

Responding to industry best practice and regulatory demands, we recommend that fintechs develop a sound, comprehensive and well-documented information and communications technology (ICT) risk management framework that includes a strategy for addressing ICT third-party risk.

Protecting innovation

Protecting innovation

The development of innovative software and technology by fintech companies has been critical to the rapid expansion in this sector. Legal protection for such innovation is integral to success in the fintech sector, but the availability of protection varies from jurisdiction to jurisdiction. While business methods were previously thought to be patentable in the U.S. this has become increasingly difficult through recent case law. In Europe, meanwhile, they are per se unpatentable unless they can be shown to solve a ‘technical problem’. Given these difficulties, fintech companies must consider carefully the availability of other IP rights, such as copyright and trade secrets, as well as protecting themselves through contractual arrangements with their customers, employees, suppliers and/or other third parties.

A strategic challenge in areas such as blockchain is how to balance the protection of ideas and technology with the desire to encourage industry-wide adoption. Where there may be so-called “network effects” from new technology, the timing for seeking to register and/ or enforce intellectual property rights is critical. Done too soon and the risk is that innovation is stifled. Left too late and it is possible to be locked out of the market by peers and competitors.

Successful fintech companies are a particular target for raids on the business, for IP and for talent. Taking steps to protect your business with internal policies and procedures is key. However, it is also important to plan ahead for post-raid scenarios, including the possibility of enforcement and litigation.

The importance of intellectual property to fintech companies may also make them a target for patent trolls, which may cause business disruption unless the fintech enters into licensing discussions or is prepared to fight a claim in the courts.

Growth and the workforce

Growth and the workforce

People are often one of a fintech company’s most valuable assets. They have ideas that innovate; they have the skills to develop those ideas; they have the relationships that help bring in funding.

When a fintech company is in its infancy, it is not unusual for roles to lack definition, for everyone to pitch in, and for everyone to therefore have virtually unfettered access to the inner workings of the business. With growth, however, comes a need for better structure; for employees to have specific responsibilities; and for employees to have access to only that information that they need to know in order to do their role. That is not only as a prudent business practice to protect investment and innovation, but to ensure fintech companies continue to comply with their obligations in relation to data.

The relationship of trust between individuals within fintech companies is also of utmost importance, given that employees have the potential to cause significant damage should they seek to take advantage of their access to fintech’s intellectual property and valuable technologies in order to join or set up a competitor. Yet, with growth, can come a dilution of culture. The establishment of clear people and labour policies and acting on people issues appropriately when they do happen is key to protecting the ethos of fintech companies and ensuring the workforce comprises those who will add real value to the business and act in the best interests of the company.

Collaborating, investing and acquiring to bring innovation into the business

Collaborating, investing and acquiring to bring innovation into the business

Many established financial institutions recognise the benefit that financial innovators are bringing to the market. Frequently financial institutions look to partner with emerging technology players to speed up the innovation cycle.

A fundamental question is what form that collaboration might take. M&A in the fintech market is common, as companies buy in technology and skills or combine with peers to build scale, but commercial collaborations are also a popular route to achieving these goals. Equally, corporate venturing may offer a way to connect with early-stage companies to assess potential technologies, exert a degree of influence on the future direction of the emerging company and be in a good position to acquire or license technology if it looks to be shaping up well.

For the emerging company, such relationships come with a number of risks but also the potential for significant rewards derived from the partner’s experience, market influence, credibility and resources. To make a success out of any of these transactions, both parties need to determine how to accommodate the objectives and needs of what may typically be two very different organisations. This relationship dynamic impacts deal negotiation, the due diligence process (including the all-important regulatory due diligence), and how the commercial aspects of the deal are structured.

​Sources of funding

​Sources of funding

In Q1 2020, in the height of the pandemic, and in spite of accelerated demand for financial technology applications, fintech funding was looking a little precarious. Roll forward to 2021, and fintech investment is once again breaking records on both sides of the Atlantic. The headlines hide some interesting funding trends. Firstly, the number of “mega-rounds”, which serves to drive the creation of mature fintechs with significant valuations.

Also, the fact that exit activity is hitting new highs. According to CBInsights, there were 11 IPOs and 67 M&A deals (including announced, but not yet completed deals) for VC-backed Fintech companies in Q1 2021. Many of these were completed via SPAC transactions, including Bakkt, SoFi, MoneyLion, and eToro. The diversification the fintech funding landscape is a sign of market maturity, but it also creates a need for careful planning by fintechs of their funding strategy. What type of investor is needed to maximise the chance of success? What do investors bring to the table? One key criteria is aligning the investor’s timetable for exit with the company’s growth plans. Another consideration will be planning for a liquidity event in the future. Funding options should be assessed to ensure they do not, for example, restrict access to the public markets at a later date.

Download the brochure

Our fintech practice

Market participants may be providers of technological solutions which bring innovation to traditional financial services companies or they may be companies delivering innovative financial services offerings which disrupt the existing financial services market.
What unites fintech players is the pursuit of new ideas and business models to bring digital transformation to all aspects of the heavily regulated financial services industry.

The technical excellence is a given with a firm of this calibre, but what sets this team apart is its friendly manner, availability and willingness to be flexible. They understand the pace at which a small fintech business likes to work and the pressures this puts on internal counsel to deliver to tight timelines and will always endeavour to support that. They are also willing to take a pragmatic view to get a deal done, rather than labour points.

Legal 500 UK 2021 (Fintech)

Related downloads

Related content