Fintech: Navigating the legal and regulatory issues

A red line being drawn through a maze.

At the intersection of the financial services and technology sectors is an industry that has garnered much attention of late. With the rise of the ubiquitous smartphone and our “always online” culture, consumer behaviour has evolved to require financial services to be delivered through new technologies offering a seamless user experience at a cheaper cost than their traditional equivalents. Enter the term “fintech,” which is used to describe businesses that apply disruptive technology to conventional financial services such as lending, money transfers and mobile payments.

Much commentary has suggested that Canada has the potential to become a leading global fintech hub. Indeed, the federal government, through its Innovation and Skills Plan, has committed to supporting Canada’s fintech entrepreneurs.

The stability of the Canadian financial system, which has been heralded as the reason Canada escaped the 2008 financial crisis relatively unscathed, is due largely to its conservative regulatory regime. But navigating this regime can be a challenge for companies operating in the fintech space.

There is no central Canadian regulatory authority that applies to fintechs, and the nature of the fintech’s business will dictate which laws apply. Consequently, a fintech business may be subject to multiple regulatory authorities at various levels of government. In some instances, there may be inconsistent or overlapping jurisdiction. Further complexity arises when the product or service is offered across international borders, resulting in the application of additional regulatory regimes within the various countries where operations or customers are located.

Some key areas of regulation that affect fintech businesses include data security, consumer protection, anti-money laundering and securities regulation.

Any business that collects personal information from customers is subject to privacy legislation in Canada. Protecting personal information in the digital world is a key issue, and a number of recent high-profile security breaches highlight the importance of adopting robust data security measures. The growing use of cloud computing and cloud storage options may add a further layer of complexity. A business that contracts with service providers that have access to customer personal information will want to protect itself through its contractual arrangements.

Businesses that provide services to retail consumers should be aware of laws aimed at protecting those consumers. The cost of consumer credit disclosure and credit reporting requirements, for example, are relevant to any fintech whose business involves lending money or providing an online lending platform to consumers. In addition, anti-spam legislation requires businesses to comply with certain requirements in communicating electronically with consumers and restricts the types of communications that can be sent without the consent of the recipients.

Businesses that qualify as reporting entities under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, such as businesses that provide money transfer services, must be registered with FINTRAC, the Financial Transactions and Reports Analysis Centre of Canada, and are required to implement a compliance regime, keep certain records and ascertain client identification.

In addition, securities laws would apply to certain fintech business models such as peer-to-peer lending, crowdfunding and angel funding platforms, and robo-advising.

Many of these laws are evolving, and some regulators are taking steps to assist fintechs to meet regulatory obligations. The Ontario Securities Commission’s OSC LaunchPad, for example, engages with fintech businesses to provide support in navigating applicable securities regulation, and endeavours to keep regulation in step with digital innovation.

Assessing regulatory risk is one key to success, and failure to comply with applicable laws can have serious consequences. In addition to penalties that can be imposed by the regulators, fintech companies looking to provide services to, or partner with, established financial institutions will be subject to the scrutiny of these financial institutions, which have their own compliance objectives. No doubt, such financial institutions will be looking to confirm that the companies they are partnering with are compliant with applicable regulatory obligations.

If you are a fintech, or a company considering adopting fintech into your existing business model, EKB would be pleased to assist you in navigating the regulatory landscape.

 

Related Lawyers