This country-specific Q&A provides an overview of Fintech laws and regulations applicable in Italy.
What are the sources of payments law in your jurisdiction?
European provisions have impacted the Italian legal framework regarding payment services. In particular, the reference is made to: (i) Directive (EU) 2015/2366 on payment services in the internal market (the “PSD2”), and (ii) Directive 2009/110/EC on the taking up, pursuit and prudential supervision of the business of e-money institutions.
At national level, the principal sources are: (i) Legislative Decree No. 385/1993 referred to as the Consolidated Law on Banking (“Italian Banking Act”), (ii) Legislative Decree No. 11/2010 which transposed the Directive 2007/64/CE into Italian law (“Decree 11”), and (iii) the Bank of Italy “Supervisory regulation of Payment institutions and Electronic money institutions” of 23 July 2019.
Can payment services be provided by non-banks, and if so on what conditions?
Payment institutions and e-money institutions can provide payment services. The establishment of a newly payment or e-money institution requires an authorization granted by the Bank of Italy. In such process, the Bank of Italy verifies that the applicant meets the conditions to ensure the sound and prudent management of the institution and the regular functioning of the payment system (e.g., initial paid-up capital, entity shareholding structure, programme of operations).
What are the most popular payment methods and payment instruments in your jurisdiction?
Even though cash still plays an important role in the Italian market, the most popular payment instruments are the non-cash payment instruments like payment cards and bank transfers. The use of non-cash alternatives is encouraged by financial inclusion policies which guarantee that all users have access to current or payment accounts and which facilitate the acceptance of e-payments by a broader platform of goods and services providers.
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
According to PSD2 provisions, two new payment services, namely the account information service (“AIS”) and the payment initiation service (“PIS”) have been introduced into the Italian legal framework.
In addition to banks as well as payment and e-money institutions could provide PIS and AIS. In this case, it is sufficient to inform the Bank of Italy of the intention to provide such payment services by sending a prior communication. On the other hand, companies not authorised yet to provide payments services require a specific authorisation to be released by the Bank of Italy. The authorisation process for the provision of AIS is simpler than those regarding the other payment services (by a way of example, the applicant does not have to provide information regarding the shareholding structure).
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
Data protection legislation Regulation EU 2016/679 (“GDPR”) has a strong bond with the PSD2. The matter has been recently addressed by the European Data Protection Board in its Guidelines 6/2020 on the interplay of the PSD2 with the GDPR. Three substantial perspectives are highlighted:
i) The legal basis for the processing
The explicit consent required under Article 94, par. 2, of the PSD2 to access the customers’ financial data is not equivalent to the consent provided by the GDPR, as from a data protection viewpoint the processing of the customers’ financial and payment data by the TPPs takes place for the execution of a contract.
ii) Processing of silent parties’ data
Data protection principles affect the lawfulness of the processing carried out by the TPPs, such as the processing of the personal data of silent parties, i.e., subjects’ whose personal data are processed by that specific payment service provider for the performance of the contract with the payment service user. According to the aforementioned Guidelines, such processing takes place based on a legitimate interest of the TPPs.
iii) Security measures and strong customer authentication
Lastly, data protection laws impact open banking regarding the security measures that TPPs must apply. Indeed, service providers should be held to high security standards, including strong customer authentication.
With respect to the above, the Legislative Decree No. 90/2017 has introduced the possibility of using digital identities also for customer identification purposes, and the Bank of Italy, on the 30 July 2019, has also legitimised the use of innovative technological solutions, such as biometric recognition systems. However, such authentication methods must ensure the use of robust security measures, such as those set by the Garante Decision No. 513 of 12 November 2014 for the processing of biometric data.
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
In our jurisdiction, regulators closely follow technological developments in the financial field. The Bank of Italy seeks to improve its capacity to analyse developments in the financial markets and at the same time open up a new channel of dialogue – called the “FinTech Channel” – with operators who would like to propose innovative technological and organizational solutions in the financial services area, in order to make the Italian market more attractive.
In this context, Law No. 58/2019, converting Law Decree No. 34/2019, provides for the establishment at the Ministry of Economy and Finance of the Fintech Committee. The Fintech Committee has the task to identify the objectives, define the programs and implement actions to promote the development of techno-finance, also in cooperation with foreign entities, as well as to formulate regulatory proposals and facilitate the contact of operators in the sector with institutions and Authorities.
Furthermore, Law No. 58/2019 introduced a regulatory sandbox. Its purpose is to allow fintech companies to test new business models that aim at developing innovative services and products in finance lending and insurance sectors using new technologies such as block chain and artificial intelligence. The experimentation will be characterized by: (i) a maximum duration of eighteen months, (ii) reduced capital requirements on the part of the members, (iii) simplified requirements proportionate to the activities to be carried out, (iv) reduced timescales for authorization procedures, and (v) definition of operating perimeters. Decree Law No. 34/2019, as converted, states that one or more regulations of the Ministry of Economy and Finance, after consulting the Bank of Italy, Consob (i.e., the Italian National Commission for Companies and the Stock Exchange) and IVASS (i.e., the Italian Institute for the Supervision of Insurance) shall be adopted in order to govern the conditions and methods to test fintech activities in Italy. A public consultation on the draft regulation was launched by the Ministry of Economy and Finance. Such public consultation was completed on March 19, 2020, but a final version of the regulation has not been issued yet.
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
No. Innovation and fintech are central in the financial debate in Italy. Clearly, in a fintech innovation environment, public Authorities are required to carefully analyse existing fintech examples to identify initiatives and projects that protect public interest, thereby ensuring a proper balance between the opportunities and the risks of the innovation process.
What tax incentives exist in your jurisdiction to encourage fintech investment?
There are no specific tax incentives addressing the fintech investments, nevertheless a wide range of tax bonuses may be benefited also by the fintech market players, such as tax credit for research and development, a patent box regime reducing the burden of taxation on revenues deriving from certain intellectual properties and incentive for innovative small-mid start ups.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
The areas that attract more interest in Italy are payments and lending.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
Fintech in Italy offers wide-ranging possibilities. Authorities are interested in these beneficial developments. They are aware that the development of fintech can deeply affect the ability of the financial industry to evolve and prosper, and that their decisions will influence these developments. Authorities are also aware that an active fintech ecosystem that is able to produce innovative technological solutions can be instrumental for financial firms to improve efficiency and the quality of their services.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
Italy has set up an Entrepreneur Visa program, designed to attract talent and foreign investment in the country. For non-EU innovators willing to join the Italian startup ecosystem and to establish their innovative business, there is a specific procedure. It consists in a direct application through which the talent can send the documents requested to the Ministry of Economic Development’s Committee and obtain the startup self-employment visa.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
As many other countries, Italy recognizes the value of highly qualified and skilled professionals in the development of its industry. Given the rapid rise in fintech investment and the great potential benefits associated with its implementation, the fintech industry could have some impact in immigration policy.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
Fintech companies have features that are sometimes not fully compatible with the traditional IP rights of Italian system. Notwithstanding the legal difficulties, the principle of “technological neutrality” requires that the same rules of all IP rights should be applicable to any new technologies, regardless of the format in which a piece of work is incorporated and the technical methods with which it is reproduced. Firstly, fintech companies may rely on trademark and brand protection, to distinguish their products, the labelling thereof, and their websites, apps and so on. Patent protection would not likely be in the focus of a fintech. Under Italian law, indeed, both software programs and processes and business models “as such” are expressly excluded from patent protection. Software can be patentable if it has a technical effect that is new and non-obvious. A fintech may instead more easily rely on copyright protection to protect the source code of software or, to some extent, its graphics and architecture. Copyrightable works might also include underlying programming code, APIs, and various other audio, video, or any written related works. In some circumstances, a fintech may need to protect the confidential business processes which is not easily reverse-engineered and other strategic confidential information. A specific protection under Italian law could therefore arise from Articles 98-99 of the Italian Industrial Property Code. Database could also be a strategic asset for a fintech. Databases in Italy can be protected as copyright work only if for the choice or arrangement of the material, constitute an intellectual creation of the author. Certain database, however, could be inferred to fall within the scope of article 102-bis of Italian Copyright Law, concerning the so-called “non-creative databases”, providing for sui generis rights, not subject to the creativity/originality requirement.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
The attention of the Italian legislator focused on the anti-money laundering aspects related to the use of cryptocurrencies. Indeed, Legislative Decree No. 231/2007 (“Italian AML Legislative Decree”) has introduced a definition of cryptocurrency to include cryptocurrencies exchanges providers among the entities obliged to fulfil AML requirements. For such purposes, cryptocurrency is defined as a digital representation of value, not issued or guaranteed by a central bank or a public Authority, which is not necessarily linked to a currency having a legal price, is used as a means of exchange for the purchase of goods and services or for investment purposes and is relocated, archived and electronically negotiated. In this respect, it is worth mentioning that on 18 July 2020 the Minister of Minister of Economic Development, in the context of a public consultation to collect proposals on the National Strategy for Blockchain, proposed to amend cryptocurrency definition in order to specifying that cryptocurrency has not got the legal status of currency or money but is accepted by natural or legal persons as a means of exchange.
In addition, under Italian legal framework, cryptocurrencies exchange providers are required to be enrolled in a special section of the currency exchange register held by the Italian Agents and Credit Brokers Authority (Organismo degli Agenti e Mediatori Creditizi). Such special section is not operational yet.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
On 19 March 2019, Consob launched a public debate on its proposal of how to regulate ICOs and exchanges of cryptoassets. In particular, Consob has proposed: (i) to define the “platform for the offerings of cryptoassets” as an online platform exclusively aimed at the promotion and conduct of offerings of newly-issued cryptoassets, (ii) that the operators of such platforms would be only authorized operators of crowdfunding portals or other persons fulfilling fit and proper requirements, (iii) that such operators have to comply with several organization and operating requirements (e.g., ensuring business continuity and IT security of the platform), (iv) to establish an “opt-in” regime, in accordance to which the sponsor of the initiative would decide to use or not a dedicated platform.
On 2 January 2020, Consob published its final report, in which the Authority highlighted, inter alia, that an approach suitable for balancing the need not to introduce excessive burdens,
but ensuring safeguards of investors, is not to set organizational/capital requirements, but rather to focus on transparency (e.g., provision for the publication of an initial document for the offer, with minimal information containing elements on the transaction, on crypto-assets and on the exchange platforms on which the crypto-assets will be traded).
For the time being, a specific regulation on ICOs has not been issued yet.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
There are approximately 77 blockchain startups in Italy. This range of companies embrace, inter alia, exchange platform for cryptocurrencies (allowing the user to buy, sell, and exchange crypto assets), agriculture industry (allowing the collection and the distribution of information on agricultural processes for traceability and the certification of agricultural products), bitcoin based donations platform, and peer to peer (P2P) platform for enterprises that supports the entire lifecycle of social business transactions.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Authorities are aware that artificial intelligence applied to customer profiling allows to offer more and more customized products and services and that 3D printers and industrial robots open new opportunities for the automation of production activities. Moreover, the adoption of more advanced technologies within the bank can facilitate their compliance with operational risk control obligations.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
A research conducted by the Italian Insurtech Association shows that the insurtech is progressing but is not yet advanced.
Are there any areas of fintech that are particularly strong in your jurisdiction?
As previously mentioned, payments and lending are particularly strong. With the implementation of the regulatory sandbox we expect to see significant growth in other fintech areas, including insurtech.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
Financial services firms have long implemented internal technological solutions to support the provision of services to their customers and to ensure that they comply with their regulatory obligations. However, the more recent phenomenon of fintech appears to be elevating this process to a new level, because of significant investments in new technologies.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Between 2017 and 2020 the number of fintech investments has increased in bank and financial sector. Such investments are heterogeneous and include refinement of bank and financial institutions business processes and the ex novo reorganization of entities process and functions. Some projects are aimed at building digital ecosystems, which allow innovative interactions between the participants in the financial system and are addresses to customers and companies.
In addition, several banking and financial entities have entered into partnership agreements with Fintech companies or have directly purchased their shares.
Are there any strong examples of disruption through fintech in your jurisdiction?
Even if several Italian banks are adopting new technologies, improving their internal processes, and focusing more on value added services, other institutions are exposed to disruption risk. Indeed, small/midsize banks may not have the capacity to invest in digital innovation and to cope with competitive pressures arising from larger banks.
Having said that, such event is not likely to occur shortly. Indeed, considering Italian clients’ conservatism and cultural constraints, the adoption of digital banking might take longer in Italy than in other countries notwithstanding the efforts of the market players as well as the competent Authorities. In addition, for the time being it seems that retail clients keep on preferring traditional banks. Therefore, laggard banks would have more time to react and become innovative.
Estimated word count: 3044
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.