Italy: Fintech

European provisions have impacted the Italian legal framework regarding payment services. In particular, the reference is made to: (i) Directive (EU) 2015/2366 on payment services in the internal market (the “PSD2”), and (ii) Directive 2009/110/EC on the taking up, pursuit and prudential supervision of the business of e-money institutions. At national level, the principal sources are: (i) Legislative Decree No. 385/1993 referred to as the Consolidated Law on Banking (“Italian Banking Act”), (ii) Legislative Decree No. 11/2010 which transposed the Directive 2007/64/CE into Italian law, and (iii) the Bank of Italy “Supervisory regulation of Payment institutions and Electronic money institutions” of 23 July 2019.

Payment institutions and e-money institutions can provide payment services. The establishment of a newly payment or e-money institution requires an authorization granted by the Bank of Italy. In such process, the Bank of Italy verifies that the applicant meets the conditions to ensure the sound and prudent management of the institution and the regular functioning of the payment system (e.g., initial paid-up capital, entity shareholding structure, programme of operations).

On top of the foregoing, payment services may also be provided by financial intermediaries established pursuant to Article 106 of the Italian Banking Act, on the condition that they have been specifically authorized for such purpose.

Even though cash still plays an important role in the Italian market, the most popular payment instruments are the non-cash payment instruments like payment cards and bank transfers. The use of non-cash alternatives is encouraged by financial inclusion policies which guarantee that all users have access to current or payment accounts and which facilitate the acceptance of e-payments by a broader platform of goods and services providers.

In such respect, Italy has duly implemented Directive 2014/92/UE (PAD) which, among other things, grants to anyone residing in the EU the right to open a payment account with basic features, including the execution of payment transaction such as direct debits or credit transfers.

According to PSD2 provisions, two new payment services, namely the account information service (“AIS”) and the payment initiation service (“PIS”) have been introduced into the Italian legal framework. In addition to banks as well as payment and e-money institutions could provide PIS and AIS. In this case, it is sufficient to inform the Bank of Italy of the intention to provide such payment services by sending a prior communication. On the other hand, companies not authorised yet to provide payments services require a specific authorisation to be released by the Bank of Italy. The authorisation process for the provision of AIS is simpler than those regarding the other payment services (by a way of example, the applicant does not have to provide information regarding the shareholding structure).

Data protection legislation Regulation EU 2016/679 (“GDPR”) has a strong bond with the PSD2. The matter has been addressed by the European Data Protection Board in its Guidelines 6/2020 on the interplay of the PSD2 with the GDPR.

Three substantial perspectives are highlighted. The first one concerns the legal basis for the processing. In such regards, the explicit consent required under Article 94, par. 2, of the PSD2 to access the customers’ financial data is not equivalent to the consent provided by the GDPR, as from a data protection viewpoint the processing of the customers’ financial and payment data by the TPPs takes place for the execution of a contract.

Secondly, a key issue is connected to the processing of silent parties’ data, i.e., subjects’ whose personal data are processed by that specific payment service provider for the performance of the contract with the payment service user. According to the aforementioned Guidelines, such processing takes place based on a legitimate interest of the TPPs. Yet this is not a solution for the processing of this information which can reveal a particular data of the silent party. Think – for example – of someone who receives a payment as indemnification of damages incurred while undergoing clinical practices: the cause of the payment may reveal recipient’s health data for which the legitimate interest cannot be a valid legal basis under the GDPR. The same issue arises when the particular data is the related to the payer, such as, for example, in the event of a donation to a political party or a religious association, for which the need to execute a contract is not a valid legal basis under the GDPR.

Thirdly, security measures and strong customer authentication practices are also key elements. Data protection laws impact open banking regarding the security measures that TPPs must apply. Indeed, service providers should be held to high security standards, including strong customer authentication. With respect to the above, Legislative Decree No. 90/2017 has introduced the possibility of using digital identities also for customer identification purposes, and the Bank of Italy, on the 30 July 2019, has also legitimised the use of innovative technological solutions, such as biometric recognition systems. However, such authentication methods must ensure the use of robust security measures, such as those set by the Garante Decision No. 513 of 12 November 2014 for the processing of biometric data.

In our jurisdiction, regulators closely follow technological developments in the financial field. The Bank of Italy seeks to improve its capacity to analyse developments in the financial markets and at the same time open up a new channel of dialogue – called the “FinTech Channel” – with operators who would like to propose innovative technological and organizational solutions in the financial services area, in order to make the Italian market more attractive. In this context, Law No. 58/2019, converting Law Decree No. 34/2019, provides for the establishment at the Ministry of Economy and Finance of the Fintech Committee. The Fintech Committee has the task to identify the objectives, define the programs and implement actions to promote the development of techno-finance.

Ministerial Decree No. 100/2021 introduced a “regulatory sandbox” with a view to setting up a temporary protected space dedicated to test technological ventures in the banking, finance and insurance sectors. The scheme will allow fintech operators to test innovative solutions with the benefit of a simplified regime under the supervision of the competent authorities.

At the EU level, the EU Commission issued a proposal for a regulation on a pilot regime for market infrastructures based on distributed ledger technologies (“DLT”). Such proposal aims at laying down a regulatory framework within which market operators can test innovative technological solutions, while complying with a regulatory environment that provides an adequate level of consumer and investor protection. In particular, the proposal aims to allow for experimentation through derogations for the use of DLT in the trading and post-trading of crypto-assets that qualify as financial instruments, where existing legislation precludes or limits their use.

No. Innovation and fintech are central in the financial debate in Italy. Clearly, in a fintech innovation environment, public Authorities are required to carefully analyse existing fintech examples to identify initiatives and projects that protect public interest, thereby ensuring a proper balance between the opportunities and the risks of the innovation process.

Overall, the Italian supervisory authorities’ attitude towards fintech ventures is mostly positive. In this respect, the Bank of Italy clarified that intends to support the innovation processes within the regulatory framework with due consideration for an evolutionary perspective.

There are no specific tax incentives addressing the fintech investments, nevertheless a wide range of tax bonuses may be benefited also by the fintech market players, such as tax credit for research and development, a patent box regime reducing the burden of taxation on revenues deriving from certain intellectual properties and incentive for innovative small-mid start ups.

A survey conducted by the Bank of Italy highlighted that investments are diverse and may involve the fine-tuning of business processes in baseline scenarios or, in more impactful scenarios, the reorganisation from scratch of processes and functions.

Some broader projects, born under the impulse of the open banking framework and the PSD2, share the aim of creating digital ecosystems, within which innovative interactions between participants in the financial system can take place.

In this respect, as recently highlighted by a survey of the Italian fintech market conducted by EY and by the Italian Fintech District (i.e., an organisation established to foster and drive innovation within the Italian fintech community), the activities of most Italian fintechs focus on the areas of crowdfunding, machine learning, artificial intelligence, smart payments and money transfers.

Fintech in Italy offers wide-ranging possibilities. Authorities are interested in these beneficial developments. They are aware that the development of fintech can deeply affect the ability of the financial industry to evolve and prosper, and that their decisions will influence these developments. Authorities are also aware that an active fintech ecosystem that is able to produce innovative technological solutions can be instrumental for financial firms to improve efficiency and the quality of their services.

In addition, fintech companies may sometimes benefit from a legal framework that is especially advantageous for the development of their activities. In particular, certain fintech companies may take advantage of the very favorable treatment that traceable payments are subject to in Italy. For example, certain tax deductions may only be applied when payment of the relevant services has occurred electronically.

Italy has set up an Entrepreneur Visa program, designed to attract talent and foreign investment in the country. For non-EU innovators willing to join the Italian startup ecosystem and to establish their innovative business, there is a specific procedure. It consists in a direct application through which the talent can send the documents requested to the Ministry of Economic Development’s Committee and obtain the startup self-employment visa.

As many other countries, Italy recognizes the value of highly qualified and skilled professionals in the development of its industry. Given the rapid rise in fintech investment and the great potential benefits associated with its implementation, the fintech industry could have some impact in immigration policy.

Fintech companies have features that are sometimes not fully compatible with the traditional IP rights of Italian system. Notwithstanding the legal difficulties, the principle of “technological neutrality” requires that the same rules of all IP rights should be applicable to any new technologies, regardless of the format in which a piece of work is incorporated and the technical methods with which it is reproduced. Firstly, fintech companies may rely on trademark and brand protection, to distinguish their products, the labelling thereof, and their websites, apps and so on. Patent protection would not likely be in the focus of a fintech. Under Italian law, indeed, both software programs and processes and business models “as such” are expressly excluded from patent protection. Software can be patentable if it has a technical effect that is new and non-obvious. A fintech may instead more easily rely on copyright protection to protect the source code of software or, to some extent, its graphics and architecture. Copyrightable works might also include underlying programming code, APIs, and various other audio, video, or any written related works. In some circumstances, a fintech may need to protect the confidential business processes which is not easily reverse-engineered and other strategic confidential information. A specific protection under Italian law could therefore arise from Articles 98-99 of the Italian Industrial Property Code. Database could also be a strategic asset for a fintech. Databases in Italy can be protected as copyright work only if for the choice or arrangement of the material, constitute an intellectual creation of the author. Certain database, however, could be inferred to fall within the scope of article 102-bis of Italian Copyright Law, concerning the so-called “noncreative databases”, providing for sui generis rights, not subject to the creativity/originality requirement.

The attention of the Italian legislator focused on the antimoney laundering aspects related to the use of cryptocurrencies. Indeed, Legislative Decree No. 231/2007 has introduced a definition of cryptocurrency to include cryptocurrencies exchanges providers among the entities obliged to fulfil AML requirements. For such purposes, cryptocurrency is defined as a digital representation of value, not issued or guaranteed by a central bank or a public Authority, which is not necessarily linked to a currency having a legal price, is used as a means of exchange for the purchase of goods and services or for investment purposes and is relocated, archived and electronically negotiated. In this respect, it is worth mentioning that on 18 July 2020 the Minister of Minister of Economic Development, in the context of a public consultation to collect proposals on the National Strategy for Blockchain, proposed to amend cryptocurrency definition in order to specifying that cryptocurrency has not got the legal status of currency or money but is accepted by natural or legal persons as a means of exchange. In addition, under Italian legal framework, cryptocurrencies exchange providers are required to be enrolled in a special section of the currency exchange register held by the Italian Agents and Credit Brokers Authority (Organismo degli Agenti e Mediatori Creditizi). Such special section is not operational yet.

The regulatory treatment of cryptocurrencies and cryptocurrency exchanges in Italy is likely to change dramatically in the future as a result of the forthcoming adoption of the EU Regulation on Markets in Crypto-assets (“MiCA Regulation” or “MiCAR”), which has been put forth with the view to developing an EU-wide sound legal framework able to clearly define the regulatory treatment of all crypto-assets that are not covered by existing financial services legislation.

To this end, and among other things, the entry into force of MiCAR will entail the need for crypto-asset service providers to comply with ad-hoc prudential and organisational requirements. In addition, an ad-hoc prudential framework will be established for issuers of stablecoins (or asset-referenced tokens).

So far, Italy has not adopted an ad-hoc regulatory framework applicable to initial coin offerings. However, as clarified by ESMA, when a crypto-asset issued in the context of an initial coin offering qualifies as a financial instrument pursuant to the MiFID framework, the regulatory framework (including, for example, the requirements relating to the adoption of a prospecuts) apply to the crypto-asset at stake.

The existence of the category of “financial products” under Italian law further complicates the picture by requiring additional considerations with respect to an offer of crypto-assets, since – even if they do not qualify as financial instruments – they could well qualify as financial products. A crypto-asset can be brought under this category on the basis of a test similar to the Howey test, thereby making it subject to – inter alia – the national prospectus and public offering requirements.

The future adoption of the MiCA Regulation is set to establish a much clearer regulatory framework with respect to initial coin offerings. While only applicable to crypto-assets that do not qualify as financial instruments, the MiCA Regulation will detail the mandatory disclosure requirements applicable to issuers of crypto-assets, which will include the obligation to publish an information document (called white paper) to be notified to the competent authorities.

At the national level, on 19 March 2019, Consob launched a public debate on its proposal of how to regulate ICOs and exchanges of cryptoassets. In particular, Consob has proposed: (i) to define the “platform for the offerings of cryptoassets” as an online platform exclusively aimed at the promotion and conduct of offerings of newly-issued cryptoassets, (ii) that the operators of such platforms would be only authorized operators of crowdfunding portals or other persons fulfilling fit and proper requirements, (iii) that such operators have to comply with several organization and operating requirements (e.g., ensuring business continuity and IT security of the platform), (iv) to establish an “opt-in” regime, in accordance to which the sponsor of the initiative would decide to use or not a dedicated platform. On 2 January 2020, Consob published its final report, in which the Authority highlighted, inter alia, that an approach suitable for balancing the need not to introduce excessive burdens, but ensuring safeguards of investors, is not to set organizational/capital requirements, but rather to focus on transparency (e.g., provision for the publication of an initial document for the offer, with minimal information containing elements on the transaction, on crypto-assets and on the exchange platforms on which the cryptoassets will be traded). Nevertheless, Consob’s proposals are likely to be overtaken by the entry into force of MiCAR.

There are multiple blockchain- and DLT-based startups and ventures in Italy. This range of companies embraces, inter alia, exchange platforms for cryptocurrencies (allowing the user to buy, sell, and exchange cryptoassets), the agriculture industry (allowing the collection and the distribution of information on agricultural processes for traceability and the certification of agricultural products), Bitcoin-based donations platforms, and peer to peer (P2P) platforms for enterprises that support the entire lifecycle of social business transactions.

A recent survey by the Bank of Italy highlighted that, in 2020, 56% of responding banks and banking groups had implemented artificial intelligence solutions, and that such figure was expected to increase by 2023. According to the survey, the level of use by 2020 and the forecast trend show that the area relating to marketing, commercial and customer service processes is the most affected by the use of artificial intelligence, followed by operations processes.

The regulators’ approach towards artificial intelligence is aimed at ensuring that artificial intelligence systems placed on the market and used are safe and respect existing laws. In this respect, the EU Commission’s recent proposal for a so-called “Artificial Intelligence Act” is aimed at, inter alia, providing supervisory authorities in the financial sector with the necessary powers with respect to artificial intelligence systems provided, or used, by regulated and supervised financial institutions.

The Italian insurtech landscape, although featuring a number of successful ventures, is still marked by significant margins of development. This notwithstanding, the number of new ventures is constantly increasing.

In this respect, the regulatory sandbox introduced by Ministerial Decree No.100/2021 with the purpose of allowing market operators to test innovative products and services with the benefit a simplified transitional regime is likely to encourage the development of further entrepreneurial initiatives.

As previously mentioned, payments and lending are particularly strong. With the implementation of the regulatory sandbox we expect to see significant growth in other fintech areas, including insurtech.

In Italy, collaboration between incumbent financial institutions and fintech companies has been constantly growing in the last years. Such cooperation is likely to have a positive outcome for both and offer an opportunity to accelerate innovation and lead to an overall optimisation of information systems.

In such respect, for example, the use of technology in the financial sector may help both to automate processes that would otherwise require human intervention and to improve the overall customer experience. To this end, financial services firms have long implemented internal technological solutions to support the provision of services to their customers and to ensure that they comply with the regulatory obligations.

The overall volume of fintech investments has significantly increased in the last few years.

Key Italian fintech ventures include “Spunta Banca DLT”, which is a project led by the Associazione Bancaria Italiana (ABI). Spunta is a DLT- and smart contract-based application which enables banks to: (i) quickly identify mismatches in interbank transactions by securely sharing common data, (ii) perform checks and exchanges directly within the application, and (iii) use standardised processes and communications to fix issues.

Even if several Italian banks are adopting new technologies, improving their internal processes, and focusing more on value added services, other institutions are exposed to disruption risk. Indeed, small/midsize banks may not have the capacity to invest in digital innovation and to cope with competitive pressures arising from larger banks. Having said that, such event is not likely to occur shortly. Indeed, considering Italian clients’ conservatism and cultural constraints, the adoption of digital banking might take longer in Italy than in other countries notwithstanding the efforts of the market players as well as the competent Authorities. In addition, for the time being it seems that retail clients keep on preferring traditional banks. Therefore, laggard banks would have more time to react and become innovative.

Even so, the Italian fintech market is highly dynamic and many players active in the European market were first established in Italy before expanding to other countries. This is especially true with respect to the payments sector, financial advice and online provision of investment services.