Italian Fintech Sandbox
by Massimiliano Nicotra e Ilaria Giulia Bortolotto
In the path of other initiatives carried out by other European countries and after the other initiatives taken by the Italian governments concerning Fintech, Blockchain Technology and crypto-assets, Italy has instituted and regulated a “Fintech sandbox”.
This Sandbox, will allow anyone wishing to promote new services in the banking, finance and insurance sectors, to benefit from certain regulatory and normative exemptions for a limited period of time by establishing constant control and dialogue with the relative monitoring and supervisory authorities.
The Italian actors in the Fintech sector have been waiting for a long time, especially since, six months ago, the Italian government introduced the possibility to create regulatory Sandboxes in Fintech with the Article 36, paragraph 2 bis of the Law decree no. 34 of April 30, 2019 (coordinated with conversion law June 28, 2019, no. 58).
Beginning in September 2021, though, it will all become more “real” for interested parties to begin to apply for admission to the sandbox in accordance with the law decree specially established by the Ministry of the Economy and Finance to regulate the phenomenon, that is the Law decree no. 100 of April 30, 2021 (published in the Official Gazette of July 2, 2021)
After the first time window of application others will follow, always lasting a maximum of a couple of months and probably with some modifications with respect to the previous ones. The supervisory authorities of the three sectors (banking, financial and insurance) will agree on the duration of the window, the maximum number of subjects accepted for each authority as well as, eventually, the specific technologies for which that window will be reserved.
Nonetheless, the decree recently issued not only has the function of establishing a “deregulated space” for operators in fintech but, due to its great flexibility, becomes a tool with greater utility and advantages.
In particular, thanks to the introduction of an informal interlocutions system (described above) and a “Fintech committee” (involving the MISE, the three supervisory authorities, (Bank of Italy, Consob and IVASS) and representatives of the AGCM, the Data Protection Authority, AgID and the Tax Agency) which can make proposals for regulatory intervention also at European level, this latest regulation puts in place a mechanism that, as will be seen, allows the regulator, institutions and authorities to fully understand the new directions of the technological world and monitor them, adopting the right measures to guarantee the correct development of future projects.
Who can apply?
In order to participate, it is necessary to submit a project that falls within the banking, finance or insurance sector and meet the requirements set forth for each time window. In addition, as indicated under art. 5 paragraph 1, it is necessary to fall within one of the following cases:
a) the technological innovation activity would be subject to authorization or enrolment in registers and lists kept by the Bank of Italy, Consob or IVASS, or even though it is subject to this requirement it falls into a case of exclusion
b) it is an activity that is carried out in favour of a regulated subject affecting profiles that are subject to regulation in the reference sectors
c) it is carried out by a subject who is already regulated by one of the relative Authorities.
It is important to underline that if the activity affects one of the three sectors mentioned earlier but does not fall under one of the hypotheses envisaged above, the operator will still be able to access the mechanism of “informal interlocutions” without, however, accessing the sandbox.
“Informal interlocutions” with supervisors are a very useful mechanism that not only serves to help applicants understand to whom and how to apply, but has also been made available to all those who do not qualify to join the sandbox but who engage in activities with similar characteristics and risks (Art. 5 paragraph 2, Decree 100/2021). In fact, once these subjects have been consulted, the competent authority sends a report to the “Fintech committee” illustrating the market phenomenon of which that project is a “witness” and indicating the possible need for regulatory intervention. In this way, it will be much easier to keep track of new instances and developments in this and related sectors.
Application content: the important role of Law firms and Law Professionals in preparing the application
The Fintech operators who intend to access the sandbox must describe in the application form a series of elements, including:
- a description of the project (objectives, duration, expected added value), its innovative potential and the reasons for the application;
- a proof of concept, including a business plan;
- an indication of the relevant applicable guidelines, rules and regulations of which total or partial derogation is requested (that constitutes the “real” content of the sandbox);
- an explanation of the risks and measures taken to mitigate them;
- tools to protect users;
- the forecast of the impact that the end of the experimentation will have on the activities carried out during the “temporal window”;
- description of the results of any sandboxes already set up with foreign authorities;
- a series of self-certifications relating to the absence of over-indebtedness procedures, to the management’s honorability and to the approval of the financial statements of the last five years;
- the documentation required for authorization or registration in the register or list;
- the declarations of the regulated parties, if present, to which the activity is directed.
Considering these informations and datas needed, although the mechanism of informal interlocutions also has the function of assisting the subjects for presenting the application form, the need for qualified assistance is evident, particularly in view of the numerous specific and technical elements listed above.
This is why the role of law firms and individual professionals is so important. Unlike fintech committee authorities, they can indeed ensure and maintain continuous and close contact with the customer. In this way, they are able to understand the project in depth and identify in more detail the relevant legislation and the exemptions that need to be applied for. This will ensure the application is sufficiently accurate to allow the operator to enter the sandbox and take advantage of the period of excemptions. On the other hand, legal professionals will be able to include among the services offered, that of assistance in submitting applications for the sandbox.
Moreover, they will be able to understand and correctly interpret the applicable regulations, especially in view of certain inconsistencies that Decree 100/2021 already includes. For instance, an important contradiction can be seen in the fact that first it is foreseen (under Art. 5 lett. a) that the application can be presented by those who should obtain authorizations from the authorities or be enrolled in the appropriate registers (but who evidently do not have the necessary requirements) and then it is required them to present exactly the necessary documentation to proceed with regard to such authorizations or inscriptions of which, precisely, they are inconsistent and for which they ask to enter into the sandbox.
Entering in the Fintech Sandbox
Once completed and delivered the application form, the preliminary investigation phase begins. In this phase, the supervision authority verifies the completeness and admissibility of the application and the appropriateness of the exemptions requested and it may also request clarifications or documental integration from the applicant, as well as opinions from another authority or the Committee itself. The evaluation period can last 45 days, at the end of which reports are sent to the secretariat of the Fintech committee and, in the following 5 days, to the individual members of the committee. On this basis, the committee can request the convocation of the competent authorities to assess the results of their evaluations. If the activity involves more than one Authority, all the investigations must have had a positive outcome in order to be admitted. The operators to be admitted are selected based on the innovativeness and possible outcome of the project and, if not selected, they are automatically considered for the next “window time” (as long as they have not withdrawn the application). Upon the positive outcome of the inquiry, another 60 days must be waited for the adoption of the admission order. Furthermore, for those subjects who intend to carry out an activity that would be subject to authorization or enrolment in a register, the relative provision is also provided for. The operators admitted to the sandbox are then included in a special register, kept by the technical secretariat of the FinTech Committee and published on its website.
Once the admission order has been issued, the experimental period starts. This will take place under the close monitoring of the authorities, who must be constantly provided with information on the basis of which they may also order modifications of the admission order. The outcome of the trial will be assessed on the basis of the quantitative and qualitative indicators indicated in the admission order. Operators must inform users of the expiry of the trial period at least 15 days in advance. Once this period has ended, the derogations will cease and the relevant regulations will be fully applied. In the event of a negative outcome, operators must indicate the measures to be taken to close the relationship with users.
Thanks to the legislative initiative recently issued, the regulatory framework is completed and the Fintech Sandbox becomes fully operational, even though more precise and specific indications for each participant will be provided only with the admission order.
This will indeed determine modalities and duration of the experimentation period (no longer than 18 months with the possibility of extension, but always within 18 months and any extra 12 months for operators subject to registration) and the measures to be adopted in response to any risks and, above all, in order to protect customers. In particular, the operator must obtain the express consent of customers to enter into a relationship with him, informing him of the experimental nature of the project and the risks connected with it, guaranteeing them the right to withdraw at any time as well as a mechanisms to ensure effective and rapid compensation for any damage (also by providing financial or insurance guarantees).
The main content of the admission order, however, is the specific exemptions given to each participant during the experimentation period. In fact, the Italian ministry, unlike in other scenarios, has decided not to determine equal and generic exceptions and limitations, but to set, depending on the needs expressed in the application form, “tailor-made” derogations and rules (specified in art. 14, Decree 100/2021) to which each subject will have to adhere. It will be possible, for example, to grant derogations with regard to information obligations, financial guarantees, governance of the subjects admitted, risk management constraints and with regard to the corporate forms envisaged to carry out the permitted activities or any professional requirements for company representatives. They may also issue authorizations that are less extensive than those provided for by law (limiting the types of activity or number of users involved).
This “customized” approach is made possible thanks to the wide discretionary powers given to the regulation authorities, the admission procedure (especially the inquiry phase, which includes an important dialogue between authorities and operators), the important coordinating role of the Fintech committee and the constant collaboration between operators, the various relevant institutions and the three regulation authorities interested in the sectors.
The instrument of the sandbox as conceived by the Italian Government and, in particular, the collaborative and monitored environment it creates, enables the actors to gain a more in-depth understanding of the dynamics of a sector that is, in fact, complex and constantly evolving. In this way, the regulator will be able not only to better realize the effect and effectiveness of the rules already in place and therefore the possible need to innovate them or make less stringent these constraints, but also to intercept the most ” driven ” technological innovations and the needs of the sector with the goal of a rapid and, at the same time, conscious implementation of these new technologies.