Subscribe and Never Miss Out
Subscribe now and stay up to date will all our latest articles for free.
Massimo Donna has been a lawyer focusing on technology and finance for over 20 years. After graduating from the University of Rome – La Sapienza, and completing a Masters Degree in European Union Law at Universidad Autonoma, Madrid, Massimo worked in New York and London at a number of international law firms. A 6-year stint as a senior counsel in charge of South EMEA and Spanish LATAM at a multinational software company allowed Massimo to gain an unparalleled understanding of the workings of digital enterprises. Massimo regularly advises clients on tech-driven M&A, FinTech, AI and, in general, contentious and non-contentious IT and commercial matters. Massimo regularly contributes to international legal publications and lectures on the intersections of technology, finance and the law.
Chiara Bianchi specialises in contentious IT and commercial matters, as well as in regulatory matters. Chiara is an ITechLaw member, and a regular contributor to international publications in the FinTech and Cybersecurity sectors. She has been a partner at Paradigma – Law & Strategy since 2020.
Giorgia Bevilacqua’s practice focuses on contentious and non-contentious IT and commercial matters. Giorgia is Italian mother tongue and speaks English and Spanish fluently.
In 2022 FinTech investment in Italy increased by 240% vis-a-vis the previous year. Such outstanding figures were achieved on the back of certain VC-funded “mega-rounds”, each of them worth in excess of 50 million Euros, but also as a result of a number of smaller investments across the Financial Technology board. Within the FinTech sector, most investments have focused on digital payments, InsurTech, RegTech and Open Banking. Whilst final data are not available for 2023 yet, the general sentiment is that higher interest rates have triggered a not insignificant drop in Venture Capital activity, both by number of deals and size. As for crypto, investments have followed the general trend, dropping as a result of the FTX debacle. On the bright side, the coming into force of the EU DLT Pilot Regime and of the Italian FinTech Decree prompted a renewed enthusiasm for tokenisation with financial and banking regulators, as well as in the private sector. Also, the government Sandbox Programme has yielded some excellent results, with its second application window due to close in early December 2023.
A broad range of Fintech offerings are now available in Italy, with Payment Systems, Crypto Assets and Crowdfunding certainly counting on the broader user base and being on the regulators’ and supervisors’ radars.
Payment Systems. With the transposition into the Italian legal system of EU Directive 2015/2366 (the second Payment Service Directive, or “PSD2”), banking
intermediaries (or ASPSPs, Account Servicing Payment Service Providers) must allow access to third party providers (“TTPs”) in order for them to provide certain payment services, even in the absence of an agreement between ASPSPs and TTPs. In particular, TTPs include Payment Initiation Service Providers (“PISPs”), Account Information Service Providers (“AISPs”) and card-based payment instrument issuers (“CBPIIs”). ASPSPs must ensure the identification of and secure communication with TTPs for the purposes of the provision of payment services either by way of adapting their customer interface or by setting up a dedicated interface for TTPs. ASPSPs must also set up a fall-back interface, unless they are exempted from doing so based on the verified robustness of their TTP interface. In Italy, most ASPSPs have opted to adopt the interfaces (also dubbed Open Banking Platforms) developed by four platform service providers. Only a few ASPSPs elected to develop their own proprietary interfaces, typically adapting their customer interfaces. The Bank of Italy, as the authority responsible for overseeing payment systems, is in charge of supervising ASPSPs to make sure that they allow TTPs the required level of access, but also of supervising Open Banking Platform providers and infrastructure service providers. By the end of 2022 more than eighty TTPs operated in Italy, most of them authorised both as AISPs and PISPs, but the industry consensus is that the number of active TTPs in Italy is bound to dramatically increase in the next few years.
Crowdfunding. The EU crowdfunding regulation (EU Regulation no. 2020/1503) came into force on 10 November 2023, replacing the previous national regime. In fact, Legislative Decree no. 30 of 30 March 2023, amended the Italian legal system in order to ensure the regulation’s full application. On 5 June 2023 the financial markets regulator and supervisor (CONSOB, Commissione Nazionale per le Società e la Borsa) adopted a new crowdfunding regulation in line with EU law. For its part, on 17 May 2023 the Bank of Italy launched a consultation on the supervising guidelines on crowdfunding service providers, the outcome of which was published on 2 August 2023. The EU Regulation covers the service of facilitating the granting of loans (lending-based crowdfunding), and that of placing without a firm commitment basis, as well as the reception and transmission of clients’ orders of, transferable securities and crowdfunding instruments (investment-based crowdfunding) via online platforms. The Regulation also covers the individual management of portfolio loans, i.e. the case in which clients entrust the crowdfunding service provider with capital, and the service provider allocates such capital on different lending projects available on its online platform. Regardless of any additional authorisation held, the crowdfunding service provider must obtain an ad-hoc authorisation to provide crowdfunding services, whilst holding additional authorisations (for example for the provision of investment services or activities, or for payment services) may allow the provision of further services along with the crowdfunding services. Crowdfunding services authorisations are granted by CONSOB further to consulting with the Bank of Italy, unless the applicant already holds a banking, payment or e-money institution, or financial intermediary authorisation, in which case the crowdfunding authorisation is granted by the Bank of Italy upon consultation with CONSOB. Noticeably, the Legislative Decree stipulates that, as an exception to the general rule that quotas of Limited Liability Companies (Società a Responsabilità Limitata) cannot be offered to the public, such quotas can be placed via crowdfunding platforms.
Robo-advice. Under the EU MIFID II Directive – principally transposed in Italy by way of amending the TUF (Testo Unico della Finanza) – financial advice is a regulated activity, which can only be carried out by entities authorised to provide investment services and activities in Italy. In simple terms, Robo-advice can be described as the activity carried out by Artificial Intelligence agents by collecting and processing a great amount of investors’ data in order to recommend the most appropriate investment service. Whilst Robo-advice has been heralded by some as the potential solution to prevent agency and conflicts of interest, it can also pose significant threats to investors. In fact, algorithms can be faulty, due both to their design, bugs or hacking, and algorithmic appropriateness does not necessarily coincide with regulatory appropriateness. Concerns have been raised in relation to the suitability of the advice rendered by robo-advisors, which ESMA tried to tackle by way of its 2018 Guidelines on certain aspects of the MIFID II suitability requirements. In particular, the ESMA report included some noticeable algorithmic transparency obligations on robo-advisory service providers. From a financial stability standpoint, it has been noted that robo-advisors tend to route customers’ investments towards Exchange Traded Funds (ETFs), which could lead to herding behaviours that could eventually dent market stability. The above concerns notwithstanding, robo-advisors are steadily increasing their market share in Italy.
Buy Now Pay Later (Consumer). The typical BNPL structure involves a vendor allowing its customers to pay only a portion of a service’s or a product’s price, and settle the balance in monthly payments. At the same time the vendor would assign the relevant account receivable to a bank or an intermediary. Since no direct contractual relationship is established between the bank/intermediary and the consumer, the consumer credit legislation does not apply. This is going to change with the coming into force of Directive (EU) 2023/2225, which will also apply to consumer BNPL -with a few specific exceptions- and may also require BNPL service providers to be granted ad-hoc authorisations.
Algorithmic Credit Scoring utilises big data and next generation AI-based business analytics to provide swifter and customised credit scoring services. Algorithmic Credit Scoring is also increasingly used in the insurance sector, as there appears to be a correlation between credit scoring and risk profile. Relinquishing personal data is still regarded with some degree of suspicion in Italy, even if people are realising that only with better profiling can customised services be enjoyed.
AI-based alternative lenders aims at simplifying and expediting the traditional bureaucratic borrowing experience. Some of these new breeds of lenders grant loans and financing in a matter of minutes leveraging artificial intelligence. Other Fintech startups are focusing on revenue-sharing lending, allowing borrowers to repay their loan periodically through their business proceeds.
Crypto Services (Exchanges and Wallets). Operating a crypto exchange in Italy (i.e., the businesses of converting cryptocurrencies into different cryptocurrencies, fiat money into cryptocurrencies, or the other way around) is not regarded, per se, as an investment service, hence is not subject to authorisation by CONSOB. Crypto exchanges and wallet service providers, however, must meet rigorous anti-money laundering (“AML”) requirements pursuant to the AML5 EU Directive, as implemented in Italy by way of amendment to Legislative Decree no. 231 of 2007. In addition, as from 16 May 2022, all Crypto Services providers operating in Italy are required to enrol with an ad hoc register (the “OAM Register”) held by the public body governing financial agents and mediators. Applicants can be either individuals or legal persons, in the latter case incorporated in Italy or – if incorporated in another EU Member State – having set up a permanent establishment in Italy.
Micar. With the coming into force of Micar (Regulation (EU) 2023/1114 on Markets in Crypto Assets), the regulation of offering/issuance of Asset Referenced Tokens (“ARTs”), E-Money Tokens (“EMTs”) and of other tokens not belonging to the aforementioned categories (“Utility Tokens”) shall be unified at EU level. Micar will also regulate the provision of crypto-asset services. However, although Micar has been widely welcomed as a measure providing certainty to the regulatory environment of the crypto sector, certain open issues are still outstanding. For example, Micar shall not apply to crypto assets that fall within the application of MIFID II, however, such a directive leaves some room to Member States as to the definition of financial instruments. Also, certain crypto assets may not fall within the definition of financial instruments, but may be regarded as financial products and be subject to certain national prospectus requirements.
Tokenisation. Under Regulation (EU) 858/2022 (the so called “DLT Pilot Regime”) certain financial instruments can be issued and negotiated on distributed ledgers. In particular, such digital financial instruments can be negotiated on DLT multilateral trading facilities (“DLT MTF”), settled on DLT securities settlement systems (“DLT SSS”), as well as both traded and settled on a DLT trading and settlement system (“DLT TSS”) which combines activities of both a DLT MTF and a DLT SSS. At a national level, Italy adopted Law Decree no. 25 of 17 March 2023 -which was dubbed the “Fintech Decree”- not only to introduce all the necessary changes for the full application of the DLT Pilot Regime, but also to allow the tokenisation of financial instruments even if they are not negotiated on trading venues.
Regulators and Supervisors
CONSOB is the financial market watchdog in charge of supervising entities carrying out investment services and activities (intermediaries) or offering financial products, as well as regulated markets and other trading venues and issuers of financial instruments. CONSOB’s responsibilities are extremely broad as they span from: granting (or denying) authorisations to carry out investment services in Italy; ensuring that investment services providers established in other EU countries meet the requirements to carry out their activity in Italy; ensuring that entities offering financial products draw up an appropriate prospectus describing the products that they intend to offer and obtain CONSOB’s approval on the prospectus; and supervising the functioning of regulated markets, trading venues and issuers, including their reporting and governance obligations and IPOs duties. Over the past few years, as an increasing number of players in the crypto domain entered the Italian market, CONSOB has found itself facing several challenges, such as determining whether the new crop of crypto offerings fall within the definition of financial products or financial instruments.
The Bank of Italy is part of the European System of Central Banks (ESCB). In this context, the Bank of Italy works along with and supports the European Central Bank in granting banking authorisations, supervising banks and, when required, sanctioning them. In particular, banking authorisations are granted by the European Central Bank upon the proposal of the Bank of Italy. The Bank of Italy, along with the European Central Bank and in the framework of the Single Supervisory Mechanism, is also responsible for carrying out prudential supervision over Italian banks. Typically, significant banks are under the responsibility of the European Central Bank and less significant lenders are looked after by the Bank of Italy. However a bank’s significance may vary over time or there may be other specific reasons why a lender should be supervised directly by the ECB. Most significantly for fintechs, the Bank of Italy’s financial intelligence unit (Unità di Informazione Finanziaria) is in charge of enforcing AML legislation, which is of particular relevance for crypto service providers and, in general, all fintechs.
Fintech Sandbox Programme.
A long-awaited piece of legislation introducing regulatory sandboxes for Fintech businesses was recently passed. In fact, on 17 July 2021, the Decree of the Ministry of Economy and Finance no. 100 of 30 April 2021 entered into force (the “Sandbox Decree”). The idea behind the Sandbox Decree is to set up a FinTech Committee composed of representatives of all the authorities potentially involved in the authorisation or supervision of Fintech businesses, i.e. CONSOB, the Bank of Italy, the communications authority (AGCOM), the competition authority (AGCM), the data protection authority, the governmental body in charge of digitalisation, the tax agency and the insurance industry supervisor. The FinTech Decree has so far benefited dozens of startups, also facilitating the cooperation between fintechs and established players in the financial and banking sector.