2 minute read
AUSTRIA Law and Practice
Contributed by: Markus Fellner, Florian Kranebitter and Florian Henöckl, Fellner Wratzfeld & Partners
This is followed by the third phase, the “test phase”. In this phase, the company is allowed to carry out activities requiring a licence under the supervision of the FMA.
After the test phase, the business model is evaluated and released from the sandbox and transferred to regular supervision. If the requirements are met, a decision is made to lift the restrictions in the licence/registration notice.
2.6 Jurisdiction of Regulators
As explained in 2.2 Regulatory Regime, a large number of regulatory provisions apply to fintech firms. The regulatory conditions are defined especially (i) by the requirements of the EU legislature, and (ii) by the national legislature, whereby European law generally takes precedence over national law. In practice, an exact demarcation is only possible to a very limited extent, since both areas of regulation interlock and have a large number of interrelationships.
2.7 Outsourcing of Regulated Functions
As a rule, transactions are not only offered by one provider, so that all steps require a separate examination of whether – and which – regulatory provisions apply. As different providers, all actors handling a transaction come into consideration. An examination must be carried out from the point of view of whether purely technical services or services subject to a licence are provided.
Thus, all actors have to comply with general Austrian provisions, such as the protection of banking secrecy. In Austria, a violation of banking secrecy has significant civil and criminal law implications. The provision of payment services, for example, may lead to the applicability of the Payment Services Act 2018 (ZaDiG 2018). Due to the considerable legal consequences of a violation of regulatory provisions, these must be taken into account when drafting the contract.
With the large number of applicable regulations, there are provisions that apply in any case and thus cannot be circumvented by outsourcing. However, as far as possible, regulated areas should be passed onto regulated market participants, as the capacities of a fintech company are not sufficient for this.
2.8 Gatekeeper Liability
Providers of financial services must comply with the provisions on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing. Both participants in the financial market, such as credit institutions, and other traders are subject to certain obligations. The necessity of complying with such obligations applies first and foremost to the provision of regulated activities. All relevant provisions, as set out in 2.2 Regulatory Regime, contain a reference to the provisions on the prevention of money laundering and terrorist financing. In addition to the regulatory provisions, the Industrial Code can also be the basis for the necessity of compliance with these legal framework conditions. As well as direct applicability, there may also be indirect applicability of the provisions, provided that services are provided to regulated market participants.
2.9 Significant Enforcement Actions
There are no specific enforcement actions tailored to fintech firms in Austrian legislation. Nevertheless, the FMA has addressed the issue from the point of view of which regulatory environment is applicable. It remains unclear whether the general provisions will also cover the area of “fintech” in the future or whether this intensified discussion of the topic will lead to a more specific regulatory approach to fintech.
