Fintech in Italy 2024

Fintech in Italy 2024

Fintech in Italy 2024

FINTECH 2024

ITALY

Benedetta Noro, Gabriella Rubino, Guendalina Catti de Gasperi, Marco Graziani, Marco D’Agostini

(Legance)

FINTECH LANDSCAPE AND INITIATIVES

General innovation climate

  1. What is the general state of fintech innovation in your jurisdiction?

In recent years, attention in Italy towards fintech regulation has increased significantly. In particular, 2023 saw:

  • the publication of Legislative Decree No. 30/2023, implementing Regulation (EU) 2020/1503 (Crowdfunding Regulation), and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937; and
  • the publication of Law Decree No. 25/2023, which provides for urgent measures on the issuance and circulation of certain financial instruments in digital form and the simplification of fintech experimentation.

Further, it should be noted that on 17 May 2023, the Bank of Italy published consultation guidelines on crowdfunding service providers for businesses to provide modalities by which these entities should comply with the provisions on corporate governance, internal controls, assessment of the suitability of natural persons responsible for their management and due diligence on project owners, the Crowdfunding Regulation, and related delegated regulations.

Government and regulatory support

  1. Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?

In recent years, the Italian supervisory authorities have implemented several projects with the aim of facilitating discussions between operators and the authorities themselves.

In particular, with the aim of improving its capacity to analyze developments in the financial markets, the Bank of Italy has opened up a new channel of dialogue – the FinTech Channel – with operators who would like to propose innovative technological and organizational solutions in the financial services area, to make the Italian market more attractive.

The Italian Companies and Exchanges Commission (Consob) has also implemented the CONSOB-TECH initiative dedicated to companies and (or) individuals who have a project to develop technological innovations in the financial sector (fintech). In addition, LIFTECH is Consob’s dedicated channel for discussion that aims to provide support for fintech companies and operators to move more easily through the complex regulatory and supervisory legal framework.

In this context, the Fintech Committee was established at the Ministry of Economy and Finance, composed of the Economy and Finance Ministry, the Ministry of Economic Development, the Ministry of European Affairs, the Bank of Italy, Consob, the Institute for the Supervision of Insurance, the Competition Authority, the Data Protection Authority, the Digital Italy Agency, and the Tax Agency. The Fintech Committee has the task to identify the objectives, define the programs and implement actions to promote the development of techno-finance.

Subsequently, Ministerial Decree No. 100/2021, implementing Decree-Law No. 34 of 30 April 2019, introduced a regulatory sandbox through which the authorities observe the dynamics of technological development and identify the most appropriate legislative measures to promote and develop fintech (including insurtech), thus reducing the spreading of potential risks associated with these activities.

Operators can test innovative products and services, while benefiting from a transitional simplified regime. Where necessary, they can be granted regulatory exemptions during the testing phase, such as, for example, obtaining authorization from the competent authority to carry out a regulated activity, in constant dialogue and confrontation with authorities.

Another initiative put in place by the Bank of Italy is the setting up of Milano Hub. Milano Hub is the innovation center set up by the Bank of Italy on 21 July 2021 to support the digital evolution of the financial market and promote the attraction of talent and investment.

Milano Hub supports the development of innovative projects and research activities; it coexists with the Bank of Italy’s Fintech Channel, a space for dialogue with operators, and with the regulatory sandbox, dedicated to experimentation activities assisted by supervisory authorities. Specifically, on 17 May 2023, a list of 14 eligible projects related to the artificial intelligence area was published and the support phase for their implementation by Milano Hub was then started.

FINANCIAL REGULATION

Regulatory bodies

  1. Which bodies regulate the provision of fintech products and services?

As of today, there are no specific provisions for fintech products and services; accordingly, the supervision of the provision of fintech products and services is not assigned to a single supervisory authority in Italy.

The Bank of Italy, the Italian Companies and Exchanges Commission (Consob) and the Institute for the Supervision of Insurance are equally competent depending on the fintech products being related to banking, finance or insurance sector.

Notwithstanding the above, note that aforementioned Legislative Decree No. 30/2023 identified the Bank of Italy and Consob as national competent authorities under Regulation (EU) 2020/1503 (Crowdfunding Regulation) on European crowdfunding service providers for business.

Regulated activities

  1. Which activities trigger a licensing requirement in your jurisdiction?

Reserved activities in Italy include the following:

  • all types of financing to the public at large (including, among others, factoring, leasing, and assignment of credits) according to articles 10 and 106 of Legislative Decree No. 385/1993 (the Italian Banking Act) (IBA);
  • taking deposits from the public at large according to article 10 of the IBA;
  • payment services according to article 114-sexies of the IBA;
  • collective asset management according to article 32-quarter of Legislative Decree No. 58/1998 (the Italian Financial Act) (IFA);
  • investment services (e.g, portfolio management services, dealing on own account in financial instruments, advising on investments) according to article 18 of the IFA;
  • financial agency (namely, promotion and placement of banking products and payment services) according to article 128-quater of the IBA; and
  • selling and (or) marketing of insurance products according to articles 11, 57 and 108 of Legislative Decree No 209/2005 (the Italian Insurance Act).

Consumer lending

  1. Is consumer lending regulated in your jurisdiction?

Yes, professional consumer lending with respect to the public at large is regulated in Italy. In particular, consumer lending activity is a reserved activity that only banks, Italian financial intermediaries enrolled in the register held by the Bank of Italy pursuant to article 106 of the IBA and foreign financial intermediaries not eligible for an EU passport provided that they are duly authorized by the Bank of Italy, are entitled to carry out.

The main provisions governing consumer lending are set forth by the IBA and in the corresponding implementing provisions relating to banking transparency as well as in Legislative Decree No. 206 of 2005 (the Consumer Code). Depending on the type of lending, some sectoral provisions apply; for example, some specific provisions apply only to real estate credit and others to salary-backed loans.

Secondary market loan trading

  1. Are there restrictions on trading loans in the secondary market in your jurisdiction?

The assignment of loans represents a type of financing; thus, the performance of this activity in Italy is reserved for authorized entities if it is carried out to the public at large according to articles 10 and 106 of the Italian Banking Act.

According to the Ministerial Decree No. 53/2015, the granting of credits is performed to the public at large if it is carried out regarding an undefined number of third parties and in a professional manner (namely, not on an occasional basis and relying on a dedicated organization).

In general terms, the issuing of loans to the public at large could be performed by banks (pursuant to article 10 of the Italian Banking Act) and Italian financial intermediaries duly authorized by the Bank of Italy according to article 106 of the Italian Banking Act. As an exception to said general rule, some laws allow other entities to provide financing regarding the public at large, such as:

  • credit funds, which may provide financing directly or purchase credits from other entities under article 46-bis of the IFA; and
  • securitization vehicles, to which Law No. 130/1999 allows for the purchase of credits from the originator of securitization

Collective investment schemes

  1. Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.

According to article 32-quater of the IFA, the provision of collective asset management activities is reserved for Italian management companies (SGRs), EU management companies, EU and third countries’ alternative investment fund managers, open-ended investment companies (SICAV) and closed-ended investment companies (SICAF). Thus, the performance of the said activity requires the prior authorization of the Bank of Italy (for SGR, SICAV, SICAF and third countries’ alternative investment fund managers) or the completion of the passporting procedure (for EU management companies and EU alternative investment fund managers).

The collective asset management activity is qualified by the following features:

  • the independence of the management company;
  • the activity of collecting savings from third parties; and
  • the existence of a predetermined investment policy.

The management of equity and lending crowdfunding platforms does not generally qualify as a collective asset management activity.

The EU Crowdfunding Regulation – in force from November 2021 – allows the crowdfunding platform managers to provide the individual portfolio management of loans service, namely the service of allocating by the crowdfunding service provider of a pre-determined amount of funds of an investor, which is an original lender, to one or multiple crowdfunding projects on its crowdfunding platform in accordance with an individual mandate given by the investor on a discretionary investor-by-investor basis. The provision of said service requires the platform manager to comply with the obligations under article 6 of the Crowdfunding Regulation, including, inter alia:

  • the adoption of robust internal processes and methodologies;
  • the keeping of records of the mandates given by clients and of every loan in an individual portfolio; and
  • the assessment of the credit risk of individual crowdfunding projects selected for the investor’s portfolio, the credit risk at the investor’s portfolio level and the credit risk of the project owners selected for the investor’s portfolio.

The provision of the individual portfolio management of loans service does not require the platform manager to be authorized for the performance of collective asset management activities or the provision of investment services. It will be sufficient if the platform manager is authorized to carry out crowdfunding services under article 12 of the Crowdfunding Regulation.

Alternative investment funds

  1. Are managers of alternative investment funds regulated?

Yes, the management of alternative investment funds represents a regulated activity in Italy.

According to article 34 of the IFA and the Regulation on Collective Asset Management issued by the Bank of Italy on 19 January 2015, the Bank of Italy, after consulting Consob, authorizes the asset management companies to provide the collective asset management service for alternative investment funds. The asset management companies are registered on a list held by the Bank of Italy and are supervised by Consob and the Bank of Italy.

It is worth specifying that the status of a company as a fintech does not exempt such company from the application of asset management provisions.

Peer-to-peer and marketplace lending

  1. Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.

The EU Crowdfunding Regulation aims to foster cross-border funding of businesses by addressing the obstacles to the functioning of the internal market in crowdfunding services.

According to article 12 of the Crowdfunding Regulation, the manager of a crowdfunding platform (whether it is an equity or lending crowdfunding platform) must be authorized by the competent supervisory authority.

On 24 March 2023, Legislative Decree No. 30/2023 was published in the Official Gazette to adapt national legislation to the provisions of the Crowdfunding Regulation.

Legislative Decree No. 30/2023 amended the IFA to implement the Crowdfunding Regulation. More specifically, Legislative Decree No. 30/2023 introduces ex novo in the IFA:

  • the definition of ‘crowdfunding services’, which replaces the previous definition of a ‘capital raising portal for small and medium-sized enterprises and social enterprises’ and directly refers to article 2(1)(a) of the Crowdfunding Regulation, thus covering the four forms of crowdfunding (equity, lending, donation and reward crowdfunding);
  • identification of the Bank of Italy and Consob as national competent authorities under the Crowdfunding Regulation;
  • regulations on crowdfunding offerings; and
  • the regime of administrative sanctions on the subject of crowdfunding services.

Crowdfunding

  1. Describe any specific regulation of crowdfunding in your jurisdiction.

Specific rules on equity crowdfunding – the business funding model that allows innovative start-ups to raise capital through online portals from the crowd in exchange for a financial stake in the company – are included in the IFA. Italy was the first European country to adopt a specific regulation on equity crowdfunding (namely, Consob Regulation No. 18592/2013; the Consob Regulation whose provisions are no longer in effect because they have been replaced by those of the Crowdfunding Regulation).

According to the IFA and the Crowdfunding Regulation, a crowdfunding service provider must be authorized by Consob. On the other hand banks, payment institutions, e-money institutions and financial intermediaries must be authorized by the Bank of Italy. The European Securities and Markets Authorities should establish a public and up-to-date register of all crowdfunding service providers authorized in accordance with the Crowdfunding Regulation. That register should include information on all operating crowdfunding platforms in the European Union.

Invoice trading

  1. Describe any specific regulation of invoice trading in your jurisdiction.

Invoice trading in Italy falls under the factoring discipline, as provided for by Law No. 52 of 21 February 1991. Factoring is a contract by which a company assigns its existing or future receivables to a specialized company, the factor, to obtain immediate liquidity and a range of services related to the management and the collection of the assigned receivables.

Since factoring is a reserved activity, it can be performed by banks (pursuant to article 10 of the IBA) and Italian financial intermediaries duly authorized by the Bank of Italy according to article 106 of the IBA.

Payment services

  1. Are payment services regulated in your jurisdiction?

Yes, the performance of any payment services is reserved for banks, payment institutions and e-money institutions.

European provisions have impacted the Italian legal framework regarding payment services. In particular, reference is made to Directive (EU) 2015/2366 (revised Payment Services Directive) (PSD2). At the national level, the principal sources are:

  • the IBA;
  • Legislative Decree No. 11/2010; and
  • the Bank of Italy Supervisory Regulation of Payment Institutions and Electronic Money Institutions of 23 July 2019.

Open banking

  1. Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?

According to article 5-ter (regarding the payment initiation service (PIS)) and article 5-quarter (regarding the account information service (AIS)) of Legislative Decree No. 11/2010 and Commission Delegated Regulation (EU) 2018/389 supplementing PSD2, each financial institution providing payment accounts that are accessible online should offer at least one access interface enabling secure communication with PIS and (or) AIS service providers. The interface should enable PIS and (or) AIS service providers to identify themselves to the financial institution providing payment accounts. Such interfaces should also allow PIS and (or) AIS service providers to rely on the authentication procedures provided by the payment account service provider to the payment service user. To ensure technology and business-model neutrality, the payment account service providers should be free to decide whether to offer an interface that is dedicated to communication with PIS and AIS service providers, or to allow, for that communication, the use of the interface used by the payment account service providers for the identification and communication with the account users.

Robo-advice

  1. Describe any specific regulation of robo-advisers or other companies that provide retail customers with automated access to investment products in your jurisdiction.

There are different kinds of robo-advice:

  • pure robo-advice (namely, fully automated advice);
  • hybrid robo-advice (namely, advice in which the manual and digital elements are combined, usually involving the possibility for the client to request the support of an adviser while using the digital platform); and
  • robo for adviser (namely, financial advice in which the computer system works alongside the intermediary to optimize his or her advisory activities but in which the computer system does not interface with the consumer directly).

In Italy, along the lines of what is provided at the European level by Directive 2014/65/EU (Markets in Financial Instruments Directive II), which has expressly provided that the investment advice service can also be provided through automated or semi-automated systems, clarifying that the same provisions apply regardless of the channel of interaction with the investor, pure robo-advice and hybrid robo-advice can be considered within the scope of the investment advice service.

In fact, at both the EU and national levels, it has not been deemed necessary, at least for now, to proceed with the issuance of a differentiated regulatory legal framework or to change the definition of the advisory service. Robo for adviser, on the other hand, is not the subject of specific regulation.

The entities authorized to provide automated advice are generally: investment firms, banks, management companies, financial advisers and financial advisory firms that could also offer the independent financial advice service on an automated basis.

That said, there are specific provisions relating to behavior and organization that licensed entities must observe in pre-contractual negotiations, contract conclusion and provisions on client profiling, including the provisions relating to the marketing of financial services to consumers set forth by the Italian Consumer Code.

Insurance products

  1. Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?

The selling or marketing of insurance products is reserved activities according to articles 11, 57 and 108 of the Italian Insurance Act, even if they are carried out by fintech. The insurance distribution activity may be performed by:

  • the insurance or reinsurance undertakings and their employees where they pursue this business directly;
  • professional intermediaries (namely, agents, brokers, banks, investment firms, financial intermediaries and Poste Italiane SpA); and
  • non-professional intermediaries (namely, ancillary insurance intermediaries whose principal professional activity is something other than insurance distribution).

Credit references

  1. Are there any restrictions on providing credit references or credit information services in your jurisdiction?

Yes, in Italy there are some restrictions on providing credit references or credit information services.

The credit reference represents the reputation that the client has with banks and financial intermediaries and reflects the correctness of its behavior in the context of financing relationships. Verification of customers’ credit references in Italy is carried out by credit information systems – once known as private risk data centers – these are the private databases consulted by banks and financial institutions to verify reliability and punctuality of payments and are used to assess the appropriateness of granting loans.

The credit information service is managed centrally by a legal person, entity or association; any relevant information is accessed only by those who voluntarily join and report it. The activity of private credit information systems is governed by Regulation (EU) 2016/679 (General Data Protection Regulation), Legislative Decree No. 196 of 30 June 2003 (the Privacy Code), and, more specifically, the Code of Ethics implementing the Privacy Code. The Code of Ethics was signed by private credit information systems managers, representatives of financial institutions, some consumer associations and the Data Protection Authority.

CROSS-BORDER REGULATION

Passporting

  1. Can regulated activities be passported into your jurisdiction?

Yes, regulated activities may be passported into our jurisdiction. For example, each EU bank authorized to conduct banking business in its EU home country may establish branches or conduct business under the freedom to provide services regime in Italy, subject only to prior notification to its national competent supervisory authority, which will forward such notification to the European Central Bank and the Bank of Italy.

Likewise, EU payment and e-money institutions may establish branches or conduct business under the freedom to provide services regime in Italy following a notification from the EU home country’s competent supervisory authority to the Bank of Italy pursuant to article 114-decies and article 114-quinquies of the Legislative Decree No. 385/1993 (the Italian Banking Act) (IBA).

Requirement for a local presence

  1. Can fintech companies obtain a license to provide financial services in your jurisdiction without establishing a local presence?

Yes, EU fintech companies may provide financial services without a branch in Italy. On this point, for instance, payment institutions and e-money institutions intending to provide payment services and issue e-money in an EU member state other than their home EU nation under the freedom to provide services shall notify their national competent supervisory authority.

Once the Bank of Italy has received the notification from the national competent supervisory authority, the EU payment institution is allowed to provide its services in Italy.

SALES AND MARKETING

Restrictions

  1. What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?

The sale and marketing of financial products and services is a regulated activity that can be carried out by certain categories of entities, depending on the specific product or service to be sold or marketed.

For example, banks, financial intermediaries entered in the register provided for in article 106 of Legislative Decree No. 385/1993 (the Italian Banking Act) and investment firms are authorized to sell and market financial products or services. Further, the marketing of undertakings for collective investment units or shares is also a reserved activity that can only be carried out by certain entities such as asset management companies, EU management companies, open-ended investment companies, closed-ended investment companies and EU and non-EU alternative investment fund managers.

Similarly, the sales and marketing of insured products is reserved for, among others, insurance or reinsurance companies and intermediaries registered in sections (a) to (e) of the register held by the Institute for the Supervision of Insurance.

CRYPTOASSETS AND TOKENS

Distributed ledger technology

  1. Are there rules or regulations governing the use of distributed ledger technology or blockchains?

On 17 March 2023, Law Decree No. 25/2023 was published in the Official Gazette. Law Decree No. 25/2023 provides for a pilot regime for market infrastructures based on distributed ledger technology (DLT) (DLT Pilot Regime) and the simplification of fintech experimentation.

In particular, Law Decree No. 25/2013 allows the issuance and transfer of digital financial instruments through registrations in the registers for digital circulation kept by a responsible party. The registration attributes to the party in whose favor it is made the full and exclusive entitlement to exercise the rights relating to the digital financial instruments.

When the registration in the register is made in favor of a bank or an investment firm acting in its own name and on behalf of one or more clients, the full and exclusive entitlement to exercise the rights follows the registration in the settlement account opened by the client with the intermediary and, in such a case, the restrictions on the digital financial instruments are constituted exclusively by the registrations in the relevant account.

If the issuance of digital financial instruments is not registered in the distribution settlement system (SS DLT) or a DLT trading system (TSS DLT), the transfer of the registrations from one register to another or the change of the circulation regime of the instruments is done by associating a public transfer strategy with them.

Each issuance is registered in only one register for digital circulation and each register is associated with a single responsible party. The issuance of digital financial instruments that are not registered with SS DLT or TSS DLT systems is also permitted only on special registers kept by responsible parties registered in the special list (including inter alia banks).

Cryptoassets

  1. Are there rules or regulations governing the promotion or use of cryptoassets, including digital currencies, stablecoins, utility tokens and non-fungible tokens (NFTs)?

In Italy, there are no specific provisions regarding the promotion or use of cryptoassets, including digital currencies, stablecoins, utility tokens and non-fungible tokens (NFTs).

If, however, cryptoassets are considered equivalents of financial instruments, the respective provisions of Legislative Decree No. 58/1998 (the Italian Financial Act) (IFA) apply.

The regulatory treatment of cryptocurrencies and cryptocurrency exchanges in Italy is likely to change dramatically in the future as a result of the forthcoming adoption of the EU Regulation on Markets in Cryptoassets (MiCA) (MiCAR), aimed at developing an EU-wide sound legal framework regulating all cryptoassets that are not covered by existing financial services legislation. On 20 April 2023, the European Parliament approved the text of the new MiCAR, which has been adopted by the Council on 16 May 2023. MICAR is expected to come into force before the end of 2023.

Token issuance

  1. Are there rules or regulations governing the issuance of tokens, including security token offerings (STOs), initial coin offerings (ICOs) and other token generation events?

Although the issuance and marketing of tokens is under the supervision of the Italian Companies and Exchanges Commission (Consob), there is still no regulation of ICOs, STOs or other token generation events. While waiting for MICAR to come into effect, when the ICO has as its object a cryptoasset that can be qualified as a financial instrument, the relevant provisions on public offerings of financial instruments set forth by the IFA will apply. This would imply, inter alia, the obligation for the issuing company to disclose a prospectus, subject to Consob approval.

ARTIFICIAL INTELLIGENCE

Artificial intelligence

  1. Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?

There are no specific provisions for artificial intelligence, although see under the heading ‘Robo-advice’.

CHANGE OF CONTROL

Notification and consent

  1. Describe any rules relating to notification or consent requirements if a regulated business changes control.

Under the Italian regulatory framework, transactions entailing the acquisition of a controlling shareholding of an Italian-regulated entity are subject to the prior authorization of the relevant supervisory authority, including the European Central Bank in the case of a bank’s change of control.

The authorization is granted when certain conditions to ensure the sound and prudent management of the regulated entity is met, including, among others, the quality of the potential acquirer (namely, the fulfillment of honorability, professionalism and integrity requirements) and its financial soundness, the quality of the future members of the corporate bodies of the regulated entities and the suitability of the business plan of the regulated entity.

FINANCIAL CRIME

Anti-bribery and anti-money laundering procedures

  1. Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?

Yes, fintech companies provide services functional to the use, exchange, and storage of virtual currency and their conversion from or into currencies as well as providers of digital wallet services (services for the safeguarding of private cryptographic keys on behalf of clients to hold, store and transfer virtual currencies) are among those obliged to adopt the anti-money laundering measures provided for in Legislative Decree No. 231 of 2007. These entities must also have objective and consistent procedures, for the analysis and assessment of money laundering and terrorist financing risks. In assessing the risk of money laundering or terrorist financing, obliged entities take into account risk factors associated with the type of customers, geographic area of operation, distribution channels, and the products and services offered.

Guidance

  1. Is there regulatory or industry anti-financial crime guidance for fintech companies?

Presently, there is no regulatory or industry anti-financial crime guidance for fintech companies.

DATA PROTECTION AND CYBERSECURITY

Data protection

  1. What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?

Ordinary data protection rules (namely, Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR), and Legislative Decree No. 196 of 2003 of the Italian Privacy Act) apply to transfers of personal data in the fintech sector. This means that any communication of fintech-related data between controllers – being those in or outside the European Union – shall take place only when a legal basis under the GDPR exists (e.g, users’ consent, the necessity to execute a contract with the users, discharge of legal obligations, et cetera). For international data transfers, GDPR rules apply, therefore, any envisaged transfer shall be preceded by a transfer impact assessment and, if the recipient is not located in a white-listed country, the transfer shall either rely on adequate safeguards (article 46 of the GDPR) or a valid derogation for the specific situation (e.g, specific data subject’s consent, et cetera (see article 49 of the GDPR)).

When it comes to the exchange of consumer credit information within the country among financial and credit entities, it is worth mentioning the Code of Conduct for Information Systems Operated by Private Entities on Consumer Credit, Reliability and Punctuality of Payments, adopted in 2019 by the Italian Data Protection Authority. Practically, this Code of Conduct sets the privacy regulatory framework for setting up and managing private credit bureaus. The Code contains detailed provisions on the type of data that can be inserted into the database, the data retention periods, the security measures that shall be applied by the database managers, as well as interesting provisions on the scoring of consumers: in this regard, for example, it provides that financial scoring can only take place in the context of existing or requested loans, and can be performed only by the company that received the loan request or the one that first introduced the borrower’s data in the database; besides, the statistic models and algorithms underpinning the scoring shall be periodically reviewed to avoid the risk of biased decisions, which would affect the borrower’s legal sphere.

Even though fintech promises to disrupt the credit market by overpassing the logic of the credit bureaus, the Code of Conduct is a useful example of co-regulation with some good hints also for real-time financial assessments taking place in the fintech domain.

Cybersecurity

  1. What cybersecurity regulations or standards apply to fintech businesses?

From a cybersecurity point of view, fintech business is highly impacted by the security standards set out by Directive (EU) 2015/2366 (revised Payment Services Directive) (PSD2) and the related EU and Italian legislation implementing it. In some instances, fintech actors, as providers of essential services, are included in the scope of application of Directive 2022/2555/EU (Network and Information Systems Directive II) (NIS2), which, repealing Directive (EU) 2016/1148 (Network and Information Systems Directive), requires to implement detailed risk management measures and to report cybersecurity incidents to the national competent authorities.

In light of the developed EU cyber framework, some of the fintech actors may have assets included in the National Cybersecurity Perimeter: this means that they may be subject to stringent security standards set out by the regulators (such as, among the many, asset inventory, business continuity plans, incident notification obligations, controls over the supply chain, et cetera).

Further, on 14 December 2022, the European Parliament and the Council of European Union adopted Regulation (EU) 2022/2554 Regulation 2022/2554/EU on digital operational resilience for the financial sector, which lays down uniform requirements concerning the security of network and information systems (ICT) supporting the business processes of financial entities.

Last, the European Commission has recently proposed a regulation (Cyber Resilience Act) to impose specific obligations on the economic operators, in relation to the cyber security of the products with digital elements (meaning any software or hardware product and its remote data processing solutions), which are used also in the contest of the fintech business.

OUTSOURCING AND CLOUD COMPUTING

Outsourcing

  1. Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?

Yes, companies providing financial services may outsource certain functions of their business, in accordance with the applicable regulations. Such outsourcing of essential or important functions is permissible in compliance with the principle of proportionality but, in any event, the responsibility of the regulated company remains intact.

Generally speaking, the outsourcing of critical or important functions requires the prior notice to the competent supervisory authorities.

By way of example, banks should notify the European Central Bank or the Bank of Italy before outsourcing the critical or important functions. An institution, therefore, shall notify the Bank of Italy at least 60 days before the outsourcing takes effect where the institution intends to outsource operational functions related to:

  • payment services;
  • the issuance of electronic money;
  • the system of internal control;
  • the information system; or
  • critical components.

Cloud computing

  1. Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?

The use of cloud computing by banks, payment institutions and electronic money institutions is regulated within the EBA Guidelines on outsourcing arrangement (EBA/GL/2019/02) that repealed the previous EBA’s recommendation on outsourcing to cloud service providers. Within the new guidelines there are specific provisions related to the outsourcing to cloud service providers such as those related to the obligation to include in the register of the outsourcing arrangements, the cloud service and deployment models (namely, public-private-hybrid community), and the specific nature of the data to be held and the locations (namely, countries or regions) where such data will be stored.

The use of cloud computing by investment firms, on the other hand, is regulated by the Guidelines on Outsourcing to Cloud Service Providers (the Guidelines) issued by the European Securities and Markets Authority. By way of example, the Guidelines require that inter alia:

  • the parties’ respective rights and obligations shall be clearly defined in a written agreement;
  • information security requirements shall be set in the internal policies and procedures; and
  • exit strategies shall avoid undue disruption to the business activities and services to the clients.

INTELLECTUAL PROPERTY RIGHTS

IP protection for software

  1. Which intellectual property rights are available to protect software, and how do you obtain those rights?

Under Italian law, software is mainly protected by copyright. Article 2, No. 8 of Law No. 633 of 22 April 1941 on copyright protection (as further amended), affords copyright protection to computer programs, in whatever form expressed, and to their preparatory design materials.

Copyright on software is obtained with the sole creation of the work. No registration requirement is set under Italian law. Software may (but this is not a mandatory requirement) be filed with the Italian Company of Authors and Publishers to obtain a preferential evidence of the paternity and date of existence of the software, for certainty of proof.

Software-implemented inventions are also eligible for patent protection, under article 45, paragraphs 2 and 3, of Italian Legislative Decree No. 30 of 10 February 2005 (Industrial Property Code) (IPC), provided that they implement inventions.

Business models, as such, are not eligible for patent protection, pursuant to article 45, paragraph 2(b) of the IPC. Yet, if the business model consists of a process meeting the requirements for patent protection (novelty, inventive step and industrial application) there might be room to obtain patent protection.

IP developed by employees and contractors

  1. Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?

Employees’ inventions are regulated under article 64 of the IPC, which provides for the following three different cases.

Service inventions

If an employee has been hired specifically to perform an inventive activity and he or she receives a specific remuneration for such activity, the employer owns any right to the inventions developed, while the employee will only be recognized as the author of the inventions and will not be entitled to any further award or payment.

Company inventions

If an employee has not been hired specifically to perform an inventive activity and (or) he or she has not been granted with a specific remuneration for this purpose, but he or she develops certain inventions in the execution of the employment contract and using the equipment and instruments of the employer, the latter will own any right to the inventions developed and the employee will be recognized as the author of the inventions. In addition, the employee will be entitled to a fair award.

Occasional inventions

If the invention is developed by an employee outside the scope of the employment, by using his or her own equipment and instruments, but falls within the field of activity of the employer, the latter holds an option right to use the invention, or to purchase the subsequently patented invention, as well as the right to file or purchase, for the same invention, patents in foreign territories; the employee shall be entitled to a payment of a price (whose amount shall be determined considering the invention’s market and the possible contribution of the employer) and shall, in any case, be recognized as the author of the invention.

With respect to freelance workers, article 4 of Law No. 81/2017 has provided that the IP rights in inventions or works developed by freelance workers in the performance of their duties vest in the employer whether the inventive or creative activity is:

  • expressly provided for; and
  • specifically remunerated in the relevant agreement.

Joint ownership

  1. Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?

Pursuant to article 6 of the IPC, unless written agreements are entered into between the joint owners, the rules of the Italian Civil Code on joint ownership apply.

Article 6 of the IPC also expressly provides for the right of each co-owner to file applications or renew registrations, prosecute applications, pay annual fees, translate patent claims, regardless of the consent of the others.

In general terms, the basic principle of the Italian Civil Code on joint ownership is that each of the co-owners may use the co-owned (intangible) good provided that:

  • the destination of use of the good is not altered; and
  • his or her use does not prejudice the right of use of the other co-owners.

As to the administration of the co-owned good, co-owners have a vote right, depending on their shares. Different majorities are necessary for acts of ordinary or extraordinary administration.

As to assignment and charge (such as pledge), the consent of all co-owners is necessary.

Regarding licenses, a line must be drawn between exclusive and nonexclusive licenses. For nonexclusive licenses, a simple majority of the co-owners is needed, since they are considered acts of ordinary administration. On the other hand, a two-thirds majority is needed for exclusive licenses.

Trade secrets

  1. How are trade secrets protected? Are trade secrets kept confidential during court proceedings?

Trade secrets are protected under articles 98 and 99 IPC.

In particular, under article 98 IPC protection is afforded to business information and technical-industrial experience, including commercial information and experience, subject to the legitimate control of the owner, provided that they:

  • are confidential (namely, not generally known or easily accessible for experts and operators in the field);
  • have an economic value inasmuch as it is confidential; and
  • have been subject, by their owner, to measures that may be deemed reasonable to keep them secret.

Adequate measures shall be of a technical (segregation of information, efficient passwords, et cetera) and legal nature. Indeed, with regard to trade secrets protection, it is essential to enter into appropriate contractual arrangements. A company can protect its trade secrets by entering into non-disclosure agreements with potential clients, contractors or investors before providing them with any confidential information. It can also have confidentiality, non-competition or non-solicitation, exclusivity and intellectual property clauses in the agreements with its employees. Likewise, the company can implement an enforceable data security policy, which will, among other things, restrict access to relevant business information to a need-to-know basis.

The owner is entitled to an exclusive right, meaning that he or she has the right to prohibit third parties from acquiring, disclosing to third parties or using that information and experience in an unauthorized manner, except for cases in which the third party has obtained it in an independent manner by the third party.

Trade secrets are also protected in court. Article 121-ter of the IPC provides that the judge, in the course of the proceedings, may prevent all subjects not expressly authorized, including parties, legal counsels, witnesses and clerks, from having access to confidential information. Further, the judge may forbid the people appointed or delegated by him or her, the parties and their representatives and consultants and witnesses, from using or disclosing the trade secrets that are the subject of the proceedings that he or she deems confidential.

Branding

  1. What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?

Fintech brands can be protected by registering the trademarks of the relevant business entity, for the classes of goods and services of interest (usually, core services fall within class 36 of the Nice Agreement for the registration of trademarks). It is advisable to secure registration for the trademark under which the business operates, as well as for the brand of the core products or services offered on the marketplace, if different. In addition, It is advisable to secure registration of the domain names of interest.

Italian law also protects non-registered trademarks, if used. The scope of protection, both from a geographical and goods or services standpoint, depends on the extension of use. If the non-registered trademark is used with a not merely local significance (namely, on the entire territory of Italy), it causes the invalidity of subsequent identical or confusingly similar trademarks. Obversely, the non-registered trademark will coexist with the later registered trademark. In general terms, non-registered trademarks are more difficult to enforce and filing is always advisable.

Unfair competition can also be invoked to protect brands.

Fintech companies may reduce the risk of infringing third parties’ trademark rights by performing clearance searches before adopting or launching new trademarks. The search is performed in the official trademark registers and has the scope to disclose the existence of earlier identical or confusingly similar trademarks, adopted by third parties for identical or similar goods and services. The mentioned clearance searches do not disclose the existence of unregistered trademark rights. For this reason, it is advisable to also perform a market search in the business field of interest to identify trademarks used de facto by third parties.

Remedies for infringement of IP

  1. What remedies are available to individuals or companies whose intellectual property rights have been infringed?

The owner of an IP right is entitled to act against any third party who is infringing its right, to obtain the court to convict the defendant and inflict on him or her the sanctions provided by law.

To obtain a prompt outcome and contain damages, the IPC provides for special ad interim measures, and in particular, inter alia, for search orders, injunction, seizure and withdrawal from the market.

An injunction, on the other hand, is the order by which the court prevents the infringer from carrying on activities that infringe on someone else’s IP right. An injunction may be granted ante causam or ongoing.

With regard to the products made through the infringing activity and the tools specifically and exclusively used for the purpose of infringement, the court may order their destruction and seizure at the counterfeiter’s expense.

In addition, upon a party’s motion, the judgment may order the publication of the judgment at the expense of the infringer, in newspapers and magazines.

Italian IPC also allows the right to order the definitive withdrawal of infringing products from the market. This ad interim measure is different from the injunction and requires a duty of cooperation so that the prejudice to the infringed IP right ceases by removing the infringing products from the market.

In addition, the owner of the IP right can seek compensation for damages, as part of a merits proceedings.

COMPETITION 

Sector-specific issues

  1. Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?

Competition and consumer protection issues, which involve also fintech companies, have arisen in the recent past in Italy.

The Annual Law for the Market and Competition in Italy crucially introduced important amendments to the Italian Antitrust Law (Law No. 287/1990) and other provisions, by strengthening the competence of the Italian Competition Authority, broadening the scope of its jurisdiction as well as its investigative powers with regard to merger control, antitrust and abuse of economic dependence. Notably, the criteria to calculate the turnover of banking and financial institutions for merger control purposes has been revised and are now aligned with those of the European Union. The change results in the relevant turnover being calculated on the basis of the income deriving from operations that reflect the scope of the activity carried out by the bank or financial institution, as opposed to its asset value. As a result, the turnover of assets free fintech companies could be significantly higher than the turnover resulting from the application of the previous criterion. Also, with the aim of tackling killer acquisitions in the digital and technological sector, the Italian Antitrust Law now allows the Italian Competition Authority to review transactions that are below the turnover thresholds if certain conditions are met. Last, the provision on abuse of economic dependence has been reinforced, with the introduction of a rebuttable presumption of economic dependence from digital platforms and an indicative list of practices in which such abuse can materialize.

In 2022, several investigations in the financial and banking sector were closed by the Italian Competition Authority. For instance, in October 2022, the Italian Competition Authority closed the abuse of dominance investigation into Mastercard’s conduct concerning contactless payments by accepting and making binding commitments. The investigative hypothesis was that Mastercard’s double-tap mandate could have constituted an abuse of its dominant position, in such a way as to exclude Bancomat’s, also in relation to its access to e-wallets on major smartphones. Mastercard offered a set of commitments, including to define technical indications of the double-tap mandate as guidelines with no binding effect, to leave the market free to decide how to set up point-of-sale terminals. In addition, in November 2022, the Italian Competition Authority closed its investigation into a project aimed at modifying the remuneration model for automatic teller machine withdrawals from banks other than one’s own using Bancomat network cards. According to the Italian Competition Authority, the new remuneration model would have resulted in a restriction of competition to the detriment of consumers.

Further, the Italian Competition Authority, following the best practices of the European Commission and numerous national competition authorities, has introduced its own whistle-blowing platform so that whistle-blowers will be able to send information on anti-competitive conduct and the people involved through a platform on the Italian Competition Authority’s website, while remaining anonymous.

On the consumer law side, the implementation of the Omnibus Directive has significantly amended the Italian Consumer Code (Legislative Decree 206/2005) and strengthened consumer rights in Italy, bringing in a broad range of changes such as information requirements in distance contracts between the trader and the consumer, application of certain rules of the Consumer Code to contracts where the consumer provides personal data as consideration, additional unfair practices, revised parameters for assessing misleading omissions, the increase of the maximum fine for unfair commercial practices to €10 million and new fines for infringements of EU relevance.

TAX

Incentives

  1. Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?

The main tax incentives in Italy for fintech companies consist of the following.

Tax credit for research and development

All businesses entities tax resident in Italy, including permanent establishments of non-Italian resident entities, regardless of legal form, the economic sector to which they belong, the size and tax regime for determining their business income, investing in one of the eligible activities identified pursuant to Italian laws, may benefit from this tax benefit. The tax credit is granted in an amount equal to 20 percent of certain eligible costs (net of other grants or contributions received for any reason), with an annual maximum limit of €4 million up to fiscal year 2022, and to 10 percent of the eligible costs, with an annual maximum limit of €5 million from fiscal year 2023 and up to fiscal year 2031. Fundamental research, industrial research and experimental development in the scientific or technological field are considered research and development activities eligible for the tax credit.

Tax credit for technological innovation activities

All business entities tax resident in Italy, as described above, may benefit from this tax benefit. The tax credit is granted in an amount equal to 10 percent of certain eligible costs (net of other grants or contributions received for any reason), with an annual maximum limit of €2 million up to fiscal year 2023, and to 5 percent of the eligible costs with an annual maximum limit of €2 million from fiscal year 2024 and up to fiscal year 2025. Activities of technological innovation eligible for the tax credit are considered the ones, other than those of research and development, aimed at creating new or substantially improved products or production processes.

Patent box

Taxpayers realizing business income may opt for this tax regime, consisting in increasing for income tax purposes by 110 percent research and development costs incurred in relation to certain types of legally protectable intangible assets (e.g, software protected by copyright, industrial patents, designs and models). The option has a duration of five fiscal years and is irrevocable and renewable.

For the purposes of the patent box, it is necessary that:

  • the assets are used directly or indirectly in carrying out the relevant business activities; and
  • taxpayers carry out research and development activities aimed at the creation and development of assets whose cost is increased for tax purposes also through research contracts, stipulated with companies other than those directly or indirectly controlling the business entity, which are controlled by this latter or are controlled by the same company that controls the business entity or with universities or research or equivalent bodies.

As for the investors’ side, the main tax incentives are the ones directed to innovative start-ups as defined according to Italian laws (namely, set-up entities not more than 60 months old and not listed on the stock exchange), which are tax resident in Italy or an EU member state or in an EEA member state provided that the same have a production office or a branch in Italy and comply with specific requirements, including the one to have as exclusive or predominant corporate purpose the development, production and marketing of innovative products or services with high technological value.

Set out in more in detail, these tax incentives consist of the following.

Deduction of an amount equal to 30 percent of the investment into an innovative start-up or innovative SME

This tax incentive allows for the deduction, from the gross personal income tax for Italian resident individuals (namely, a tax credit) and from the corporate income taxable base of Italian resident entities, of an amount equal to 30 percent of the eligible investment in one or more innovative start-ups or small or medium-sized (SME) enterprises carried out directly or indirectly (namely, through companies or investment funds (including alternative investment funds)), which invest mainly into innovative start-ups or SMEs.

The maximum eligible investment (for which an incentive is given) cannot exceed, in each fiscal year, €1 million for Italian resident individuals and €1.8 million for Italian resident entities; the amount not fully deductible during the reference fiscal year may be brought forward, but not beyond the third following year. Moreover, the said investment must be held for at least three years.

Deduction of an amount equal to 50 percent of the investment into an innovative start-up or innovative SME

This tax incentive allows to deduct from the gross personal income tax for Italian resident individuals only an amount equal to 50 percent of the eligible investment in one or more innovative start-ups or SMEs carried out directly or indirectly (namely, through investment funds (and not through companies)), which invest mainly into innovative start-ups or SMEs. Moreover, the said incentive is granted pursuant to the de minimis EU Regulation (namely, Regulation (EU) No. 1407/2013)) and, therefore, the innovative start-up or the innovative SME recipient of the investment cannot obtain de minimis aid for more than €200,000 over three financial years. For accessing the incentive, a precise procedure should be complied with.

The maximum eligible investment (for which an incentive is given and which) cannot exceed, in each fiscal year, €100,000 for the investment into innovative start-ups and €300,000 for the investment into innovative SMEs. This tax incentive is an alternative to the tax deduction under the above in the case of investment into an innovative start-up, while it applies to the amount exceeding the €300,000 threshold of whether the investment is in an innovative SME. The eligible investment must also be held for at least three years.

Other tax incentives for directors, employees or continuous collaborators of the innovative start-up or SME and for equity

These tax incentives provide for an exemption from personal income taxes (and, in the case of financial instruments assigned to the directors, employees or continuous collaborators of the innovative start-up or SME, and also from social security contributions) of the income deriving from the assignment of financial instruments by the innovative start-up or SME, provided that certain conditions are met.

Increased tax burden

  1. Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?

The recent Digital Service Tax applies a 3 percent rate on revenues deriving from:

  • the supply of transmission services on a digital advertising interface aimed at users of the same interface;
  • making available a multilateral digital interface, which allows users to be in contact and interact with each other, and also to facilitate the direct supply of goods or services; and
  • the transmission of data collected from users and generated by the use of a digital interface.

Taxation, in practice, concerns digital advertising on websites and social networks, access to digital platforms, the fees received by the managers of these platforms, and the transmission of data taken by users.

Business operators subject to the payment of the Digital Service Tax are those who during the calendar year preceding the one in which the tax assumption arises:

  • generate a total amount of revenues of no less than €750 million anywhere in the world, individually or jointly at the group level; or
  • receive in the same period, individually or jointly at the group level, an amount of revenues from digital services of not less than €5.5 million in Italy.

The Italian Digital Service Tax is, however, transitory, meaning that it will be repealed with effect from the moment in which the provisions deriving from international agreements on the taxation of the digital economy come into force.

IMMIGRATION

Sector-specific schemes

  1. What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?

To date, there are no specific immigration schemes available for fintech businesses to recruit skilled staff from abroad. Nonetheless, Italian and EU law provides some benefits of general character:

  • Freedom of movement of workers who are EU citizens. EU law provides EU citizens the freedom of movement and residence to apply for a job and be treated on an equal footing with nationals of another EU country.
  • EU Blue Card. The EU Blue Card can be issued to non-EU highly-qualified workers, giving them the right to live and work in an EU country, provided they have at least a three-year university degree and an employment contract or a binding job offer (with a minimum duration of one year) with a salary equal to at least€24,789.93 (in Italy). In Italy, such workers are not included in the numerical limits (quota) that are normally set by Italian authorities for the entry of foreign workers. By November 2023, upon the implementation of a recent EU Directive, the requirements for obtaining the EU Blue Card will be simplified; the minimum duration of the employment contract will be reduced to six months (instead of one year), while the new minimum annual salary will be determined by the Italian implementation law (between a minimum of €26,580 and a maximum of €42,528).
  • A visa special treatment for digital nomads and remote workers who are non-EU citizens. Digital nomads and remote workers are defined as ‘citizens of a third country who carry out highly qualified work activities through the use of technological tools that allow working remotely, autonomously or for a company based outside Italy’. They can apply for a one-year visa provided that they have full health insurance and that tax and social security obligations are met.
  • A visa special treatment for non-EU investors. Non-EU investors who ‘in their own name or on behalf of the legal entity they legally represent’ intend to invest at least€250,000 in a start-up can apply for a visa of more than three months.
  • Italia Startup Visa is a program for entrepreneurs from non-EU countries who intend to create a start-up in Italy. The program allows a simplified application procedure for a one-year visa for self-employment.

UPDATE AND TRENDS IN FINTECH IN ITALY

Current developments

  1. Are there any other current developments or emerging trends to note?

Italian supervisory authorities are increasingly focusing their attention on fintech-related phenomena and this trend is also expected to increase in view of the upcoming EU Payment Services Directive III.

While Italian supervisory authorities are trying not to disincentivize such new services, in line with the global trend, their attention is also focused on the protection of small investors. The number of statements is growing in which supervisory authorities are warning investors of the high risks associated with cryptoassets (see most recently the Joint Statement of the Italian Companies and Exchanges Commission and the Bank of Italy of 28 April 2021).

In line with the need to preserve investors from the frauds and risks associated with cryptoassets, in Italy, in implementation of article 4 of the Decree of the Ministry of Economy and Finance of 13 January 2022, it was provided that there is the obligation for service providers related to the use of virtual currency and digital wallets to register in the special section of the exchange register kept by the Agents and Credit Brokers Body referred to in article 17 bis, paragraph 1 of Legislative Decree No. 141 of 13 August 2010.

It is also worth mentioning the growing trend of operators to use the new buy now, pay later (BNPL) form of credit. In this regard, it is worth noting the communication of 28 October 2022, in which the Bank of Italy, again with a view to protecting customers, clarified the provisions to be applied when using one BNPL scheme rather than another.

* The authors wish to thank Lucio Scudiero, Noemi di Donato, Giacomo Poletti, Chiara Scala and Edoardo Canali for their assistance in the preparation of this chapter.

* The information in this chapter was accurate as of June 2023.

If you need more consulting, please Contact Us at TNHH NT International Law Firm (ntpartnerlawfirm.com)

You can also download the .docx version here.

Rate this post

“The article’s content refers to the regulations that were applicable at the time of its creation and is intended solely for reference purposes. To obtain accurate information, it is advisable to seek the guidance of a consulting lawyer.”

LEGAL CONSULTING SERVICES

090.252.4567
HÃY CLICK ĐỂ LẠI SĐT CHÚNG TÔI SẼ GỌI NGAY CHO BẠN MIỄN PHÍ

NT INTERNATIONAL LAW FIRM