FINLAND: An Introduction to FinTech Legal

The Fintech Market 

The Fintech industry stands at the crossroads of innovation and regulation, continually reshaping the financial landscape. The Fintech market is experiencing unprecedented growth, propelled by technological advancements and evolving consumer preferences, which are also influencing the fintech industry in Finland.

In terms of numbers, the Finnish fintech market has been growing, although the growth has slightly stabilised in the past year. In 2023, there are over 210 fintech companies in Finland, and the total revenue of the Finnish fintech market has grown significantly. Even today, payments are most strongly represented in terms of the number of fintech companies. Financial software represents the second biggest number of companies, with two fields containing almost equal numbers of companies. A recent notable development is the rise of Generative AI, which is being increasingly used within the fintech industry, and consequently will emphasise the importance of data regulation.

Finland has consistently maintained a prominent role in the cryptocurrency and decentralised finance (DeFi) markets. Notably, the inception of Aave, one of the largest DeFi protocols with a liquidity of USD8.7 billion in November 2023, originated as a Finnish project in the crypto market. This trend persists with the recent introduction of EUROe, the first stablecoin collateralised to the Euro, launched by a Finnish issuer, Membrane Finance, in 2023. The ongoing contributions of Finland to the crypto and DeFi landscapes underscore the nation’s significance in shaping and advancing developments within these financial domains.

Fintech has matured to also become a great opportunity for banks and other financial institutions. Market participants have found new ways to collaborate with smaller fintech companies, and co-operation between finance and technology industries has become the new normal. Co-operation is generally widely valued and has long roots in the industry sector in Finland.

Towards Open Finance and Enhanced Use of Data 

Data and EU data regulations play a key role in the developments of payment services and fintech services in Finland. The opportunities of open banking and the second Payment Services Directive (PSD2), that are based on opening customers’ payment account information to third parties with the customers’ consent, have been embraced on the Finnish market and are widely used today. Open finance is the next step in the evolution of fintech data services.

The Modernising Payment Services Directive 

In 2023, the European Commission published proposals for the third Payment Services Directive (PSD3) and for a framework for financial data access. The overarching aim of the PSD3 initiative is to modernise the existing regulatory framework governing electronic payments. The multifaceted proposal introduces a suite of measures designed to:

• combat and mitigate payment fraud;

• enhance consumer rights;

• level the playing field between banks and non-bank entities;

• foster open banking; and

• improve the availability of cash.

These measures collectively strive to fortify consumer confidence and choice in electronic payments while ensuring a secure and transparent financial environment.

Central to the PSD3 proposal is a strategic focus on combating payment fraud, achieved through:

• increased collaboration among payment service providers;

• heightened consumer awareness;

• strengthened authentication rules;

• extended refund rights for fraud victims; and

• mandatory verification of payees’ IBAN numbers.

The initiative also seeks to bolster consumer rights by addressing issues such as temporary fund blocking, and by enhancing transparency on account statements and providing clearer information on ATM charges. Furthermore, it aims to level the competitive landscape by granting non-bank payment service providers access to EU payment systems, safeguarding their rights for maintaining a bank account.

The proposal advances open banking by removing obstacles to service provision and enhancing customer control over payment data, ultimately fostering a dynamic market for innovative services. Simultaneously, it addresses the practical aspects of cash availability by permitting retailers to offer cash services without purchase requirements, and by providing clarity for independent ATM operators. Strengthening harmonisation and enforcement mechanisms underscores the proposal’s commitment to a uniform and robust regulatory framework, ensuring the secure execution of electronic payments across borders both in euro and in non-euro currencies within the EU. The proposal aims to strike a balance between safeguarding consumer rights and promoting a diverse and competitive landscape of payment service providers.

Finance Data Space 

In addition to PSD3, the European Commission finally published its long-awaited open finance proposal in 2023, the framework for financial data access (FIDA). FIDA aims to lead towards better-quality, user-centric financial services and new data-driven business models in the financial sector by causing financial institutions to make available certain customer data to other financial institutions, authorised financial information service providers (FISPs) and the customer, at the customer’s request. FIDA would also regulate, inter alia:

• the management of customer permissions with new permission dashboards;

• the establishment of financial data sharing schemes (FDSSs), including mandatory participation in at least one FDSS; and

• the authorisation of FISPs, which are entities other than financial institutions that wish to engage in the data economy under FIDA by providing financial information services. 

FIDA is an ambitious piece of legislation, and several open questions remain. Published on 28 June 2023, discussions around FIDA are slowly gaining more interest as understanding of the full significance of FIDA is setting in on the market. However, as FIDA will not be finalised before the 2024 elections of the European Parliament, it is likely to gain more interest again after the elections. In the spirit of FIDA, fintechs that plan and execute ambitious open finance strategies and partner with financial institutions to rethink their business models are likely to succeed in a data-driven economy.

The Data Act and Data Privacy 

Another major data trend in Finland has been the Data Act and its effects on different market players. In the financial sector, insurance companies in particular are expected to benefit from the possibility of gaining access to use data of connected products. However, the Data Act will have a larger impact on the fintech sector as it sets forth rules on, inter alia, data sharing agreements and switching between data processing services. Practical preparations for the Data Act are ongoing for many, and are expected to further accelerate when the Data Act enters into force (likely in early 2024).

As more data will be open for use, emphasis should also be placed on the data protection and data privacy requirements, which have sometimes been a challenge for companies in the fintech sector. Now, fintech companies should take even greater interest in data and prepare for the future changes to their business operations brought in by the new regulations. At the same time, it is worth noting that many companies also struggle to extract value from the data they have access to.

Strengthening Cyber-Resilience in the Financial Sector

In the context of the EU’s progression in the realm of open finance, it is imperative to underscore the necessity for fintech innovations and products to conform to robust financial regulation and operational risk management. This alignment is paramount for fostering sustainable technological development, which, in turn, contributes to a secure financial environment, prioritises customer protection and fortifies financial stability. In this era of technological advancement, achieving equilibrium between innovation and security is pivotal, wherein technology and cybersecurity standards synergistically converge.

The Regulation on digital operational resilience for the financial sector, DORA, elevates cybersecurity and operational resilience legislation to the sector-specific level, taking into account the characteristic cybersecurity challenges and risk profiles inherent in financial services. Effective from 17 January 2025, DORA responds robustly to the escalating cyber threats confronting the financial sector. It imposes an obligation on financial entities to prepare for, respond to and recover from diverse disruptions and threats related to information and communication technology. DORA represents a significant stride in EU financial regulation, establishing a harmonised and comprehensive framework for managing digital operational resilience, thereby safeguarding the stability of the financial sector and enhancing consumer protection. A pivotal aspect in the pursuit of a standardised open finance ecosystem is the pragmatic interaction between DORA and the forthcoming FIDA and PSD3 that extends the ambit of DORA to encompass FISPs in the future.

Legislative Framework for Markets in Crypto-Assets

Finland has been early in regulating crypto-assets. Now, the EU will soon become the first regulator to publish arguably the most comprehensive all-in-one crypto regulatory regime. The Markets in Crypto-Assets Regulation, MiCA, entered into force in June 2023 and shall apply from 30 December 2024, with certain derogations. MiCA creates a regulatory framework that lays down uniform requirements for the offering and placing on the market of crypto-assets, and requirements for crypto-asset service providers. As a regulation, MiCA will apply directly across the EU without any national implementation, and will streamline the current national legislation in Finland and require Finnish legislators to partly amend and revoke the Finnish Act on Virtual Currency Providers (572/2019).

MiCA marks a pivotal milestone in the creation of consistent market rules for crypto-assets across the EU. This regulatory framework extends its purview to crypto-assets currently outside the scope of existing financial services legislation. Crucial provisions within MiCA address those issuing and trading crypto-assets, encompassing asset-reference tokens and e-money tokens, with a focus on transparency, disclosure, and the authorisation and supervision of transactions. MiCA also applies to other tokens, such as utility tokens. The overarching objective is to fortify market integrity and financial stability by subjecting public offers of crypto-assets to regulation and by enhancing consumer awareness regarding associated risks.

Prior to the application of MiCA and the respective revised national legislation, services related to crypto-assets may only be provided in Finland by a trader who is registered by the Financial Supervisory Authority as a virtual currency provider. MiCA allows entities providing crypto-asset services in accordance with national applicable laws before 30 December 2024 to continue to do so until 1 July 2026 or until they are granted or refused a MiCA authorisation. MiCA also offers a simplified authorisation procedure for entities that were already authorised under national applicable law on 30 December 2024 to provide crypto-asset services. Member states may, however, opt out of said grandfathering or reduce the duration. Currently, in registrations, virtual currency providers are subject to certain requirements regarding reliability, data retention and know-your-customer (KYC).

Sustainability 

Fintechs are at the forefront of innovation, and can help change not only business but also the planet. Accordingly, it seems that increasingly more fintechs focus on sustainability in Finland. At the same time, the financial sector generally leads the transition to a net-zero economy and more sustainable world – partly due to heavy EU regulation relating to sustainable finance.

Since 2018, the Commission has been developing a comprehensive policy agenda on sustainable finance. Sustainable finance plays a key role in delivering the objectives of the European Green Deal. The regulatory framework on sustainable finance consists of regulations applicable to companies that are active in the financial markets, in particular the Sustainable Finance Disclosures Regulation (SFDR) and the EU taxonomy that provides a classification system for sustainable economic activities.

When financial institutions are faced with ESG compliance requirements, they will make corresponding requirements for their customers. ESG compliance will therefore become an integral part of corporate banking, and will also be both a compliance requirement and a business opportunity for many fintech companies. Over recent years, the EU has handed down sustainability regulations also affecting companies other than financial market participants. Both the Corporate Sustainability Reporting Directive (CSRD), which is currently being implemented in Finland, and the Corporate Sustainability Due Diligence Directive (CSDDD), which is still being negotiated in the EU, also affect all companies in Finland, at least indirectly.

In terms of future success in sustainability, fintech companies may have an advantage as their businesses are often built around digital processes.

Consumer Lending and the Positive Credit Register

The Finnish consumer lending market and legislation has been under scrutiny in recent years. The Consumer Ombudsman, one of the relevant supervisory authorities along with the Finnish Financial Supervisory Authority, has been particularly active in supervising consumer lending practices on the Finnish market, and has imposed penalty payments based on non-compliant marketing and lending practices.

In 2023, the Finnish Parliament continued to reform the consumer credit laws. For example, marketing practices that violate the good lending practice were clarified, and the credit interest rate was further capped. Creditors’ obligation to identify consumers with a strong identification method was extended and the order of different payment methods in an online store regulated.

At the same time, creditworthiness assessments may become more efficient in Finland as the Positive Credit Register is set to begin operation in spring 2024. The Positive Credit Register will function as a service for storing information on consumers’ loans and, to a certain extent, income, allowing creditors to assess the credit applicant’s repayment abilities more easily and reliably.

The consumer lending climate in Finland might be challenging for some fintech companies to adapt to, but it does encourage companies to make compliance an asset and to develop sustainable practices. Due to the open approach to data in Finland, of which the Positive Credit Register is an example, the Finnish market can also provide opportunities in consumer lending.