Answer ... (a) Crowdfunding, peer-to-peer lending
The Crowdfunding Regulation aims to provide small and medium-sized enterprises and innovative start-ups with an alternative financing channel, while also protecting investors. The offer of financial instruments issued by innovative start-ups through online portals is allowed:
- up to €5 million of stock capital;
- provided that 5% of the venture capital shares are subscribed by professional investors; and
- on condition that investors are entitled to withdraw from the offer in the event of subsequent changes to the latter or to the conditions of the start-up in question.
Crowdfunding portal managers must meet several disclosure obligations with regard to potential investors in relation to their activities, the risk of the investment at issue and the suitability of the subscription order.
In addition, investors are entitled to:
- revoke the order if new significant facts arise which could influence the investment decision; and/or
- withdraw from the investment within seven days of sending the order or in the event of a change of control of the issuer.
With regard to peer-to-peer lending, the BoI Provisions for Non-banks’ Collection of Savings establish the conditions to be satisfied by subjects other than banks to collect savings from the public:
- For portal managers, the receipt of funds to be deposited in payment accounts, as well as those related to the issuance of electronic money, does not amount to the collection of public saving; and
- For applicants, the acquisition of funds through the platform does not constitute the collection of savings where it is carried out on the basis of personalised negotiations with individual lenders.
(b) Online lending and other forms of alternative finance (DLT, Smart Contract, crypto-activities):
In its report on initial coin offerings and exchanges of crypto-assets dated 2 January 2020, the Commissione Nazionale per le Società e la Borsa (Consob) specified that crypto-assets are to be deemed as ‘investments’, consisting of the digital representation of rights related to a business investment issued, stored and distributed by means of DLT technologies. They can hence be qualified as ‘financial instruments’ only if they fall within the scope of Article 1, paragraph 2 of the Consolidated Financial Act.
In addition, the offering platforms are governed by the provisions on crowdfunding. Accordingly, in order to operate as such, a platform manager must be authorised by Consob and enrol in an ad hoc register kept by Consob (or by an equivalent foreign national competent authority (NCA)). Upon issuance of a crypto-asset, the platform manager must publish a white paper containing all information related to the offer. Compliance with transparency, efficiency and technology quality standards, and with investor protection requirements, must be also ensured by portal managers during their activities.
A ‘smart contract’ has been defined (for the first time in Italy) by Article 8ter of the Simplifications Decree as “a computer programme running on DLT and whose performance automatically binds two or more parties based on parameters defined by the parties themselves. It must meet the written form”. Regardless of such legislative effort, some issues relating to the use of smart contracts remain, including:
- the difficulty of identifying the applicable provisions in case of lack of consent;
- how the identity and suitability of the parties to the relevant agreement should be assessed;
- compliance with principles and general clauses of the Italian Civil Code, such as good faith, diligence and force majeure; and
- consumer protection-related issues.
(c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb):
Legislative Decree 11 of 27 January 2010, as subsequently amended by Legislative Decree 218/2017 (which transposed the First and Second Payment Services Directives into national law), contains the key provisions on payment services in Italy.
Under the above framework, one must first understand whether a given transaction falls within the so-called ‘positive’ scope pursuant to the decree (which includes payment transactions in any official currency), and then check whether such transaction is excluded therefrom (by using the so-called ‘negative’ test, whereby payment transactions made through an authorised agent who acts only on behalf of either the payer or the payee do not fall within the scope of payments relevant under the decree).
Moreover, payment service providers authorised by the BoI (ie, banks, payment institutions and electronic money institutions) are flanked by third-party providers, non-financial operators providing account information services (ie, account information service providers) and payment initiation service providers.
Furthermore, an electronic central register of payment service providers kept by the BoI has been established pursuant to the decree.
The provisions on security measures have recently been strengthened so as to protect end users against fraud and other risks. In particular, payment service providers must adopt strong customer authentication procedures in the event that a client accesses his or her payment account online, initiates an e-payment transaction or carries out any action through a remote channel that may cause damage to him or her.
According to the Italian Fintech Guide 2022, recently published by the Fintech District, payment services remain the most relevant business segment in Italy: they were the main driver of investments in the sector in 2020 and also played an important role in the first quarter of 2021. Strong demand for alternative payment models – particularly in the B2B and challenger banking sectors – has led to the growth of integrated payment solutions and ‘banking as a service’ platforms (ie, platforms where banking services are integrated into a broader process allowing a complex financial service to be completed directly).
(d) Forex
Forex is a contract for the purchase and sale of currency settled for the difference, whose use is now monitored by Consob in order to combat the dangerously increasing phenomenon of abusive provision of financial services.
Forex is a highly risky financial instrument subject to volatility and leverage. It is lawful per se, yet capable of becoming unlawful if offered by unlicensed companies (ie, those that are not (or not yet) authorised to provide investment services by Consob, the BoI or a foreign NCA).
At present, it is possible to consult Consob’s website in order to check whether an intermediary offering forex investments falls within the list of authorised companies. In addition, Consob periodically issues communications to protect investors from unauthorised offers and hosts investor protection warnings from foreign NCAs.
Should an investor have doubt about the abusive nature of a forex service provider, he or she should promptly report the matter to Consob, which – if it ascertains the existence of a possible fraud – must file a report with the competent judicial authority.
Finally, should the commitment of an unlawful act be ascertained, Consob must black out the provider’s website and apply an administrative sanction thereto (including to its manager(s) and employee(s), if necessary).
(e) Trading
In general terms, online trading is governed by the Consolidated Financial Act (Articles 34 and following), as well as by the Intermediaries Regulation (Articles 42 and following), which governs the receipt and transmission of orders and execution only; and by Consob Communication DI/30396 of 21 April 2000 on online trading and rules of conduct.
Participation in regulated markets and multilateral trading facilities is allowed for authorised intermediaries, to which a trading identification code is assigned upon grant of the relevant licence(s). Access to the markets by parties other than authorised intermediaries is possible only through ‘direct electronic access’, which allows clients to access to the market using (‘direct market access’) or not using (‘sponsored access’) the intermediary’s trading identification code.
Pursuant to the ‘technological neutrality’ principle, a legal entity that wishes to offer investment services or products in Italy must obtain a licence, regardless of whether such services or products are also intended to be provided online. Should this be the case, intermediaries must implement specific technical and operational procedures to ensure full and effective compliance with the relevant obligations pursuant to the applicable law (see question 4.6).
Among other things, these include:
- the written form of the investment contract;
- the information disclosure obligations (especially vis-à-vis retail clients); and
- client due diligence for anti-money laundering purposes.
(f) Investment and asset management:
Under Italian law, there is no specific regulation governing the use of technologies in the financial services sector. Hence, the general rules apply.
Investment services can be provided by fintech companies only after they have been granted ad hoc authorisation by Consob and/or the BoI.
As a key principle, fintech companies licensed to provide for the above services must act diligently, fairly and transparently (see Article 21, letter a) of the Consolidated Financial Act).
Moreover, fintech companies must comply with:
- the appropriateness test principle, in order to carry out the receipt and transmission of orders, trading on own account and placing of financial instruments; and
- the sustainability test principle, in order to provide portfolio management and/or investment advice services (see Articles 40 and 42 of the Intermediaries Regulation).
Furthermore, fintech companies providing collective asset management services must:
- operate with diligence, fairness and transparency;
- ensure that the management is performed independently;
- acquire knowledge and adequate understanding of the conditions of marketability of financial instruments, assets and other valuables in which it is possible to invest the assets managed;
- ensure equal treatment of all investors; and
- acquire reliable, up-to-date information necessary to formulate provisions and conduct analysis, and define the consequent general investment strategies (see, among others, Articles 97 and 98 of the Intermediaries Regulation).
(g) Risk management:
Pursuant to the Joint BoI/Consob Regulation of 29 October 2007, an intermediary must establish a permanent risk management function, whose tasks may be summarised as follows:
- Define the intermediary’s risk management system;
- Preside over the functioning thereof;
- Monitor compliance with such system by the intermediary itself;
- Verify the adequacy and effectiveness of the measures adopted to deal with the deficiencies identified; and
- Submit to the intermediary’s bodies, at least once a year, a report on the activities carried out.
The prospective impact of new technologies on the risk management systems of financial intermediaries has been extensively analysed by the BoI, which has also classified the most relevant risks to which an intermediary is exposed (eg, liquidity, counterparty, credit, market, regulatory and reputational risks).
In addition, the BoI has pointed out that the impact of fintech on the traditional risks faced by incumbents (ie, existing banks and intermediaries) derives indirectly from the arrival of newcomers (ie, fintech companies), and directly from the latter’s entry into one or more new business areas through an expansion of the range of products and services offered, and/or the establishment of controlled legal entities.
(h) Roboadvice
Roboadvice is governed by the same provisions that regulate investment advice in general (see question 4.6), as it concerns a well-contextualised transaction relating to specific financial instruments, characterised by a personalised recommendation addressed to a client or group of clients.
Pursuant to the suitability test principle, in order to recommend investment services and/or financial instruments that are deemed to be suitable to a client, the intermediary must obtain from the latter a complete set of information (ie, investment knowledge and experience, financial situation and investment objectives (including risk tolerance)).
Both the European Security and Markets Authority and Consob have recently focused on the safety of algorithms, emphasising that it is always necessary for robo-advisory processes to have human intervention to verify that the decision processes they govern are not affected by errors.
Retail investors based in Italy still seem reluctant to avail of roboadvice, due to both an insufficiently sophisticated financial culture and the risks associated with digital investments (eg, cybersecurity and improper data processing). Therefore, roboadvice is mainly addressed to professional investors.
(i) Insurtech
To date, there are no specific provisions in force in Italy governing insurtech. Therefore, this is regulated by the Private Insurance Code, and the provision of insurance services through the use of technologies is reserved to insurance companies authorised by the Istituto per la Vigilanza sulle Assicurazioni (IVASS).
Pursuant to the Insurance and Reinsurance Distribution Regulation, which transposed the EU Insurance Distribution Directive into national law, an insurance intermediary must inform the client, prior to the provision of the relevant service, of:
- its disclosure obligations, aimed at ensuring the highest level of transparency for the client;
- specific information on the intermediary itself;
- potential conflicts of interest; and
- its client protection measures.
The intermediary must also provide the client with a suitability questionnaire in order to identify the insurance service or product most suitable for his or her specific needs, as well as an informative note in which the insured’s guarantees and rights, as well as the insurance company’s obligations, are clearly summarised.
IVASS is working on the definition of a new set of provisions and technological standards governing insurtech services and products. The aim is to ensure adequate levels of market and client protection, and guarantee the fair regulatory treatment of both existing and new operators, while avoiding regulatory arbitrage and encouraging innovation.
In this regard, IVASS recently adopted a Strategic Plan (2021-2023) in order to:
- investigate the phenomena associated with the digitalisation process and foster a dialogue with insurance and technology operators;
- promote activities relating to the development of innovative supervisory and regulatory technology tools in collaboration with the BoI and with the academic world; and
- identify research initiatives on topics related to insurtech and artificial intelligence aimed at a more intense action of consumer protection for aspects relating to transparency, ethics and insurance inclusion.