Earlier this month, the European Central Bank (ECB) released a draft guide to provide a consistent approach on how to assess fintech credit institution license applications. The guide defines fintech banks as having “a business model in which the production and delivery of banking products and services are based on technology-enabled innovation,” and intends to include both
- existing banks that have evolved to become fintech banks through integration of technological innovation, whether developed in-house, through acquisitions, or through strategic partnerships (e.g., outsourcing or “white labeling”); and
- new entrants to the market that adopt technological innovation to compete with existing banks and other existing financial service providers (such as payment institutions and electronic money institutions) that broaden or alter their services to the point that they should be considered new entrants to the market and therefore require banking licenses.
The general criteria to be assessed in the licensing process include the following:
- Governance (suitability of the management body and shareholders)
- Internal organization (risk management, compliance, and audit frameworks)
- Program of operations
- Capital, liquidity, and solvency
The ECB points out two common and significant risk factors for fintech banks, which often rely on nascent technologies: the potential for cybercrime and the increased reliance on outsourcing (including cloud computing). The ECB states that in a license application assessment it will look at such factors as safeguards put in place against cyberattacks and whether the fintech bank has performed appropriate due diligence of service providers and entered into agreements that allow for audits and certain other contractual terms.
In addition, the ECB will consider the initial capital and liquidity of fintech banks due to the higher risks posed.