General climate and trends
General innovation climate
What is the general state of fintech innovation in your jurisdiction, including any notable trends, innovations, innovators and future prospects?
As the largest economy in the European Economic Area, the German market offers many opportunities for fintech innovation. Although some of the initial disruptive energy has been mitigated by regulatory challenges and a soft trend towards consolidation, a second phase of solid and mature business development is on the horizon.
Important players in the market include:
- N26 – an app-based direct bank;
- Kreditech – offers data-based bank lending;
- Raisin – offers a pan-European marketplace for savings products;
- Spotcap – offers loans for small and medium-sized enterprises;
- Auxmoney – operates an online platform for peer-to-peer money lending services;
- Smava – offers a loan comparison platform;
- Liqid and Scalable – both offer online portfolio management to retail customers;
- Exporo – offers an equity crowdfunding platform for real estate investment and bitbond, a bitcoin-based peer-to-peer lending platform; and
- Finleap – while not a fintech company itself, it offers a fintech company builder ecosystem.
Recent studies show a slight decline in the growth of venture capital financing for fintech companies in Germany. While investment grew by 45% in 2015 and 135% in 2016 (compared to the respective previous year), the growth rate decreased to 9% in 2017. Still, the absolute amount of venture capital investment grew to a record €716 million in 2017.
Berlin is Germany’s largest fintech hub, followed by the Rhine-Neckar region (the surrounding area of Frankfurt), Munich and Hamburg. Important segments include regulatory technology companies and, due to Germany’s consistently strong real estate market, property technology companies.
The market disruption caused by the emerging fintech sector has stimulated various forms of collaboration between old and new players. Due to both regulatory challenges and traditional financial institutions’ engagement in response to the emerging fintech market in Germany, many fintech companies entered into partnerships with existing institutions. These partnerships may be in the form of investments or mere collaborations. However, many of the existing institutions have also formed innovation hubs within their groups or associations, following a broad approach in response to the challenges stemming from the shifted market structure. On the other hand, a growing number of fintech companies have also started offering products and services outside their core business model, creating a multi-level approach for their customers. This is often referred to as the ‘platform model’.
Have there been any particular developments – regulatory or commercial – in any of the following fintech sectors?
Distributed ledger technology and digital currencies (eg, blockchain, smart contracts and Bitcoin)?
As with most countries, the German public saw distributed ledger technology as only a theoretical concept during the early 2010s. This has radically changed over the past two years. In particular, when bitcoins reached their peak valuation to date (December 2017), the German media began focusing on cryptocurrencies.
The Federal Financial Supervisory Authority (BaFin) previously published an initial coin offering (ICO)-related warning to customers in its monthly journal, pursuing a rather critical approach towards ICOs by citing risks due to:
- premature or fraudulent business models;
- lack of regulation and customer information; and
However, it is unclear whether this warning had any effect on private investments in the sector.
With regard to the regulatory framework, BaFin labelled bitcoins as ‘financial units of account’ early on. This designation may trigger authorisation requirements for certain business models. BaFin recently stated that this designation is most likely to apply to other forms of tokens too. On February 20 2018 BaFin issued another note on tokens, stressing the possible application of numerous supervision laws on token-related services.
Alternative lending platforms?
For alternative lending platforms, the biggest challenge is the German regulatory framework. Under the Banking Act, only banks can originate loans in Germany; as such, peer-to-peer (P2P) lending companies must cooperate with a licensed bank to originate loans. The bank will then sell the receivables to the investors via the platform. Under various restrictions, alternative investment fund managers may originate loans for the account of certain closed alternative investment funds, but only for businesses on the borrower side. However, there are several market players that work business-to-business, business-to-consumer and consumer-to-consumer.
P2P customer lending has seen the biggest growth, but business lending is also on the rise. Due to regulatory challenges, equity-based crowdfunding has recently slowed.
The biggest market players are Auxmoney, Lendico, Funding Circle (merged with Zencap), SpotCap, Smava, Iwoca and Main Funders of Commerzbank.
Digital payments, remittances and foreign exchange?
Traditionally, Germany had been a country of cash payments. Despite the growth in card payment acceptance in retail stores and restaurants, this was usually limited to debit cards due to high credit card fees for payees.
However, since the EU Interchange Fee Regulation 2015 capped card payment fees for payees, the market has started to shift. Digital payments are growing, and the absence of big players like Apple Pay and Google Pay has left room for smaller players, as well as solutions from traditional financial companies. That said, PayPal remains the biggest digital payment provider in Germany. Private and public savings banks have developed their own solutions in cooperation with each other, such as Paydirekt or GiroPay.
The EU Payment Service Directive II, implemented into German law on January 31 2018, is expected to boost the market in this regard. Under the directive, surcharge fees within the Single European Payments Area were banned for certain cashless payments (SEPA-payments) and for consumer-related card payments. Further, based on their clients’ consent, payment service providers can now access their clients’ bank account details visa an application programming interface.
Thus far, many providers have focused on front-end solutions, such as apps or other services that increase convenience for payers. The entitlement to non-discriminatory access to payment data will open a variety of new business models for these providers.
That said, supervision has been strengthened for new providers. Payment initiation services and account information services now fall under the Payment Service Supervision Act and are subject to authorisation requirements.
Alternative financing (including crowdfunding)?
Between 2007 and 2015, close to €585 million was raised in Germany through crowdfunding, crowd-investing and crowdlending platforms. In 2015 crowd-investing and crowdfunding accounted for roughly only 30% of the annual total investment sum. Crowdlending platforms accounted for most of the total investment.
Alternative financing platforms focusing on crowdfunding were largely unregulated until the Small Investor Protection Act entered into force in 2015. Among other things, the new regulation introduced a prospectus requirement for crowdfunding platforms. Exceptions apply where the total investment does not exceed €2.5 million (and several other requirements are fulfilled).
Important players on the German crowdfunding market include StartNext and VisionBakery. Kickstarter and Indiegogo also operate on the German market.
Investment, asset and wealth management?
Both new and existing players have been actively pushing digital investment, asset and wealth management. Raisin is offering a pan-European marketplace for savings products, making use of low interest rates in Germany and the European deposit guarantee system. Liqid and Scalable offer digital asset and wealth management. Traditional players have also started digital portfolio management projects, such as Robin (Deutsche Bank) and Visualvest (Union Investment).
Investment fund distribution has undergone vast regulatory change following the introduction of the EU Markets in Financial Instruments Directive II (MiFID II). In particular, product governance, inducements and disclosure rules pose significant challenges to the market. However, it is still possible for an introducing broker to distribute investment funds on platforms without a full regulatory licence (authorisation pursuant to the Industrial Code is required). Further, the ordinance governing the distribution of investments has not yet been adjusted to meet the requirements set out in the MiFID II.
Fintech-based asset and wealth management has seen a steady growth in Germany. Some of the players offer robo-advice in addition to digital asset management (eg, Liqid and Scalable).
Robo-advice and artificial intelligence?
‘Robo-advice’ is a rather broad term in Germany. Thus, it is not always clear what the respective provider is offering from a legal standpoint. Robo-advice could be deemed:
- investment advice;
- reception and transmission of orders;
- execution of orders on behalf of clients; or
- portfolio management,
leading to the respective authorisation requirements.
It is important to consider whether:
- the client or provider is buying, selling or holding an individual financial instrument; and
- the provider is offering advice on the aforementioned options.
Thus far, BaFin has followed a rather broad interpretation of ‘investment advice’, which is triggered when a fintech company bases their advice on just a single piece of their client’s personal data. Further, even if, from the customer’s perspective, the mere impression is given that the company bases their advice on any explored data, ‘investment advice’ is triggered. The duties involved in offering advice are obviously broader than those for the mere transmission and execution of orders (eg, suitability test and statements), but information duties and appropriateness tests apply in either case.
Important market players include Liqid, Scalable, cominvest (by comdirect bank), Quirion, Sutorbank and Whitebox. Raisin (WeltInvest) is the newest player on the market.
Any other technologies?
How would you describe the regulatory policy for fintech products and services in your jurisdiction?
Thus far, the German government has pursued a strict no-sandboxing approach when it comes to fintech companies. Therefore, authorisation requirements and administrative rules apply, depending on the service offered by the respective company. Some facilitations may apply based on the size of the company (principle of proportionality), but no special treatment should be expected simply because a service is using new technologies.
The German legal system is, of course, strongly embedded in the European legal system. National legislation regarding companies in the financial sector is therefore often mere implementations of EU laws (eg, the EU Markets in Financial Instruments Directive II, the EU Capital Requirements Directive IV and the EU Capital Requirements Regulation).
Have any fintech-specific laws or regulations been enacted in your jurisdiction? Are any envisaged?
No. Thus far, fintech companies are subject to the same provisions as traditional companies in the financial sector. In the short term, no changes are expected. The government’s recent coalition agreement stresses the need for “equal regulation for equal risks” with respect to the fintech industry. This can hardly be regarded as a move away from the equal treatment or the no-sandboxing doctrine.
Which government authorities regulate the provision of fintech products and services?
The financial sector in Germany is supervised by a number of authorities. Most prominently, the Federal Financial Supervisory Authority (BaFin) is responsible for any authorisation procedures and publishes regular guidelines on its regulatory fintech treatment. Bundesbank is responsible for the majority of operational banking supervision, but the European Central Bank may come into play in these matters. For specific forms of investment brokerage and investment advice, local trade supervision authorities or local chambers of industry and commerce may be the responsible authority.
Financial regulatory framework
Which laws and regulations governing the provision of financial services apply to fintech businesses?
Depending on the service provided for by the fintech company, the application of the following acts may be triggered:
- the Banking Act;
- the Securities Trading Act;
- the Securities Prospectus Act;
- the Capital Investment Act;
- the Asset Investment Act;
- the Payment Supervision Act;
- the Insurance Supervision Act; and
- various European rules (eg, the EU Market Abuse Regulation).
Although at first glance this may seem like a regulatory minefield for fintech businesses, experienced legal support may help to mitigate or even dispel regulatory risk. Even if licensing requirements apply, fintech companies should not shy away from implementing their business ideas. For example, Bitbond, a bitcoin-based peer-to-peer lending platform, has successfully obtained government authorisation for investment brokerage.
Under what conditions are fintech businesses subject to licensing requirements? Are there any exemptions?
BaFin lists bitcoins as ‘units of account’ within the meaning of the Banking Act. BaFin recently stated that this will likely apply to other forms of tokens too. In particular, the Banking Act may require authorisation when token-related services are offered.
Lending platforms must choose a specific arrangement to avoid having to obtain authorisation under the Banking Act or the Payment Service Supervision Act. Unless they act as mere brokers of loans and receivables for both lending and borrowing, the obligation to obtain one of the aforementioned authorisations applies. This is why many lending platforms chose a bank as their so-called ‘white labelling’ partner. However, for the mere brokerage of loans, authorisation pursuant to the Industrial Code may be required.
Authorisation for payment service providers may be required if the provider is involved in the execution of the payment handling. In contrast, pure technical service providers may be exempt from authorisation requirements.
For alternative financing platforms, authorisation requirements may apply pursuant to the Banking Act, the Payment Services Supervision Act, the Capital Investment Act or the Securities Trading Act. Investment providers may be subject to a prospectus requirement.
Investment, asset and wealth management companies must obtain authorisation pursuant to the Banking Act. Mere distributors of investments may apply for authorisation pursuant to the Industrial Code but must adhere to the Financial Investment Broker Regulation, an ordinance issued by the Federal Ministry of Economic Affairs.
For robo-advice, the question of authorisation requirements largely depends on whether the investment advice, reception and transmission of orders, execution of orders on behalf of client, or portfolio management within the meaning of the Banking Act is offered by the respective service. A service will most likely be deemed investment advice if a client receives advice on the purchase, sale or hold of a specific financial instrument, based on its personal details.
Are any fintech products or services prohibited in your jurisdiction?
In anticipation of the EU Markets in Financial Instruments Directive II product intervention rules, BaFin was given the authority to use methods of product intervention in 2015. This power allows BaFin to restrict or prohibit the marketing, distribution and sale of certain financial products if these present a significant investor protection concern or a threat to the stability or integrity of the financial system or financial markets. By using this power, BaFin has restricted the marketing, distribution and sale of those financial contracts for difference (CFDs) to retail investors, that come with an additional payments obligation (margin calls). Contrary to previous indications, BaFin has recently refrained from imposing a ban on the distribution of credit-linked notes.
The European Securities and Markets Authority (ESMA) has used their product intervention power for the first time, and gone beyond BaFin’s handling of CfDs. ESMA has announced to impose restrictions on the leverage offered for CFDs and introduced elaborate prerequisites for them to be permissible for retail investors. Further, ESMA prohibited the marketing, distribution and sale of binary options to retail investors. However, these interventions are product-related measures and reflect no specific challenges of fintech companies.
Pursuant to the Capital Investment Act, certain alternative investment funds may not be sold to or purchased by average retail investors; instead, only semi-professional retail investors or professional investors can buy or sell these. The differentiation between those types of investor is strict. Semi-professional retail investors must invest a minimum of €200,000 and be sufficiently capable of understanding the risks involved with their investment into the investment fund. Professional investors are, for example, financial institutes, insurers and governments. Any other types of investor are deemed average retail customers.
Data protection and cybersecurity
What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?
When it comes to personal data, both the European General Data Protection Regulation (GDPR), which will enter into force on May 25 2018, and the (amended) Federal Data Protection Act govern the processing and transfer of data. Until the GDPR enters into force, some provisions of the Telemedia Act still apply. However, the Telemedia Act rules will likely be substituted by the future European ePrivacy Regulation. During that transition period, the GDPR will provide the relevant rules. Some provisions from the Banking Act may also apply in specific outsourcing scenarios.
What cybersecurity regulations or standards apply to fintech businesses?
Depending on the service offered, cybersecurity regulations may apply. Banks, for example, must fulfil certain risk management-related IT-precautions based on the Banking Act. BaFin has substantiated these requirements in Circular 10/2017 on Supervisory Requirements for IT in Financial Institutions. For payment service providers, the European Banking Authority has published guidelines on the security of internet payments, which have been endorsed by BaFin in Circular 4/2015 on Minimum Requirements for Internet Payments Security (MaSI). Based on the European Payment Service Directive 2 (PSD2), the European Commission has also enacted the Regulatory Technical Standards on Strong Customer Authentication and Secure Communication under PSD2, which will replace MaSI as soon as it comes into effect (probably in 2019).
If a service provided is deemed to be ‘critical infrastructure’, organisational requirements stipulated in the Act on the Federal Office for Information Security (BSI Act) may come into play as well. Recently, a new section has been added to the BSI Act, stipulating a duty for digital service providers to enact measures for safeguarding their IT systems. As this provision is relatively new, its impact can only be estimated.
In relation to storing and processing personal data, the GDPR includes data protection-related organisational and technical requirements for IT systems.
What anti-fraud, anti-money laundering or other financial crime regulations govern the provision of fintech products and services?
The Anti-Money Laundering Act implemented the EU Fourth Anti-Money Laundering (AML) Directive into German law. Most financial companies subject to authorisation requirements are also deemed obliged entities within the meaning of the Anti-Money Laundering Act. Therefore, due diligence requirements apply, such as the implementation of know-your-customer (KYC) procedures. Some even stricter due diligence requirements apply to credit institutions and financial service institutions within the meaning of the Banking Act. Further, companies that are not registered in the Companies House may need to be entered into the Transparency Register and provide a list of beneficial owners.
For counter-tax evasion reasons, the Federal Tax Act also requires tax-related KYC procedures in place for certain bank-related business, such as opening a bank account.
What precautions should fintech businesses take to ensure compliance with these provisions?
Businesses should carefully examine whether they fall within the scope of any of the aforementioned regulations. German authorities follow a rather strict approach when it comes to the enforcement of anti-money laundering and financial crime provisions.
What consumer protection laws and regulations apply to the provision of fintech products and services?
Most provisions on consumer protection are found within the Civil Code – in particular, revocation rights may apply in case of distance contracts. Further, ex ante information requirements must be fulfilled for many services.
Does the provision of fintech products or services in your jurisdiction raise any particular competition regulatory concerns?
No specific competition regulatory concerns are raised with respect to fintech products or services.
Are there any particular regulatory issues concerning the cross-border provision of fintech products and services (eg, operating jurisdiction rules and currency controls)?
Cross-border access to the German market for fintech products and services is subject to authorisation requirements and can be generally achieved in three different ways:
- Full licence – this involves applying for full authorisation with the competent authorities (eg, for a subsidiary).
- Passporting – EEA branches can, in particular, make use of passporting mechanisms. These are implemented in, for example, the Banking Act and the Securities Trading Act. Passporting can either be used to establish a branch in Germany or for the provision of direct cross-border services. Supervision would largely be carried out by the home country, while a smaller number of German provisions must be met. Apart from EU passporting, Germany has entered into bilateral agreements with the United States, Japan and Australia to allow passporting for financial institutes from these countries. Financial institutes from Switzerland benefit from a simplified authorisation procedure that, if successful, exempts them from the application of many provisions in the Banking Act.
- White labelling – fintech companies can also use existing licences from German domestic financial institutes in order to ‘white label’ their activities. Based on a cooperation agreement, the existing bank would, from a legal standpoint, be considered to have outsourced its activities to the respective fintech company. The fintech company is then able to carry out its service in Germany, notwithstanding the lack of authorisation.
Financing, investment and government support
Does the government provide any incentives or support programmes to promote fintech innovation in your jurisdiction (eg, tax incentives, grants and regulatory sandboxes)?
No such incentives specifically focused on fintech innovation have been introduced by the government thus far. Nevertheless, the Federal Ministry of Economic Affairs has started a programme called INVEST under which angel investors can apply for a tax-free reimbursement of 20% of their investment if they invest more than €10,000 into a start-up. Further, the reimbursement is available for taxes paid on investment returns.
Some federal states (eg, Saxony-Anhalt) have also set up an innovation fund for start-up support.
Further, the European Union offers support through the European Investment Fund (EIF). For example, investments from angel investors can be matched by the EIF on a pari passu basis (ie, by the same amount) in order to incentivise angel investors and attract further investors.
Has the government concluded any international cooperation agreements to promote and facilitate the cross-border expansion of fintech businesses?
Financing and investment
What private financing and investment schemes are available and commonly used for fintech start-ups in your jurisdiction?
Private finance and investment schemes in Germany are largely similar to common venture capital programmes worldwide. However, typical start-ups would go through a seeding phase, with angel investors stepping in. The venture capital funds then contribute at a slightly later stage and already have the exit in sight. One peculiarity with fintech start-ups is that traditional companies from the financial sector will often cooperate with fintech start-ups. This cooperation is rather long-term oriented (eg, banks seeking to participate in know-how and benefit from lean structures). Therefore, the whole structure of the investment schemes may be designed to endure. However, some start-ups have lately even abandoned the classical paths of financing and are using initial coin offerings instead to raise their capital.
What forms of IP protection are available for fintech innovations?
As in all EU countries, there is no patent protection for pure business ideas or software. Therefore, copycats are common in the founder scene, including fintech innovations. However, software is protected by copyright and may provide adequate protection for fintech innovations. In addition, trademarks and business names give a competitive advantage. When copying a fintech innovation in an unfair way (eg, by misleading customers) the Act against Unfair Competition might be a legal basis to act against such innovation copying.
What rules govern the ownership of IP rights to fintech innovations?
Software is protected under the Copyright Act. Trademarks and business names are ruled by the Trademark Act.
What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the tech or financial sector?
No special immigration regime applies to the tech or financial sector. EU and EEA citizens:
- do not require a visa or residence or work permit;
- can seek employment for six months and have the right of residence for that duration; and
- may live in Germany as employees or self-employed without any limitation.
Citizens from Australia, Israel, Japan, Canada, New Zealand, South Korea and the United States (so-called ‘best friends’ countries) do not need a visa and can apply for a work permit. Residence permits for other foreigners are issued based on the Residence Act. Some exceptions apply for highly skilled workers. Further, the EU blue card allow highly paid employees and understaffed professions (eg, doctors, natural scientists and mathematicians) to work and reside in the European Union for up to four years. Executive staff of cross-border companies may also make use of European intra-corporate transfers (‘ICT Card’) for internal company transfers.
What immigration schemes are available for foreign investors and entrepreneurs wishing to invest in or establish a fintech business in your jurisdiction?