Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.
How would you describe the regulatory policy for fintech products and services in your jurisdiction?
Communication with the Liechtenstein Financial Market Authority (FMA) is excellent. Therefore, any new projects may be introduced in a personal meeting with the FMA. Usually a legal opinion examining the business model and the token functionality (if a token is issued) will be filed with the FMA in order to receive a preliminary examination. If no regulation applies, the FMA will issue a so-called ‘no-action letter’ indicating that the intended business does not fall under its jurisdiction.
Have any fintech-specific laws or regulations been enacted in your jurisdiction? Are any envisaged?
Thus far, regulations regarding aspects of fintech are rather sparse. For example, virtual currencies (which include cryptocurrencies) are defined in the Liechtenstein Due Diligence Act with regard to currency exchanges. Additionally, after the preliminary release of the Blockchain Law, the Liechtenstein government is envisaged to regulate token economies as a whole, but not in a manner that would dissuade development of commercial businesses related to blockchain and cryptocurrency applications.
Which government authorities regulate the provision of fintech products and services?
The FMA is the supervisory authority with regard to all matters affecting financial markets. Thus, the regulation of fintech products and services falls within the scope of the FMA’s regulatory authority.
Financial regulatory framework
Which laws and regulations governing the provision of financial services apply to fintech businesses?
Currently, various pre-existing laws and regulations may apply. Potentially applicable regulations may include (among others):
- the Banking Act;
- the Asset Management Act;
- the Payment Services Act;
- the E-money Act;
- the Act on Alternative Investment Funds;
- the Insurance Act;
- the Due Diligence Act;
- the Consumer Protection Act; and
- the Distance and Foreign Trade Act.
Further, the anticipated Blockchain Law will undoubtedly shape the governance of fintech businesses within Liechtenstein.
Under what conditions are fintech businesses subject to licensing requirements? Are there any exemptions?
If the services provided are subject to regulation under the aforementioned laws, licensing requirements will likely apply (although several exemptions may apply depending on the exact activities conducted). Even if no special permit is required pursuant to the Financial Market Supervision Act, a permit may still be necessary in order to apply for a trade licence.
Are any fintech products or services prohibited in your jurisdiction?
Normally, the general regulatory framework applies. Supposing that this framework is exceeded, the relevant activity will be deemed prohibited (if executed without a corresponding licence). Examples of problematic activities include peer-to-peer lending services as well as naked short-selling activities.
Data protection and cybersecurity
What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?
As Liechtenstein is a member of the European Economic Area, the EU General Data Protection Regulation (GDPR) applies. Liechtenstein is free to regulate further in this area, so long as such further regulations do not conflict with or fall outside the scope of the GDPR.
What cybersecurity regulations or standards apply to fintech businesses?
Although no specific regulations apply, the common liability law in Liechtenstein is relatively strict, meaning that the strategic management level of an entity may be held liable for failing to install appropriate cybersecurity measurements.
What anti-fraud, anti-money laundering or other financial crime regulations govern the provision of fintech products and services?
The harmonised Due Diligence Act applies to fintech services as well as standard services, thus covering all aspects of ‘know your customer’ (KYC) and anti-money laundering. Further, a Financial Intelligence Unit exists which observes and analyses any potential financial crimes.
These KYC and anti-money laundering regulations do not apply to strictly crypto transactions, but do apply where the involvement of a third party falls within the scope of KYC and anti-money laundering regulation. For example, where the holder of crypto assets wants to exchange the crypto for fiat currency, the involvement of a bank triggers KYC and anti-money laundering regulations. Another example would be a customer who is looking to start a cryptocurrency exchange, acquiring the funds for the exchange’s foundation by the use of an initial coin offering (ICO). In this case, the ICO itself does not fall within the scope of regulation. Instead, the regulations are triggered when the exchange itself is formed and is required to state the source of the funds used for the founding of the exchange. Here, it is not enough to simply state that the exchange was founded by use of funds from an ICO; rather, the party founding the exchange would need to provide additional information regarding the source of the funds stemming from the ICO.
What precautions should fintech businesses take to ensure compliance with these provisions?
Although there are no precautions specifically tailored to fintech businesses, these businesses must fully comply with the Due Diligence Act as long as fiat currency is involved.
These businesses can ensure compliance by keeping records in the event that the above-stated problem occurs and they later decide to use cryptocurrencies in subsequent transactions involving regulated parties.
What consumer protection laws and regulations apply to the provision of fintech products and services?
Both Liechtenstein and EEA standard consumer protection laws, as well as distance and foreign trade laws, may apply. These laws stipulate a mandatory right of consumers to withdraw from agreements within 14 days after conclusion. Consumers must be fully informed about their right to withdraw from an agreement or it may be nullified at any time. With a token sale, these rights can be excluded under certain conditions (a decision by the consumer to waive this right of withdrawal from contracts is possible if the consumer has been informed comprehensively about these rights and the consequences of waiving them). With an early contribution agreement or simple agreement for future tokens, such a waiver is not possible as the mutual considerations must be exchanged instantly (delivery versus payment), which is not feasible if the tokens have not yet been generated.
Does the provision of fintech products or services in your jurisdiction raise any particular competition regulatory concerns?
As with any commercial product or service, competition regulatory concerns may arise. Thus, this is not a problem specific to fintech products or services.
Are there any particular regulatory issues concerning the cross-border provision of fintech products and services (eg, operating jurisdiction rules and currency controls)?
As with any cross-border business, the problem may arise that a foreign regulatory authority deems itself competent, classifying the businesses from a different regulatory point of view than that of the other jurisdiction. This generally appears in connection with the target market of business operations. If marketing is directed at foreign jurisdictions, the respective foreign authority may possess the ability to regulate the business. In addition, as with all cross-border activities, tax regulations play an important role.
Click here to view the full article.