Fintech landscape and initiativesGeneral innovation climate
What is the general state of fintech innovation in your jurisdiction?
Although the Belgian fintech ecosystem is currently booming (over the past three or four years, the number of start-ups active in the financial sector with a predominantly technological approach has increased steadily), Belgian fintech companies that have reached a size large enough to play in the big league can still be counted on the fingers of one hand. In effect, Belgian fintech companies have a tendency to rely more on organic growth and to focus for longer periods on the local market, taking more time to cross the Belgian border. Transforming all these promising start-ups into scale-ups capable of competing on the international scene is therefore a major challenge that requires stronger support and financing.Government and regulatory support
Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?
No. However, a Belgian fintech platform called B-Hive was launched in January 2017 to support fintech start-ups. The Belgian federal government - by means of the federal investment fund - and a number of major banks, insurers and market infrastructure players support the project. B-Hive has recently set up hubs in New York, London and Tel Aviv.
In addition, both the National Bank of Belgium (NBB) and the Financial Services and Markets Authority (FSMA) offer fintech companies the opportunity to enter into direct contact with them through a dedicated ‘fintech portal’ available on their websites. The purpose of the Fintech Contact Point is to support a dialogue between the regulator and fintech companies whereby the regulator aims to get back to the firms within three business days and to assist them in understanding the applicable regulatory framework. This facility can be used, for example, for any project relating to crowdfunding, distributed ledger technology, virtual currencies, application programming interfaces (APIs) or alternative distribution models.
Financial regulationRegulatory bodies
Which bodies regulate the provision of fintech products and services?
The FSMA and the NBB are generally the bodies responsible for regulating the provision of fintech products and services in Belgium (see question 4 for more detailed information).Regulated activities
Which activities trigger a licensing requirement in your jurisdiction?
A large number of financial activities trigger licensing requirements in Belgium. The following providers of financial services are regulated (among others): credit institutions, certain lenders, stockbroking and investment firms, fund management companies, payment institutions, e-money institutions, and insurance and reinsurance firms.
The supervision of financial institutions in Belgium is organised according to a ‘twin peaks’ model, by which the competences are shared between two autonomous supervisors: the NBB and the FSMA. Each regulator has a specific set of objectives. The NBB is the principal prudential supervisor for (among others) banks, insurance companies, stockbroking firms, payment and e-money institutions, on both a macro- and micro-level. The FSMA is responsible for supervising the financial markets and the information circulated by companies, certain categories of financial service providers (including investment firms and fund management companies) and intermediaries, compliance by financial institutions with conduct of business rules and the marketing of financial products to the public. The Federal Public Services Economy, small and medium-sized enterprises (SMEs), Self-employed and Energy (FPS Economy) also has certain supervisory powers (eg, consumer credit, payment services).
Only credit institutions may receive deposits from the public in Belgium or solicit the public in Belgium in view of receiving deposits. Credit institutions are regulated by the Belgian Act of 25 April 2014 relating to the status and supervision of credit institutions and stockbroking firms. Besides deposit-taking, the majority of the activities listed under Annex I of the Capital Requirements Directive may only be carried out by licensed entities, are subject to specific regulations, or both. Certain lenders are also subject to local supervision (eg, consumer lenders, consumer mortgage lenders). Commercial lending (on a stand-alone basis) does not require a licence but specific rules of conduct apply where lending to SMEs. These rules of conduct include a duty of rigour, a duty of information and a right of prepayment for the enterprise. SMEs are individual or legal entities pursuing an economic purpose in a sustainable manner or liberal professions (eg, lawyers, notaries, etc) that have no more than one of the following criteria in their last and penultimate closed financial year: 50 employees on an annual basis, annual turnover of €9 million and total balance sheet of €4.5 million.
All investment services contemplated by the second Markets in Financial Instruments Directive (MiFID II) are regulated and may only be carried out by duly licensed entities. Investment services include reception and transmission of orders, execution of orders, proprietary trading, portfolio management, investment advice, underwriting and placing of financial instruments and operation of multilateral trading facilities, where they are carried out in respect of financial instruments such as transferable securities (shares, bonds, puts or calls on shares or bonds, etc), money market instruments, units in collective investment undertakings, derivative contracts and instruments. Dealing in foreign exchange spot and forward contracts (on one’s own account or as agent) is also regulated in Belgium. Investment services are carried out by (Belgian or foreign) investment firms. Belgian investment firms can be set up either as stockbroking firms (subject to the Act of 25 April 2014 on alternative investment firms and their managers) or portfolio management and investment advice firms (subject to the Act of 25 October 2016 on investment firms and services).
The Act of 3 August 2012 has implemented the Undertakings for Collective Investments in Transferable Securities Directive (UCITS Directive) and regulates UCITS funds, UCITS management companies and funds investing in receivables. The Act of 19 April 2014 has implemented the Alternative Investment Fund Managers Directive (AIFMD) and regulates alternative investment funds and their managers.
Payment services institutions and e-money institutions are regulated by the Act of 11 March 2018, which implemented the second Payment Services Directive (PSD2) in Belgium. Insurance and reinsurance companies are ruled by the Act of 13 March 2016. Insurance contracts are regulated by the Act of 4 April 2014.
Intermediaries in banking and investment services, insurance intermediaries and consumer credit intermediaries are also subject to local supervision.
It is an offence to carry out any of the above regulated financial services in Belgium without being duly licensed by or registered with the relevant regulator, subject to applicable EU passporting rules (see question 16).Consumer lending
Is consumer lending regulated in your jurisdiction?
Consumer lending is a regulated activity in Belgium under Book VII of the Belgian Code of Economic Law. ‘Consumer’ means any individual acting for purposes that do not fall within his or her trade, business, craft or professional activity.
A licensing requirement applies to consumer lenders (including consumer mortgage lenders) and intermediaries in consumer lending. Certain (limited) exemptions are available. In addition, there are ongoing requirements that have to be complied with by the lenders (eg, provision of information, documents and statements, form and content of the credit agreement itself, etc).Secondary market loan trading
Are there restrictions on trading loans in the secondary market in your jurisdiction?
Provided that the borrowers do not qualify as consumers (see question 5 for the definition) and the loan itself is being traded and not a loan instrument, there are in principle no restrictions on trading (receivables in respect of) loans in the secondary market in Belgium. However, the loan agreement must not prohibit the assignment and civil law requirements may have to be complied with to ensure the enforceability of the transfer of the loan (and, as the case may be, the security rights attached thereto) in relation to third parties.
Receivables in respect of consumer loans may only be transferred to a limited number of assignees (including credit institutions, regulated lenders, credit insurers and a specific category of collective investment scheme designed for making investments in receivables, the société d’investissement en créances or vennootschap voor belegging in schuldvorderingen). The transfer of consumer mortgage loans is also subject to specific rules.Collective investment schemes
Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.
Collective investment schemes (CISs) and the management of CISs are regulated entities and activities respectively in Belgium. In general, a CIS is any entity whose purpose is the collective investment of financial means collected from investors through an offer of financial instruments. The persons participating in the scheme (the investors) must not have day-to-day control over the management of the property. Furthermore, the contributions of the participants and the profits or income out of which payments are to be made to them must be pooled and the property managed as a whole.
Whether a fintech company will fall within the scope of this regime will depend on the exact nature of its business. Fintech companies that manage assets on a pooled basis on behalf of investors should give particular consideration to whether they may be operating a CIS. Fintech companies that are geared more towards providing advice or payment services may be less likely to operate a CIS, but should nonetheless check this and have regard to their other regulatory obligations.Alternative investment funds
Are managers of alternative investment funds regulated?
Managers of alternative investment funds are regulated in Belgium under the AIFMD, which has been implemented in Belgium by the Act of 19 April 2014 relating to alternative investment funds and their managers, implementing royal decrees and circulars and guidance issued by the FSMA.Peer-to-peer and marketplace lending
Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.
There are currently no (consumer) peer-to-peer lending platforms operating in Belgium. The Belgian regulatory framework does not currently authorise direct lending by consumers to consumers. The main legal obstacles are, first, that the Belgian prospectus regulations prevent individuals from raising funds publicly, even with the intervention of a platform. In practice, this means that an individual cannot solicit the public to lend him or her money. Second, consumer lenders must be approved by the FSMA and only approved lenders have access to the Central Individual Credit Register (CICR) (see question 15).
However, alternative ways to structure this type of lending are possible, for example, by using an indirect lending model whereby a legal entity is interposed between the lenders and the borrowers. In such an indirect model, there is no direct relationship between the lenders and the borrowers. The legal entity must be approved by the FSMA as (consumer) lender and grants the loans to the borrowers. In order to finance the loans, the legal entity issues notes, which typically replicate the repayment characteristics of the underlying loans and can be subscribed by the lenders (in principle, based on a prospectus approved by the FSMA).
For lending-based crowdfunding, see question 10. Peer-to-peer lending mainly differs from lending-based crowdfunding by the fact that the borrowers are individuals or consumers borrowing for private purposes. See question 5 for the definition of ‘consumer’.Crowdfunding
Describe any specific regulation of crowdfunding in your jurisdiction.
Belgium adopted a law on crowdfunding platforms on 18 December 2016, which entered into force on 1 February 2017 and creates a legal framework for crowdfunding and alternative types of funding. The Belgian Crowdfunding Act is applicable to both lending-based and equity-based crowdfunding platforms.
The Belgian Crowdfunding Act only regulates financing by the crowd of a business or a professional project. It is not applicable to platforms that only offer or provide alternative funding services to the following investors or lenders: legal entities, (MiFID) professional investors or fewer than 150 persons.
Crowdfunding platforms are defined as any natural or legal persons that offer or provide alternative funding services in the Belgian territory through a website or any other electronic means, and which are not regulated companies. The financing is raised by the issuance of ‘investment instruments’, which can be issued directly by ‘issuers-entrepreneurs’ (enterprises carrying out business, trade, craft, profession or real estate activities), or through start-up funds or funding vehicles. For these purposes, ‘investment instruments’ include:
- transferable securities (such as shares and transferable debt instruments);
- units issued by start-up funds; and
- standardised loans (ie, loans for which the duration, interest rate and general conditions are not negotiable; only the invested amount can vary).
The marketing of investment instruments can be carried out in the context of a public or private offering and may not involve the provision of any investment service other than, as the case may be, investment advice or reception and transmission of orders.
Crowdfunding platforms offering these types of alternative funding services must be authorised by the FSMA and are subject to rules of conduct. Regulated entities (credit institutions and investment firms) do not, however, need an additional licence to provide alternative funding services, but they must notify the FSMA and comply with the same rules of conduct as the platforms.
If the investment exceeds certain thresholds, a prospectus must be issued and approved by the FSMA. No prospectus is required where the project remains below €300,000 (per project) and €5,000 (per investor).Invoice trading
Describe any specific regulation of invoice trading in your jurisdiction.
Factoring (on a stand-alone basis) is not a regulated activity. In Belgium, factoring is based on the transfer of ownership of the accounts receivable. It is the activity whereby the factor (the buyer of the receivables) pays an agreed percentage of approved debts in exchange for the transfer of the related receivables by the client (the seller of the receivables).
A distinction is made between ‘non-recourse’ factoring (where credit protection is part of the factoring agreement) and ‘with recourse’ factoring (where the credit risk on the debtors of the receivables remains with the seller).
Some factoring contracts (also referred to as ‘invoice discounting’) permit the client to manage the receivables on the factor’s behalf. The contract generally provides that this option can be switched off if the client does not comply with its obligations with due and proper care.Payment services
Are payment services regulated in your jurisdiction?
Yes. Payment services are regulated by the Act of 11 March 2018, which implemented PSD2 in Belgium. A firm that provides payment services in or from Belgium as a regular occupation or business activity (and is not exempt) must apply for registration as a payment institution.Open banking
Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?
Pursuant to the implementation of PSD2 into Belgian law by the Act of 11 March 2018, financial institutions holding ‘payment accounts’ (eg, current accounts, credit card accounts, prepaid card accounts) will be required to allow, for free, access to their customers’ account information to third-party payment service providers, subject to the consent of the customer. From a technical point of view, third-party payment service providers could get either direct access to the account or indirect access through a dedicated interface, such as an application programming interface.Insurance products
Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?
Yes. Insurance intermediaries must be licensed by the FSMA before starting their activities as broker, agent or sub-agent. Intermediaries who only act as ‘introducers’ (ie, who only provide general information without interfering with the practical execution of insurance contracts or with the handling of claims) are not subject to licensing requirements.
Insurance intermediaries must prove to the FSMA that they have sufficient professional knowledge and adequate experience, and they have to comply with ongoing requirements.
Furthermore, Belgian law has introduced MiFID-like conduct of business rules in the insurance sector, which include rules on suitability assessment and inducements.Credit references
Are there any restrictions on providing credit references or credit information services in your jurisdiction?
There are two credit information registers: the CICR and the Central Corporate Credit Register (CCCR), which are both operated by the NBB.
The CICR records information relating to all consumer credits and mortgage loans contracted by natural persons for private purposes as well as any payment defaults resulting from these loans. The sharing of credit data is an obligation for regulated financial institutions (including banks, firms specialising in consumer credit or mortgage loans and credit card issuers).
Furthermore, regulated lenders have an obligation to consult the CICR in the process of assessing the borrower’s creditworthiness. Credit data to be reported in the CICR include the (co-)debtor’s identification details, the characteristics of the credit contract and the details of the overdue debt.
The CCCR records information on credits granted to legal persons (enterprises) and natural persons (individuals) in connection with their business activity. Participation in the CCCR is mandatory for some financial institutions, including:
- credit institutions established in Belgium and licensed by the NBB (also branches incorporated under foreign law established in Belgium);
- finance-lease companies established in Belgium and licensed by the FPS Economy;
- factoring companies established in Belgium; and
- insurance companies established in Belgium and licensed for classes 14 (guarantee insurance) and 15 (credit insurance) by the NBB.
Participants have to report each month to the CCCR all information on any current contract (granted amounts) and non-repayments. Participants, debtors as well as other central credit offices abroad may consult the data recorded in the CCCR.
Can regulated activities be passported into your jurisdiction?
All financial services benefiting from European passporting rights may be provided by EEA firms licensed in their home country under one of the EU single market directives (eg, the Banking Consolidation Directive, Capital Requirements Directive, Solvency II, MiFID II, Insurance Mediation Directive, Insurance Distribution Directive, Mortgage Credit Directive, UCITS Directive, AIFMD, Payment Services Directive or E-Money Directive) either on a cross-border basis without a permanent establishment in Belgium or through a Belgian branch.
In order to exercise this right, the firm must first provide notice to its home regulator. The directive under which the EEA firm is seeking to exercise passporting rights will determine the conditions and processes that the firm has to follow.
Furthermore, under certain conditions and limits, non-EEA firms may be authorised to provide investment services (as defined under MiFID II) either on a cross-border basis in Belgium or through a Belgian branch.Requirement for a local presence
Can fintech companies obtain a licence to provide financial services in your jurisdiction without establishing a local presence?
The Belgian regulator only grants licences to companies established in Belgium. However, as set out in question 7, EEA fintech firms may exercise passporting rights to provide services in Belgium. Under certain conditions and limits, non-EEA firms may also be authorised to provide (MiFID) investment services on a cross-border basis in Belgium or through a Belgian branch.
Sales and marketingRestrictions
What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?Financial products (such as investment products, savings products and insurance products)
Marketing materials for financial products are governed by Royal Decree dated 25 April 2014 and FSMA guidance, which regulate the advertising of financial products where distributed to retail clients. ‘Marketing materials’ means any communication designed specifically to promote the acquisition of the product, irrespective of the medium used or the method of dissemination.
The general requirements are that:
- the information included in the marketing materials shall not be misleading or incorrect;
- only information relevant for the Belgian market should be presented;
- it is recommended to translate the marketing materials into French or Dutch as there is a general requirement that the marketing materials must be understandable by a retail investor (also, technical terms should be avoided or, if it is impossible to avoid using technical terms, they should be explained in a way that is easily understandable for a retail client where these terms appear);
- the marketing materials should not emphasise the potential benefits of the product without also giving a fair, balanced and visible indication of the risks, limits or conditions applicable to the product;
- the marketing materials should not disguise, mitigate or conceal important items, mentions or warnings;
- the marketing materials should not highlight characteristics that are not relevant or that are of little relevance for a sound understanding of the nature and the risks of the product;
- the information conveyed in the marketing materials should be in line with the information in the prospectus or any other contractual or pre-contractual information; and
- any advertisement should be clearly recognisable as such.
Furthermore, detailed guidance is provided by the FSMA in order for the marketing materials to comply with the non-misleading information principle. Detailed content requirements apply. The presentation of performance figures is also highly regulated.Consumer credit
The Belgian Code of Economic Law contains provisions on advertising, (pre-contractual) information requirements, misleading and aggressive commercial practices and unfair contract terms.
All advertising setting out the interest rate or the costs of the credit must be drafted in a clear, summarised and explicit way, and contain specific legal information that must be illustrated by a representative example. Advertising must also include the warning: ‘Be aware, borrowing money costs money’. Some advertising practices are also prohibited - for example, encouraging consumers to regroup their existing credits, emphasising the ease and speed by which credit can be obtained and such like.
Change of controlNotification and consent
Describe any rules relating to notification or consent requirements if a regulated business changes control.
Shareholders intending to hold (directly or indirectly) a qualifying holding in certain regulated businesses must make a prior notification to, and be approved by, the FSMA or the NBB, as appropriate. A qualifying holding means any direct or indirect holding that represents 10 per cent or more of the capital or voting rights, makes it possible to exercise a significant influence over the management of the undertaking, or both. There are additional thresholds at 20, 30 and 50 per cent. In addition, shareholders ceasing to hold a qualifying holding, or reducing their holding below 10, 20, 30 or 50 per cent, must also make a prior notification to the relevant Belgian regulator.
Finally, shareholders who have acquired a direct or indirect holding of 5 per cent or more (or have reduced their holding to below 5 per cent) of capital or voting rights must make a notification to the relevant Belgian regulator within 10 business days of the acquisition.
Financial crimeAnti-bribery and anti-money laundering procedures
Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?
There is no legal or regulatory requirement for fintech companies to have anti-bribery or anti-money laundering procedures unless the company is a licensed financial institution (eg, a payment services institution) or carries out business that is subject to the Belgian anti-money laundering regulations. Specific customer due diligence and know-your-customer obligations apply to e-money products. Fintech companies, regardless of whether they are authorised, ought to have appropriate financial crime policies and procedures in place as a matter of good governance and proportionate risk management.Guidance
Is there regulatory or industry anti-financial crime guidance for fintech companies?
There is no anti-financial crime guidance specifically for fintech firms. The general rules and standards set out for regulated financial institutions apply, particularly the circulars issued by the Belgian regulators (the NBB and the FSMA). These documents are helpful for non-authorised fintech firms and may inform their own internal financial crime policies and procedures.
Peer-to-peer and marketplace lendingExecution and enforceability of loan agreements
What are the requirements for executing loan agreements or security agreements? Is there a risk that loan agreements or security agreements entered into on a peer-to-peer or marketplace lending platform will not be enforceable?
As a general rule, there are no documentary or execution requirements applicable to loan and security agreements (other than security over real estate), which can be signed by private contract and in counterparts (with as many originals as there are parties to the agreement). The nature of the collateral will determine the type of security that can be granted and the formalities required to make it enforceable in relation to third parties. Worth noting is the revision of the legal regime applicable to security interests in movable assets (which came into force in early 2018), whereby it became possible to perfect such security by way of filing in a central register. Consumer loans, however, are subject to specific formal and content legal requirements.
In the current Belgian market, peer-to-peer loans (see questions 9 and 10) generally do not involve security agreements as they operate outside the traditional banking network. As long as all the required formalities are fulfilled, however, it should be possible to structure secured loans.Assignment of loans
What steps are required to perfect an assignment of loans originated on a peer-to-peer or marketplace lending platform? What are the implications for the purchaser if the assignment is not perfected? Is it possible to assign these loans without informing the borrower?
The formalities for assignment will depend on how the lending is structured (via a loan agreement or a debt instrument and through a direct or an indirect model (see questions 9 and 10)).
As a general rule, and in the absence of any contractual provisions prohibiting the transfer, the transfer of a loan agreement by the lender requires the express prior consent of the borrower (as an agreement involves both rights and obligations for both parties). Such consent may be granted in the loan agreement itself. Alternatively, the lender can transfer only its rights (ie, its receivable in relation to the borrower) without the express consent of the borrower. Indeed, according to article 1690 of the Belgian Civil Code, the transfer of a receivable or right is valid between parties (transferor and transferee) and enforceable in relation to all third parties other than the assigned debtor (ie, the borrower) by the mere conclusion of the transfer agreement. However, the transfer will only become enforceable in relation to the borrower once the transfer is notified to it or once the borrower has acknowledged the transfer. In practice, if (and as long as) the assignment is not perfected, this means that repayment is validly made to the initial lender. The latter can act as servicer for the receivables, which, in practice, avoids having to notify the borrowers upfront.
The transfer of consumer loans is subject to specific rules. If security rights are attached to the loans, additional formalities may also be required.
The formalities to transfer a debt instrument depend on the type of instrument (bearer, registered or dematerialised) and whether the latter is freely negotiable or not.
If the applicable transfer formalities are not fulfilled, the transfer could be held to be unenforceable towards the borrower and possibly third parties.Securitisation risk retention requirements
Are securitisation transactions subject to risk retention requirements?
Yes, the EU risk retention rules apply to securitisations of loans originated on a peer-to-peer or marketplace lending platform (P2P securitisations). The risk retention requirements set out in the sectoral EU legislation will apply to P2P securitisations that are offered to European banks, investment firms, alternative investment funds or insurers. Under the current sectoral EU risk retention rules, certain investors (such as credit institutions, MiFID II-regulated firms and firms regulated under the AIFMD) will be subject to higher regulatory capital charges where they invest in securitisation positions that do not comply with the risk retention rules.
Those rules require that either the sponsor, originator or original lender in respect of the securitisation explicitly discloses to the investor that it will retain, on an ongoing basis, a material net economic interest in the securitisation (which in any event is not less than 5 per cent) using one of five prescribed retention methods. Those methods include (among other things) retention of:
- the most subordinated tranche(s), so that the retention equals no less than 5 per cent of the nominal value of the securitised exposures;
- 5 per cent of the nominal value of each of the tranches sold to investors; or
- randomly selected exposures equivalent to no less than 5 per cent of the nominal value of the securitised exposures.
The definitions of ‘sponsor’ and ‘originator’ as used in the sectoral EU legislation are set out in the legislation. The term ‘original lender’ is undefined.
It is important to note that with effect from 1 January 2019 there is a direct requirement on the sponsor, originator and original lender to agree on an entity that will act as retention holder and to ensure compliance with the retention requirement. In the absence of agreement among the originator, sponsor or original lender as to who will be the retention holder, the originator will be the retention holder. Definitions of ‘sponsor’, ‘originator’ and ‘original lender’ are set out in the EU Securitisation Regulation.
The EU Securitisation Regulation does not explicitly set out the jurisdictional scope of the ‘direct’ retention obligation, but there is a helpful note in the Explanatory Memorandum to the European Commission’s original proposal for the EU Securitisation Regulation that the intention is that the ‘direct’ approach would not apply to securitisations (including P2P securitisations) where none of the originator, sponsor or original lender is ‘established in the EU’. ‘Establishment’ is typically described by reference to the jurisdiction in which the legal entity is incorporated or has its registered office. Therefore, the non-EU subsidiary of an EU entity may not be subject to the ‘direct’ retention obligation because a subsidiary is typically a separate legal entity, whereas a non-EU branch of an EU entity may be caught within this provision because a branch is typically not a separate legal entity. Market participants are still seeking clarity on this and it is expected that this point will be raised as part of the ongoing European Banking Authority (EBA) consultation on risk retention.Possible retaining entities in respect of P2P securitisations
Typically, a peer-to-peer lending platform will not qualify as the ‘sponsor’, ‘originator’ or ‘original lender’ of a P2P securitisation, and another entity with the capacity to retain will therefore need to be identified. The range of entities with capacity to retain is broader under the EU Securitisation Regulation than under the current EU sectoral legislation and therefore the ability of an entity to retain will depend on the rules that apply at the time the securitised notes are issued.
Any entity that retains in the capacity of ‘originator’ is expected to be an entity of substance, and the EU Securitisation Regulation expressly provides that an entity shall not be considered to be an originator where it has been established or operates for the sole purpose of securitising exposures. The EU Securitisation Regulation does not specify in what circumstances an entity will be considered to have been established for the sole purpose of securitising exposures but, in December 2017, the EBA published a consultation paper that proposed that an originator will not be considered to have been established with the ‘sole purpose’ of securitising exposures if it satisfies certain conditions, including that:
- it has a broader business enterprise and strategy;
- it has sufficient decision-makers with the required experience; and
- its ability to make payment obligations depends neither on the exposures to be securitised nor on any exposures retained for the purposes of the risk retention regulations.
Is a special purpose company used to purchase and securitise peer-to-peer or marketplace loans subject to a duty of confidentiality or data protection laws regarding information relating to the borrowers?
The entity assigning loans to the special purpose vehicle (SPV) must ensure that there are no confidentiality requirements in the loan documents that would prevent it from disclosing information about the loans and the relevant borrowers to the SPV and the other securitisation parties. If there are such restrictions in the underlying loan documentation, the assignor will require the consent of the relevant borrower to disclose to the SPV and other securitisation parties the information they require before agreeing to the asset sale.
In addition, the SPV will want to ensure that there are no restrictions in the loan documents that would prevent it from complying with its disclosure obligations under Belgian and EU law (such as those set out in the Credit Rating Agency Regulation). Again, if such restrictions are included in the underlying loan documents, the SPV would be required to obtain the relevant borrower’s consent to such disclosure.
Furthermore, if the borrowers are individuals, the SPV, its agents and the peer-to-peer platform will each be required to comply with the statutory data protection requirements under Belgian law (see question 39).
Artificial intelligence, distributed ledger technology and crypto-assetsArtificial intelligence
Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?
Currently, there is no specific regulation on robo-advice or artificial intelligence in Belgium.Distributed ledger technology
Are there rules or regulations governing the use of distributed ledger technology or blockchains?
Distributed ledger technology is in a developmental phase and, as a consequence, it is not yet subject to specific legal or regulatory rules or guidelines. Several legal and regulatory issues need to be carefully considered relating to the clearing, settling and recording of payments, securities, derivatives or other financial transactions. The impact of various rules and regulations must be analysed and may be relevant in respect of digital transformation initiatives, such as the Central Securities Depositories Regulation, the Settlement Finality Directive, the European Market Infrastructure Regulation, MiFID II and so on. Outsourcing arrangements also need to be carefully reviewed where regulated firms outsource technology innovations to third parties.
Data protection requirements and customer data protection also need detailed analysis due to the transparency of transactions, which is inherent to the blockchain technology, and the fact that once data is stored it cannot be altered (this could be an issue for the compliance with the right for rectification or the right to be forgotten).
Given that the nodes on a blockchain can be located anywhere in the world, the determination of the data controller, applicable law and competent courts in case of litigation and the drafting of appropriate contractual provisions in that respect are also essential.
A particular point of attention relates to the status of the decentralised autonomous organisations that are used to execute smart contracts, recording activity on the blockchain.Crypto-assets
Are there rules or regulations governing the use of cryptoassets, including digital currencies, digital wallets and e-money?
Although they are all stored electronically, a distinction must be made between e-money and other digital currencies, cryptoassets and digital wallets (Digital Instruments). According to the second E-Money Directive (2009/110/EC) as implemented in Belgian law, e-money means ‘monetary value as represented by a claim on the issuer that is stored electronically, issued on receipt of funds of an amount not less in value than the monetary value issued, and accepted as a means of payment by undertakings other than the issuer’. Digital Instruments do not fall under this definition as they do not represent a claim on the issuer, which is not obliged to exchange them back to real money. Furthermore, they are purely digital and not necessarily linked to the real funds upon which they were issued.
Consequently, Digital Instruments are currently not regulated under Belgian law. No licence is required to issue Digital Instruments and they are not subject to regulatory supervision. Digital Instruments do not benefit from legal protection. The FSMA has issued several warnings advising the Belgian public against the risks of such currencies (eg, the risk of considerable currency fluctuations, the risk of losing the virtual money if the trading platform is hacked, etc).Digital currency exchanges
Are there rules or regulations governing the operation of digital currency exchanges or brokerages?
A distinction must be made between e-money and virtual currencies. E-money is currently regulated by the second E-Money Directive (2009/110/EC), which refers to, among others, the Anti-Money Laundering Directive (now 2015/849 EU) setting out various rules regarding the operation of exchanges or brokerage offices in the EU. Additionally, the Law of 11 March 2018 on the Status and Supervision of Payment Institutions and Electronic Payment Institutions amends the Investment Law, which sets out similar rules for the operation of e-money currency exchanges and brokerage as those applicable to non-digital currencies.
Virtual currencies, however, are not subject to regulatory supervision and there are no rules or guidelines relating to the operation of exchanges or brokerages offices in Belgium for such digital currencies. Various warnings in respect of digital currency exchanges have been issued by the FSMA.Initial coin offerings
Are there rules or regulations governing initial coin offerings (ICOs) or token generation events?
The FSMA issued a communication on ICOs in Belgium on 13 November 2017, building on a communication by the European Securities and Markets Authority on the same subject and on the same date. While no specific regulatory rules are in place for ICOs, depending on its structuring it might fall within the scope of more generic Belgian laws such as the law implementing the prospectus directive and the law on crowdfunding platforms.
Data protection and cybersecurityData protection
What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?
There are no regulations specifically governing the processing and transfer of personal data relating to fintech products and services.
However, the processing and transfer of personal data relating to fintech products and services shall be governed by the General Data Protection Regulation (GDPR), which took effect on 25 May 2018. The GDPR was implemented in Belgium by the Law of 30 July 2018 relating to the Protection of Individuals regarding the Processing of Personal Data and came into force on 5 September 2018. The GDPR, however, remains the principal legislation governing the processing of personal data as only few provisions of the Belgian law concern private companies. The GDPR provides how data controllers (the natural person or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data) may process personal data of living individuals (data subjects). The GDPR requires that businesses may only process personal data where that processing is done in a lawful, fair and transparent manner. The Belgian law provides some specific provisions on the consent, the processing of health-related and judicial data, the processing for statistical purposes or scientific research, etc.
The GDPR requires that any processing of personal data must be done pursuant to one of six lawful bases for processing. The most commonly used lawful basis for processing is to obtain the consent of the data subject to that processing - in relying on this lawful basis, the business must ensure that consent is freely given, specific, informed and unambiguous, and capable of being withdrawn as easily as it is given. Other lawful bases for processing data include where that processing is necessary for the business to perform a contract it has with the data subject, or where required to comply with a legal obligation.
The GDPR also provides a set of rights for the data subjects, including the right to information, the right to access to their personal data, to correct their personal data should it be inaccurate, the right to oppose (upon request and free of charge) the processing of their personal data for marketing purposes, the right to withdraw one’s consent and the right to data portability.
The GDPR also differs from the previous regime in that it places a significantly increased compliance burden on businesses, including, for example, mandatory requirements to notify regulators of data breaches, obligations to keep detailed records on processing, and requirements for most entities to appoint a data protection officer.
The Belgian Data Protection Authority is the body that controls compliance with the GDPR and applicable Belgian law by businesses. Data subjects now have the right to lodge a complaint with the Belgian Data Protection Authority. Significant administrative sanctions (up to the greater of €20 million and 4 per cent of the worldwide turnover) can be imposed following a breach of the GDPR.
Recital 26 of the GDPR states that where data has been processed such that it is truly anonymised, the principles within the GDPR do not apply to the processing of that data. Businesses will have to determine what steps must be taken to ensure that personal data is indeed truly anonymised.
The Article 29 Working Party (an EU body comprising representatives from data protection regulators across the member states) has released Opinion 05/2014 on Anonymisation Techniques (in the context of the previous EU data protection regime). This Opinion discusses the main anonymisation techniques used - randomisation and generalisation (including aggregation). The Opinion states that when assessing the robustness of an anonymisation technique, it is necessary to consider:
- if it is still possible to single out an individual;
- if it is still possible to link records relating to an individual; and
- if information can be inferred concerning an individual.
In relation to aggregation, the Opinion further states that aggregation techniques should aim to prevent a data subject from being singled out by grouping them with other data subjects. While aggregation will avoid the risk of singling out, it is necessary to be aware that links and inferences may still be possible with certain aggregation techniques.
The position on anonymisation taken from the Article 29 Working Party’s Opinion is broadly unchanged in the GDPR. The GDPR itself also gives limited guidance on anonymisation in Recital 26, requiring data controllers to consider a number of factors in deciding if personal data has been truly anonymised, including the costs and time required to de-anonymise, the technology available at the time to attempt de-anonymisation, and further developments in technology.Cybersecurity
What cybersecurity regulations or standards apply to fintech businesses?
Belgium has recently implemented Directive (EU) 2016/1148 (NIS Directive) by way of the Belgian Law of 7 April 2019 (entered into force on 3 May 2019) establishing a framework for the security of network and information systems of general interest for public security. The Law applies to sectors of banking and financial market infrastructures and establishes (among others) security and notification requirements for operators of essential services and for digital service providers. Many practical aspects provided for in the Law of 7 April 2019 are yet to be further elaborated on in a Belgian Royal Decree (which is currently under revision by the Belgian Council of State).
The Payment Services Directive (EU) 2015/2366 entered into force on 12 January 2016, setting out (among others) rules concerning strict security requirements for electronic payments and the protection of consumers’ financial data, guaranteeing safe authentication and reducing the risk of fraud. Belgium implemented the provisions of the Payment Services Directive by way of the Belgian Law of 11 March 2018. Regarding cybersecurity, the Law of 11 March 2018 stipulates a security policy containing a number of obligations for payment service providers.
Furthermore, Regulation (EU) 526/2013 is of importance in the fintech sector, as it establishes the European Union Agency for Network and Information Security (ENISA). ENISA provides recommendations on cybersecurity, supports policy development and its implementation, and collaborates with operational teams throughout Europe for the purpose of contributing to a high level of network and information security within the EU.
Moreover, on 13 September 2017, the European Commission published the Proposal for a Regulation of the European Parliament and of the Council on ENISA, the ‘EU Cybersecurity Agency’, and repealing Regulation (EU) 526/2013, and on ICT cybersecurity certification (Cybersecurity Act). The Proposal reinforces ENISA’s role in the areas where the agency is already competent, and introduces new areas where support is needed, in particular the NIS Directive, the review of the EU Cybersecurity Strategy, the upcoming EU Cybersecurity Blueprint for cyber crisis cooperation and ICT security certification.
Additionally, on 17 May 2017, the European Parliament adopted Resolution 2016/2243 on fintech: the influence of technology on the future of the financial sector. This resolution further underlines that regulation on the provision of financial services infrastructure needs to provide for appropriate incentive structures for providers to invest adequately in cybersecurity and emphasises the need for end-to-end security across the whole financial services value chain. This resolution is non-binding and has a purely advisory function.
Finally, in March 2018 the European Commission adopted an action plan on fintech, setting out a number of steps that the Commission intends to take, one of which is to increase cybersecurity and the integrity of the financial system. The action plan mentions the fact that the European Parliament has called on the Commission ‘to make cybersecurity the number one priority in the fintech action plan’. It states that the transposition by member states of the NIS Directive is ongoing but that gaps may remain in EU financial sector legislation that should be filled to improve the sector’s resilience. Therefore we can expect this field to evolve in the near future.
Outsourcing and cloud computingOutsourcing
Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?
When a MiFID II firm outsources operational tasks of critical importance to the continuous and satisfactory provision of investment services and activities, it has to take appropriate measures to limit the associated operational risk. In particular, the outsourcing must not substantially affect the effectiveness of the internal control procedures of the company or the ability of the regulator to check whether the company is fulfilling its legal obligations.
The FSMA has issued a circular on sound management practices for outsourcing by credit institutions and investment firms and recently the NBB issued a recommendation on outsourcing by credit institutions and investment firms to providers of cloud computing that implements the recommendations of the EBA on this subject.Cloud computing
Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?
There are no specific legal requirements with respect to the use of cloud computing in the financial services industry. However, the outsourcing of cloud computing by regulated entities is subject to regulatory supervision from both a data protection and an IT security perspective.
Intellectual property rightsIP protection for software
Which intellectual property rights are available to protect software, and how do you obtain those rights?
Under Belgian law, computer programs (or software) are protected by copyright (article XI.294-XI.304 of the Belgian Code of Economic Law) and assimilated as literary works in the meaning of the Berne Convention. Copyright protection also covers the source code, object code, architecture of the software and preparatory design materials (provided that they can lead to a computer program). Ideas and principles that underlie any element of a program, including those that underlie its interfaces, are, however, excluded from the copyright protection.
The author of the software owns the rights as soon as it is created, provided that the software is original. No registration is required to benefit from the protection. For evidentiary purposes, it is, however, useful to include the name of the author and the creation date in the code of the software and to file it with a public notary or the Benelux Office for Intellectual Property.
If the software code has been kept confidential it may also be protected as confidential information. No registration is required, but confidentiality agreements are recommended if third parties have access to it.
Computer programs and business methods are explicitly excluded from patent protection. The exclusion from patentability is, however, limited to the software as such and it is possible to grant a patent to an invention implemented by or including a piece of software.
In Belgium, databases underlying software programs may also be protected by copyright (article XI.186-XI.188 Belgian Code of Economic Law) and, in certain circumstances, by sui generis database right (Book XI, Title 7 Belgian Code of Economic Law). Database right is a standalone right that protects databases that have involved a substantial investment in obtaining, verifying or presenting their contents (article XI.306 Belgian Code of Economic Law). Both database copyright and database rights arise automatically without any need for registration. Database rights do not apply to computer programs as such, including those used in the manufacture or operation of databases.IP developed by employees and contractors
Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?
Unless otherwise provided in writing, where a computer program is created by an employee in the execution of his or her duties or following the instructions given by his or her employer, the employer will be exclusively entitled to exercise all economic rights in the program so created. This means that the IP rights subsisting in a computer program are automatically transferred to the employer when an employee has developed the software in the framework of his or her employment contract. This automatic transfer only applies to the economic rights, not the moral rights of the author. Note that the rule is different for other forms of IP rights, meaning that (except for above-mentioned computer programs), IP that is created by an employee in execution of his or her employment contract in principle belongs to the employee himself or herself, unless a clause explicitly stipulates that it belongs to the employer.
Where IP is developed by a contractor or a consultant, the rights are owned by the author of the software (ie, the contractor or the consultant). The fintech company will only own the economic rights if they have been explicitly transferred in writing (even if the fintech company has commissioned the software). The same goes for other IP developed by a contractor or consultant. Contracts must therefore have to be carefully drafted.Joint ownership
Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?
There are no legal restrictions to the exercise of IP rights by a joint owner. However, in general an agreement is required between the joint owners regarding their respective IP rights, in the absence of which the IP rights must be exercised jointly. There are certain exceptions to this, depending on the type of IP.Trade secrets
How are trade secrets protected? Are trade secrets kept confidential during court proceedings?
Belgium mainly implemented the Trade Secrets Directive (EU) 2016/943 in Book XI of the Code of Economic Law. The Directive requires member states to provide protection for information that:
- is secret, in the sense that it is not generally known among, or readily accessible to, persons within the circles that normally deal with the kind of information in question;
- has commercial value because it is secret; and
- has been subject to reasonable steps by the holder of the information to keep it secret.
If a competitor legally obtains the trade secrets or confidential information of a company, it is, in principle, free to use it. It is therefore highly recommended to be prudent regarding the persons to whom one discloses confidential information and to enter into proper confidentiality agreements with those persons. Such confidentiality agreements should include provisions such as the definition of confidential information, the duration of the confidentiality obligations (knowing that under general Belgian civil law, it is always possible to terminate an obligation for an indefinite term against ‘reasonable’ notice, meaning that a fixed term should be provided in the confidentiality agreement), the limited use of trade secrets and confidential information regarding the purpose of a specific project and so on.
Legal proceedings are, in principle, public, so it would be possible to hear trade secrets and confidential information during hearings or pleadings. In addition, the Belgian Judicial Code does not restrict access to documents including trade secrets - it provides for principles of collaboration as regards production of evidence in court proceedings and the requirement for any party to submit all documents to the other party, without specifications or exceptions concerning trade secrets. In practice, however, it appears that, depending on the interest that is considered most relevant, Belgian (commercial) courts may choose to limit the production of evidence to certain elements or even block access to or disclosure of trade secrets (eg, if there is no sufficient evidence of a breach).Branding
What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?
Brands can be protected by a Benelux trademark (covering the Benelux territory) or by an EU trademark (covering the EU territory). Registration is required to obtain a trademark right (with the Benelux Office for Intellectual Property for Benelux trademarks or with the European Union Intellectual Property Office (EUIPO) for EU trademarks).
Brands can also be protected by market practices if they have acquired sufficient goodwill in the market and another undertaking tries to take advantage of the reputation or market position of the brand.
Brands in the form of logos or slogans can also be protected by copyright as artistic works (provided they are original) or by Benelux or EU design and models rights (provided that they are new and have specific character).
The Benelux Office for Intellectual Property and EUIPO have public databases that can be consulted in order to check the availability of a design or trademark. It is highly advisable for new businesses to conduct trademark and design searches to check whether earlier registrations exist that are identical or similar to their proposed brand names. It may also be advisable to conduct searches for any unregistered trademark rights that have gained sufficient distinctiveness on the market that may prevent use of the proposed mark. Specialised companies offer services to carry out such searches.Remedies for infringement of IP
What remedies are available to individuals or companies whose intellectual property rights have been infringed?
The following remedies and proceedings may be available:
- (unilateral) primary injunction;
- cease-and-desist action;
- damages; and
- application with custom authorities for border detention.
Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?
Competition law (ie, Book IV of the Belgian Code of Economic Law and the EU competition rules in the case of an effect on trade between EU member states) applies to all undertakings carrying out business in Belgium, irrespective of their sector. Hence, the competition law rules (such as the prohibition of anticompetitive agreements, the prohibition of abuse of dominance and merger control) apply to fintech companies.
While fintech is generally considered to be beneficial for consumers (because of cost reduction, improvements in efficiency, greater transparency and increased financial inclusion), it could raise competition law issues. Competition authorities in all jurisdictions, including Belgium, face a range of potentially complex competition law issues in relation to fintech offerings. These are likely to include:
- the extent to which a fintech solution has or obtains (through growth, acquisition or joint venture) market power (eg, because of big data, network effects, etc) and the consequences of this;
- the risks that the definition of any technical standards involved in any jointly developed fintech solution result in other third parties being excluded;
- whether banks are limiting access of fintech companies to bank accounts and thereby hindering competition in the payment market;
- the extent to which there can be any exclusivity between the finance and technology providers of a fintech offering; and
- the limits of any specified tying or bundling.
On 9 July 2018, the Economic Affairs Committee of the European Parliament published a study regarding competition issues in fintech. The study concludes that the procompetitive effects of fintech needs to be weighed against the anticompetitive effects and that, currently, it would be better to research, monitor and regulate than to enforce through the usual competition tools (ie, investigate and sanction).
Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?
In support of the ‘Digital Belgium’ action plan, the Belgian federal government has introduced a number of tax incentives that are available to fintech companies and investors subject to certain conditions being met. These incentives include, among others:
- the Belgian tax shelter regime for start-ups, which provides for a tax benefit for persons who invest in start-ups, has been extended to direct and indirect equity investments via approved crowdfunding platforms. The tax reduction amounts to up to 30 or 45 per cent of the invested amount (45 per cent if the start-up is a micro-enterprise). The investment (shares) must be retained for at least four years to benefit from the tax shelter. As of assessment year 2019, the tax shelter system will be extended to equity investments in growth companies. The tax reduction amounts to 25 per cent;
- the provision of loans via approved crowdfunding platforms is encouraged fiscally by a withholding tax exemption on the interest of the loans up to the first bracket of €15,320. This withholding tax exemption is subject to the loans having a minimum maturity of four years and is only applicable if the loans have been provided to start-up companies not older than four years;
- start-up companies can benefit from reduced labour costs;
- the new innovation tax deduction of 85 per cent of the net income also applies to income and gains from copyright-protected software, including adaptations of existing software and derivative works; and
- an increased deduction for investment in digital assets of 13.5 per cent of the acquisition value, to be increased to 20 per cent if the company qualifies as a ‘small’ company or SME and the investment takes place between 1 January 2018 and 31 December 2019.
Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?
As far as we know, Belgium is not intending to launch a separate digital tax that could affect fintech companies. OECD work on the digitalised economy should, however, be closely monitored. Moreover, the introduction of a common corporate tax base at EU level in a format that would not take into account national tax incentives could significantly increase the tax burden and also affect the Belgian fintech sector.
What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?
In order to work in Belgium, foreign workers must have a valid work permit. This condition does not apply to nationals of a member state of the EEA (the countries of the EU and Iceland, Norway and Liechtenstein) and Switzerland and to some categories of workers who are exempted.
Belgian employers must apply for a work permit and a work card B if they want to employ a foreign worker (unless the latter already holds a work card A or C).
There are no special regimes specific to the fintech sector.
Update and trendsCurrent developments
Are there any other current developments or emerging trends to note?Current developments45 Are there any other current developments or emerging trends to note?
Not to our knowledge.