FinTech Comparative Guide

• Published date: 06 October 2020
• Subject Matter: Finance and Banking, Technology, Financial Services, Fin Tech
• Law Firm: Advokatfirma DLA Piper Norway DA
• Author: Ms Camilla Wollan and Petter Bjerke

1 Legal and enforcement framework

1.1 In broad terms, which legislative and regulatory provisions govern the fintech space in your jurisdiction?

Fintech is not a regulated activity in itself and no regulations specifically created for the fintech space have been introduced in Norway. However, the practice of the Norwegian regulators is evolving to adapt to the application of new technologies. In general, an entity must not carry on regulated activity in Norway unless it is authorised or exempt. The Norwegian Financial Undertakings Act of 10 April 2015 and supplementary regulations set out the public law aspects of the licensing and operation of financial entities. If products and/or services involve financial activities (e.g. deposit taking, lending, payment services, e-money, foreign exchange services, insurance and mediation, securities trading) which require regulatory authorisation, the entity must be authorised by the Norwegian Financial Supervisory Authority (Norwegian FSA), or the Ministry of Finance in exceptionally important cases.

The private law aspects of fintech products and services are regulated by the Financial Contracts Act of 25 June 1999. Norway also has extensive consumer protection legislation.

In addition, the fintech space is governed by the Information Communication and Technology Regulation and the EU General Data Protection Regulation (GDPR), together with other consumer protection regulations.

Norway is not a member of the European Union, but is part of the slightly wider European Economic Area (EEA). As part of the EEA, Norway has incorporated the EU institutional legislation that establishes the foundations for the EU-EEA single passporting licencing regime, which is also available to start-ups in the fintech space.

1.2 Do any special regimes apply to specific areas of the fintech space?

Lending (both retail and corporate) is a regulated activity (unless exempt) in Norway. An entity that offers lending products on a digital platform directed at the Norwegian market must be authorised to conduct such business by the Norwegian FSA.

Norway has a special regime governing peer-to-peer lending. A peer-to-peer lending platform is deemed to be a loan intermediary. Norwegian crowdlending platforms include Kameo (Nordic footprint), Kredd, Funding Partner, Dealflow, Perx and Monner. A loan intermediary is an independent intermediary that mediates between borrowers and lenders, and helps them to negotiate and conclude a loan agreement. The loan agreement must be entered into between the lender and the borrower. The loan intermediary cannot itself provide any funds or assume any risk for loss in the loans that are mediated. A lender is restricted to lending out in total NOK 1 million over a peer-to-peer lending platform without being subject to the licensing requirement. The relevant regulations for loan intermediaries are set out in Section 2-18 of the Financial Undertaking Act and Chapter 5 of the Financial Contracts Act. Loan intermediaries are also subject to suitability requirements. This area is still evolving and further regulation of crowdlending platforms is expected in the Norwegian market.

Further, in general, the loan intermediary regulations are not harmonised with EU law (i.e., there is no single passport regime for brokers and agents). Legislative work is therefore ongoing in Norway to regulate the loan intermediary role to cover not only loan intermediation of housing loans, but also in general; this will impact on digital platforms in this space.

In the payment area, rules on the approval of payment systems are also set out in the Payment System Act of 1999, in addition to the EU Second Payment Services Directive.

1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?

The Norwegian FSA regulates entities that offer financial services and products in the retail and wholesale markets. It oversees all regulated sectors in Norway, including information communication and technology (ICT) and anti-money laundering compliance. It deals with application processes and provides regulatory guidance to supervised entities, as well as conducting inspections and thematic supervision

If the Norwegian FSA discovers a breach of the finance legislation, it will instruct the relevant entity to change its practices accordingly. Depending on the type of breach and the circumstances, the Norwegian FSA can issue an administrative order or a fine. It can also report criminal charges to the police, but it is up to the prosecuting authority to take further action.

The Norwegian Data Protection Authority (NDPA) is responsible for enforcing applicable laws and regulations in relation to the processing of personal data. The NDPA is entrusted with investigative and corrective powers, including the power to undertake on-site audits, and to issue public warnings, reprimands and orders to carry out specific remedy activities. The NDPA may issue administrative fines under Article 83 of the GDPR of the higher of up to '20 million or, in the case of an undertaking, up to 4% of its total worldwide turnover in the preceding year, depending on the nature of the infringement. Fines can be imposed in combination with other sanctions. Breach of the GDPR is not subject to criminal sanctions in Norway.

1.4 What is the regulators' general approach to fintech?

The regulators have the same level of expectations of fintech companies as of any established entity. In our experience, the often lengthy application processes to obtain authorisations, licences and permits, and the difficulties in obtaining appropriate guidance on new areas, present real challenges for fintech companies in Norway. In general, the attitude of the Norwegian FSA is that it does not want to pick the winners and losers in the industry. It has set up a guidance service relating to financial technology and regularly posts information online to assist fintech companies. The Ministry of Finance has also delegated the task of establishing a regulatory sandbox for fintech companies to the Norwegian FSA. The purpose of the sandbox is to assist new fintech players with little experience of the financial regulatory framework, allowing them to test innovative products, services and technologies on a limited number of customers under the supervision of the regulator. The aim is to establish the sandbox before the end of 2019 and the program is recently being published. The entities applying to be part of the regulatory sandbox must apply new innovate technology and the service or product must be to the benefit to the consumers or to the financial system.

1.5 Are there any trade associations for the fintech sector?

There is no overarching trade association for the fintech sector in Norway. Finance Innovation is a fintech organisation within the Norwegian Centre of Expertise cluster programme, which focuses on the entire fintech ecosystem. Sector groups such as the Norwegian Crowdfunding Association and the Oslo Blockchain Cluster are relevant for entities that apply blockchain technology. ICT Norway and Finance Norway are also working to improve the overall framework for the finance sector, including the fintech regulatory sandbox, as well as creating networking opportunities for industry players through events and other forums.

2 Fintech market

2.1 Which sub-sectors of the fintech industry have become most embedded in your jurisdiction?

In our view, the payments sector (e.g., Vipps, Payer, Finte, Vippicash, ZTL Payments, Meawallet, Bill Kill) and the financial infrastructure sector (eg, Neonmics, Zeipt) are the most embedded in the Norwegian market. Vipps is one of the most successful fintech entities and has become an important part of the digital banking system in Norway, especially within the consumer market. Historically, Norway has been at the forefront of digital banking and financial infrastructure - not least thanks to the development of common financial infrastructure and a secure electronic identification and signature solution through BankID, which is used across the finance and public sector. The BankID issued by one bank is automatically accepted by another bank or the public. This environment has created strong talent pools and several fintech start-ups are now emerging.

Many new banks have also emerged on the Norwegian market (eg, Monobank, Aprilia Bank, Nordic Corporate Bank), focused mainly on small and medium-sized corporates...