Fintech 2026 Comparisons

Areas of Focus

In Belgium, the first fintech initiatives focused on alternative financing solutions such as crowdfunding platforms, but the sector really gained traction with the development of payment solutions. These include retail payment platforms, with a fair share of money remitters, but also B2B payment services such as professional foreign exchange (FX) payments for small and medium-sized enterprises (SMEs). As a result of Brexit, several UK payment service providers (PSPs) selected Brussels to establish their European headquarters. The arrival of these players has added a lot of maturity to this sector in Belgium, which has become one of the most important fintech vertical markets in Belgium.

In addition, many fintechs active in Belgium also focus on providing solutions to the financial sector (regtechs).

Evolution of the Sector

Artificial intelligence and open finance are currently among the most prominent topics in the fintech sector, with AI-driven companies accounting for more than half of all tech investment in Belgium in 2025. The first provisions of EU Regulation 2024/1689 of 13 June 2024 laying down harmonised rules on artificial intelligence (AI Act) were implemented in February 2025, and full enforcement is expected by 2 August 2026. Fintech companies that develop or use AI must comply with a new set of rules, which vary depending on the type of AI involved.

Meanwhile, the EU Proposal for a Regulation on a framework for Financial Data Access (FIDA) continued to progress throughout 2025; although not yet adopted, FIDA remains a central component of the EU’s agenda. It is currently under interinstitutional negotiations, and aims to establish a framework for the exchange of financial data across all verticals of the financial sector. If adopted, this ambitious regulation could present a major opportunity for the development of innovative products by fintechs.

Another major legislative process is the political agreement reached on the Commission’s proposal to revise the Payment Service Directive (PSD2), resulting in the forthcoming PSD3 and Payment Service Regulation (PSR). This legislative revision aims to strengthen user protection by enhancing safeguards against fraud, including online fraud and misuse of personal data, and ensuring the transparency of fees and charges for payment services.

The predominant fintech business model in the Belgian fintech industry is the payment vertical, which is populated by both incumbents and fintech entities. Belgium also sees many fintechs active in investment, as well as many regtechs. Although there has been increased activity in projects related to crypto-assets and blockchain technology, that vertical is not predominant in Belgium.

Payment Services

The payment sector in Belgium is varied, with important activity on the B2B side, notably in the field of professional FX payments and acquiring services for merchants. Post-Brexit, several international money remitters have located their EEA headquarters in Belgium, which has then attracted other money remitters who are looking for a level regulatory playing field and, therefore, wish to be supervised by the same authority as many of their major competitors.

Investment Services

In Belgium, both incumbents and fintechs offer innovative investment solutions covering various types of investments, but also aiming at different types of clients. Automated investment solutions provided via well-designed smartphone apps and relying on exchange-traded funds and automation of portfolio management are especially on the rise.

Regtechs and Fintechs

Belgium has many regtechs, providing solutions to all verticals of the financial sector. They cover a broad scope of services, including identification services, authentication services, information analysis, transaction monitoring, platform as a service, automated DORA-compliance tools, etc. Fintechs are also increasingly active in ESG.

PSD2

The regime for payment verticals is governed by the Belgian Law of 11 March 2018 on the status and supervision of payment institutions and electronic money institutions (PI & EMI Law), transposing EU Directive 2015/2366 of 25 November 2015 on payment services in the internal market (PSD2). This transposition has been very straightforward, and Belgium does not have any significant “gold plating”.

While the legal texts are generally a copy-paste of the European legislation, their interpretation by the relevant Belgian regulator (the National Bank of Belgium, or NBB) may differ from other European jurisdictions. For instance, the regulator interprets the notions of “payment services” and “payment accounts” quite broadly.

In November 2025, the EU reached a political agreement on the revision of PSD2, paving the way for a new regulatory package composed of PSD3 and PSR. Once adopted, this package is expected to amend the regulatory framework in Belgium.

E-Money

Contrary to other regulators, the NBB reserves the qualification of “e-money” to very specific prepaid products and does not automatically consider all wallets/account solutions as e-money. In practice, this interpretation has no real impact, and business models developed under an e-money licence abroad are pursued in Belgium under a payment institution licence.

Compensation models in the payments industry vary significantly depending on the actual application. Personal payment applications are often offered free of charge for the user (or included in the general services if offered by an incumbent bank). On B2B and especially in FX service provision, compensation models are often inspired by the (anticipated) volumes of FX payments generated by the clients.

In both cases, regulated market players are subject to pre-contractual information requirements, including a disclosure obligation on the pricing of their services. However, the extent of such requirements will depend on the customers (consumers or others). This may be subject to change with the upcoming PSD3 and PSR regulation (see 2.2 Regulatory Regime), which are expected to further strengthen transparency requirements once they enter into force.

Most financial regulations originate from EU legislation, which does not differentiate between fintech and legacy players. However, EU regulators should apply them in a proportionate manner, which allows for some differentiation in practice. The Belgian regulator follows this and applies a “same business, same risks, same rules” principle which, combined with the “proportionality” principle, provides for a strict but generally pragmatic approach.

In Belgium, there is no regulatory sandbox. However, the NBB and the Financial Services and Markets Authority (FSMA) have set up a joint and unique Fintech Contact Point, allowing fintech entrepreneurs to contact them directly and openly discuss the regulatory aspects of their products or services. According to the Belgian regulators, this approach should be seen as a “soundbox” (ie, a possibility to speak with the regulator outside any concrete licence application), rather than an actual sandbox. In general, Belgian regulators have a strict but pragmatic approach towards fintech companies. They are open to innovation and to organising informal meetings with fintechs to discuss their project prior to launching any formal demands.

There are two main regulators in Belgium for the financial services sector, which are also relevant for fintech companies.

The NBB

The NBB is the competent supervisor for the prudential requirements applicable to credit institutions (CIs), insurance undertakings, e-money institutions (EMIs), payment institutions (PIs) and large stockbroking companies. Under the law of 11 December 2025 implementing the Markets in Crypto-Assets Regulation (MiCA), the NBB acts as the competent authority for crypto-asset service providers (CASPs) that are already prudentially supervised entities (including Belgian payment and e-money institutions).

The FSMA

The FSMA is the competent supervisor for the prudential regime applicable to smaller investment companies, regulated credit providers, insurance intermediaries, crowdfunding platforms and financial intermediaries. It also oversees the conduct-of-business rules on insurance and investment services (in addition to having more general authority over public offers, listed companies and the financial markets).

The FSMA analyses local initiatives to ensure that they do not fall within existing regulations under its supervision, such as public offerings or investment services. It also supervises crypto-wallet and exchange service providers, following the Belgian transposition of EU Directive 2018/843 of 30 May 2018 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD5). Its role has been further clarified under the Law of 11 December 2025 implementing MiCA, which designated the FSMA as the competent authority for the supervision of CASPs that are not otherwise supervised entities, and for the supervision and enforcement of conduct-of-business provisions in respect of all CASPs, including those falling under the NBB’s competence.

The FPS Economy

Next to these two main supervisors, the Federal Public Service Economy (FPS Economy) has very specific powers regarding the conduct-of-business rules of regulated credit and payment services.

Belgian regulators do not issue no-action letters; however, as outlined in 2.5 Regulatory Sandbox, a designated contact point enables fintech entrepreneurs to engage directly with the regulators and discuss the regulatory implications of their products or services. In that context, fintechs can receive unofficial feedback from the regulator which, even if not binding, provides a certain level of comfort.

Regulated functions can only be outsourced to parties that are regulated for these functions. Financial institutions may outsource unregulated, more operational functions to third parties, but only under certain conditions.

For CIs, investment firms, PIs and EMIs, the NBB has entirely integrated the European Banking Authority (EBA) guidelines on outsourcing into its supervisory practice. Under these guidelines, regulated entities are required to:

• perform a substantive risk assessment before deciding to outsource;
• conduct thorough due diligence on the potential partner and the services before selecting the outsourced partner;
• remain liable towards their own clients, irrespective of the outsourcing arrangement;
• have a written outsourcing policy in place, containing a minimum set of mandatory provisions; and
• supervise and control the outsourced activities (including through audits), record all outsourcing arrangements in a specific register and inform the NBB beforehand of critical or important outsourcing arrangements, on an ongoing basis.

The NBB and the FSMA generally apply the same principles to other regulated entities, with some differences depending on their activities and the risks they pose for the market.

In addition to the outsourcing rules, since 17 January 2025 regulated entities are subject to EU Regulation 2022/2554 of 14 December 2022 on digital operational resilience for the financial sector (DORA), which introduces, among other things, new rules regarding the use of information and communication technology (ICT) services provided by third-party ICT service providers. In principle, the requirements under DORA apply in parallel to the outsourcing requirements. However, according to the European Supervisory Authorities (ESAs), if the ICT service is regulated, it should not be considered as an ICT service under DORA.

In July 2025, the EBA launched a public consultation on draft guidelines on the sound management of third-party risk, which revise and update the EBA Guidelines on outsourcing published in 2019, aligning them with the requirements of DORA. The draft guidelines address arrangements for non-ICT services provided by third-party service providers and their subcontractors, with a particular focus on critical or important functions. The consultation closed on 8 October 2025, and the outcome is still awaited.

No specific “gatekeeper” liability regime has been established in Belgium for fintechs regarding the activities on their platform; in practice, this will mainly depend on who is actually/legally providing the services to customers through the platforms.

At the EU level, certain fintechs may, depending on their business model, be subject to the horizontal framework of the Digital Services Act (DSA) where they qualify as online intermediaries or online platforms (for example, where the platform hosts third-party content or facilitates transactions between third parties). However, the DSA does not establish a fintech-specific “gatekeeper” regime and generally does not affect core financial services provided in the fintech’s own name.

Belgian regulators may take various measures against non-compliant entities, including:

• imposing (significant) fines;
• issuing public statements of non-compliance;
• requesting a change of the board and/or the (effective) management;
• appointing a temporary administrator; or
• in extreme cases, withdrawing the licence.

The Belgian regulators are consistent in their approach across the different verticals, and generally discuss the matter with the financial entity concerned to try and agree on a settlement before imposing any sanction.       

Certain additional non-financial regulatory regimes may be of particular importance to fintech companies, given their greater susceptibility to certain abuses or exposure to certain risks.

Data Protection Regulations

With regard to privacy laws, the most important regulations are EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and EU Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (ePrivacy Directive) and the provisions transposing this directive into Belgian law. The Belgian legislature also adopted the Belgian Law of 30 July 2018 on data protection (Data Protection Law), partially incorporating the generally applicable GDPR provisions as well as providing for complementary provisions. EU Regulation 2023/2854 of 13 December 2023 on harmonised rules on fair access to and use of data (Data Act) has applied since 12 September 2025, adding a new layer of rules regarding the use of data generated by the use of a product or service.

In addition, Regulation (EU) 2024/1183 amending Regulation (EU) No 910/2014 (eIDAS 2) introduces a harmonised framework for European Digital Identity wallets and trust services, which is particularly relevant for fintechs relying on electronic identification, authentication and qualified trust services in customer onboarding and digital contracting processes.

Anti-Money Laundering Laws

Belgian anti-money laundering (AML) laws transposing the AMLD5 are applicable to fintech companies that carry out regulated activities (such as banks, insurance companies, crypto-asset service providers, EMIs and PIs).

Cybersecurity

EU Directive 2022/2555 of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS2 Directive) was transposed into Belgian law by the Law of 26 April 2024 establishing a framework for the cybersecurity of networks and information systems of general interest for public security (NIS2 Law) (in force since October 2024). This law requires financial institutions to take technical and organisational measures to manage risks to the security of the network and information systems on which these institutions’ financial services depend.

Furthermore, there is the (slightly outdated) Law of 28 November 2000 on computer-related crime and the international Budapest Convention of 23 November 2001 (including its Protocol) and the Lanzarote Convention of 25 October 2007, to which Belgium is a party. These regulations do not make a distinction between fintech companies and legacy players.

Regulated fintechs must also comply with specific requirements issued at the European level. Since 17 January 2025, they are subject to DORA, relating to ICT risk management, operational resilience testing, incident reporting and third-party ICT risk monitoring, amongst other matters. In addition, they must comply with the Guidelines EBA/GL/2019/04 of 29 November 2019 on information and communications technology and security risk management, prescribing how financial institutions should manage ICT and security risks, and outlining the supervisory authorities’ expectations of ICT and security risk management.

At the EU level, further horizontal cybersecurity and resilience legislation has recently entered into force or been adopted. Regulation (EU) 2024/2847 on horizontal cybersecurity requirements for products with digital elements (Cyber Resilience Act) introduces mandatory security-by-design, vulnerability management and life cycle cybersecurity obligations for software and connected products, with full application expected from 11 December 2027; this is particularly relevant for fintechs developing proprietary software or digital infrastructure.

In addition, Directive (EU) 2022/2557 on the resilience of critical entities (Critical Entities Resilience Directive), applicable since 18 October 2024, establishes obligations to identify and mitigate risks to the continuity of essential services, including in the financial sector, extending beyond pure cybersecurity considerations.

Finally, Regulation (EU) 2025/38 (Cyber Solidarity Act) strengthens EU-level cyber preparedness and co-ordinated incident response mechanisms, forming part of the broader cybersecurity environment in which regulated fintechs operate.

Marketing and Communications

Advertising, marketing documents and any other type of communication (including verbal communication) distributed within the context of the professional marketing of financial products (eg, relating to all types of savings, insurance and investment products) to retail clients in the Belgian territory are regulated by the Royal Decree of 25 April 2014 concerning certain information requirements for the offering of financial products to non-professional clients, regardless of the media channels through which these communications take place. Such communications are subject to information requirements relating, on the one hand, to the provision of an information sheet and, on the other hand, to the advertising of financial products. The FSMA has also developed specific marketing rules on the commercialisation of virtual currencies.

The general information requirements (“correct, easily understandable and in clear, concise and comprehensible terms”) apply to all communications, whether through social media or other media, generally in a stricter way with regard to regulated products and services (eg, consumer credit).

The activities of industry participants are reviewed (to a certain extent) by accounting and auditing firms, whose tasks are set out in the prudential framework of each of the regulated entities. Auditors must be certified by the competent regulator prior to servicing regulated companies.

There is no general rule under Belgian law prohibiting regulated financial entities from providing unregulated products and services. In certain cases, the formal approval of the regulator is required before implementing such activities. In that case, however, the regulator will assess the impact of these unregulated services on the regulated activity, and may impose certain requirements or demand that these services or products are offered through a separate legal entity. This is notably the case for certain PIs and EMIs offering unregulated services. The combination of regulated services with crypto services has attracted particular attention from the Belgian regulator.

Belgium has transposed all EU AML requirements into its Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash (AML Law), with a few limited gold-plating measures. The requirements apply to all types of regulated entities providing their services in Belgium through a physical establishment, including fintech companies when they are licensed.

For now, the most important obstacle that the AML rules represent for regulated fintechs is the lack of full harmonisation at the EU level, which makes it complicated for international businesses to comply with each of the local AML regimes, and to acquire and retain competent personnel holding expertise in terms of both AML regulation and technological innovation.

Concerning the sanction rules, Belgium is fully aligned with the regime imposed at the EU level and applies it directly.

The Belgian AML rules generally align with the standards set by the FATF.

Belgian law allows for third-country firms to provide products and services to Belgian clients without being locally licensed where the relationship arises through reverse solicitation. Reverse solicitation means the Belgium-based client independently and exclusively initiates the provision of a product or service, without prior marketing, emails, advertisements or targeted information from the third-country firm. In such cases, the services are not considered to be provided within Belgium. However, it is important to note that the FSMA regards reverse solicitation as an exceptional regime, and explicitly states that it cannot serve as a business model to maintain or continue servicing an existing client base.

In particular, reverse solicitation is governed by the following Belgian provisions:

• the law of 25 October 2016 on access to investment services and supervision of investment firms (Investment Services Law), partially transposing the reverse solicitation provisions of EU Directive 2014/65/EU of 15 May 2014 on markets in financial instruments (MiFID II) for third-country investment firms;
• the law of 19 April 2014 on alternative investment funds and their managers (AIFM Law), transposing the reverse solicitation provisions in Directive 2011/61/EU of 8 June 2011 on Alternative Investment Fund Managers (AIFMD) for third-country AIFMs; and
• MiCA for the provision of crypto-asset services by a third-country firm.

Broadly speaking, an asset can be a MiFID financial instrument, a MiCA crypto-asset or another non-regulated asset. The business model applicable to each asset depend on their legal regime, as most are regulated, require a licence and are subject to strict conduct-of-business rules.

For a financial instrument the services provided through robo-advisers qualify as order execution, investment advice or portfolio management under the MiFID II and the Belgian Law of 2 August 2002 on the supervision of the financial sector and financial services (Financial Supervision Law), depending on their scope. This also includes financial instruments issued by means of distributed ledger technology (DLT). Therefore, companies offering robo-advisory services directly to Belgian investors should be licensed as Belgian investment firms or credit institutions, or should be able to rely on the passporting of an EEA member state investment firm or credit institution licence to operate on the Belgian market.

Belgian law provides for two types of investment firm licences:

• portfolio management and investment advice companies supervised by the FSMA; and
• stockbroking firms supervised by the NBB.

Stockbroking firms can provide all investment services regulated under MiFID II. By contrast, portfolio management and investment advice companies may only provide the reception and transmission of orders, order execution, portfolio management and investment advice services.

For crypto-assets (ie, “cryptocurrency” in the form of an asset-referenced token or e-money token) that do not qualify as, amongst others, financial instruments and funds, the robo-adviser will have to comply with the MiCA provisions for the issuance, offer to the public and admission to trading of crypto-assets or those regarding the provision of services related to crypto-assets. Often, a MiCA-licensed entity will establish a partnership with an exchange to ensure a smooth and integrated service to their clients for those services that fall outside their own regulated activities.

Robo-advisers are sometimes also offered as pure IT technology tools (under a user licence agreement) to regulated firms licensed to provide investment services. In such a case, the company offering the tool does not need to be licensed – the licence of its client (eg, a credit institution or an investment firm) suffices.

Outside financial regulations, robo-advisers may also fall within the scope of the AI Act. Depending on the technical characteristics, robo-adviser technology may qualify as an AI system under the AI Act, in which case both the developers of the tool and the financial entity making use of the tool may be subject to additional requirements. The AI Act enters into application in different stages, with the first stages being applicable as of 2 February 2025 and full application foreseen on 2 August 2026.

Finally, and to be complete, it should also be noted that, in some instances, robo-advisers are used to automate transactions on unregulated assets, which may fall outside the scope of any regulatory framework. In these instances, robo-advisers may find themselves in a regulatory blind spot and cannot benefit from a European passport. When such services reach a certain size, it is highly advisable to discuss them with the regulators.

The rise of robo-advisers has put pressure on legacy players, as they were expected to soon become a core product for many investors. In response, multiple legacy players have developed their own in-house robo-advice platforms, outsourced part or all of their investment services to a regulated robo-adviser or entered into a licence agreement with a technical service provider to use robo-advice for internal use or for their clients.

The best execution rule of MiFID II and its transposing regulations applies equally to robo-advisers, as the services provided by these can be qualified as investment services (see 3.1 Requirement for Different Business Models). An issue that might arise about the fulfilment of best execution by robo-advisers advising consumers and businesses could be the malfunctioning of the automated tool (eg, through manipulation or mistakes resulting from being too fast or too focused on some aspects). For consumers in particular, issues may arise regarding the processing of (personal) information and the (mis)understanding of advice by the consumer.

In any case, investment services providers remain ultimately responsible for the execution of the orders and cannot hide behind the use of robo-advisory technology to avoid their liability vis-à-vis investors.

Legal Regimes Applicable to Loans/Credits

Schematically, there are four different legal regimes applicable to loans/credits in Belgium.

Mortgage credit offered to consumers by CIs or other licensed lenders

Mortgage credit is subject to a highly regulated regime in Book VII of the Code of Economic Law (CEL) – see Articles VII.123–147/38 (rules of conduct) and VII.148–216 (prudential requirements). This legal regime sets out compulsory rules for aspects of the contractual relationship, such as:

• pre-contractual information;
• content of the agreement;
• security interests;
• rules for termination;
• maximum interest rates;
• joint offer of insurance products; and
• extrajudicial management complaints.

Lenders are subject to an obligation to obtain prior validation of their credit agreement templates by the FPS Economy.

Consumer credit offered to consumers by CIs, other licensed lenders or indirect peer-to-peer consumer lending platforms

Consumer credit is subject to a highly regulated regime in Book VII of the CEL – see Articles VII.64–122 (rules of conduct) and VII.148–216 (prudential requirements). This regime sets out compulsory rules for aspects of the contractual relationship, such as:

• pre-contractual information;
• content of the agreement;
• security interests;
• rules for termination;
• maximum interest rates;
• related information duties when amending credit terms;
• joint offer of insurance products;
• tolerance before enforcement; and
• extrajudicial management complaints.

Lenders are subject to an obligation to obtain prior validation of their credit agreement templates by the FPS Economy.

On 18 October 2023, the EU legislator adopted EU Directive 2023/2225 on credit agreements for consumers (CCD2). Member states had until 20 November 2025 to transpose CCD2, and its provisions will apply as of 20 November 2026. However, Belgium has not yet implemented CCD2 into national law. This revision of the former Directive on consumer credit agreements aims to remove legal uncertainty and further harmonise the EU consumer credit regulatory framework, particularly regarding new credit products developed in the online environment. These upcoming changes are expected to have a particular impact on (currently unregulated) “buy now, pay later” (BNPL) products.

Peer-to-peer lending between consumers is not regulated and is only subject to general contract law (see directly below). However, it should be noted that peer-to-peer consumer lending may not result in a public offering. For this reason, consumer peer-to-peer lending practices in their purest form (where consumers lend directly to other consumers through a matchmaking platform) are not allowed in Belgium. Alternative (indirect) peer-to-peer models are, however, present.

SME credit offered by CIs, other lenders or licensed crowdlending platforms

The regime applicable to credit to SMEs is less regulated than the one applicable to consumer credit. The regime applies not only to Belgian companies (to the extent that they do not exceed the thresholds of SMEs), but also to organisations and individuals who do not act for private purposes (eg, a self-employed natural person).

The Law of 21 December 2013 on the financing of SMEs (SMEs Law) notably sets out:

• pre-contractual information obligations;
• an obligation for the lenders to adopt a code of conduct in relation to the granting of loans to SMEs; and
• specific rules for early reimbursements.

The SMEs Law is not applicable to loans granted through crowdfunding platforms.

Crowdfunding platforms (ie, platforms providing matchmaking services between project owners and investors) are regulated under the Law of 18 December 2016 regulating the recognition and definition of crowdfunding and containing various provisions on finance on crowdfunding (Crowdfunding Law) and EU Regulation 2020/1503 of 7 October 2020 on European crowdfunding service providers for business (Crowdfunding Regulation). Under the Crowdfunding Regulation, crowdfunding platforms must obtain a licence before they start operating within the EU; once obtained in one EEA country, their licence enables them to carry out their activities across the EU on a cross-border basis. The crowdfunding framework has been further specified through EU technical standards, including Delegated Regulation (EU) 2024/358, which sets regulatory technical standards (RTS) on credit scoring, pricing and risk management.

Loans and forms of credit offered by CIs or other lenders to enterprises other than SMEs

If credit/a loan does not fall into one of the above-mentioned categories, it is regarded as unregulated. General contract law applies and only a few specific provisions of the Belgian (former) Civil Code (Articles 1905–1914) must be taken into account, as well as general consumer protection law (as contained in Book VI of the CEL) when offering B2C credits that fall outside the scope of the consumer credit regime (eg, BNPL products).

In addition, the sale, purchase and servicing of non-performing loans (NPL) originated by EU credit institutions is now subject to the Belgian Law of 20 December 2024, in force since 24 January 2025, implementing Directive (EU) 2021/2167, including the authorisation of credit services by the FSMA and borrower protection requirements.

The underwriting processes will mainly depend on the type of credit and customer.

AML Obligations

The common feature of all underwriting processes of regulated credit is that all lenders (or crowdfunding platforms) are subject to the AML Law, which transposes AMLD5. Typical AML obligations are therefore applicable (identification and verification of the identity of the borrower/ultimate beneficial owners, risk-based assessment, ongoing surveillance, reporting of suspicious transactions, etc).

An increasing number of market participants make use of innovative means for identification in a remote environment (eg, facial likeness detection, videoconferencing or other biometric data, Belgian eID (electronic identity card), other electronic identification means or relevant trust services as set out in the EU Regulation 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) as amended by eIDAS 2, which establishes the European Digital Identity (EUDI) Wallet framework and further supports cross-border electronic identification and authentication, including through wallet-based identification and electronic attestations of attributes.

Additional Obligations

Besides the AML obligations, the online onboarding of clients must also comply with specific obligations laid down in the CEL, the SMEs Law, the Crowdfunding Law and the Crowdfunding Regulation. These pieces of legislation usually stipulate that specific information about the lender and the credit must be provided to the customer (usually on a “durable medium”). These obligations have an important impact on the onboarding of clients, especially in a B2C context.

Signature Obligation

Lastly, it must be noted that credit contracts concluded with consumers require a written or a qualified electronic signature. This obligation also has a significant impact on the conclusion of online credit agreements with consumers.

Belgians can easily sign electronic contracts using their Belgian eID, or even completely electronically using a mobile application of qualified trust service providers such as itsme®. Both of these signatures are qualified as electronic signatures under the eIDAS Regulation, and thus have the equivalent legal effect of a handwritten signature. eIDAS 2 is expected to further facilitate digital contracting by enabling qualified trust services to be used via the EUDI Wallet ecosystem and by reinforcing the EU-wide interoperability of high-assurance e-identification for remote onboarding.

In 2023, the doctrine of functional equivalent – which assimilates, under certain conditions, physical processes to online processes – was extended to all contractual mechanisms (Article 5.30 of the Belgian Civil Code).

The source of funds for loans will depend mainly on the nature of the lender rather than on the nature of the credit, as follows.

• CIs use client deposits to grant loans (money multiplier), provided that they keep sufficient deposit reserves at the European Central Bank (ECB) (see EU Regulation 2021/378 of 22 January 2021 on the application of minimum reserve requirements) and respect EU Directive 2013/36/EU of 26 June 2013 (CRD IV) on access to the activity of CIs and the prudential supervision of CIs and investment firms, and EU Regulation 575/2013 of 26 June 2013 (CRR) on prudential requirements for CIs and investment firms. Note that these texts have been modified by Regulation (EU) 2024/1623 (CRR3) and Directive (EU) 2024/1619 (CRD6). These reforms strengthen the prudential framework, but do not affect CIs’ exclusive right to take deposits.
• Other lenders (which are not CIs), licensed or not, cannot receive refundable deposits under Belgian law (Article 28 of the Law of 11 July 2018 on the offer of investment instruments to the public and the admission of investment instruments to trading on a regulated market – the New Prospectus Law) and cannot create money ex nihilo. Therefore, they can only lend their own funds.
• Lenders who operate through crowdfunding platforms lend their own funds and, from a legal point of view, the borrower issues debt instruments.

Syndication of online loans is not a current market practice in Belgium, mainly because loan syndication is reserved to the biggest borrowers and the biggest funding transactions. The largest financing contracts are generally not concluded online.

There is no specific regulation in this respect; only a set of market practice documentation.

While crowdlending can resemble syndication in terms of multiple funders, it is now a regulated activity under Regulation (EU) 2020/1503 and is authorised and supervised in Belgium by the FSMA.

In Belgium, there are two main payment systems:

• CEC (Centre for Exchange and Clearing), a domestic retail payment system for retail payment instruments, based on multilateral netting and settlement; and
• TARGET-BE, the Belgian component of T2 for real-time gross settlement, which is used for settling central bank operations, primarily related to monetary policy, for large interbank transfers and client operations.

In addition to those, payment processors may in principle create or implement new private payment systems.

PSD2

With the PSD2, the EU legislator wanted to create an efficient and integrated market for payment services, regulating cross-border payments in the same way throughout the EU. This has been transposed into Belgian law by the PI & EMI Law (in relation to the prudential regime of PIs) and the CEL (in relation to the conduct-of-business rules for all PSPs).

In June 2023, the European Commission published proposals to improve the existing legal framework and ultimately replace it with the Third Payment Services Directive (PSD3) and the PSR. Agreement on these proposals was reached at the end of November 2025 following trilogue negotiations.

Single Euro Payments Area

Belgium is part of the Single Euro Payments Area (SEPA), a system that establishes a single set of tools and standards, making cashless cross-border payments in euros as efficient and easy as national payments. SEPA enables European businesses, consumers and governments to make and receive credit transfers, direct debit payments and card payments under the same conditions.

Cross-Border Payment Regulation

EU Regulation 2021/1230 of 14 July 2021 on cross-border payments in the Union requires PSPs to apply the same charges for cross-border electronic payment transactions in euros within the European Union.

Instant Payments Regulation

The Instant Payments Regulation (IPR) amends and complements the SEPA framework and operates alongside PSD2/PSD3 and PSR. Unlike a directive, it is directly applicable in all member states. The IPR entered into force on 8 April 2024. Key implementation deadlines followed, including the requirement for banks to be able to receive instant payments from 9 January 2025 and to send instant payments by 9 October 2025 for euro-area providers.

There are essentially three main types of trading platforms: regulated markets, multilateral trading facilities (MTFs) and organised trading facilities (OTFs). Trading platforms for crypto-assets are also regulated since MiCA entered into force.

MiFID II provisions pertaining to trading platforms have been implemented in Belgian law mainly through the Investment Services Law, which is divided into two sections, the first one covering regulated markets and the second being dedicated to MTFs and OTFs.

Regulated markets must obtain a licence from the Minister of Finance, assisted by the FSMA. This agreement is subject to many prudential requirements, such as the fitness and properness of the management and the shareholding, and the implementation of adequate organisation and control processes.

OTFs and MTFs can only be exploited by specific licensed entities – ie, credit institutions, stockbroking firms and market operators. In addition to the requirements applicable to their existing licence, these entities are subject to an extra layer of requirements set out in the Investment Services Law.

Trading platforms for crypto-assets can only be exploited with a MiCA CASP licence.

Generally speaking, all asset classes are subject to equivalent regulatory regimes. Financial/investment instruments are covered by the Belgian implementation of MiFID II and Prospectus Regulation frameworks, while crypto-assets (with some exceptions) are now governed by MiCA.

To help delineate the two regimes, the FSMA published a Communication on 22 November 2022 on the classification of crypto-assets as securities, investment instruments or financial instruments. In December 2024, ESMA also published guidance on the classification of crypto-assets and their potential intersection with other types of regulation and asset classes.

The emergence of cryptocurrency exchanges has led to the adoption of several regulations, both at the European level and in Belgium.

As of 30 December 2024, all centralised and some decentralised exchanges are regulated by MiCA, making the Belgian virtual asset service provider (VASP) regime (from the AMLD5 framework) obsolete in the near future. In addition, the FSMA Regulation of 5 January 2023 prescribes additional marketing rules when commercialising virtual currencies to consumers in Belgium, irrespective of the location of the advertiser. Lastly, the FSMA Regulation of 3 April 2014 prohibits the professional marketing of financial products, the return of which depends directly or indirectly on cryptocurrencies. This regulation seriously limits the distribution schemes and structuring of crypto-assets.

Article 30 of the Investment Services Law requires regulated market operators to ensure that the regulated markets they operate and/or manage adopt clear, non-discriminatory, objective and transparent listing standards. These standards must also allow the markets to ensure that the issuers comply with the information requirements under EU law (initial, periodic and occasional information). With respect to derivatives, these listing standards must ensure that the characteristics of the derivatives allow for an orderly rating and efficient settlement.

Regulated market rules are subject to the prior approval of the FSMA and must be published on the market operator’s website.

OTFs and MTFs are also required to adopt transparent and non-discriminatory listing standards. Generally speaking, OTFs and MTFs are subject to softer requirements than regulated markets.

Market rules must allow for the efficient handling of orders. MiFID II rules of conduct and their delegated regulations also apply in Belgium, and MiCA introduces order handling rules for CASPs.

Articles 27quater and 28 of the Financial Supervision Law further specify that regulated entities executing clients’ orders must ensure that these are handled quickly, fairly and efficiently. Regulated entities must also take sufficient measures to ensure that the best possible result is achieved, taking into consideration the price, cost, speed, probability of the execution and the size, nature and any other relevant criteria pertaining to the order (the “best execution” principle).

Due to various legal obstacles, the Belgian market is not yet mature in respect of peer-to-peer trading platforms. Therefore, at this stage, no impact can truly be observed.

There is no Belgian specificity in payment for order flow (PFOF). Under the EU MiFID II framework, investment firms acting on behalf of (retail or professional) clients may not receive any fee, commission or non-monetary benefit from any third party for executing orders from those clients on a particular execution venue, nor for forwarding orders of those clients to any third party for their execution on a particular execution venue.

The prohibition removes financial incentives that previously drove brokers to route retail flow to specific venues, reinforcing the competitive position of neutral regulated markets.

Regulation (EU) 596/2014 of 16 April 2014 on market abuse (MAR) and the various Implementing and Delegated Regulations in this respect are directly applicable in Belgium. The Belgian legal framework on principles regarding market integrity and market abuse governing trading is further complemented by Article 25 and Sections 8 and 9 of Chapter II of the Financial Supervision Law, which lay down the competencies of the FSMA as the supervisor in this respect and the applicable sanctions. In addition, in its Circular of 18 May 2016, the FSMA provides practical instructions, accompanying the ESMA guidelines accompanying the MAR. Title VI of MiCA also contains specific rules on market abuse.

Under the applicable rules, market manipulation, insider dealing and the unlawful disclosure of non-public information are considered forms of market abuse and are subject to administrative and/or criminal sanctions.

High-frequency trading (HFT) and algorithmic trading (AT) are regulated in Belgium by the Investment Services Law and Royal Decree of 19 December 2017, partially transposing MiFID II. In addition, the EU Commission Delegated Regulation 2017/589 of 19 July 2016 with regard to RTS specifying the organisational requirements of investment firms engaged in algorithmic trading (MiFID II RTS 6) regulates algorithmic trading. These regulations apply to trading in financial instruments in general.

Regulated firms engaged in algorithmic trading should have adequate and effective internal controls appropriate to their business activity in place, to ensure that trading systems cannot be used for any purpose contrary to MAR. Alternatively, they should have a connected trading venue, to ensure that their trading systems are resilient, have sufficient capacity and are subject to appropriate trading thresholds and limits, and to prevent erroneous orders from being sent or otherwise operated in such a way that could lead or contribute to the creation of a disorderly market.

With DORA’s application, financial institutions using such technologies are required to have a robust ICT risk management framework in place, including effective arrangements to deal with business continuity, testing, internal controls and potential ICT service provider management framework.

In general, the FSMA is wary of AT and HFT entities, and there is no tendency to encourage this sector from the regulator’s perspective.

A market maker – or a person who holds themselves out on the financial markets on a continuous basis as being willing to deal on own account by buying and selling financial instruments against that person’s proprietary capital at prices defined by that person – does not have to be licensed or otherwise registered. However, a market maker is required to enter into a binding market making agreement with a trading venue, specifying the obligations of the market maker to provide liquidity on a regular and predictable basis to the trading venue.

The applicable regulations do not make a distinction between funds and dealers.

Only regulated companies offering investment services with algorithmic trading are targeted by the applicable rules of the Belgian Royal Decree of 19 December 2017 and MiFID II RTS 6. Therefore, no provisions apply specifically to the programmers developing and creating trading algorithms and other electronic trading tools.

However, when an entity outsources these tools to a third party, this qualifies as an ICT services third-party provider under DORA, and therefore the third party will be indirectly subject to DORA requirements covering, amongst others, IT security, continuity and reporting obligations towards the financial institution. Providers designated as critical third-party providers (CTPPs) by the ESAs will be subject to direct regulatory oversight.

Numerous underwriting processes are available to industry participants, and each comes with a different set of regulations. Actors creating their own insurance products will most likely need a full insurance company licence from the NBB in accordance with the Law of 13 March 2016 on the status and control of insurance and reinsurance companies (Law of Control). In practice, insurtechs most often act as distributors or business introducers.

Insurtechs as Distributors

When they act as distributors, insurtechs need to be registered as insurance intermediaries with the FSMA. The regulations applicable to insurance intermediaries are mainly centralised in the Law of 4 April 2014 relating to insurances (Insurance Law).

Insurtechs as Business Introducers

Mere business introducers do not need any licence or registration but must carefully design their business model as they can provide only strictly limited services, thereby reducing their potential added value.

Additional Rules and Obligations

Whichever distribution and operation structure they opt for, insurtechs will need to comply with the rules of conduct contained in the Insurance Law, as well as the circulars and recommendations issued by the NBB and the FSMA. Furthermore, the provision of online services, as well as B2C provision of services, leads to the application of additional obligations, mostly organised by the CEL.

In addition to general common principles, each type of insurance (life, annuities, property, etc) is subject to its own set of regulations under the Insurance Law.

Industry players often tend to specialise in one or more specific markets; at the very least, they tend to focus on either life or non-life products. As a matter of fact, the Law of Control prohibits the provision of both life and non-life services to insurance companies (Article 222).

Investment and savings life insurance products are among the most regulated products. Their distribution leads to the application of strict diligence obligations (appropriateness and suitability tests).

Regtech providers are not specifically regulated (except for eID and trust service providers, which are regulated by the eIDAS Regulation). However, as they serve industry participants with products/services facilitating compliance with prudential regulations (eg, EU Directive 2009/138/EC of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) or the CRR) or rules of conduct (eg, MiFID II, Directive (EU) 2016/97 of 20 January 2016 on insurance distribution, PSD2 and AMLD5), regtechs need to have a comprehensive understanding of these regulations.

Regtechs are also indirectly subject to DORA, which requires regulated entities to impose specific obligations on their ICT service providers. In addition, some regtech providers may directly fall under the scope of DORA as CTPPs.

Contractual Arrangements

Contractual arrangements between regtech providers and regulated entities are not regulated per se. However, services offered by regtech providers often fall within the scope of the notion of “outsourcing” or “ICT services”, triggering specific obligations for regulated entities, including specific mandatory provisions in the agreement between the regtech and the regulated entity (eg, terms to assure performance and accuracy).

Obligations Imposed on Regtech Service Providers

Regtech service providers are not themselves subject to any regulatory obligation. However, under the outsourcing rules and DORA requirements, before entering into outsourcing arrangements or arrangements with ICT service providers, regulated entities must conduct thorough due diligence on the service providers to ensure their suitability. Furthermore, regulated entities are required to impose multiple contractual obligations on regtech providers, such as agreed service levels, reporting obligations, continuity plans, termination assistance and audit obligations. The audit clause generally allows regulated entities as well as their regulator(s) to control or request key information from their provider.

Overall, traditional financial institutions in Belgium have been relatively cautious in adopting blockchain-based services, and investment in cryptocurrencies remains largely concentrated among neo-banks and foreign specialised platforms.

One major incumbent launched a virtual currency in 2022 in the form of an e-money token, and announced in 2025 its intention to offer direct cryptocurrency investment products, namely ether and bitcoin, to its clients. The same incumbent is also part of a consortium of nine European banks that joined forces to issue a MiCA-compliant stablecoin. To date, however, it remains the only large Belgian traditional player to have officially taken such a step.

In light of the strong interest shown by clients in cryptocurrencies, some voices have argued that offering such products should become standard practice across financial institutions. Others, however, remain hesitant, citing ethical and consumer protection concerns related to high volatility and the risk of significant losses.

While several other major traditional players, after years of rejection, have now indicated that they are exploring this area, no concrete implementation plans have yet been announced.

The Belgian regulators have not introduced local rules with regard to blockchain, and generally tend to follow the European legislation. The NBB has stated in the past that, although the technology looks promising, actual use cases for distributed ledger technologies are still relatively limited in number and in scope. According to the NBB, attention is particularly required concerning the use of distributed ledger technology or blockchain technology, as institutions should be aware of the legal value of smart contracts or the information contained in the distributed ledger, the possible governance complications and the security or resilience threats that may exist at different nodes in the network.

There are currently no regulations in place that explicitly detail the classification of crypto-assets. As a rule, if a crypto-asset displays the characteristics of a regulated financial or investment instrument, it may qualify as a regulated financial/investment instrument and fall within the scope of the related regulation. All blockchain assets not captured by traditional EU financial regulation are regulated under MiCA, which introduces a prudential regime for both crypto-asset issuers and service providers.

In December 2024, ESMA published guidance on the conditions and criteria for the qualification of crypto-assets as financial instruments, as well as broader guidance on the classification of crypto-assets, including a standardised test.

Local guidance includes a 2017 FSMA Communication on the risks of ICOs, where the FSMA assessed the similarities between crypto-assets, investment instruments, means of storage, calculation and exchange, and utility tokens, and a 2022 FSMA communication on the classification of crypto-assets as securities, financial or investment instruments, which provides some additional guidance on the most common cases where crypto-assets may classify as regulated securities, investment instruments or financial instruments.

MiCA regulates the issuance and initial sale of blockchain assets that do not qualify as investment instruments. With its entry into force, a common licensing regime applies for crypto-asset issuers and service providers offering crypto-related services across the EEA member states.

Crypto-assets that qualify as investment instruments are subject to the standard rules applicable thereto (prospectus obligation, etc).

The tokenisation of real-world assets is not currently regulated in Belgium.

Since 30 December 2024 and the entry into application of MiCA, crypto-asset trading platforms are regulated as crypto-asset services and can only be offered on the market through a CASP licence. MiCA has completely replaced the Belgian national VASP regime, which has now been reduced to a transitional regime (until June 2026 in Belgium).

In addition, EU Regulation 2022/858 of 30 May 2022 on a pilot regime for market infrastructures based on distributed ledger technology (“DLT Regulation”) allows EEA-based entities to apply for EEA-wide permission to operate DLT market infrastructures (DLT multilateral trading facilities, settlement systems, and trading and settlement systems) within a temporary regulatory sandbox regime. The regime has been open to both new and existing market players since March 2023 and specifically targets the trading and settlement of crypto-assets that qualify as financial instruments under MiFID and thus are not captured within the scope of MiCA. Its scope may be expanded in the future, for example to include CASPs, as envisaged by the European Commission’s ongoing Capital Markets Integration regulatory initiative of 4 December 2025.

Lastly, EU Regulation 2023/1113 of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (TFR), alongside MiCA, includes additional requirements to ensure the traceability of any type of “virtual asset” transfer or transaction.

Staking services are not regulated in Belgium per se, unless they qualify as crypto-asset services under MiCA (eg, custody and administration of crypto-assets).

It should be noted that, according to the Advance Rulings Service (Service des décisions anticipées/Dienst Voorafgaande beslissingen – the Belgian tax authority body that issues binding advance tax rulings to taxpayers), income derived from cryptocurrency staking, harvesting and liquidity mining rewards must be declared and taxed as movable income (revenus mobiliers/roerende inkomsten).

Lending services relating to cryptocurrencies are not regulated in Belgium, unless they qualify as crypto-asset services under MiCA.

Depending on how they are structured, the offering of cryptocurrency derivatives could fall under the Belgian implementation of MiFID II, as well as under the New Prospectus Law and the Prospectus Regulation.

Cryptocurrency derivatives are also covered in the following two FSMA regulations (as confirmed by royal decree):

• the FSMA Regulation of 3 April 2014 prohibits the professional marketing of so-called “non-conventional assets” to retail clients – prohibited non-conventional assets include financial products, the return of which depends directly or indirectly on cryptocurrencies; and
• the FSMA Regulation of 26 May 2016 prohibits the distribution of certain financial derivatives among Belgian retail clients, as well as a number of aggressive or inappropriate distribution techniques and forms of professional marketing of derivatives on electronic trading venues.

DeFi is not in scope of MiCA or Belgian regulations. However, MiCA does not clearly explain when a service is considered to be “decentralised”, leaving some room for interpretation. On 16 January 2025, the ESAs published a report on DeFi with some further insights, but their findings have not provided a conclusive answer on MiCA’s scope. Parties facilitating the trading of security tokens or cryptocurrencies will thus always be subject to a case-by-case analysis by the local regulator. In some cases, they may therefore be required to hold a CASP licence in order to operate.

Funds investing in blockchain technology or crypto-related assets are not subject to a dedicated regulatory regime as such; however, in line with the ESMA Q&A on the AIFMD, a fund investing in crypto-assets may qualify as an alternative investment fund (AIF) where it raises capital from a number of investors, invests in accordance with a defined investment policy, and operates for the benefit of those investors. In such cases, the fund and its manager would be subject to the AIFMD framework.

Virtual currencies have received many different definitions in Belgium in recent years. They are generally not treated differently than other blockchain assets, unless they qualify as e-money tokens (EMTs) or asset-referenced tokens (ARTs) under MiCA, which are subject to a stricter regime than regular virtual currencies/crypto-assets.

In principle, NFTs and NFT platforms are subject to the same rules as any other crypto-related initiative. However, they are excluded from the scope of MiCA and from the FSMA Regulation of 5 January 2023. Depending on the characteristics and purposes of the NFTs or the structure and activities provided by the platforms, they could fall within the scope of certain other existing regulations (eg, through a qualification as investment instruments).       

Stablecoins are regulated in Belgium not through a specific national regime but through MiCA, which imposes strict rules on authorisation, reserve backing and redemption at par. MiCA classifies stablecoins either as EMTs, pegging the stablecoin to a single official currency, or as ARTs, pegging the stablecoin to a basket of official currencies.

MiCA imposes the obligation to hold a reserve of assets, legally segregated from the issuers’ estate, to cover the risks associated with the assets referenced by the stablecoin and the liquidity risks associated with the redemption rights of the holders.

Issuers of stablecoins cannot grant any interest in relation to the stablecoin nor grant any interest in relation to crypto-asset services related to the stablecoin.

The prudential rules of PSD2 were transposed in the PI & EMI Law, while the conduct-of-business rules were inserted in the CEL. The open banking aspect of PSD2 came into force in Belgium along with the EU Regulated Technical Standards 2018/389 of 27 November 2017 on Strong Customer Authentication (RTS SCA) in September 2019.

Consequently, PSPs are required to allow third-party providers (TPPs) to access payment account, either through a dedicated interface (interface specific for TPPs) or through their customer interface.

In June 2023, the European Commission proposed FIDA. The proposal is currently in trilogue negotiations between the Parliament, Council and Commission, with key discussions focusing on the scope of data sharing, implementation timelines, and safeguards for competition. Final adoption is expected in 2026, with phased implementation likely beginning in 2027 or later. If adopted, FIDA would force financial entities to share data relating to (almost) all financial services with other financial entities and a new type of service provider: financial information service providers.

Effects of PSD2 on Open Banking

As the PSD2 and the RTS SCA implementing open banking only impose limited requirements on the interface, without indicating how these results should be obtained and with no standardisation, PSPs are left to decide how to implement proper technical solutions – which leads to difficulties for both PSPs and TPPs. However, PSD2 has also fostered innovation as it has prompted incumbents to either innovate internally or enter into partnerships with new fintech players. In this way, open banking under PSD2 has opened up the field to new financial services providers and TPPs, such as account information service providers (AISPs) and payment initiation service providers (PISPs). In addition, new customer authentication methods have been developed or further implemented in existing applications following the RTS SCA, paving the way to a simpler and smoother user-friendly atmosphere in financial services offerings.

PSD3 and the PSR, which have not yet been formally approved, aim to enhance and clarify the open banking framework established under PSD2. They are designed to deepen and improve open banking by specifying technical and operational requirements, strengthening customer control over data sharing, broadening access to payment infrastructure, and enhancing protections and harmonisation across the EU.

Certain concerns have been raised due to the open banking requirement, regarding data protection risks, security measures and the risk of cyber-attacks on third-party applications and/or APIs, for example. These concerns have also raised the question of liability should something go wrong regarding any of the above aspects (liability of the PSP or of the relevant TPP).

Regarding data privacy and data security concerns, it is generally agreed that PSD2 and GDPR are jointly applicable. Furthermore, a high level of security of financial and operational systems has become a key element. Regulation has also placed some liability with the PISPs, which are subject to an obligation to insure themselves.

PSD3 and the PSR are expected to strengthen this framework by clarifying technical and operational requirements, providing a clearer liability framework between PSPs and TPPs, enhancing oversight of third-party providers, harmonising rules across member states and reinforcing customer control and consent. Together, these measures aim to make open banking safer, more transparent and more reliable.

There is no specific criminal legislation on fraud in financial services. Most frauds within the financial sector fall under the definition of generic offences, such as fraud within the definition of Article 496 of the Belgian Criminal Code. The constitutive elements of a fraud are threefold: (i) the intention to appropriate one’s belongings; and (ii) the voluntary delivery of said belongings; (iii) which is induced by the use of false identities or fraudulent tactics.

Depending on the facts, fraudulent conduct can be prosecuted under technology- and payment-specific offences, including computer fraud (Article 504quater) and the offences relating to fraud and counterfeiting of non-cash means of payment, as clarified/updated by the Act of 12 July 2023 transposing Directive (EU) 2019/713.

Generally, victims of fraud press charges with the police but scammers and fraudsters are rarely identified, which leads many victims to bring civil claims against the financial institutions that were somewhat involved in the fraudulent transactions (eg, payer’s and payee’s institution(s)).

In general, the FSMA focuses primarily on authorised-pushed payment fraud, tackling fraudulent investment offers or trading platforms, identity theft, boiler room scams, or fake credit offers. Nearly half of the reports to the FSMA involve online trading platforms, which are the main type of investment fraud in Belgium.

The FSMA, along with the FPS Economy, regularly launches campaigns to combat investment fraud.

In Belgium, the responsibility of a fintech service provider for losses arising from fraud is determined primarily by compliance with PSD2 and whether negligence or misconduct can be demonstrated. Providers are required to authenticate transactions securely, ensure accurate processing, and prevent technical errors. Failure to meet these obligations, such as insufficient fraud detection or inadequate security measures, may result in liability.