New Areas of Focus
The Belgian fintech market has been on the rise since 2014–2015. The first fintech initiatives focused on alternative financing solutions such as crowdfunding platforms, but recently, fintech initiatives are increasingly turning their attention towards payment solutions. This includes retail payment platforms, with a fair share of money remitters, but important developments in the market are taking place in B2B payment services such as professional FX payments for small and medium-sized enterprises (SMEs). As a result of Brexit, a few very high-profile UK payment service providers have selected Brussels as their base to continue serving the continent. The arrival of these players has added a lot of maturity to this sector in Belgium.
Next to alternative financing solutions and payment platforms, there is also increased focus in Belgium on full digital banks and fintech-driven investments solutions as well as a significant number of infrastructure and enabling technology service providers offering regtech, data, identification and accounting solutions. Although Belgium has a few local champions that are developing well internationally, insurtech, blockchain and crypto- initiatives remain rarer phenomena.
Belgium as a Launchpad
The most recent trend is the choice by international entities (both inside and outside a Brexit context) to launch their fintech initiatives and conquer the European continent from Belgium. International investors appear to be attracted by the professional, tech-savvy Belgian regulator; the fact that licence applications are accepted in English; the central location of Belgium in Europe; the highly skilled and multilingual workforce; and the fact that Belgium, being at the crossroads of different cultures and with a very international population, is an interesting test market for their products and services.
The predominant fintech business model (“vertical”) in the Belgian fintech industry is the payment vertical, which is populated by both incumbents and fintech entities.
The Belgian regulator is quite extensive in its interpretation of payment services, and therefore regulated payment service institutions also include business models such as electronic invoicing platforms and invoice trading platforms. The retail client acquisition cost remains high for most entities and there is therefore important activity on the B2B side, notably in the field of professional FX payments and acquiring services for merchants. Also on the retail side, there is a small concentration of high-profile FX payment service providers, making it safe to say that this has become a market particularity. Due to Brexit, several international money remitters have now located their EEA headquarters in Belgium, as they are looking for a level regulatory playing field and, therefore, wish to be supervised by the same authority as many of their important competitors.
Finally, most Belgian banks have seen the Second Payment Services Directive (PSD2) as an opportunity rather than a threat. Next to local fintech start-ups, an increasing number of major retail credit institutions have started offering account information services, and it can be expected that payment initiation services will follow. The four biggest Belgian retail banks have also joined forces through the Payconiq by Bancontact application, allowing clients to perform easy peer-to-peer payments and pay with their smartphone in stores and online.
The payment vertical is obviously dominated by the Belgian transposition of the PSD2. This transposition has been very straightforward under Belgian law and does not have any significant gold plating. The relevant Belgian regulator (the National Bank of Belgium) has a very narrow interpretation of the concept of e-money, reserving it mostly for a few specific prepaid products. However, the regulator has a broad interpretation of the notions of "payment services" and "payment accounts".
This broad interpretation of payment services raises some questions for non-payment companies that develop new types of services which are not as such related to the business of payment services, but could eventually fall within the scope of PSD2.
As to the payment account concept, the regulator does not automatically qualify all solutions which provide for wallets/accounts as e-money.
The approach of the Belgian regulator becomes even clearer in a Brexit context, whereby UK entities which are regulated as e-money institutions by the Financial Conduct Authority (FCA) will receive a payment institutions licence from the National Bank of Belgium (NBB), allowing them to provide the same services as they do in the UK under an e-money licence.
Belgium has only a handful of e-money institutions, compared to over 30 already licensed payment institutions and several payment institution licence applications in the pipeline.
Compensation models in the payments industry vary significantly in the function of the actual application. Personal payment applications are often offered free of charge for the user (or included in the general services if offered by an incumbent bank). On B2B and especially in FX service provision, compensation models are often inspired by the (anticipated) volumes of FX payments generated by the clients.
In both cases, regulated market players are subject to certain pre-contractual information requirements, including a disclosure obligation on the pricing of their services. However, the extent of such requirements will depend on whether the services are provided to consumers.
With regard to regulation of fintech and legacy players, the Belgian regulator applies a "same business, same risks, same rules" principle, although it will sometimes apply "proportionality" if needed. Conversely, more specific fintech-oriented local regulation – such as the Belgian crowdfunding law – also allows legacy players to offer these services. In 2018, the European Central Bank (ECB) introduced fintech-specific rules by publishing its guide on fintech credit institution licence applications. Based on this document, local regulators are now allowed to have different expectations (to a certain extent) of fintech banks on the one hand and ordinary banks on the other hand, when it comes to their prudential requirements.
In Belgium, there is no regulatory sandbox. The NBB and the Financial Services and Markets Authority (FSMA) have set up the joint and unique Fintech Contact Point, allowing fintech entrepreneurs, unaware of the difference in oversight competence, to enter into direct contact with the regulator through this entry point and to raise their questions. Representatives of the Belgian regulators have stated in the past that this approach should be seen as a "sound box" (ie, a possibility to speak with the regulator outside any concrete licence application), rather than an actual sandbox. In general, Belgian regulators have adopted a pragmatic approach towards fintech companies. They are open to innovation and to organising informal meetings with fintechs to discuss their project prior to launching any formal demands. Foreign fintechs tend to be pleasantly surprised by the level of tech awareness and personal approach of the Belgian regulators.
There are two main regulators in Belgium for the financial services sector at large, which are of course also relevant for fintech companies.
The NBB is the competent supervisor for the prudential requirements applicable to credit institutions (banks), insurance undertakings, e-money institutions, payment institutions and large stockbroking companies.
The FSMA is the competent supervisor for the prudential regime applicable to smaller investment companies, regulated credit providers, insurance intermediaries, crowdfunding platforms and financial intermediaries. The FSMA is also in charge of oversight of the conduct of business rules on insurance and investment services (next to more general authority over public offers, listed companies and the financial markets). Although unregulated at this stage, it is also the FSMA, in its role of surveillance of the financial markets and supervision of financial information, that closely follows evolutions such as crypto-assets and ICOs, mostly by issuing very general warnings on the risks attached to them. The FSMA also analyses local initiatives to ensure that they do not fall within existing regulations under its supervision, such as public offerings or investment services. Its role will most likely evolve in light of the upcoming regulation on Markets in Crypto-assets (MiCA).
The FPS Economy
Next to these two main supervisors, the Federal Public Service Economy (FPS Economy) has very specific powers regarding the conduct of business rules of regulated credits and payment services.
Regulated functions can only be outsourced to parties which are regulated for these functions. Also, unregulated, more operational functions can be outsourced to third parties.
The NBB has stated in a circular letter that the guidelines on outsourcing of the European Banking Authority (EBA) are entirely integrated into the supervisory practice of the NBB. The following are included in these guidelines:
Finally, the NBB has extensive expectations when it comes to the outsourcing register, requiring fintech and legacy players to keep an updated register of all outsourcing arrangements and of critical sub-outsourcing arrangements.
There is no specific “gatekeeper” liability regime established in Belgium for fintechs regarding the activities on their platform. In practice, this will mainly depend on who is actually/legally providing the services to customers through the platforms.
The Belgian regulator mostly opts at the first stage for a pragmatic/soft approach where it will contact unregulated entities providing services that it deems to be regulated. It will usually work with the entity concerned to make sure that it either becomes regulated or adapts/terminates its activities. When it comes to the payment vertical, the NBB is known to use a high-quality and pragmatic team that is close to its industry.
Certain additional non-financial regulatory regimes may be of particular importance to fintech companies, given the greater susceptibility to certain abuses or exposure to certain risks.
Data Protection Regulations
With regard to privacy laws, the most important regulations are the General Data Protection Regulation 2016/679 of 27 April 2016 (GDPR) and Directive 2002/58/EC of 12 July 2002 ("ePrivacy Directive") and the provisions transposing this directive into Belgian law. The Belgian legislator also adopted the Belgian law of 30 July 2018 on data protection, partially incorporating the generally applicable GDPR provisions as well as providing for complementary provisions.
Anti-money Laundering Laws
Belgian anti-money laundering laws, transposing the Fifth Anti-Money Laundering Directive 2018/843 (AMLD5) of 30 May 2018, are applicable to fintech companies that carry out regulated activities (such as banks, e-money institutions and payment institutions).
As to cybersecurity, Directive 2016/1148 of 6 July 2016 ("Networks and Information Security Directive") was transposed into national law by the Belgian law of 7 April 2019 on the establishment of a framework for the security of network and information systems of general interest for public security. This law requires financial institutions to take appropriate and proportional technical and organisational measures to manage the risks to the security of the network and information systems on which these institutions' financial services depend. Furthermore, there is the (slightly outdated) law of 28 November 2000 on computer-related crime and the international Budapest Convention of 23 November 2001 (including its Protocol) and the Lanzarote Convention of 25 October 2007, to which Belgium is a party. These regulations do not make a distinction between fintech companies and legacy players. However, again, the digital environment of fintechs goes hand in hand with increased cybersecurity risks. This is why the EBA issued its Guidelines EBA/GL/2019/04 of 29 November 2019 on ICT and security risk management, prescribing how financial institutions should manage ICT and security risks, and what the supervisory authorities’ expectations of ICT and security risk management are.
The topic of cybersecurity in the financial sector is becoming a growing concern for public authorities in Belgium and all other European countries. This is why the EU Commission has made digital operational resilience one of the main topics in its last Digital Finance Package, which includes a proposal for the Digital Operational Resilience Act (DORA) in the financial sector.
Marketing and Communications
Advertising, documents and any other type of communication (including verbal communication) distributed within the context of professional marketing of financial products (eg, relating to all types of savings, insurance and investment products) to retail clients on Belgian territory, is regulated by Royal Decree of 25 April 2014, regardless of the media channels through which these communications take place. These are subject to information requirements relating, on the one hand, to the provision of an information sheet and, on the other hand, to the advertising of financial products.
The general information requirements (“correct, easily understandable and in clear, concise and comprehensible terms”) apply as well to all communications, whether through social media or other media. These requirements are stricter with regard to highly regulated products and services (eg, consumer credit).
Other than by regulators, a review of industry participants’ activities is to a certain extent also performed by accounting and auditing firms. Their well-aligned tasks are set out in the prudential framework of each of the regulated entities and auditors must be certified by the competent regulator prior to servicing regulated companies.
There is no general prohibition under Belgian law against regulated financial entities providing unregulated products and services. In certain cases, the Belgian regulator will, however, assess the impact of these unregulated services on the regulated activity and may impose certain requirements, or even demand that these services or products are offered through a separate legal entity. This is notably the case for certain payment institutions and e-money institutions offering unregulated services. The combination of regulated services with crypto services has garnered particular attention from the Belgian regulator. It is expected that the upcoming MiCA regulation will be a game-changer in this respect.
As a recent trend, an increasing number of financial institutions – mainly (digital) banks – are offering so-called “beyond banking” products, which are non-financial services and products, in an attempt to attract more and new clients to their current financial services and products.
Depending on the specific circumstances, the services provided through robo-advisers qualify as order execution, investment advice or portfolio management within the meaning of the MiFID II Regulation and the Belgian transposing law of 2 August 2002 on the supervision of the financial sector and financial services. Therefore, and if these robo-advisers offer these services directly to investors, they should be licensed as investment firms.
In Belgium, there are two types of investment firm licences:
A stockbroking firm can provide all the investment services regulated by MiFID II. By contrast, a PMIAC is seen as having a lighter licence enabling it only to provide services of reception and transmission of order, order execution, portfolio management and investment advice services, but not dealing on own account, operating a multilateral trading facility (MTF) or an organised trading facility (OTF), underwriting financial instruments or placing such financial instruments (with or without firm commitment basis).
Finally, robo-advisers are sometimes also used as pure IT technology tools (under a user licence agreement) by regulated firms legally able to provide investment services. In such a case, the IT tool itself does not need to be regulated – the regulatory licence of the professional user suffices.
The emergence of robo-advisers has put pressure on legacy players, as they were expected to soon become a core product for a lot of investors. As a result, multiple legacy players now internally manage their own robo-advisers (eg, BNP Paribas Fortis, Keytrade Bank), or totally or partially outsource their investment services to a robo-adviser (which in this case has to be regulated), or enter into a licence agreement with a technical provider in order to use the robo-adviser as a purely technical tool.
The best execution rule of the MiFID and its transposing regulations applies equally to robo-advisers, as the services provided by these are qualified as investment services (see 3.1 Requirement for Different Business Models). An issue that might arise with regard to the fulfilment of best execution by robo-advisers advising consumers and business could be the malfunctioning of the automated tool (eg, through manipulation or mistakes resulting from being too fast or too focused on some aspects). For consumers in particular, issues may arise as to the processing of (personal) information and the (mis)understanding of the advice by the consumer.
In any case, the investment services provider remains ultimately responsible for execution of the orders and cannot hide behind the use of robo-advisory technology to avoid their liability vis-à-vis investors.
Legal Regimes Applicable to Loans/Credits
Schematically, there are four different legal regimes applicable to loans/credits in Belgium.
Mortgage credits offered to consumers by credit institutions or other licensed lenders
These credits are subject to a highly regulated regime in Book VII of the Code of Economic Law. See Article VII.123–147/38 (rules of conduct) and VII.148–216 (prudential requirements) of the Code of Economic Law.
This legal regime sets out compulsory rules for aspects of the contractual relationship such as:
Lenders are subject to an obligation to obtain prior validation by the FPS Economy of the model contracts that will be used.
Consumer credits offered to consumers by credit institutions, other licensed lenders or indirect peer-to-peer consumer lending platforms
Consumer credits are subject to a highly regulated regime in Book VII of the Code of Economic Law. See Article VII.64–122 (rules of conduct) and VII.148–216 (prudential requirements) of the Code of Economic Law.
This regime sets out compulsory rules for aspects of the contractual relationship such as:
Lenders are subject to an obligation to obtain prior validation by the FPS Economy of the model contracts that will be used.
Peer-to-peer lending between consumers is not regulated and is in its purest form, where consumers lend directly to other consumers through a matchmaking platform, not allowed in Belgium.
SME credits offered by credit institutions, other lenders or licensed crowdlending platforms
The regime applicable to SMEs is less regulated than the one applicable to consumers. Most Belgian companies, organisations and individuals who do not act for private purposes qualify as SMEs in the meaning of the law.
The Law of 21 December 2013 on the financing of SMEs notably sets out:
It must be noted that the Law of 21 December 2013 on the financing of SMEs is not applicable to loans granted through crowdfunding platforms.
However, the Law of 18 December 2016 on crowdfunding provides for specific obligations. Crowdfunding platforms must be licensed in order to operate (ie, to provide online matchmaking services between companies and investors) in Belgium. The main difficulty Belgian law has with crowdfunding resides in the territorial nature of the licence, which is limited to Belgium. Any crowdfunding activity outside Belgium will be subject to the crowdfunding platform operator complying with the legal requirements of the relevant country.
This will change in 2021 when the EU Regulation 2020/1503 of 7 October 2020 on European crowdfunding service providers for business comes into force on 10 November 2021; crowdfunding service providers will be able to carry out their activities across the European Union upon authorisation.
Other loans and credits offered by credit institutions or other lenders to enterprises other than SMEs
Usually these loans/credits are not offered online.
If a credit/loan does not fall in one of the three above-mentioned categories, the applicable regime is regarded as unregulated. General contract law applies and only a few specific provisions (Articles 1905–1914) of the Belgian Civil Code must be taken into account.
The most important of these provisions is Article 1907bis of the Belgian Civil Code, which provides for a limitation of funding loss for loan contracts.
The underwriting processes will mainly depend on the type of credit and customer.
The common feature of all underwriting processes is that all lenders (or crowdfunding platforms) are subject to the Belgian AML Law which transposes AMLD5.
Classic AML obligations are therefore applicable (ie, identification and verification of the identity of the borrower/ultimate beneficial owners, risk-based assessment, ongoing surveillance, reporting of suspicious transactions). An increasing number of market participants make use of innovative means for identification in a remote environment (eg, facial likeness detection, video-conference or other biometric data, Belgian eID (electronic identity card) or other qualified signature as specified by the electronic identification and trust services or eIDAS Regulation).
Code of Economic Law Obligations
Besides the AML obligations, the online onboarding of clients must also respect the specific obligations laid down in the Code of Economic Law, the Law of 21 December 2013 on the financing of SMEs, and the Law of 18 December 2016 on crowdfunding.
These pieces of legislation usually impose that specific information about the lender and the credit be provided to the customer (usually on a "durable medium"). These obligations have an important impact on the onboarding of clients, especially in a B2C context.
Lastly, it must be noted that credit contracts concluded with consumers require a written or a qualified electronic signature. This obligation also has a significant impact on the conclusion of online credits with consumers.
Belgians can easily sign electronic contracts with their Belgian eID or even completely electronically through a mobile application of qualified trust service providers such as itsme®. These signatures by use of or based on the eID are qualified electronic signatures under the eIDAS Regulation.
The source of funds for loans will depend mainly on the nature of the lender rather than on the nature of the credit:
Syndication of online loans is not a current market practice in Belgium. This is mainly because loan syndication is reserved to the biggest borrowers and the biggest funding transactions. The largest financing contracts are generally not concluded online.
There is no specific regulation in this respect; only a set of market practice documentation.
However, the crowdlending process presents certain similarities to the syndication mechanism.
In Belgium, there are two main payments systems: (i) CEC (Centre for Exchange and Clearing), a retail payment system for retail payment instruments, based on multilateral netting and settlement, and (ii) TARGET2-BE, the Belgian component of TARGET2 for real-time gross settlement. Both systems are operated by the NBB. These two payment systems are currently the only ones covered by the Belgian Law of 28 April 1999 which implements the Settlement Finality Directive 98/26/CE of 19 May 1998. The Belgian government can extend the list, however.
Payment processors can in principle create new private payment systems which do not fall under this law.
By adopting the First and Second Payment Services Directives (PSD1 and PSD2), the European Commission wanted to create an efficient and integrated market for payment services, so that cross-border payments and remittances are regulated in the same way throughout the EU.
Belgium is part of the Single Euro Payments Area (SEPA), a system that establishes a single set of tools and standards that make cross-border payments in euros as efficient and easy as national payments. Since 2011, the SEPA programme has allowed European businesses, consumers and governments to make and receive credit transfers, direct debit payments and card payments under the same conditions.
In addition, the regulation (EC) 924/2009 was amended in 2019 by the regulation 2019/519 (also known as "CBPR2"), which requires banks to apply the same charges for cross-border electronic payment transactions in euros within the European Union. Furthermore, the EU Commission and Parliament do not exclude the possibility to extend this principle to other EU currencies in the future.
Fund administrators do not have a legal definition as such under Belgian law. Traditional actors of the investment funds business include the management company and the depositary bank, which are both highly regulated.
However, traditional fund administration services such as legal services, accounting management, compliance, etc, are listed by both alternative investment fund (AIF) and undertakings for collective investment in transferable securities (UCITS) Belgian regulations and can only be provided subject to compliance with several requirements.
The provision of these services is generally shared between the fund management company and the depositary bank. As the case may be, these services may be outsourced (often within the same group) subject to strict requirements, which can include (depending on the delegated service) the need for a licence as an investment firm or credit institution.
There do not appear to be any specific terms (eg, dictated by regulation or industry custom) between fund administrators and fund advisers. Generally speaking, liability clauses are often one of the key points in negotiations.
There are essentially three different kinds of trading platforms: regulated markets, MTFs and OTFs.
MiFID II provisions pertaining to trading platforms are implemented in Belgian law mainly through the law of 21 November 2017 on the infrastructures of markets for financial instruments (Law on Trading Platforms). The Law on Trading Platforms is divided into two sections, the first one covering regulated markets and the second being dedicated to MTFs and OTFs.
Regulated markets must obtain a licence from the minister of finance, assisted by the FSMA. This agreement is subject to many prudential requirements, such as the fitness and properness of the management and the shareholding, and the implementation of adequate organisation and control processes.
OTFs and MTFs
OTFs and MTFs can only be exploited by specific licensed entities – ie, credit institutions, stockbroking firms, and market operators. In addition to the requirements applicable to their existing licence, these entities are subject to an extra layer of requirements set out in the Law on Trading Platforms.
Generally speaking, assets are subject to equivalent regulatory regimes.
However, the FSMA has adopted two regulations (confirmed by royal decree) limiting and/or prohibiting the marketing of certain categories of investments.
The rise of cryptocurrencies has not heavily affected the regulation of trading platforms at this stage.
However, it is worth noting that the FSMA regulation of 3 April 2014 prohibits the professional marketing of financial products, the return of which depends directly or indirectly on cryptocurrencies. This regulation seriously limits the distribution schemes and structuring of crypto-assets. It also has to be noted that the FSMA regularly issues warnings concerning cryptocurrency trading platforms on which it has identified signs of fraud. Furthermore, entities providing crypto-wallet and currency exchange between fiat and crypto-assets are subject to AML requirements due to the Belgian transposition of AMLD5.
This situation is, however, expected to change when the proposal for an EU regulation on Markets in Crypto-assets (MiCA) is adopted, introducing a prudential regime for cryptocurrency exchanges.
Article 30 of the Law on Trading Platforms of 21 November 2017 requires regulated market operators to ensure that the regulated markets they operate and/or manage adopt clear, non-discriminatory, objective and transparent listing standards. The listing standards must also allow the markets to ensure that the issuers comply with the information requirements under EU law (initial, periodic, and occasional information).
With respect to derivatives, these listing standards must ensure that the characteristics of the derivatives allow for an orderly rating and efficient settlement.
Regulated market rules are subject to the prior approval of the FSMA and must be published on the market operator’s website.
OTFs and MTFs are also required to adopt transparent and non-discriminatory listing standards. Generally speaking, OTFs and MTFs are subject to softer requirements than regulated markets.
Market rules must allow for the efficient handling of orders.
In addition, MiFID II rules of conduct and their delegated regulations apply in Belgium.
Articles 27 quater and 28 of the law of 2 August 2002 on the supervision of the financial sector and financial services further specify that regulated entities executing clients’ orders must ensure that these are handled quickly, fairly and efficiently. They must also take sufficient measures to ensure that the best possible result is achieved, taking into consideration the price, cost, speed, probability of the execution, the size, nature and any other relevant criteria pertaining to the order (the "best execution" principle).
Taking into account some legal obstacles, the Belgian market is not yet mature in respect of peer-to-peer trading platforms. Therefore, at this stage, no impact can truly be observed.
A change in this respect may, however, be expected in the near future due to the upcoming implementation on 10 November 2021 of the EU Regulation 2020/1503 of 7 October 2020 on European crowdfunding service providers for business and the existence of a European passport for crowdfunding.
When it comes to best execution of customer trades, Article 27 MiFID II has been almost literally transposed into Article 28 of the law of 2 August 2002 on the supervision of the financial sector and financial services.
Generally speaking, the Belgian legislator and regulators follow the EU recommendations on the matter and have not adopted Belgian-specific recommendations. In addition, no specific fintech initiatives currently exist in this field in Belgium.
There is no Belgian specificity in payment for order flow. The European Securities and Markets Authority (ESMA) has stressed the fact that MiFID II limits the possibility for brokers to receive any remuneration, discount or non-monetary benefit for routing client orders to execution venues, resulting in a clear onus on firms to ensure that the execution quality achievable at a venue is the driver for sending client orders to such a venue, and not any payment for order flow. Due to a lack of any further specific guidelines on the matter from the FSMA, it can be anticipated that the FSMA will follow ESMA’s position and take a rather reluctant stance regarding payment for order flow out of consideration for best execution policies.
In the absence of any specific regulation, payment for order flow would be assessed in the light of inducement requirements, which prevent regulated entities from paying or receiving benefits from third parties unless:
Regulation (EU) 596/2014 of 16 April 2014 on market abuse (MAR) and the various Implementing and Delegated Regulations in this respect are directly applicable in Belgium. The Belgian legal framework on principles regarding market integrity and market abuse governing trading is further complemented by Article 25 and Sections 8 and 9 of Chapter II of the law of 2 August 2002 on the supervision of the financial sector and financial services, which lays down the competencies of the FSMA as the supervisor in this respect and the applicable sanctions. In addition, in its Circular of 18 May 2016, the FSMA provides practical instructions, resuming the ESMA guidelines accompanying the MAR.
Under the applicable rules, market manipulation, insider dealing and unlawful disclosure of non-public information are considered forms of market abuse which are subject to administrative and/or criminal sanctions.
Regulated firms engaged in algorithmic trading should have adequate and effective internal controls appropriate to their business activityin place, to ensure that trading systems cannot be used for any purpose contrary to the EU MAR. Alternatively, they should have a connected trading venue, to ensure that their trading systems are resilient and have sufficient capacity, and are subject to appropriate trading thresholds and limits, and to prevent erroneous orders from being sent or otherwise operated in such a way that they could lead or contribute to the creation of a disorderly market. Furthermore, they are expected to have effective arrangements to deal with business continuity and should ensure that their systems are fully tested and properly supervised.
In general, the FSMA is wary of algorithmic and high-frequency trading entities and there is no tendency to encourage this sector from the regulator’s perspective.
A regulated company that is engaged in algorithmic trading, as a member of or participant in one or more trading platforms when trading for its own account, should be deemed to be implementing a market-making strategy if its strategy consists, among other things, in simultaneously publishing a firm bid and offer prices of a comparable size and at competitive prices for one or more financial instruments on one or more trading platforms, with the result that the entire market is regularly and freely advertised on one or more trading platforms.
Duties and Requirements
There is a prior notification duty to the FSMA and the NBB, as well as to the competent authorities of the trading venue where the regulated company engages in algorithmic trading as a member or participant of the trading venue. The FSMA may require these firms to provide specific information on their activities.
Up until now, only regulated companies engaged in algorithmic trading are targeted by the applicable regulation. No further rules or distinctions are made.
Up until now, only regulated companies engaged in algorithmic trading are targeted by the applicable rules of the Belgian Royal Decree of 19 December 2017 and the EU Commission Delegated Regulation 2017/589 of 19 July 2016 with regard to RTS specifying the organisational requirements of investment firms engaged in algorithmic trading. Therefore, no provisions apply specifically to the programmers developing and creating trading algorithms and other electronic trading tools.
In this respect, the upcoming EU regulation on digital operational resilience might provide food for thought as under its current proposal, ICT third-party providers are (among others) made subject to reporting obligations, and those designated as critical third-party providers (CTPPs) by the European Supervisory Authorities (ESAs) may even be subject to an oversight framework.
The provision of an investment research service or a financial analysis service is considered as an ancillary service (to other investment services) in MiFID II and in Article 2, 2° of the Belgian transposition Law of 25 October 2016 on investment firms. Platforms which provide ancillary services only are not subject to any registration duty, except if they also provide other investment services (Article 6, § 4, of the Belgian Law of 25 October 2016 on investment firms).
Investment firms which provide investment research services or financial analysis services are subject to the "rules of conduct" in accordance with the EU Commission Delegated Regulation 2017/565 of 25 April 2016 (see Recital 17). In particular, they must ensure that the public is at all times provided with clear, accurate and non-misleading information.
Irrespective of the regulatory status, spreading unverified information is prohibited pursuant to the EU MAR, and this may lead to administrative and/or criminal sanctions.
It appears that there is currently no institutional platform active in Belgium allowing users to post any kind of financial content or information, and which qualifies as an investment research service or financial analysis service.
As mentioned in 9.2 Regulation of Unverified Information, the spreading of rumours and unverified information is forbidden under Article 12 of the EU MAR.
Numerous underwriting processes are available to industry participants and each comes with a different set of regulations.
Actors creating their own insurance products will most likely need a full insurance company licence from the NBB in accordance with the law of 13 March 2016 on the status and control of insurance and reinsurance companies (“Law of Control”).
In practice, insurtechs most often act as distributors or business introducers.
Insurtechs as Distributors
When they act as distributors, insurtechs need to be registered as insurance intermediaries with the FSMA. The regulations applicable to insurance intermediaries are mainly centralised in the law of 4 April 2014 relating to insurances (“Insurance Law”).
In 2019, the Belgian legislator created a new status of insurance intermediary: the mandated underwriter (souscripteur mandaté/gevolmachtigde onderschrijver). The idea behind this status is to imitate the UK status of managing general agent (MGA) (which was more or less unknown to the Belgian market). It was introduced in Belgium with a view to attracting "brexiteers" and providing them with legal certainty as to the validity of their existing distribution model in Belgium.
Insurtechs as Business Introducers
Mere business introducers do not need any licence or registration, but must carefully design their business model as they can provide only strictly limited services, thereby reducing their potential added value.
Additional Rules and Obligations
Whichever distribution and operation structure they opt for, insurtechs will need to comply with the rules of conduct contained in the Insurance Law, as well as the circulars and recommendations issued by the NBB and the FSMA.
Furthermore, the provision of online services, as well as B2C provision of services, leads to the application of additional obligations, mostly organised by the Code of Economic Law.
In addition to general common principles, each type of insurance (life, annuities, property, etc) is subject to its own set of regulations under the Insurance Law.
Industry players often tend to specialise in one or more specific markets. At the very least, they tend to focus either on life or non-life products. As a matter of fact, the Law of Control prohibits the provision of both life and non-life services to insurance companies (Article 222).
Investment and savings life insurance products are among the most regulated products. Their distribution leads to the application of strict diligence obligations (appropriateness and suitability tests).
Regtechs operate under existing regulations. They serve the industry players with products/tools facilitating compliance with either prudential regulations (eg, Solvency II, Banking Law, etc) or rules of conduct (eg, MiFID II, IDD, PSD2, AML). As such, regtechs are not specifically regulated (with the exception of eID and trust service providers who are regulated under the EU regulation 910/2014 on electronic identification and trust services for electronic transactions, which are often regarded as regtech providers) and tend to avoid the need for any specific licence.
The general principle is that regulated entities remain responsible for compliance with applicable regulations, irrespective of outsourcing. Likewise, customers will only enter into a contractual relationship with the regulated entities and will often not even be aware of the regtech provider’s existence.
This being said, regtech services often fall within the scope of the notion of "outsourcing" for the purpose of the EBA Guidelines EBA/GL/02 of 25 February 2019 on outsourcing arrangements, which impose a significant number of requirements on regulated entities in their relationship with external service providers such as regtech providers.
Obligations Imposed on Regtech Service Providers
Due to these guidelines, before entering into such agreements, regulated entities must conduct some sort of due diligence on potential outsourcing service providers to ensure their suitability. Furthermore, regarding contractual obligations, regulated entities are required to impose multiple obligations on regtech providers, such as agreed service levels, reporting obligations and audit obligations. The audit clause generally allows regulated entities as well as their regulator(s) to control or request key information from their provider. Finally, such outsourcing agreements must also include a business continuity clause.
Cryptocurrencies based on blockchain technology were initially thought of as a huge threat to traditional banking players. However, contrary to their initial negativity towards cryptocurrencies, many banks soon considered the underlying blockchain technology as an opportunity to change the banking world completely, for the better.
Legacy players are enthusiastic about and willing to implement further blockchain applications, developing their ideas in relation to a whole range of activities and services (from the internal administrative organisation of the bank to client onboarding processes, crowdfunding set-ups and even broader market integration).
The NBB has stated in the past that although the technology looks promising, actual use cases for distributed ledger technologies (of which blockchain is only one particular type) are still relatively limited in number and in scope. According to them, attention is particularly required concerning the use of distributed ledger technology or blockchain technology, as institutions should be aware of the legal value of smart contracts or the information contained in the distributed ledger, the possible governance complications and the security or resilience threats that may exist at different nodes in the network.
The FSMA has only warned about practices involving virtual currencies, by publishing an official communication at the end of 2017 and regularly updating its list of websites suspected of cryptocurrency fraud.
Fintech Contact Point
So far, no concrete legislative initiatives have been taken on a national level. Furthermore, neither the NBB nor the FSMA has come up with new proposals or interpretations. However, given the importance of these evolutions, the NBB has taken various steps to enter into a dialogue with both new and established players in the market. In this context, it has set up, in co-operation with the FSMA, a central Fintech Contact Point, that deals with fintech-related questions (see 2.5 Regulatory Sandbox).
There are currently no regulations or other authoritative documents in place which incorporate rules on blockchain assets. The regulated financial instruments are to be found in Article 2, 1° of the Law of 2 August 2002 on the supervision of the financial sector and the financial services. It may be assumed that if (and in as far as) a certain blockchain asset displays some of the same characteristics as one of the financial instruments from the list of Article 2, 1° of the aforementioned law on financial supervision, this particular asset may be considered a regulated financial instrument.
In its 2017 communication on the risks of ICOs, the FSMA assessed the similarities between the tokens that are created and offered via distributed ledger technology and:
As opinion remains divided on whether cryptocurrencies qualify as a financial instrument, the legal doctrine seems to prefer their legal qualification as a financial instrument as regards investment tokens, at least in as far as a right is obtained by the issuer.
The upcoming proposal for a regulation on Markets in Crypto-assets (MiCA) is expected to cover new categories of crypto-assets that are not already subject to traditional EU regulations, and to introduce a prudential regime for both crypto-asset issuers and service providers.
Based on the aforementioned 2017 FSMA communication on ICOs, the following (unlimited) overview of possible applicable regulations should be taken into account by issuers of ICOs.
This list serves only as provisional guidance and in no way constitutes the full legal framework on blockchain assets and should be seen in light of the specific circumstances at hand.
Finally, the proposal for a regulation on Markets in Crypto-assets (MiCA) will create a legal framework for the issuance of crypto-assets that currently fall outside the scope of existing legislations, as well as for entities providing crypto-related services. This proposal notably foresees introducing a common licensing regime for crypto-asset providers across the EEA member states.
Since July 2020, cryptocurrency exchanges (offering crypto/fiat conversion) have theoretically been required to register with the FSMA before offering their services in Belgium. However, this registration process is not yet effective, as both the process and requirements must be implemented in an act which has still not been adopted. Once implemented, this registration process will be subject to requirements that go beyond what is required under AMLD5, such as the verification of the quality of the persons in charge of the effective management and other potential conditions to be specified by the act.
Besides that regime, blockchain asset-trading platforms, as well as secondary market trading in blockchain assets, currently remain unregulated.
Funds investing in blockchain technology (such as Amplify Transformational Data Sharing ETF and Reality Shares Nasdaq NextGen Economy ETF) currently remain unregulated.
Article 1, 6° of the FSMA Regulation of 3 April 2014 on the ban on distribution of certain financial products to retail clients defines virtual currency as “any kind of digital currency which is not regulated and is not a legal tender”. Blockchain assets are not defined in Belgian regulation or regulators’ instruments, though they seem to contain a broader scope of assets.
Although the definition used in the 2014 FSMA Regulation is the only existing “Belgian” definition of virtual currency, both financial supervisors and/or the courts would be more likely to use the more recent AMLD5 definition of virtual currency in their assessments (ie, “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically”).
Furthermore, in a circular of July 2019, the NBB indicated that cryptocurrencies are not comparable to money issued by a central bank or a public authority (which is in line with the AMLD5 definition), due to the fact that cryptocurrencies are not considered to be legal tender, they do not enjoy any guarantees, and they do not perform the core functions of money. For these reasons, but also because some crypto-assets do not aim to offer an alternative to existing coins, the NBB started to prefer to use the broader term "crypto-assets" instead of the term “cryptocurrencies”. For the NBB, the term crypto-assets refers to all of those instruments whose inherent or perceived value depends primarily on cryptography, distributed ledger technology or similar technologies.
DeFi (decentralised finance) is a broad notion that refers to different types of services being delivered through decentralised platforms (often based on the blockchain). DeFi platforms generally allow users to undertake financial transactions without traditional intermediaries (such as banks or brokerage firms). Such services cover different types of activities, such as, lending or borrowing, “yield farming” services, stablecoin networks, etc.
There is no general consensus as to whether or not DeFi platforms fall within the scope of traditional financial regulations.
This will have to be assessed on a case-by-case basis depending on the type of tokens/crypto-assets used on such platform, their general structure and the type of activities that are being conducted.
The upcoming regulation on Markets in Crypto-assets (MiCA) is expected to have a significant impact on DeFi platforms, as it aims to capture assets and services that were previously beyond the scope of traditional regulations.
PSD2 has been transposed into Belgian law by two different acts. The prudential regime is incorporated in the law of 11 March 2018, while the conduct of business rules have been inserted in the Code of Economic Law. The open banking aspect of PSD2 has come into force in Belgium along with the Regulated Technical Standards 2018/389 of 27 November 2017 on Strong Customer Authentication (RTS SCA) in September 2019.
As of September 2019, credit institutions are obliged to provide a so-called "dedicated interface" (an Application Programming Interface or API) for the sharing of customer data from their payment accounts, as required within the context of the open banking principle.
As the RTS only imposed certain requirements and finalities on the dedicated interface and the contingency matters, without indicating how these results should be obtained, and although it is logical for a legislator not to impose industry standards, this has left many credit institutions to decide for themselves how to implement proper technical solutions. At the same time, however, PSD2 has acted as an innovation-accelerating instrument as it has prompted legacy players either to innovate internally, or to enter into partnerships with new fintech players. In this way, the open banking requirement under PSD2 has opened up the field to new financial services providers, third-party payment service providers (TPPs), such as the account information service providers and payment initiation service providers, as well as to aggregators. Also, new methods of customer authentication have been developed or further implemented in existing applications following the RTS SCA, paving the way to a simpler and smoother user-friendliness in financial services offerings. This being said, a large number of Belgian banks were not ready and had not fully anticipated the amount of work that opening their infrastructure to TPPs in accordance with the RTS SCA would require. Hence, TPPs often encounter issues when accessing Belgian banks.
The latest information indicates that everything should be in place during the course of 2021.
Certain concerns have been raised due to the open banking requirement, such as concerns about data protection risks and concerns regarding security measures and the risk of cyberattacks on third party applications and/or APIs. These concerns have also given rise to the question of liability if something should go wrong regarding any of the above aspects (liability of the bank or of the relevant TPP).
Regarding data privacy and data security concerns, it is generally agreed that the PSD2 and the GDPR are jointly applicable regulations. Furthermore, a high level of security of the financial and operational systems has become a key element. Regulation has also placed some liability with the payment initiation service providers, who are subject to an obligation to insure themselves.