New Areas of Focus

In Belgium, while the first fintech initiatives (2014–2015) focused on alternative financing solutions such as crowdfunding platforms, the sector really gained traction with the development of payment solutions. These include retail payment platforms, with a fair share of money remitters, but also B2B payment services such as professional foreign exchange (FX) payments for small and medium-sized enterprises (SMEs). As a result of Brexit, several high-profile UK payment service providers selected Brussels as the base from which they have continued to serve the continent. The arrival of these players has added a lot of maturity to this sector in Belgium.

In the last few years, Belgium has seen an increased focus on full-digital banks and fintech-driven investment solutions as well as digital credit providers and a significant number of infrastructure and enabling technology service providers offering regtech, data, identification and accounting solutions.

The most recent trends now include initiatives in insurtech, blockchain and cryptocurrencies.

Belgium as a Launch Pad

A recent trend is the choice by international entities (both inside and outside the Brexit context) to launch their fintech initiatives and attempted conquest of the European market from Belgium. International investors appear to be attracted by the professional, tech-savvy Belgian regulator; the fact that licence applications are accepted in English; the central location of Belgium in Europe; the highly skilled and multilingual workforce; and the fact that Belgium, being at the crossroads of different cultures and with a very international population, is an interesting test market for their products and services.

The predominant fintech business model in the Belgian fintech industry remains the payment vertical, which is populated by both incumbents and fintech entities.

Payment Services

The payment sector in Belgium is varied. The retail client acquisition cost remains high for most entities and there is thus important activity on the B2B side, notably in the field of professional FX payments and acquiring services for merchants. Also on the retail side, there is a small concentration of high-profile FX payment service providers, making it safe to say that this has become a market particularity. Following Brexit, several international money remitters have located their EEA headquarters in Belgium, which has then attracted other money remitters, as they are looking for a level regulatory playing field and, therefore, wish to be supervised by the same authority as many of their major competitors. 

PSD2

Further, most Belgian banks have seen the Second Payment Services Directive (PSD2) as an opportunity rather than a threat. Next to local fintech start-ups, major retail credit institutions have started offering open banking services.

Cryptocurrencies and Decentralised Finance

As in all EEA countries in recent years, Belgium has seen a surge in new projects related to cryptocurrencies and decentralised finance (“DeFi”). However, those remain limited compared to other EEA countries.

PSD2

The regime for payment verticals is dominated by the Belgian transposition of the PSD2. This transposition has been very straightforward under Belgian law and does not have any significant “gold plating”. While the legal texts are generally a copy-paste of the European legislation, their interpretation by the relevant Belgian regulator (the National Bank of Belgium, or NBB) may differ from other European jurisdictions. For instance, the regulator interprets the notions of “payment services” and “payment accounts” quite broadly.

This broad interpretation of payment services raises some questions for non-payment companies that develop new types of service that are not related to the business of payment services as such, but could eventually fall within the scope of PSD2.

E-money

Unlike other regulators, the Belgian regulator reserves the qualification of “e-money” to very specific prepaid products, and does not automatically consider as such all wallets/account solutions. In practice, this interpretation has no real impact and business models developed under an e-money licence abroad are pursued in Belgium under a payment institution licence. This has led to only a few institutions being licensed as e-money institutions in Belgium, while there are around 30 licensed payment institutions.

Compensation models in the payments industry vary significantly depending on the actual application. Personal payment applications are often offered free of charge for the user (or included in the general services if offered by an incumbent bank). On B2B and especially in FX service provision, compensation models are often inspired by the (anticipated) volumes of FX payments generated by the clients.

In both cases, regulated market players are subject to certain pre-contractual information requirements, including a disclosure obligation on the pricing of their services. However, the extent of such requirements will depend on the customers (consumers or others).

Most financial regulations originate from EU legislation, which does not differentiate between fintech and legacy players. However, when applying these, EU member state regulators should do so in a proportionate manner, which allows for some differentiation in practice. The Belgian regulator follows this and applies a “same business, same risks, same rules” principle which, combined with the “proportionality” principle, provides for a strict but generally pragmatic approach.

In Belgium, there is no regulatory sandbox. However, the NBB and the Financial Services and Markets Authority (FSMA) have set up a joint and unique Fintech Contact Point, allowing fintech entrepreneurs to enter into direct contact with them and openly discuss the regulatory aspects of their products or services. Representatives of the Belgian regulators have stated in the past that this approach should be seen as a “sound box” (ie, a possibility to speak with the regulator outside any concrete licence application), rather than an actual sandbox. In general, Belgian regulators have a strict but pragmatic approach towards fintech companies. They are open to innovation and to organising informal meetings with fintechs to discuss their project prior to launching any formal demands. Foreign fintechs tend to be pleasantly surprised by the level of tech awareness and the personal approach of the Belgian regulators.

There are two main regulators in Belgium for the financial services sector at large, which are of course also relevant for fintech companies.

The NBB

The NBB is the competent supervisor for the prudential requirements applicable to credit institutions (banks), insurance undertakings, e-money institutions, payment institutions and large stockbroking companies.

The FSMA

The FSMA is the competent supervisor for the prudential regime applicable to smaller investment companies, regulated credit providers, insurance intermediaries, crowdfunding platforms and financial intermediaries. The FSMA is also in charge of oversight of the conduct of business rules on insurance and investment services (in addition to more general authority over public offers, listed companies and the financial markets). Furthermore, in its role of surveillance of the financial markets and supervision of financial information, the FSMA closely follows developments such as crypto-assets and initial coin offering (ICOs), mostly by issuing very general warnings on the risks attached to them. The FSMA also analyses local initiatives to ensure that they do not fall within existing regulations under its supervision, such as public offerings or investment services. The FSMA also supervises crypto-wallet and exchange service providers, following the Belgian transposition of the Fifth Anti-money Laundering Directive 2018/843 (AMLD5) of 30 May 2018 into the Belgian AML law. Its role will also most likely evolve in light of the regulation on Markets in Crypto-assets (MiCA).

The FPS Economy

In addition to these two main supervisors, the Federal Public Service Economy (the “FPS Economy”) has very specific powers regarding the conduct of business rules of regulated credit and payment services. 

Regulated functions can only be outsourced to parties which are regulated for these functions. Financial institutions may outsource unregulated, more operational functions to third parties, but only under certain conditions.

For banks, investment firms, payment institutions and e-money institutions, the NBB has entirely integrated the European Banking Authority (EBA) guidelines on outsourcing into its supervisory practice. Under these guidelines, regulated entities are required:

• to perform a substantive risk assessment before deciding on the outsourcing itself;
• to conduct thorough due diligence on the potential partner and the services before selecting the outsourced partner;
• to always remain liable towards their own clients, irrespective of the outsourcing arrangement;
• to have a written outsourcing policy in place, containing a minimum set of mandatory provisions; and
• on an ongoing basis, to supervise and control the outsourced activities (including through audits), record all outsourcing arrangements in a specific register and inform the NBB beforehand of critical or important outsourcing arrangements.

The NBB and the FSMA generally apply the same principles to other regulated entities, with some differences depending on their activities and the risks they pose for the market.

These rules are expected to change with the entry into force in 2025 of the EU Regulation 2022/2554 of 14 December 2022 on digital operational resilience for the financial sector (DORA), which introduces, among other things, new rules on outsourcing arrangements in the financial sector.

There is no specific “gatekeeper” liability regime established in Belgium for fintechs regarding the activities on their platforms. In practice, this will mainly depend on who is actually/legally providing the services to customers through the platforms.

The Belgian regulator mostly opts at the first stage for a pragmatic/soft approach where it will contact unregulated entities providing services that it deems to be regulated. It will usually work with the entity concerned to make sure that it either becomes regulated or adapts/terminates its activities. When it comes to payment verticals, the NBB is known to use a high-quality and pragmatic team that is close to its industry.

In the context of its enforcement powers, amongst other things, the NBB may issue public statements on the non-compliance by an entity with an injunction of the NBB to comply with specific provisions of the law within a given timeframe. The NBB is also allowed to request a change of the board and/or the (effective) management or appoint a temporary administrator. More generally, the Belgian regulators may impose significant fines on financial institutions that act in a non-compliant way.

Certain additional non-financial regulatory regimes may be of particular importance to fintech companies, given their greater susceptibility to certain abuses or exposure to certain risks.

Data Protection Regulations

With regard to privacy laws, the most important regulations are the General Data Protection Regulation 2016/679 of 27 April 2016 (GDPR) and Directive 2002/58/EC of 12 July 2002 (the “ePrivacy Directive”) and the provisions transposing this directive into Belgian law. The Belgian legislature also adopted the Belgian Law of 30 July 2018 on data protection, partially incorporating the generally applicable GDPR provisions as well as providing for complementary provisions. With the entry into force in January 2024 of the EU Regulation 2023/2854 of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (the “Data Act”), a new layer of rules regarding the use of data generated by the use of a product or service is expected.

Anti-money Laundering Laws

Belgian anti-money laundering (AML) laws, transposing the AMLD5 of 30 May 2018, are applicable to fintech companies that carry out regulated activities (such as banks, insurance companies, crypto-asset service providers, e-money institutions and payment institutions).

Cybersecurity

Directive 2016/1148 of 6 July 2016 (the “NIS Directive”) was transposed into national law by the Belgian Law of 7 April 2019 on the establishment of a framework for the security of network and information systems of general interest for public security. This law requires financial institutions to take appropriate and proportional technical and organisational measures to manage the risks to the security of the network and information systems on which these institutions’ financial services depend. Furthermore, there is the (slightly outdated) Law of 28 November 2000 on computer-related crime and the international Budapest Convention of 23 November 2001 (including its Protocol) and the Lanzarote Convention of 25 October 2007, to which Belgium is a party. These regulations do not make a distinction between fintech companies and legacy players. However, because the digital environment of fintechs goes hand in hand with increased cybersecurity risks, the EBA issued its Guidelines EBA/GL/2019/04 of 29 November 2019 on information and communications technology (ICT) and security risk management, prescribing how financial institutions should manage ICT and security risks, and what the supervisory authorities’ expectations of ICT and security risk management are. In November 2022, the European legislature adopted Directive 2022/2555 of 14 December 2022 on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”). That directive will replace the NIS Directive. The EU members states should transpose it into national law by October 2024.

In addition, as from 17 January 2025, regulated entities will also be required to comply with additional rules imposed by the DORA, relating amongst others to ICT-risk management, operational resilience testing, incident reporting and third-party ICT risk monitoring.

Marketing and Communications

Advertising, marketing documents and any other type of communication (including verbal communication) distributed within the context of professional marketing of financial products (eg, relating to all types of savings, insurance and investment products) to retail clients in the Belgian territory, is regulated by the Royal Decree of 25 April 2014, regardless of the media channels through which these communications take place. These are subject to information requirements relating, on the one hand, to the provision of an information sheet and, on the other hand, to the advertising of financial products.

The general information requirements (“correct, easily understandable and in clear, concise and comprehensible terms”) also apply to all communications, whether through social media or other media. These requirements are stricter with regard to regulated products and services (eg, consumer credit or the commercialisation of virtual currencies).

The activities of industry participants are reviewed both by regulators and also (to a certain extent) by accounting and auditing firms. Their tasks are set out in the prudential framework of each of the regulated entities, and auditors must be certified by the competent regulator prior to servicing regulated companies.

As a rule, there is no general prohibition under Belgian law against regulated financial entities providing unregulated products and services. In certain cases, the formal approval of the Belgian regulator is required before implementing such activities. In that case, the Belgian regulator will, however, assess the impact of these unregulated services on the regulated activity and may impose certain requirements, or even demand that these services or products are offered through a separate legal entity. This is notably the case for certain payment institutions and e-money institutions offering unregulated services. The combination of regulated services with crypto-services has garnered particular attention from the Belgian regulator. It is expected that the upcoming MiCA Regulation will be a game-changer in this respect.

An increasing number of financial institutions – mainly (digital) banks – are offering so-called “beyond banking” products, which are non-financial services and products, in an attempt to attract more and new clients to their current financial services and products.

Belgium has transposed all EU AML requirements into its AML Law with a few limited gold-plating measures. They apply to all types of regulated entities providing their services in Belgium through a physical establishment.

For now, the most important obstacle that the AML rules represent for regulated fintechs is the lack of full harmonisation at the EU level, which makes it complicated for international businesses to comply with each of the local AML regimes. This is, however, a challenge for the whole of the EU rather than a particular feature of the Belgian market. Concerning the sanction rules, Belgium is fully aligned with the regime imposed at the EU level and applies it directly.

Depending on their scope, the services provided through robo-advisers qualify as order execution, investment advice or portfolio management within the meaning of the Markets in Financial Instruments Directive II (MiFID II) and the Belgian transposing Law of 2 August 2002 on the supervision of the financial sector and financial services. Therefore, companies offering these robo-advisory services directly to Belgian investors should (i) be licensed as Belgian investment firms or credit institutions or (ii) be able to rely on the passporting of an EU member state investment firm or credit institution licence to operate in the Belgian market.

Belgian law provides for two types of investment firm licences:

• portfolio management and investment advice companies supervised by the FSMA; and
• stockbroking firms supervised by the NBB.

Stockbroking firms can provide all investment services regulated under MiFID II. By contrast, portfolio management and investment advice companies may only provide the following services: reception and transmission of orders, order execution, portfolio management, and investment advice services – but may not deal on their own account, operate multilateral trading facilities (MTF) or organised trading facilities (OTF), underwrite financial instruments or place financial instruments (with or without firm commitment basis).

Robo-advisers are sometimes also offered as pure IT technology tools (under a user licence agreement) to regulated firms licensed to provide investment services. In such a case, the company offering such tool does not need to be licensed – the licence of its client (eg, a bank or an investment firm) suffices.

Finally, and for the sake of completeness, it should also be noted that in some instances, robo-advisers are used to automate transactions on unregulated assets, which may fall outside the scope of the MiFID regulatory framework (eg, crypto assets). In these instances, robo-advisers may find themselves in a regulatory blind spot. When such services reach a certain size, it is highly advisable to discuss them with the regulators.

The emergence of robo-advisers has put pressure on legacy players, as they were expected to soon become a core product for many investors. As a result, multiple legacy players now internally manage their own robo-advisers (eg, BNP Paribas Fortis, Keytrade Bank, Aion Bank), or totally or partially outsource their investment services to a robo-adviser (which in this case has to be regulated), or enter into a licence agreement with a technical provider in order to use the robo-adviser as a purely technical tool.

The best execution rule of MiFID II and its transposing regulations applies equally to robo-advisers, as the services provided by these are qualified as investment services (see 3.1 Requirement for Different Business Models). An issue that might arise with regard to the fulfilment of best execution by robo-advisers advising consumers and businesses could be the malfunctioning of the automated tool (eg, through manipulation or mistakes resulting from being too fast or too focused on some aspects). For consumers in particular, issues may arise as to the processing of (personal) information and the (mis)understanding of the advice by the consumer.

In any case, the investment services providers remain ultimately responsible for the execution of the orders and cannot hide behind the use of robo-advisory technology to avoid their liability vis-à-vis investors.

Legal Regimes Applicable to Loans/Credit

Schematically, there are four different legal regimes applicable to loans/credit in Belgium.

Mortgage credit offered to consumers by credit institutions or other licensed lenders

Mortgage credit is subject to a highly regulated regime in Book VII of the Code of Economic Law – see Articles VII.123–147/38 (rules of conduct) and VII.148–216 (prudential requirements).

This legal regime sets out compulsory rules for aspects of the contractual relationship, such as:

• pre-contractual information;
• content of the agreement;
• security interests;
• rules for termination;
• maximum interest rates;
• joint offer of insurance products; and
• extrajudicial management complaints.

Lenders are subject to an obligation to obtain prior validation of their credit agreement templates by the FPS Economy.

Consumer credit offered to consumers by credit institutions, other licensed lenders or indirect peer-to-peer consumer lending platforms

Consumer credit is subject to a highly regulated regime in Book VII of the Code of Economic Law – see Articles VII.64–122 (rules of conduct) and VII.148–216 (prudential requirements).

This regime sets out compulsory rules for aspects of the contractual relationship, such as:

• pre-contractual information;
• content of the agreement;
• security interests;
• rules for termination;
• maximum interest rates;
• joint offer of insurance products; and
• extrajudicial management complaints.

Lenders are subject to an obligation to obtain prior validation of their credit agreement templates by the FPS Economy.

It should be noted that a new proposal for a directive on consumer credit is currently under discussion at the EU level. This proposal aims at removing legal uncertainty and further harmonising the EU consumer credit regulatory framework, in particular, regarding new credit products developed in the online environment. These upcoming changes are expected to have a particular impact on (currently unregulated) “Buy Now Pay Later” (BNPL) products.

Peer-to-peer lending between consumers is not regulated and is only subject to general contract law (see directly below). However, it should be noted that peer-to-peer consumer lending may not result in a public offering. For this reason, consumer peer-to-peer lending practices in their purest form (where consumers lend directly to other consumers through a matchmaking platform) are not allowed in Belgium. Alternative (indirect) peer-to-peer models are, however, present.

SME credit offered by credit institutions, other lenders or licensed crowdlending platforms

The regime applicable to credit to SMEs is less regulated than the one applicable to consumer credit. The regime applies not only to Belgian companies (to the extent that they do not exceed the thresholds of SMEs), but also to organisations and individuals who do not act for private purposes (eg, a self-employed natural person).

The Law of 21 December 2013 on the financing of SMEs notably sets out:

• pre-contractual information obligations;
• an obligation to the lenders to adopt a code of conduct in relation to the granting of loans to SMEs; and
• specific rules for early reimbursements.

The Law of 21 December 2013 on the financing of SMEs is not applicable to loans granted through crowdfunding platforms.

Crowdfunding platforms (ie, platforms providing matchmaking services between project owners and investors) are regulated under the Law of 18 December 2016 on crowdfunding and the EU Regulation 2020/1503 of 7 October 2020 on European crowdfunding service providers for business (the “Crowdfunding Regulation”). The Crowdfunding Regulation entered into force and replaced the former Belgian national regime on 10 November 2021. It requires crowdfunding platforms to obtain a licence before they start operating within the EU and enables crowdfunding platforms to rely on the licence issued in their home country to carry out their activities across the EU on a cross-border basis. In effect, there was a transitional period during which existing crowdfunding platforms licensed under local law could still operate freely until 10 November 2023. In Belgium, most existing platforms waited until the very end to upgrade their licence and put it in line with the Crowdfunding Regulation. Many foreign crowdfunding platforms licensed in the EEA have also passported their licence on the Belgian territory. This evolution of the regulatory landscape will likely generate new actors and offers.

Loans and forms of credit offered by credit institutions or other lenders to enterprises other than SMEs

Usually these loans/forms of credit are not offered online.

If credit/a loan does not fall in one of the four above-mentioned categories, it is regarded as unregulated. General contract law applies and only a few specific provisions (Articles 1905–1914) of the Belgian (former) Civil Code must be taken into account, as well as general consumer protection law (as contained in Book VI of the Code of economic law) when offering B2C credit that falls outside the scope of the consumer credit regime (eg “Buy Now Pay Later” products).

The underwriting process will mainly depend on the type of credit and customer.

AML Obligations

The common feature of all underwriting processes of regulated credit is that all lenders (or crowdfunding platforms) are subject to the Belgian AML Law which transposes AMLD5.

Typical AML obligations are therefore applicable (ie, identification and verification of the identity of the borrower/ultimate beneficial owners, risk-based assessment, ongoing surveillance, reporting of suspicious transactions, etc). An increasing number of market participants make use of innovative means for identification in a remote environment (eg, facial likeness detection, videoconferencing or other biometric data, Belgian eID (electronic identity card), other electronic identification means or relevant trust services as set out in the Regulation 910/2014 on electronic identification and trust services (the “eIDAS Regulation”).

Additional Obligations

Besides the AML obligations, the online onboarding of clients must also comply with specific obligations laid down in the Code of Economic Law, the Law of 21 December 2013 on the financing of SMEs, the Law of 18 December 2016 on crowdfunding, and the Crowdfunding Regulation.

These pieces of legislation usually impose that specific information about the lender and the credit be provided to the customer (usually on a “durable medium”). These obligations have an important impact on the onboarding of clients, especially in a B2C context.

Signature Obligation

Lastly, it must be noted that credit contracts concluded with consumers require a written or a qualified electronic signature. This obligation also has a significant impact on the conclusion of online credit agreements with consumers.

Belgians can easily sign electronic contracts using their Belgian eID, or even completely electronically using a mobile application of qualified trust service providers such as itsme®. These signatures are both qualified electronic signatures under the eIDAS Regulation, and thus have the equivalent legal effect of a handwritten signature.

In 2023, the doctrine of functional equivalent – which assimilates, under certain conditions, physical processes to online processes – has been extended to all contractual mechanisms (Article 5.30 of the Belgian Civil Code).

The source of funds for loans will depend mainly on the nature of the lender rather than on the nature of the credit:

• credit institutions create the money that they lend (money multiplier), provided that they keep sufficient deposit reserves at the European Central Bank or ECB (see EU Regulation (2021/378)) and respect the fourth Credit Requirements Directive (2013/36/EU) and the Capital Requirements Regulation (575/2013);
• other lenders, licensed or not (which are not credit institutions) cannot receive refundable deposits under Belgian law (Article 28 of the Belgian Law of 11 July 2018 on the offer of investment instruments to the public and the admission of investment instruments to trading on a regulated market) and cannot create money ex nihilo – therefore, they can only lend their own funds; and
• lenders who operate through crowdfunding platforms lend their own funds and, from a legal point of view, the borrower issues debt instruments.

Syndication of online loans is not a current market practice in Belgium. This is mainly because loan syndication is reserved to the biggest borrowers and the biggest funding transactions. The largest financing contracts are generally not concluded online.

There is no specific regulation in this respect; only a set of market practice documentation.

In Belgium, there are two main payment systems:

• CEC (Centre for Exchange and Clearing), a domestic retail payment system for retail payment instruments, based on multilateral netting and settlement; and
• TARGET2-BE, the Belgian component of TARGET2 for real-time gross settlement, which is used for settling central bank operations (primarily related to monetary policy), for large interbank transfers and client operations.

Both systems are operated by the NBB. These two payment systems are currently the only ones covered by the Belgian Law of 28 April 1999, which implements the Settlement Finality Directive 98/26/CE of 19 May 1998. However, the Belgian government can extend this list.

Payment processors may in principle create new private payment systems which do not fall under this law.

PSD1 and PSD2

By adopting the First and Second Payment Services Directives (PSD1 and PSD2), the European Commission wanted to create an efficient and integrated market for payment services, so that cross-border payments were regulated in the same way throughout the EU. In June 2023, the European Commission published proposals to improve the existing legal framework and ultimately replace it with the Third Payment Services Directive (PSD3) and the Payment Services Regulation (PSR).

SEPA

Belgium is part of the Single Euro Payments Area (SEPA), a system that establishes a single set of tools and standards, making cross-border payments in euros as efficient and easy as national payments. Since 2011, the SEPA programme has enabled European businesses, consumers, and governments to make and receive credit transfers, direct debit payments and card payments under the same conditions.

The “Cross-Border Payment Regulation”

The EU regulation 2021/1230 of 14 July 2021 on cross-border payments in the Union (the “Cross-Border Payment Regulation”) requires banks to apply the same charges for cross-border electronic payment transactions in euros within the European Union.

Fund administrators do not have a legal definition as such under Belgian law. Traditional actors in the investment funds business include the management company and the depositary bank, which are both highly regulated.

Traditional fund administration services – such as legal services, accounting management and compliance – are listed by both alternative investment fund (AIF) and undertakings for collective investment in transferable securities (UCITS) Belgian regulations and can only be provided subject to compliance with several requirements.

The provision of these services is generally shared between the fund management company and the depositary bank. These services may also be outsourced (often within the same group) subject to strict requirements, which can include (depending on the delegated service) the need for a licence as an investment firm or credit institution.

There do not appear to be any specific terms (eg, dictated by regulation or industry custom) between fund administrators and fund advisers. Generally speaking, liability clauses are often one of the key points in negotiations.

There are essentially three different kinds of trading platforms: regulated markets, MTFs and OTFs.

MiFID II provisions pertaining to trading platforms have been implemented in Belgian law mainly through the Law of 21 November 2017 on the infrastructures of markets for financial instruments (the “Law on Trading Platforms”). The Law on Trading Platforms is divided into two sections, the first one covering regulated markets and the second being dedicated to MTFs and OTFs.

Regulated Markets

Regulated markets must obtain a licence from the Minister of finance, assisted by the FSMA. This agreement is subject to many prudential requirements, such as the fitness and properness of the management and the shareholding, and the implementation of adequate organisation and control processes.

OTFs and MTFs

OTFs and MTFs can only be exploited by specific licensed entities – ie, credit institutions, stockbroking firms and market operators. In addition to the requirements applicable to their existing licence, these entities are subject to an extra layer of requirements set out in the Law on Trading Platforms.

Generally speaking, all asset classes are subject to equivalent regulatory regimes.

However, the FSMA has adopted two regulations (confirmed by royal decree) limiting and/or prohibiting the marketing of certain categories of investments.

• The Regulation of 3 April 2014 prohibits the professional marketing of so-called “non-conventional assets” to retail clients; prohibited non-conventional assets include financial products, the return of which depends directly or indirectly on cryptocurrencies.
• The Regulation of 26 May 2016 prohibits the distribution of certain financial derivatives among Belgian retail clients, as well as a number of aggressive or inappropriate distribution techniques and forms of professional marketing of derivatives on electronic trading venues.

In addition, the FSMA has published a Communication on 22 November 2022 on the classification of crypto-assets as securities, investment instruments or financial instruments.

The rise of cryptocurrencies has not heavily affected the regulation of trading platforms at this stage.

However, it is worth noting that the FSMA Regulation of 3 April 2014 prohibits the professional marketing of financial products, the return of which depends directly or indirectly on cryptocurrencies. This regulation seriously limits the distribution schemes and structuring of crypto-assets. It should also be noted that the FSMA regularly issues warnings concerning cryptocurrency trading platforms on which it has identified signs of fraud. Furthermore, entities providing crypto-wallet and currency exchange between fiat currencies and crypto-assets (and vice versa) with a physical presence in Belgium are subject to prior registration with the FSMA. Finally, the FSMA Regulation of 5 January 2023 prescribes additional marketing rules when commercialising virtual currencies to consumers in Belgium, irrespective of the location of the advertiser.

This situation will change with MiCA, which will introduce a prudential regime for crypto-assets service providers (CASPs), including cryptocurrency exchanges. Most MiCA provisions relating to CASPs will apply as of 30 December 2024.

Article 30 of the Law on Trading Platforms of 21 November 2017 requires regulated market operators to ensure that the regulated markets they operate and/or manage adopt clear, non-discriminatory, objective and transparent listing standards. These standards must also allow the markets to ensure that the issuers comply with the information requirements under EU law (initial, periodic and occasional information).

With respect to derivatives, these listing standards must ensure that the characteristics of the derivatives allow for an orderly rating and efficient settlement.

Regulated market rules are subject to the prior approval of the FSMA and must be published on the market operator’s website.

OTFs and MTFs are also required to adopt transparent and non-discriminatory listing standards. Generally speaking, OTFs and MTFs are subject to softer requirements than regulated markets.

Market rules must allow for the efficient handling of orders.

In addition, MiFID II rules of conduct and their delegated regulations apply in Belgium.

Articles 27quater and 28 of the Law of 2 August 2002 on the supervision of the financial sector and financial services further specify that regulated entities executing clients’ orders must ensure that these are handled quickly, fairly and efficiently. They must also take sufficient measures to ensure that the best possible result is achieved, taking into consideration the price, cost, speed, probability of the execution, the size, nature and any other relevant criteria pertaining to the order (the “best execution” principle).

Due to various legal obstacles, the Belgian market is not yet mature in respect of peer-to-peer trading platforms. Therefore, at this stage, no impact can truly be observed.

A change in this respect may, however, be expected due to the entry into force of the EU Crowdfunding Regulation. This regulation sets up a European passport for crowdfunding platforms. See 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities (Other loans and credit offered by credit institutions or other lenders to enterprises other than SMEs section).

When it comes to best execution of customer trades, Article 27 of MiFID II has almost literally been transposed into Article 28 of the Law of 2 August 2002 on the supervision of the financial sector and financial services.

In general, the Belgian legislature and regulators follow the EU recommendations on the matter and have not adopted Belgian-specific recommendations. In addition, no specific fintech initiatives currently exist in this field in Belgium.

There is no Belgian specificity in payment for order flow. The European Securities and Markets Authority (ESMA) has stressed the fact that MiFID II limits the possibility for brokers to receive any remuneration, discount or non-monetary benefit for routing client orders to execution venues, resulting in a clear onus on firms to ensure that the execution quality achievable at a venue is the driver for sending client orders to such a venue, and not any payment for order flow. Due to a lack of any further specific guidelines on the matter from the FSMA, it can be anticipated that the FSMA will follow ESMA’s position and take a rather reluctant stance regarding payment for order flow out of consideration for best execution policies.

In the absence of any specific regulation, payment for order flow would be assessed in the light of inducement requirements, which prevent regulated entities from paying or receiving benefits from third parties unless:

• it enhances the quality of the service;
• it does not affect the general duty of acting honestly, fairly, professionally and in the client’s best interest; and
• the client is adequately informed.

Regulation (EU) 596/2014 of 16 April 2014 on market abuse (MAR) and the various Implementing and Delegated Regulations in this respect are directly applicable in Belgium. The Belgian legal framework on principles regarding market integrity and market abuse governing trading is further complemented by Article 25 and Sections 8 and 9 of Chapter II of the Law of 2 August 2002 on the supervision of the financial sector and financial services, which lays down the competencies of the FSMA as the supervisor in this respect and the applicable sanctions. In addition, in its Circular of 18 May 2016, the FSMA provides practical instructions, accompanying the ESMA guidelines accompanying the MAR.

Under the applicable rules, market manipulation, insider dealing and unlawful disclosure of non-public information are considered forms of market abuse which are subject to administrative and/or criminal sanctions.

Regulated firms engaged in algorithmic trading should have adequate and effective internal controls appropriate to their business activity in place to ensure that trading systems cannot be used for any purpose contrary to the EU MAR. Alternatively, they should have a connected trading venue to ensure that their trading systems are resilient, have sufficient capacity, are subject to appropriate trading thresholds and limits, and to prevent erroneous orders from being sent or otherwise operated in such a way that they could lead or contribute to the creation of a disorderly market. Furthermore, they are expected to have effective arrangements to deal with business continuity and should ensure that their systems are fully tested and properly supervised.

In general, the FSMA is wary of algorithmic and high-frequency trading entities and there is no desire to encourage this sector on the part of regulators.

A regulated company that is engaged in algorithmic trading, as a member of or participant in one or more trading platforms when trading for its own account, is deemed to be implementing a market-making strategy if its strategy consists, among other things, of simultaneously publishing firm bid and offer prices of a comparable size and at competitive levels for one or more financial instruments on one or more trading platforms, with the result that the entire market is regularly and freely advertised on one or more trading platforms.

Duties and Requirements

There is a prior notification duty to the FSMA and the NBB, as well as to the competent authorities of the trading venue where the regulated company engages in algorithmic trading as a member or participant of the trading venue. The FSMA may require these firms to provide specific information on their activities.

Up until now, only regulated companies engaged in algorithmic trading are targeted by the applicable regulation. No further rules or distinctions are made.

Up until now, only regulated companies engaged in algorithmic trading have been targeted by the applicable rules of the Belgian Royal Decree of 19 December 2017 and the EU Commission Delegated Regulation 2017/589 of 19 July 2016 with regard to regulated technical standards specifying the organisational requirements of investment firms engaged in algorithmic trading. Therefore, no provisions apply specifically to the programmers developing and creating trading algorithms and other electronic trading tools.

However, if the technology used is outsourced to a third party, it should be noted that the upcoming EU regulation on digital operational resilience, entering into force on 17 January 2025, will have a significant impact on ICT third-party providers as they will be (among other things) made subject to reporting obligations, and those designated as critical third-party providers (CTPPs) by the European Supervisory Authorities (ESAs) will even be subject to a direct oversight framework.

There are not yet any specific regulations in Belgium that govern DeFi, as such (see 12.8 Impact of Regulation on “DeFi” Platforms for further discussion).

The provision of an investment research service or a financial analysis service is considered as an ancillary service (to other investment services) in MiFID II and in Article 2, 2° of the transposition, the Belgian Law of 25 October 2016 on investment firms. Platforms which provide ancillary services only are not subject to any registration duty, except if they also provide other investment services (Article 6, Section 4, of the Belgian Law of 25 October 2016 on investment firms).

Investment firms which provide investment research services or financial analysis services are subject to the “rules of conduct” in accordance with the EU Commission Delegated Regulation 2017/565 of 25 April 2016 (see Recital 17). In particular, they must ensure that the public is at all times provided with clear, accurate and non-misleading information.

Irrespective of the regulatory status, spreading unverified information is prohibited pursuant to Article 12 of the EU MAR, and this may lead to administrative and/or criminal sanctions.

There is currently no apparent institutional platform active in Belgium allowing users to post any kind of financial content or information, which also qualifies as an investment research service or financial analysis service.

Numerous underwriting processes are available to industry participants and each comes with a different set of regulations.

Actors creating their own insurance products will most likely need a full insurance company licence from the NBB in accordance with the Law of 13 March 2016 on the status and control of insurance and reinsurance companies (the “Law of Control”).

In practice, insurtechs most often act as distributors or business introducers.

Insurtechs as Distributors

When they act as distributors, insurtechs need to be registered as insurance intermediaries with the FSMA. The regulations applicable to insurance intermediaries are mainly centralised in the Law of 4 April 2014 relating to insurances (the “Insurance Law”).

Insurtechs as Business Introducers

Mere business introducers do not need any licence or registration, but must carefully design their business model as they can provide only strictly limited services, thereby reducing their potential added value.

Additional Rules and Obligations

Whichever distribution and operation structure they opt for, insurtechs will need to comply with the rules of conduct contained in the Insurance Law, as well as the circulars and recommendations issued by the NBB and the FSMA.

Furthermore, the provision of online services, as well as B2C provision of services, leads to the application of additional obligations, mostly organised by the Code of Economic Law.

In addition to general common principles, each type of insurance (life, annuities, property, etc) is subject to its own set of regulations under the Insurance Law.

Industry players often tend to specialise in one or more specific markets. At the very least, they tend to focus either on life or non-life products. As a matter of fact, the Law of Control prohibits the provision of both life and non-life services to insurance companies (Article 222).

Investment and savings life insurance products are among the most regulated products. Their distribution leads to the application of strict diligence obligations (appropriateness and suitability tests).

As such, regtech providers are not specifically regulated (except eID and trust service providers, which are regulated under the EU Regulation 910/2014 on electronic identification and trust services for electronic transactions, and which are often regarded as regtech providers). However, as they serve industry participants with products/tools facilitating compliance with prudential regulations (eg, Solvency II or the Banking Law) or rules of conduct (eg, MiFID II, the Insurance Distribution Directive (IDD), PSD2 and AMLD5), regtechs need to have a comprehensive understanding of these regulations.

Contractual arrangements

Contractual arrangements between regtech providers and regulated entities are, as such, not regulated. However, services offered by regtech providers often fall within the scope of the notion of “outsourcing”, triggering specific obligations for regulated entities. These obligations depend on the entity concerned, but they generally include the obligation to conclude an agreement, containing specific mandatory provisions (eg, terms to assure performance and accuracy).

Obligations Imposed on Regtech Service Providers

Under the outsourcing rules, before entering into outsourcing arrangements, regulated entities must conduct a thorough due diligence on potential outsourcing service providers to ensure their suitability. Furthermore, regulated entities are required to impose multiple contractual obligations on regtech providers, such as agreed service levels, reporting obligations, continuity plans, termination assistance and audit obligations. The audit clause generally allows regulated entities as well as their regulator(s) to control or request key information from their provider.

Cryptocurrencies based on blockchain technology were initially thought of as a huge threat to traditional banking players.

However, the optics have now changed and legacy players are adopting blockchain applications regarding a wide range of activities and services (from internal administrative organisation to client onboarding processes, crowdfunding set-ups and even broader market integration).

Alongside the adoption of blockchain technology by incumbents, a new trend of “Web3” and decentralised finance projects developed by start-ups and scale-ups is currently emerging.

The NBB

The NBB has stated in the past that, although the technology looks promising, actual use cases for distributed ledger technologies (DLTs), of which blockchain is only one particular type, are still relatively limited in number and in scope. According to the NBB, attention is particularly required concerning the use of DLT or blockchain technology, as institutions should be aware of the legal value of smart contracts or the information contained in the distributed ledger, the possible governance complications and the security or resilience threats that may exist at different nodes in the network.

The FSMA

The FSMA is the relevant regulator for virtual asset service providers and is responsible for their registration for AML purposes. Additionally it has been given the power to work out specific conduct of business rules in relation to crypto-assets and in view of the new rules introduced by MiCA.

Fintech Contact Point

So far, no concrete legislative initiatives have been taken on a national level. Furthermore, neither the NBB nor the FSMA has come up with new proposals or interpretations. However, given the importance of these evolutions, the NBB has taken various steps to enter into a dialogue with both new and established players in the market. In this context, it has set up, in co-operation with the FSMA, a central Fintech Contact Point, which deals with fintech-related questions (see 2.5 Regulatory Sandbox).

There are currently no regulations in place which explicitly detail the classification of crypto-assets. As a rule, if a crypto-asset displays the same characteristics as regulated financial or investment instruments, it may qualify as a regulated financial/investment instrument and fall within the scope of the related regulation.

In its 2017 communication on the risks of ICOs, the FSMA assessed the similarities between crypto-assets; investment instruments; means of storage, calculation and exchange; and utility tokens. In November 2022, the FSMA published a communication on the classification of crypto-assets as securities, financial or investment instruments (the “2022 FSMA Communication”), which provides some additional guidance on the most common cases where crypto-assets may classify as regulated securities, investment instruments or financial instruments. In January 2024, ESMA published draft guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments, dealing with the potential qualifications o crypto-assets as financial instruments, NFTs or hybrid tokens. These draft guidelines were published as part of a public consultation running until April 2024.

While opinion remains divided on whether cryptocurrencies should be classified as financial or investment instruments, legal doctrine would seem to prefer their qualification as a financial instrument as regards investment tokens, at least in so far as a right is obtained by the issuer.

MiCA will cover new categories of crypto-assets that are not already subject to traditional EU regulation and will introduce a prudential regime for both crypto-asset issuers and service providers.

Based on the aforementioned 2017 FSMA communication on ICOs, as well as the 2022 FSMA Communication on the classification of crypto-assets, the following (non-exhaustive) overview of possible applicable regulations should be taken into account by issuers of ICOs.

EU regulations:

• the Prospectus Regulation;
• Markets in Financial Instruments Directive (MiFID);
• Alternative Investment Fund Managers Directive (AIFMD);
• Market Abuse Regulation (MAR);
• Fourth Anti-money Laundering Directive (AMLD4);
• Fifth Anti-money Laundering Directive (AMLD5);
• the e-money directive (EMD2); and
• the Markets in Crypto-Assets Regulation (MiCA).

Belgian regulations:

• the FSMA Regulation of 3 April 2014 on the ban on distribution of certain financial products to retail clients;
• the Law of 11 July 2018 on public offers of investment instruments and on the admission of investment instruments to trading on regulated markets;
• the Law of 18 December 2016 regulating the recognition and definition of crowdfunding and containing various provisions on finance;
• the Law of 11 March 2018 on the legal status and supervision of payment institutions and electronic money institutions;
• the Royal Decree of 8 February 2022 on the status and the supervision of service providers for the exchange of virtual currency and fiat currency and custodian wallet providers; and
• the FSMA Regulation of 5 January 2023 imposing restrictive conditions on the commercialisation of virtual coins to consumers.

This list serves only as provisional guidance and in no way constitutes the full legal framework on crypto-assets and it should be seen in light of the specific circumstances at hand.

Finally, MiCA will provide a concrete legal framework for the issuance of crypto-assets that currently fall outside the scope of existing legislation, as well as for entities providing crypto-related services. With its entry into force, a common licensing regime will apply for crypto-asset issuers and service providers across the EEA member states.

Since May 2022, cryptocurrency exchanges offering crypto/fiat conversion (“virtual asset service providers” – VASPs) have been required to register with the FSMA before offering their services in Belgium. This registration process goes beyond what is required under AMLD5, such as the verification of the competence of the persons in charge of the effective management, the requirement for holding a minimum capital amount, as well as the need to operate under a specific type of company form. This regime will largely become obsolete once MiCA introduces a prudential regime for CASPs.

In addition, EU Regulation 2022/858 of 30 May 2022 on a pilot regime for market infrastructures based on DLT allows EEA-based entities to apply for an EEA-wide permission to operate DLT market infrastructures (DLT multilateral trading facilities, settlement systems, and trading and settlement systems) within a temporary regulatory sandbox regime. The new regime, which has been open since March 2023 to both new and existing market players, specifically targets the trading and settlement of crypto-assets that qualify as financial instruments under MiFID and are thus not captured within the scope of MiCA.

Lastly, the upcoming EU Regulation 2023/1113 of 31 May 2023 (alongside MiCA) will include additional requirements to ensure the traceability of any type of “virtual asset” transfer or transaction. This modification is likely to have a significant impact on any entity providing crypto-related activities, including crypto-exchanges.

Funds investing in blockchain technology (such as Amplify Transformational Data Sharing ETF and Reality Shares Nasdaq NextGen Economy ETF) currently remain unregulated.

FSMA Definition

Article 1, 6° of the FSMA Regulation of 3 April 2014 on the banning of distribution of certain financial products to retail clients, defines a virtual currency as “any kind of digital currency which is not regulated and is not a legal tender”. The terms “blockchain/crypto-asset” or “cryptocurrency” as such are not defined in Belgian regulations or regulators’ instruments, although they seem to contain a broader scope of assets.

AMLD5 Definition

In a recent amendment of the Belgian AML law, the AMLD5 definition of a “virtual currency” has now been included (ie, “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess the legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically”).

NBB Definition

Furthermore, in a circular of July 2019, the NBB indicated that cryptocurrencies are not comparable to money issued by a central bank or a public authority, due to the fact that cryptocurrencies are not considered to be legal tender. For the NBB, the term crypto-assets refers to all of those instruments that have an inherent or perceived value primarily dependent on cryptography, DLT or similar technologies.

MiCA Definition

Lastly, MiCA does not define virtual currencies as such, but defines a crypto-asset as “a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology".

Decentralised finance is a broad notion that refers to different types of services being delivered through decentralised platforms (often based on the blockchain). DeFi platforms generally allow users to undertake financial transactions without traditional intermediaries (such as banks or brokerage firms). Such services cover different types of activities, eg, lending or borrowing, “yield farming” services, stablecoin networks, etc.

There is no general consensus as to whether DeFi platforms fall within the scope of traditional financial regulations.

This will have to be assessed on a case-by-case basis depending on the type of tokens/crypto-assets used on such platforms, their general structure and the type of activities that are being conducted.

The application of MiCA is not expected to have a notable impact on DeFi platforms. Indeed, crypto-assets services “provided in a fully decentralised manner without any intermediary” and crypto-assets without an identifiable issuer are excluded from the scope of MiCA. Therefore, the regulation does not capture DeFi platforms and operations of decentralised autonomous organisations (DAOs) as long as control of the operations is truly decentralised.

NFTs and NFT platforms are in principle subject to the same rules as any other crypto-related initiative. They are, however, excluded from the scope of MiCA as well as from the FSMA Regulation of 5 January 2023 imposing restrictive conditions on the commercialisation of virtual coins to consumers. Depending on the characteristics and purposes of the NFTs or the structure and activities provided by the platforms, they could fall within scope of certain other existing regulations (eg, through a qualification as investment instruments).

The prudential rules of PSD2 were transposed into Belgian law by the Law of 11 March 2018, while the conduct of business rules were inserted in the Code of Economic Law. The open banking aspect of PSD2 has come into force in Belgium along with the Regulated Technical Standards 2018/389 of 27 November 2017 on Strong Customer Authentication (RTS SCA) in September 2019.

Consequently, credit institutions are required to provide a so-called “dedicated interface” (an application programming interface or API) for the sharing of customer data from their payment accounts, under the open-banking principle.

Lastly, although they do not bring any substantial novelties for open banking, the PSD3 and PSR proposals, if adopted, will provide for several clarifications (eg, mandatory standards for open banking services, list of prohibited obstacles for payment initiation and account information services).

Effects of RTS and PSD2

As the RTS only impose limited requirements on the dedicated interface and the contingency matters, without indicating how these results should be obtained, credit institutions were left to decide how to implement proper technical solutions, which led to difficulties for both the credit institutions and the third party providers (TPPs). However, PSD2 has also fostered innovation as it has prompted incumbents to either innovate internally or to enter into partnerships with new fintech players. In this way, open banking under PSD2 has opened up the field to new financial services providers and TPPs, such as account information service providers and payment initiation service providers. Also, new customer authentication methods have been developed or further implemented in existing applications following the RTS SCA, paving the way to a simpler and smoother user-friendly atmosphere in financial services offerings.

Amended RTS SCA

In August 2022, the European Commission amended the RTS SCA; among other things, extending the so-called 90-day exemption (which provides for an exemption from applying strong customer authentication when accessing limited payment account information for a period of 90 days), in order to fix some specific issues and extend the exemption to a 180-day period.

Certain concerns have been raised due to the open banking requirement, such as concerns about data protection risks, security measures and the risk of cyber-attacks on third-party applications and/or APIs. These concerns have also raised the question of liability should something go wrong regarding any of the above aspects (liability of the bank or of the relevant TPP).

Regarding data privacy and data security concerns, it is generally agreed that the PSD2 and the GDPR are jointly applicable regulations. Furthermore, a high level of security of financial and operational systems has become a key element. Regulation has also placed some liability with the payment initiation service providers, who are subject to an obligation to insure themselves.   

There is no specific criminal legislation on fraud in financial services. Most frauds within the financial sector fall under the definition of the generic offences, such as fraud within the definition of Article 496 of the Belgian Criminal Code. The constitutive elements of a fraud are threefold: (i) the intention to appropriate one’s belongings, (ii) the voluntary delivery of said belongings, (iii) which is induced by the use of false identities or fraudulent tactics.

Generally, victims of fraud press charges with the police but scammers and fraudsters are rarely identified, which lead many victims to bring civil claims against the financial institutions that were involved in some way in the fraudulent transactions (eg, payer’s and payee’s institution(s)).

In 2023, the Ombudsman and the FSMA (as well as other private stakeholders in the payment sectors) intensified their awareness campaigns to prevent fraud. Although these initiatives focus on their respective areas of competence, they mainly revolve around the most commonly encountered types of fraud, namely “phishing” (including “vishing”, “whaling” and “smishing”), and CEO fraud. In 2023, according to the numbers published by “safeonweb.be”, 69% of the Belgian population have been the subject of a phishing attempt.