Skip to main content
Insight

New Italian regulations on fintech regulatory sandbox

Locations

Italy

  1. The Italian Fintech Sandbox Decree
The Ministry of Economy and Finance issued on 30th April 2021 the ministerial decree no. 100/2021[1] (the “Italian Fintech Sandbox Decree”) which set forth the conditions and procedures necessary for the creation in Italy of a fintech regulatory sandbox  for the innovation of financial, banking and insurance sectors (the “Italian Fintech Sandbox”). The Italian Fintech Sandbox Decree shall entry into force on 17 July 2021.
 
  1. The fintech committee
Pursuant to the Italian Fintech Sandbox Decree, it is constituted a fintech committee chaired by the Ministry of Economy and Finance which will operate with the help of the secretariat of the Department of Italian Treasury of the Ministry of Economy and Finance (the “Committee”).
The followings are permanent members of the Committee: the Italian Ministry of the Economic Development, the representative of the Italian authority for the European affairs (autorit√† politica delegate per gli affari europei), the Governor of the Bank of Italy, the President of Consob, the President of IVASS, the President of the antitrust authority (AGCM), the President of the data privacy authority, the President of the Italian digital agency (agenzia per l’Italia digitale) and the director of the Italian tax authority (Agenzia delle Entrate).
The Committee would:
  1. observe and monitor the evolution of fintech sector at domestic and international level;
  2. facilitate discussion among the fintech companies and the Italian authorities;
  3. coordinate the activities among the Italian authorities;
  4. coordinate the activities between the Italian authorities and the foreign authorities;
  5. manage the activities under monitoring;
  6. request to an authority to clarify the application of laws and regulations;
  7. prepare amending regulation(s) to be submitted to the evaluation of the competent commissions held within the Italian Parliament or provide for the issuance of non-binding guidelines;
  8. promote the issuance of amending regulations towards the European competent legislative and regulatory bodies.
The Committee would meet at least on a quarterly basis (and in any case every time a member of the Committee requests for a meeting).
 
  1. The activities subject to monitoring
Pursuant to the Italian Fintech Sandbox Decree, a company might file an application to enter the Italian Fintech Sandbox for any activities having the following features:
  1. any reserved activity or any activity which requires the enrollment within the registers held by the Bank of Italy, CONSOB or IVASS;
  2. any other activity that, even if   it is ordinarily treated as “reserved” or requiring the enrollment within the registers held by the Bank of Italy, CONSOB or IVASS, is not subject to any authorisation and/or enrollment within supervised registers, as it falls within some applicable exclusion provided by the Law, including when the activity is not performed towards the public (svolta nei confronti del pubblico) or it is performed towards a limited number of entities  (svolta nei confronti di un pubblico circoscritto);
  3. any activity that consists in a service or activity affecting regulated areas of the banking, financial or insurance sectors to be provided in favour of an entity supervised or regulated by at least one supervisory authority referred to under letter (B) of paragraph 3 (The activities subject to monitoring) above, having its registered office or a branch in Italy, or in favour of an entity having its registered office in another Member State of the European Union and operating in Italy under the freedom to provide services;
  4. any activity that is carried out by an entity supervised or regulated by at least one of the supervisory authorities referred to under letter (B) of paragraph 3 (The activities subject to monitoring) above, having its registered office or a branch in Italy, or by an entity having its registered office in another Member State of the European Union and operating in Italy under the freedom to provide services.
 
  1. The requirements
The admission to the Italian Fintech Sandbox would be conditional upon the relevant activities to be performed meeting the following requirements:
  1. the activity would be performed through information technologies, or would innovate banking, financial or insurance services and/or products;
  2. the activity which would be performed by the applicant, would need a derogation to one or more law(s), regulation(s) or guideline(s) which might apply to the activities listed from letter (A) to (D) of paragraph 3 (The activities subject to monitoring) ;
  3. the activity would bring added value for at least one of the following matters: (a) benefits to end users in terms of quality of service, promotion of competition, access conditions, availability, protection or costs; (b) efficiency of the financial system or involved operators; (c) easier or more effective application of banking, financial and insurance sector regulation; (d) improvement of the systems, procedures or internal processes of the operators active in the banking, finance and insurance field;
  4. the activity would be in a sufficiently advanced state for testing;
  5. the activity would be economically and financially sustainable or otherwise would have adequate financial coverage;
  6. with reference to the activities listed under letter (B) of paragraph 3 (The activities subject to monitoring) above, it is provided sufficient evidence that the entity applying for admission would apply (in the event of a positive outcome at the end of the trial period) for an authorisation or request for enrollment within the competent registers.
Italian Fintech Sandbox Decree sets the requirements necessary to submit the application for any of the activities listed under letters (A), (B), (C) and (D) of paragraph 3 (The activities subject to monitoring) above. Access to the trial is not allowed:
  1. to entities subject to over-indebtedness procedures (procedure da sovraindebitamento), to commercial entrepreneurs subject to bankruptcy or reorganisation proceedings and to collective commercial entrepreneurs (imprenditori commerciali in forma collettiva) under liquidation on the basis of the applicable laws;
  2. commercial entrepreneurs required, by the applicable laws, to draw up balance sheets, in case the balance sheets for the preceding five financial years or, if established within a shorter period, since their incorporation, have not been approved and filed within the Companies’ Register.
Italian Fintech Sandbox Decree also clarifies that prior to the submission of the application it is possible to liaise on an informal basis with the competent authorities through the dedicated section that will be set in the authorities’ websites.
 
  1. Submission of the application
The application might be filed towards the competent authorities depending on the activity to be performed.
Applications can be submitted during time intervals (up to a maximum of 60 days) to be communicated from time to time by the competent authorities to the Committee.
The entity applying for the Italian Fintech Sandbox would be requested, inter alia, to provide the following documents:
  1. a detailed description of the project, its objectives, its duration, the expected added value within the meaning provided under number (iii) of paragraph 4 (The requirements) above, the reasons why a trial is required and a description of the novelty elements referred under number (i) of paragraph 4 (The requirements) above;
  2. a proof of concept addressing the sustainability of the project;
  3. an indication, where applicable, of the supervisory guidelines or acts of a general nature adopted by the supervisory authorities, as well as of the rules or regulations adopted by the same supervisory authorities, concerning: 
    1. capital requirements;
    2. the simplified requirements proportionate to the activities to be performed;
    3. the perimeters of operations;
    4. reporting requirements;
    5. time limits for the granting of authorisations;
    6. the professional requirements of corporate representatives;
    7. corporate governance and risk management profiles;
    8. the admissible corporate forms, also by way of derogation from the corporate forms provided for by the Italian legislative decree no. 385 of 1 September 1993 (the “Consolidated Banking Act”), Italian legislative decree no. 58 of 24 February 1998 (the “Consolidated Financial Act”) and Italian legislative decree no. 209 of 7 September 2005 (the “Private Insurance Act”); and
    9. the financial guarantees, if any;
of which the derogation (in whole or in part) is requested during the trial period and the reasons for which the derogation is requested;
  1. an assessment of potential risks and the specific indication and description of the appropriate measures that will be taken to control them;
  2. the specific tools put in place to protect users, which shall include at least: (a) the correct and complete information about the experimental nature of the project and the risks involved; (b) the mechanisms for collecting informed consent to enter into a relationship with the subject admitted to the trial; (c) the right to terminate the contract at any time with at least fifteen days' notice, without any costs or penalties related to the termination; (d) the forms of communication to the public regarding the admission to the trial, the activities to be tested and the possibility that the activities may not continue at the end of the trial period; (e) the mechanisms for prompt compensation in the event of liability of the service provider admitted to the trial;
  3. a description of the potential impacts on the termination of the trial of the fintech project with the features of the measures necessary to manage such impacts.
The project shall be subject to trial for a maximum period of 18 months; upon termination of such period, with the consent of the competent authority the monitored entity might file for an extension of the trial period.
 
  1. The procedure for the admission to the Italian Fintech Sandbox
Each competent supervisory authority shall, upon receipt of the request, evaluate:
  1. the completeness of the request;
  2. whether the conditions for the admission are met;
  3. whether the request for derogation of applicable laws, regulations or guidelines is appropriate;
  4. whether the activity, in the manner in which it is proposed, might result in a case of circumvention of legal or regulatory provisions, other than those for which the derogation is requested;
  5. the appropriateness and effectiveness of:
    • the risk mitigation measures to be taken;
    • the instruments adopted for the protection of the users, also through appropriate guarantees and insurances;
    • the forms of communication to the public and, where appropriate, the existence of guarantees or insurances in the event of liability towards end users;
    • the measures planned to be taken at the end of the trial period; and
  6. in connection with the activities under letters (C) and (D) of paragraph 3 (The activities subject to monitoring) above, performed by, or towards an entity resident in an EU country and performing its activities under the freedom to provide services regime in Italy, if the exercise of its supervisory powers ensures adequate protection of users, also in view of the controls carried out by the supervisory authority of the other  EU country.
The evaluation of the application shall be summarised within a report and forwarded to the Committee's technical secretariat within 45 days to be calculated from:
  1. the end of the deadline for submission of applications for admission to the trial period (in the case of a given application time interval);
  2. the day of submission of the request (in the absence of a given application time interval).
In case of positive response from the authorities, the applicant would be provided with a communication stating the admission within the Italian Fintech Sandbox.
Following the letter of confirmation, the entity admitted to the trial period would be enrolled within a special register to be held by the secretariat of the Committee and to be published within the website of the Committee.
During the whole trial period the relevant authority (i) shall monitor the activities performed by the entity within the Italian Fintech Sandbox and (ii) might amend the terms under which the entity can remain within the Italian Fintech Sandbox by extending or restricting the list of the derogated law provisions or guidelines.
For the purposes of the trial, the competent authority may, in compliance with the law of the European Union and with the principles of proportionality and equality of competition between operators:
  1. for the activities listed under letter (A) of paragraph 3 (The activities subject to monitoring) above:
    1. grant authorisations with a less extensive scope than the one provided for in general terms by law, with regard to the volume of the activity, the type of services provided, the characteristics and number of end users, the manner in which the service is provided and its duration;
    2. provide, in the event of registration, for limits on operations, with respect to those provided for in general terms by the law, with regard to the volume of activity, the type of services provided, the characteristics and number of end users, the manner in which the service is provided, and the duration;
    3. allow derogations from provisions contained in a regulation issued by itself, concerning:
      • capital requirements;
      • the simplified requirements proportionate to the activities to be performed;
      • the perimeters of operations;
      • reporting requirements;
      • time limits for the granting of authorisations;
      • corporate governance and risk management profiles; and
      • the financial guarantees, if any;
    4. allow the adoption of a corporate form other than the one provided for by the consolidated law on banking and credit, referred to the Consolidated Banking Act, the Consolidated Financial Act, and the Private Insurance Act, or mitigated professional requirements for corporate officers;
  2. for the activities listed under letters (C) and (D) of paragraph 3 (The activities subject to monitoring) above, allow the supervised or regulated entities involved in the trial to derogate from the provisions contained in a regulation of their own issuing in the matters concerning:
    1. the requirements for admission to the trial;
    2. the cases in which an activity may be admitted to the trial;
    3. the cases in which an extension is allowed;
    4. capital requirements;
    5. the simplified requirements proprtionate to the activities to be performed;
    6. the perimeters of operations;
    7. reporting requirements;
    8. time limits for the granting of authorsations;
    9. the professional requirements of corporate representatives;
    10. corporate governance and risk management profiles;
    11. the admissible corporate forms, also by way of derogation from the corporate forms provided for by the Consolidated Banking Act, the Consolidated Financial Act and the Private Insurance Act;
    12. the financial guarantees, if any; and
    13. the process after the end of experiment;
also with reference to limited areas of operation;
  1. derogate from its own supervisory guidelines or from a general act of its own, providing alternative criteria for compliance with the regulations to which the guidelines refer;
  2. revoke admission to the trial:
    • for inactivity of more than three months;
    • at the request of the subject admitted to the trial;
    • when the prerequisites for admission no longer apply;
    • in case of violation of legal or regulatory provisions;
    • in the event of non-compliance with the provisions listed as applicable in case of admission to the trial period;
    • when the activity poses risks to the stability of the banking, financial and insurance system, the integrity of the markets or the protection of the end users; or
    • when, during the trial, the circumstances listed under letters (a) and (b) of paragraph 4 (The requirements) above occur.
The measures above:
  1. identify the forms and contents of the communications that take place during the trial period;
  2. require the subjects admitted to the trial to promptly notify the competent authority if any of the conditions for admission to the trial no longer apply.   In any case the notification shall be made within ten days since the failure to meet the above-mentioned conditions, without prejudice to when the prerequisites for admission no longer apply, in case of omitted or delayed notification;
  3. provide that the end users to whom the services are offered:
    • must expressly consent to enter into a relationship with the subject admitted to the trial, after having been duly informed of the experimental nature of the project and of the risks involved;
    • have the right to terminate the contract by giving at least fifteen days' notice, without charge or penalty related to termination;
    • are promptly compensated, in case of liability of the subject admitted to the trial. In order to ensure timely compensation to the end users, the measure of admission to the trial may provide that the service provider shall hold a financial or insurance guarantee;
  4. identify the operations necessary for the orderly termination of existing relations as well as any other measure to protect the end users, in the event that the activity does not continue at the end of the trial or pending the obtainment of any authorisation or registration.
For the activities listed under letter (A) of paragraph 3 (The activities subject to monitoring) above the withdrawal of the admission to the trial may entail the withdrawal of the authorisation issued for the exercise of the activity admitted to the trial or, in case of registration, the cancellation.
 
  1. Termination of the trial period
Upon occurrence of the end of the trial period the entity whose activity has been admitted to the Italian Fintech Sandbox, would:
  1. submit to the competent authority a document summarising its remarks; and
  2. communicate to the public relevant information about the activity carried out during the trial period and within the framework of the Italian Fintech Sandbox.
The monitored entity which, upon the occurrence of the end of the trial period, wishes to continue performing its activities, might alternatively:
  1. submit a request for an extension of the trial period; or
  2. submit a request for the obtainment of the necessary authorisations to the competent authority.
 
  1. Language of the documents
According to the Italian Fintech Sandbox Decree, each document to be provided to the authorities or the Committee in accordance with the Italian Fintech Sandbox Decree must be in Italian language or, upon express request of the applicant, English language (exception made for the request for filing (domanda di ammissione) that must be submitted exclusively in Italian language).
***
The Italian Fintech Sandbox Decree constitutes a key step for Italy to develop the fintech sector in the safe harbour provided by the sandbox. The issuance of the decree represents also an interesting opportunity for third countries players that wish to enter the Italian fintech market.
 
Andrea Turati
Matteo Colavolpe
 

Sign up to our email digest

Click to subscribe or manage your email preferences.

SUBSCRIBE