Overview of the main constraints when building new products or solutions in the financial sector. Tips and recommendations when you want to launch a new business, imposing you to be regulated.

1. Working as/with a « Fintech »
in a regulated environment
Solenne Niedercorn-Desouches
November 2020

2. Key success factors
?+

3. Key success factors
+

4. Back to basics

5. The three EU supervisory
authorities
• European Securities and Markets Authority (ESMA)
• European Banking Authority (EBA)
• European Insurance and Occupational Pensions Authority
(EIOPA)
• Mission
• and….there is the ESRB

6. At EU level
• Regulations
• Directives
• Recommendations
• Decisions
• ITS and RTS
• Guidelines

7. At Member State Level
• Responsibility for implementing binding EU legal acts
lies primarily with the EU countries. Certain binding legal
acts require uniform conditions for implementation.
• Across EU countries : different regulators with different
powers from one country to another.
• Example: France vs Lux.

9. Regulatory framework
• Capital Requirements Directives
• Market Abuse
• Financial crime
• European market infrastructure
regulation
• Markets in Financial
Instruments Directive
• Securities Financing
Transactions Regulation
• Short selling
• Alternative Investment Fund
Managers Directive
• Payment service Directive
• Undertakings for the
Collective Investment in
Transferable Securities
• Prospectus
• Solvency
• etc…

10. EU passporting
• Freedom of establishment
• Freedom to provide services

11. Why different layers of
regulation despite « EU
harmonisation »?

12. European regulation

13. Examples
• Mortgage is very different in France vs other countries
• Savings regulation is also driven by local specific habits
and rules

14. Use case 1: Startup
Assessment

15. Your perimeter
• Value proposition and business model
• Competitors
• Target clients (retail vs institutional clients)
• Services
• Potential partnerships wit regulated institutions
• High level definition of the product(s) / Product Roadmap
• High level processes
• Home based country
• Infrastructure
• External providers

17. Your regulatory environment
• What is our current regulatory framework?
• Whats does it mean? How does it impact our strategy?
• What is our regulatory strategy?
• How is our regulator organized?
• What’s the set-up of our competitors?
• Is your product/service “new” from a regulatory
perspective?

18. Use case 1: Startup
Preparation work

20. Must Dos
• Plan your filing process as a project with a real task
force
• Request advice from specialists
• Adapt your Business Plan in consequence
• Liaise with your Shareholders/Board
• Read
• Take this process seriously / This as a great opportunity

21. Use case 1: Startup
Filing process

23. Your filing process
• From “light” to “hard”
• Rabbit vs Turtle
• Painful but structuring
• Multi disciplinary approach requiring different
competencies
• Complete sanity check of your future activity, your
partners, your processes, your IT security…

24. Dos and Dont’s
• Meet your regulator(s)
• Be precise (4 eyes principle)
• Be proactive and reactive
• Be humble and honest
• Be irreproachable and know your subject
and
• Don’t lie
• Don’t improvise
• Request some support from specialists but don’t delegate the entire filing process

25. Use case 1: Startup
Once authorized

27. A new world
• Entity with rules : Directives (AML/CTF
- Outsourcing - Compliance charter…)
• Processes in place (onboarding, BCP/
DRP, provider / SLA monitoring…)
• Reporting to the regulator(s)
• Solvency ratio to follow
• Audits to perform (internal/external)
• Governance to monitor (GA/Board/
ExCo)
• Communicate / Log your contacts with
the regulator
• Providers to monitor
• Best exec. to monitor
• Suitability tests to
perform
• Control plan to define
• Risk Matrix to set
• EBA rules to follow
• etc…

28. Must Dos
• Set pragmatic processes tailored to your entity / the size of
your team (proportionality principle)
• Build your own tools as much as you can
• Log all your to dos in a project management tool and define a
project plan
• Define your controls
• Remain aligned with what you have explained to your regulator
• Define clearly the roles according to the internal controls

29. Use case 1: Startup
Smart with regulation

31. Must Dos
• Analyse all the options according to your business
model
• Consider the local rules of your target countries
• Build a strategy and try to assess the impact on your
company
• Define your recruitment needs according to each
phase

32. Use case 1: Startup
Think one step ahead

34. Must Dos
• Prepare your next steps should you target a new
license
• Build a smart regulatory watch
• Meet regularly your pairs
• Exchange with your auditors
• Exchange with the community
• And please : build your ESG charter

35. Use case 2: Bank
Assessment

37. Love crush?
• Risk averse vs eager to risk
• Short vs long Momentum
• Incumbent vs new market
• Part vs not part of DNA
• Processed vs Agile
• Culture clash

38. Keep it simple but be
realistic

39. Must Dos
• Perform a quality assessment to avoid bad surprises (not THE full-
fledge-heavy assessment)
• Involve your Procurement / CISO / DPO early in the process
• Draft « light » contracts (incl. « light » SLA)
• Define an exit strategy
• Set some measurable KPIs and implement controls
• Perform a regulatory assessment (incl. Categorization : Outsourcing)
• Is there a need for specific authorization from the regulator?

40. Use case 2: Bank
Notification / Authorization

42. Your regulator
• Any type of material outsourcing leads to an
authorization from the regulator
• Process implies a filing
• Example in France : PSEE

43. Must Dos
• Liaise with the FinTech player to prepare your file
• Set a file aligned with the context
• Consider this process as a joint effort
• Set a small taskforce liaising with the FinTech

44. Let’s stay in touch