FINLAND Law and Practice Contributed by: Olli Kiuru, Jere Lehtimäki and Essi Hietaoja, Waselius
vider’s payment account, direct debit or payment card, or via another payment instrument; • issuing a payment instrument; • the acceptance and processing of a payment transaction based on an agreement with the payee that results in a transfer of funds to the payee; • money remittance; Fintech entities seeking to enter the payments mar - ket should note that payment services may only be provided by a service provider that meets the require - ments of the PIA and has been authorised by the Finn - ish Financial Supervisory Authority (FIN-FSA). The FIN-FSA must be notified about the initiation of the offering of account information services. The require - ments for payment information service providers are higher – they must be authorised and have an initial and ongoing capital of at least EUR50,000. Data Protection In Finland, the provisions of the General Data Pro - tection Regulation (GDPR) have been further clarified and supplemented in the Data Protection Act (DPA, 1050/2018), the application of which is consistent with Article 2 of the GDPR. However, deviating from what is stated in the GDPR, the DPA also applies to the processing of personal data in the course of an activity that falls outside the scope of EU law, and to the pro - cessing of personal data by member states when car - rying out activities that fall within the scope of Chapter 2 of Title V of the Treaty on European Union. Retail Investors • payment initiation service; and • account information service. The Packaged Retail and Insurance-Based Invest - ment Products Regulation (PRIIPs) applies to service providers producing and offering PRIIPs products to retail investors. These include banks, insurance companies, management companies and alternative investment fund managers, and bond issuers. There - fore, certain fintech companies that engage in such activity – such as those in the payments, financing, wealth management, investing and insurtech sectors – are subject to the regulatory requirements set forth in the PRIIPs, meaning that they must, inter alia, prepare a key information document for each PRIIPs prod - uct that they offer to retail investors. The definition of
“retail investor” derives from MiFID II and, accordingly, means an investor other than a professional client. “Professional clients” and “non-professional clients” have been further clarified in Chapter 1, Section 23 of the Investment Services Act (ISA, 747/2012). Anti-Money Laundering The prevention of money laundering and terrorist financing is based on international standards. Specifi - cally, the purpose is to ensure that uniform customer due diligence procedures are observed in the global financial markets. Consequently, in this respect, the EU’s Anti-Money Laundering Directives, which have been implemented in the national legislation of Fin - land, derive from the recommendations of the Finan - cial Action Task Force (FATF). In Finland, the AML pro - visions have been put forth in the Act on Preventing Money Laundering and Terrorist Financing, 444/2017 (the “AML Act”). Finland has implemented Directive (EU) 2018/843 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (the “Fifth Anti-Money Launder - ing Directive”); to some extent, this is broader than the Directive requires. Cyrpto-Assets The European Markets in Crypto-Assets Regulation (EU) 2023/1114 (MiCAR) entered into force on 29 June 2023 and establishes a harmonised regime for cryp - to-assets at an EU level. The Finnish Act on Crypto- Asset Service Providers and Markets in Crypto-Assets (ACASP, 402/2024) came into force in Finland on 30 June 2024, replacing the previous Virtual Currency Providers Act (572/2019). Among other things, ACASP designates the FIN-FSA as the national authority responsible for overseeing compliance with MiCAR. Crowdfunding Crowdfunding is regulated by the Finnish Act on the Provision of Crowdfunding Services (APCS, 203/2022). Crowdfunding service providers must be authorised by the FIN-FSA in accordance with the APCS and Regulation (EU) 2020/1503 on European crowdfunding service providers for business. Authorisation, Registration or Notification Depending on the business model undertaken, fin - tech companies may require authorisation, registra -
268 CHAMBERS.COM
Powered by FlippingBook