FRANCE Law and Practice Contributed by: Sylvain Clavé and Germain Chaux, Clavé Avocat
2.4 Variations Between the Regulation of Fintech and Legacy Players French law does not distinguish between “fintech” and “legacy” players. As a result, the regulatory bur - den is determined by the specific financial services provided and the scale of the associated risks. A prin - ciple of proportionality is generally applied in favour of smaller fintech companies by the French regulators. The regulation is therefore activity-based and strictly tied to the nature of the services provided rather than the type of entity. Legacy players (banks, insurers, EMI, ISPs, etc) are in a monopolistic position and generally operate under institutional frameworks, such as CRR3/CRD6 for banking or Solvency II for insurance, with strong capital requirements, specific governance schemes and systemic risk-prevention obligations. A key distinction remains for fintechs acting purely as technology providers (eg, pure AI providers, regtech, or Software as a Service (SaaS) for banks – as long as they do not provide payment or investment services). These players often remain outside the direct scope of financial licensing. 2.5 Regulatory Sandbox Because they are mindful of the rapid evolution of the market, French regulators have established dedicated teams (such as the Prudential Supervision and Reso - lution Authority’s ( Autorité de contrôle prudentiel et de résolution – ACPR) Pôle Fintech-Innovation ) and events (such as the AMF-ACPR Fintech Forum) to pro - vide guidance for entrepreneurs. France has therefore opted for a proportional support model rather than regulatory sandboxes. This landscape is evolving in 2026: following the EU AI Act, France is establish - ing a dedicated AI sandbox that shall be effective by August 2026. 2.6 Jurisdiction of Regulators The French regulatory landscape is defined by a “Twin Peaks” model, with two authorities operating in sepa - rated fields. The ACPR (prudential supervision), attached to the Banque de France, is in charge of preserving the sta - bility of the financial and banking system. It grants
authorisations for banking, payment services and insurance. Its jurisdiction covers solvency, capital requirements and AML procedures. The AMF (market conduct supervision) is an inde - pendent authority focused on market integrity and investor protection. The AMF is in charge of granting licences for portfolio management companies, ECSPs and DASPs. In some cases, the ACPR and the AMF work together – for instance, for the approval of activity programmes for entities applying as ISPs: if the licence is formally granted by the ACPR, the AMF oversees how their products are marketed to the public. 2.7 No-Action Letters There is no possibility for French regulators to issue “no-action” letters like those of the US SEC; only the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) may issue such recommendations. On 10 June 2025, the EBA issued a formal “no-action” letter (EBA/Op/2025/08) addressing the interplay between PSD2 and MiCAR. Since e-money tokens (EMTs) are legally classified as “funds”, the EBA confirmed that their transfer or cus - tody for third parties constitutes a payment service, theoretically requiring a dual authorisation as both a CASP and a payment institution. This letter introduced a transitional period ending on 2 March 2026, which was further clarified by an EBA opinion on 12 February 2026, regarding supervisory priorities. For the French ecosystem, the ACPR has implemented a simplified licensing process, allow - ing CASPs to submit a lightened payment institution application provided their activities are strictly limited to EMTs. However, this administrative simplification does not extend to prudential requirements: firms must meet the own funds standards of both MiCAR and PSD2 cumulatively and ensure that capital is not mutualised between the two regimes. 2.8 Outsourcing of Regulated Functions The framework for outsourcing in France relies on the principle that, while operational responsibility can be delegated, regulatory responsibility remains strictly non-transferable. Moreover, regulated functions can
289 CHAMBERS.COM
Powered by FlippingBook