AUSTRIA Law and Practice Contributed by: Oliver Völkel and Philipp Ley, CERHA HEMPEL
2.5 Regulatory Sandbox Austria has a Regulatory Sandbox which is managed by the FMA. It is aimed at supporting fintech inno - vation in a controlled environment. The Regulatory Sandbox is designed to allow firms to test innovative business models that fall under financial market regu - lation but may involve legal or technical uncertainties. The Regulatory Sandbox operates through four phas - es. • Applying for the Regulatory Sandbox: applicants submit an application to the FMA. Eligibility criteria include the use of ICT, readiness for market testing and alignment with the public interest. An expert committee, the Regulatory Sandbox Advisory Board, provides an opinion on the application’s suitability. • Support: once admitted, the FMA establishes a dedicated supervisory team to work closely with the participant. This phase involves defining test parameters, milestones and any licensing require - ments necessary for the test phase. • Test phase: the participant conducts licensed activities within the agreed parameters under FMA supervision. • Final report and exit: after testing, the FMA evalu - ates the results. The business model then either transitions to regular supervision with a full licence or exits the Regulatory Sandbox if the participant decides not to pursue further regulatory approval. Participation in the Regulatory Sandbox is limited to a maximum of two years. While there are no fees for admission, standard charges apply for administrative decisions of the FMA, such as granting a licence. The Regulatory Sandbox does not offer regulatory exemp - tions, as all legal requirements must be met. 2.6 Jurisdiction of Regulators The FMA acts as the central regulatory authority for companies situated in Austria. It oversees licensing, supervision and enforcement for banks, investment firms, payment institutions and CASPs. Its jurisdiction extends to both prudential and conduct supervision. This includes the enforcement of AML requirements. The FMA therefore functions as a one-stop authority
for most fintech business models operating within the Austrian financial market. Companies providing services in Austria without hav - ing obtained the necessary licence or authorisation also fall under the jurisdiction of the FMA. Industry participants situated in another EU member state fall under the jurisdiction of their home member state. 2.7 No-Action Letters While the FMA does not formally issue “no-action” letters in the same way as US regulators such as the SEC do, Austrian law provides for a functionally equiv - alent instrument: the Auskunftsbescheid under Sec - tion 23 of the Financial Market Authority Act (FMABG). According to Section 23 of the FMABG, any party can request an official and legally binding confirmation from the FMA regarding the applicability or interpre - tation of specific provisions of financial market law in relation to a particular set of facts. The FMA will then issue an administrative decision ( Auskunftsbe- scheid ) stating whether the activity described falls within the scope of financial market regulation and whether it requires a licence or triggers other legal obligations. This binding legal assessment provides legal certainty to the applicant and while not labelled a “no-action” letter, it fulfils a similar function: it allows market participants to proceed with a proposed activ - ity with assurance that the FMA will not take enforce - ment action based on the facts submitted. In practice, the Auskunftsbescheid can be seen as the Austrian equivalent of a “no-action” letter. In addition, companies can engage in informal con - sultations with the FMA or submit enquiries to clarify the regulatory classification of their activities. These enquiries are not a substitute for formal decisions of the FMA or licensing procedures but provide specific legal certainty to fintech companies (and are usually issued much faster than the Auskunftsbescheid ). 2.8 Outsourcing of Regulated Functions Under traditional supervisory law, strict requirements apply when outsourcing regulated functions. The out - sourcing entity remains fully responsible for the proper performance of the outsourced activities and must
36 CHAMBERS.COM
Powered by FlippingBook