AUSTRIA Law and Practice Contributed by: Oliver Völkel and Philipp Ley, CERHA HEMPEL
2.15 Financial Action Task Force (FATF) Standards Austria’s AML and sanctions rules closely follow the Financial Action Task Force (FATF) standards, which are either implemented on an EU level or directly via national laws, such as the Austrian Financial Market Austrian law allows for the provision of regulated products or services from another jurisdiction under a reverse solicitation scenario without triggering local licensing requirements, provided the client initiates the contact and the firm does not actively market or solicit in Austria. Anti-Money Laundering Act. 2.16 Reverse Solicitation The reverse solicitation exemption for CASPs states that if an EU client independently and exclusively initi - ates the request for a crypto-asset service or activity from a third country firm, the requirement for that firm to obtain a MiCA licence does not apply to providing the service or activity to that client. In other words, this exemption permits third-country firms to offer crypto-asset services to EU clients who approach them entirely on their own initiative, without needing a MiCA licence. 3. Robo-Advisers 3.1 Requirement for Different Business Models Different asset classes require different business mod - els because of their distinct characteristics and regu - latory treatment. • Security tokens: these are classified as financial instruments under MiFID II. Their inclusion in a robo-adviser’s service must comply with the full suite of MiFID II requirements, including suitability assessments, best execution and appropriateness tests. ESMA has published guidelines on robo- advice, specifying particular aspects of suitability requirements of MiFID II including robo-advice. To ensure clients fully understand robo-advisory services, firms should clearly inform them about the level of human involvement and how to request human interaction. Clients should also be made
legacy players benefit from established compliance frameworks, fintechs must integrate these regulatory requirements into their innovative business models from the outset. 2.12 Review of Industry Participants by Parties Other Than Regulators Industry participants are reviewed by external audi - tors, legal and compliance advisers, IT security firms and industry associations. Statutory audits and spe - cific regulatory reviews are required for licensed firms. Larger or legacy players also conduct regular inter - nal and IT audits, while smaller fintechs often rely on external consultants. Industry bodies contribute by promoting best practices and voluntary codes, although these are not legally binding. 2.13 Conjunction of Unregulated and Regulated Products and Services Some fintech companies, in the crypto-assets field in particular, offer unregulated products such as staking or DeFi-related services alongside regulated services like custody or exchange of crypto-assets. These are often provided through the same legal entity and on the same website (or via affiliated companies), depending on the structure. The FMA also monitors the unregulated business of a licensed entity. For example, in the authorisation procedure of CASPs, the applicant also has to provide detailed information on any unregulated business that might be conducted. 2.14 Impact of AML and Sanctions Rules AML and sanctions rules significantly affect both regu - lated and unregulated fintechs. EU-harmonised AML rules apply to all regulated entities, including CASPs under MiCA. While the core obligations are similar, legacy players often have more established compli - ance infrastructures. Unregulated fintechs may still be subject to basic AML obligations under the Austrian Trade Act. Overall, AML compliance is a key supervisory focus, with increasing scrutiny across all sectors.
38 CHAMBERS.COM
Powered by FlippingBook