LIECHTENSTEIN Law and Practice Contributed by: Christian Inmann and Markus Stelzl, Inmann Stelzl & Partner Attorneys at Law Partnership
2.6 Jurisdiction of Regulators The Liechtenstein FMA is responsible for the authori - sation, ongoing supervision and enforcement of reg - ulated financial services activities, including those carried out by fintech companies in Liechtenstein. The FMA’s jurisdiction covers, in particular, licensing requirements, prudential supervision, conduct of busi - ness rules, AML/CTF and DORA compliance insofar as these relate to financial market and services activi - ties. By contrast, industry participants that are duly licensed in another EU or EEA member state are, in principle, subject to the supervision of their home member state authority. Under the European passporting regime, the FMA’s role is generally limited to host state regula - tory authority, while primary prudential supervision remains with the competent authority in the home member state. 2.7 No-Action Letters The FMA does not issue formal “no-action” letters matching those known in certain common law juris - dictions. However, the Liechtenstein FMA provides written reg - ulatory assessment on licensing implications or the applicability of certain financial markets law. Furthermore, in practice, the FMA maintains an open and pragmatic supervisory dialogue, particularly with fintech and blockchain-based business models. Mar - ket participants may seek informal guidance of a pro - posed activity. Accordingly, although formal no-action letters are not available, early engagement with the FMA is an established and effective substitute for this, to manage regulatory uncertainty. 2.8 Outsourcing of Regulated Functions As a general rule, most regulated functions may be outsourced, provided that the outsourcing does not impair the regulated entity’s ability to comply with its legal and supervisory obligations. The regulated entity always remains fully responsible for the outsourced functions. The vendor is, therefore, subject to indirect regulatory requirements, in particu -
lar, with respect to reliability, expertise, data protec - tion, confidentiality and operational resilience. From a contractual perspective, certain minimum requirements are mandatory. Outsourcing agreements must typically include, inter alia: • clear descriptions of the outsourced services; • audit and access rights for the regulated entity and the FMA; • data protection and confidentiality provisions; There is no general obligation to outsource to a regu - lated service provider. However, if regulated services are outsourced it is mandatory to outsource to another regulated entity (eg, custody of crypto-assets may only be outsourced to another regulated CASP under MiCAR). Therefore, it is preferable and may be mandatory that services are outsourced to regulated entities. 2.9 Gatekeeper Liability To understand the law in relation to “gatekeepers”, it has to be noted that the Digital Markets Act (DMA) has not yet been implemented into EEA law and, therefore, not into Liechtenstein national law. However, a fintech located in Liechtenstein which is considered a gatekeeper under the DMA may be sub - ject to the obligations and prohibitions applicable to gatekeepers under the DMA, if it provides or offers core platform services to business users established in the EU or end users established or located in the EU. The gatekeeper regime of the DMA applies irre - spective of the place of residence or establishment and irrespective of the law otherwise applicable to the provision of services. • sub-outsourcing restrictions; and • termination and exit arrangements. In practice, fintech providers may also be subject to specific gatekeeper-type obligations under sectoral regulation, such as AML/CTF laws, the EU Digital Ser - vices Act (if they offer their services to EU clients), or crypto-asset regulation, depending on the business model. Accordingly, the extent of responsibility is
493 CHAMBERS.COM
Powered by FlippingBook