Fintech 2025

FINLAND Law and Practice Contributed by: Olli Kiuru, Mia Rintasalo and Essi Hietaoja, Waselius

(b) investment firms; (c) portfolio management companies; (d) central institutions of amalgamations of deposit banks; (e) holding companies of credit institution; (f) holding companies of investment firms; and (g) parent companies of financial and insur - ance conglomerates. • The second Markets in Financial Instruments Directive (MiFID II) is applicable to: (a) investment service providers; (b) market operators (including the trading venue maintained by them); (c) central counterparties; and (d) data reporting service providers. • The second Payment Services Directive (PSD2) has been transposed in Finland in two parts by way of amendments to the Payment Services Act (PSA, 290/2010) and the Pay - ment Institutions Act (PIA, 297/2010). For the most part, these amendments entered into force on 13 January 2018. Apart from certain minor details, the scope of application for the PSA and the PIA is identical, meaning that both acts apply to companies engaging in the following payment services: (a) services related to depositing or with - drawing funds in/from a payment account; (b) the management and offering of payment accounts; (c) the execution of payment transactions by means of credit transfer, transfer of funds to a service provider’s payment account, direct debit or payment card, or via an - other payment instrument; (d) issuing a payment instrument; (e) the acceptance and processing of a pay - ment transaction based on an agreement with the payee that results in a transfer of funds to the payee;

(f) money remittance; (g) payment initiation service; and (h) account information service. • Fintech entities seeking to enter the payments market should note that payment services may only be provided by a service provider that meets the requirements of the PIA and has been authorised by the Finnish Financial Supervisory Authority (FIN-FSA). The FIN- FSA must be notified about the initiation of the offering of account information services. The requirements for payment information services providers are higher – they must be authorised and have an initial and ongoing capital of at least EUR50,000. • The General Data Protection Regulation (GDPR) – in Finland, the provisions of the GDPR have been further clarified and sup - plemented in the Data Protection Act (DPA, 1050/2018), the application of which is con - sistent with Article 2 of the GDPR. However, deviating from what is stated in the GDPR, the DPA also applies to the processing of personal data in the course of an activity that falls outside the scope of EU law, and to the processing of personal data by member states when carrying out activities that fall within the scope of Chapter 2 of Title V of the Treaty on European Union. • The Packaged Retail and Insurance-Based Investment Products Regulation (PRIIPs) applies to service providers producing and offering PRIIPs products to retail investors. These include banks, insurance companies, management companies and alternative investment fund managers, and bond issu - ers. Therefore, certain fintech companies that engage in such activity – such as those in the payments, financing, wealth manage - ment, investing and insurtech sectors – fall liable to the regulatory requirements set forth in the PRIIPs, meaning that they must, inter

224 CHAMBERS.COM

Powered by