Fintech 2025

FINLAND Law and Practice Contributed by: Olli Kiuru, Mia Rintasalo and Essi Hietaoja, Waselius

10.12Non-Fungible Tokens (NFTs) Under MiCAR, the regulatory treatment of non- fungible tokens (NFTs) depends on their spe - cific characteristics rather than their mere clas - sification as “non-fungible” . MiCAR generally excludes NFTs from its scope if they are truly unique and not issued in a manner that makes them interchangeable or functionally similar to traditional financial instruments or crypto-assets. However, if NFTs are issued in large series or col - lections with characteristics that suggest they are fungible or have an investment-like nature, they may be captured by MiCAR’s regulatory perimeter. Furthermore, where NFTs qualify as financial instruments, their issuance is subject to the MiFID II regulatory framework instead of MiCAR. PSD2 requires account servicing payment ser - vice providers (ASPSPs) to allow payment users to make use of payment initiation service pro - viders and payment account information service providers to obtain payment services. In Finland, the open banking requirements have been trans - posed into the PSA. Commission Delegated Regulation (EU) 2018/389 sets more specific rules for dedicated interfaces. ASPSPs have been required to remove any obstacles identified within the shortest possible time and without undue delay (EBA/OP/2020/10). The European Data Protection Board (EDPB) has released guidelines regarding certain challenges in respect of the need for data subjects to remain in full control of their personal data (Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR). 11. Open Banking 11.1 Regulation of Open Banking

11.2 Concerns Raised by Open Banking The EDPB has set specific guidelines related to the payment user’s consent, the processing of a silent party’s data, the processing of special categories of personal data under PSD2 and data minimisation. For instance, pursuant to the EDPB’s Guidelines 06/2020, explicit consent in line with the GDPR is needed for the processing of personal data under PSD2. It is understood that banks and the authorities are still working on possible solutions to comply with the EDPB’s guidelines, such as “consent dashboards” . 12. Fraud 12.1 Elements of Fraud While specific details may vary, common ele - ments of fraud in this sector include: • false representation – providing inaccu - rate information or misrepresenting facts to deceive individuals or entities involved in financial transactions; • identity theft – illegally using someone else’s identity, personal information or financial details for fraudulent purposes, often to gain unauthorised access to accounts or to con - duct transactions; • forgery and counterfeiting – creating fake documents, signatures or financial instru - ments to deceive others and gain access to funds or assets; and • phishing and spoofing – employing deceptive tactics, such as fraudulent emails, websites or communications, to trick individuals into disclosing sensitive financial information.

242 CHAMBERS.COM

Powered by