Top 5 Legal Issues for Fintechs

Fintechs have been emerging in the Australian market rapidly, where both innovation and technology has disrupted the traditional methods of banking and providing financial services. 

Due to this growth, there are legal issues that may affect your company’s operations in Australia. There are five key legal issues that you must consider when operating a Fintech company and they include:

• Data Protection and Cyber security
• Smart Contracts
• Compliance with Regulating Bodies
• Misleading and deceptive conduct
• Robo-advisors and legal responsibility

1. Data Protection and Cybersecurity

Being a business, Fintech companies are subject to the Australian Privacy Principles within the Privacy Act 1988 (Cth) and must be compliant with using and managing personal data in the course of carrying on their business in Australia. Data is considered an important part of a Fintech’s business model, regardless of a focus on retail or investment banking. However, if your company operates with an office in the EU, it may be subject to the GDPR (General Data Protection Rules). 

Fintech companies and Cybersecurity 

Whilst the use of technology and block-chain algorithms reduce risks of data being stolen, there are potential issues of data breaches. No company is safe from the potential threat of hacking and data theft. Fintech companies often deal with highly sensitive information and may be subject to cyber attacks. 

Consequently, it is crucial that your company complies with data protection laws and is transparent to customers about your security practices, ensuring you maintain trust and confidence in relevant stakeholders and regulatory authorities. It is also therefore important that your company establishes a strong cybersecurity plan to prevent any potential cyber attacks.

2. Smart Contracts 

Smart contracts have disrupted the Fintech space because it eliminates the need for a ‘middleman’, and allows parties to digitally self-execute and enforce a binding contract. 

Smart Contracts differentiate from a standard legal contract. In fact, its name “smart contract” is quite misleading. Blockchain technologies have allowed smart contracts to be self-executing contracts where the terms of the agreement between a buyer and seller are directly written into the lines of code. 

Key features of smart contracts 

• Digital signatures – A party to the transaction will verify their participation in the contract by way of a cryptographic digital signature 
• Self-executing – Upon the terms being agreed upon, the smart contract can automatically self-execute itself without further engagement from either parties. 
• Terms – Both parties must agree upon the terms of the contract and draw on important information to confirm that these conditions are being met. 

Legal issues for smart contracts 

Fintech companies that operate with smart contracts must ensure they comply with the traditional elements of a binding legal contract. Like any standard contract, your company must refrain from engaging in duress, undue influence or unconscionable dealings, and failure to do so may render a smart contract void at law. 

While some may argue that the ‘code is the contract’, this legal issue remains unaddressed by Australian courts. Therefore, it is important that your company is transparent with the terms of the contract with the engaged parties prior to digitally signing them. 

Smart contracts have proven to be valuable in the Fintech world due to its accuracy, accountability, safety and speed. These transactions are effective as they are transparent, irreversible and traceable. Nevertheless it is vital that your company continues to adhere to the laws that regulate traditional contracts. 

For further information on Smart contracts, please see our article, ‘What is a smart contract and what are the legal implications?’

3. Compliance with Regulatory Bodies 

As a Fintech company, you must ensure that your company is compliant with all the key regulations outlined by regulating bodies such as ASIC, APRA and AUSTRAC. 

Key considerations for compliance:

ASIC Licensing Requirements 

If your Fintech company operates within the financial advisory or credit space, it must adhere to the licensing requirements of ASIC. Whether your company provides financial advice or engages in credit activities, you must ensure you comply with all licensing requirements. In some circumstances you may be eligible for exemptions to these stringent licensing. 

For further information on Fintechs and Licensing requirements, please see our article, ‘Do you need a credit license from ASIC to operate a Fintech?’ 

Anti-Money Laundering and Counter Terrorism obligations 

Generally, Fintechs may be subject to reporting obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) which enforces obligations on companies that provide ‘designated services’ with a geographic connection to Australia. 

Fintech companies providing financial services activities that are ‘designated services’ under the AML/CTF Act, may be obliged to report to Australian Transaction Reports and Analysis Centre (AUSTRAC). If this is applicable to your company, you must register with AUSTRAC as a reporting entity. 

For further information on the Fintech companies and the main regulating bodies, please see our article, ‘ How are Australian Fintechs regulated?’

4. Misleading and Deceptive Conduct 

Another key issue for Fintech companies need to consider is avoiding any misleading and deceptive conduct. As outlined by Section 12DA of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act) your company must not in trade or commerce engage in conduct that is misleading or likely to mislead. 

Fintech companies are prohibited from engaging in specific forms of misleading conduct such as: 

• Innocent misstatements;
• Negligent misrepresentations; or
• Deliberate deceit.

If your company has breached this prohibition, ASIC may enforce penalties on your company and seek redress for non-parties by way of:

• Damages;
• Substantiation notices;
• Injunctions;
• Public warning notices;
• Undertakings; or
• Compensatory orders. 

Therefore, it is highly critical that your company ensures that it undergoes due diligence with its conduct when engaging with relevant parties to avoid these penalties. 

5. Robo-advisors and legal responsibility

Lastly, it is important for Fintech companies to consider the legal impact of utilising robo-advisers in their business structure. 

Similar to smart contracts, robo-advisers have disrupted the Fintech world, transforming the way in which financial advice is given to clients.  Robo-advisers are digital platforms that enable automated, algorithm driven financial planning services without human intervention. This can potentially increase the proficiency of yourIn the financial sectors, banks and fintech companies are becoming more reliant on robo-advisers to provide support in financial services. 

Whilst this revolutionises the traditional financial services paradigm, it may lead to issues with identifying liability. Although Robo-advisers are deemed to be more efficient than a human providing financial advice, if there are issues it may be difficult to find Robo-advisers liable for common issues such as errors in their functions and operations. 

As the courts have yet to deal with issues of legal responsibility of Robo-advisers, it is still important for your company to be aware of the potential legal implications of utilising such platforms in your business structure. 

Key Takeaway Points 

Fintech companies are subject to stringent regulation in Australia, and it is therefore necessary for you to consider when operating a Fintech company. To summarise, when operating a Fintech company, you must:

• Implement strong cybersecurity contingencies and be compliant with the APPs
• Comply with regulatory bodies such as ASIC, APRA and ASIC, and fulfil licensing and reporting obligations where necessary
• Ensure that smart contracts and robo-advisers adhere to traditional regulations
• Refrain from engaging in duress, undue influence or unconscionable dealing in smart contracts
• Refrain from engaging in any form of misleading and deceptive conduct