Yesterday, October 12, 2022, Congress passed the initiative after 12 months of processing. This speed is no coincidence, as it is due, among other reasons, to the need to boost the country’s growth, to the great performance and scaling capacity that Chilean Fintechs have demonstrated in recent years, and to the demand for legal certainty by all players in the ecosystem.
Below you will find 6 significant elements of this Law.
Will all Fintech services be regulated?
No, the Law regulates only certain Fintech services and, taking advantage of the opportunity, included others that until now were in a sort of legal vacuum (even if they are not characterized by being particularly innovative).
Specifically, the services regulated by the Law are (i) crowdfunding or collective financing platforms; (ii) alternative transaction systems, such as cryptocurrency exchanges; (iii) credit or investment advisory services, including B2B and B2C models; (iv) custody of financial instruments, considering that the latter concept includes cryptoassets; (v) order routing and intermediation of financial instruments; and (vi) payment initiation services.
It is important to understand that what defines the application of the Law are the characteristics of the service provided, not the type of institution that performs it. As a general rule, this implies that Fintech providers must, for each type of service, register with the Financial Market Commission (“CMF”) and apply for authorization to operate, demonstrating compliance with specific requirements.
The provision of regulated services without registration or without authorization will be considered a serious violation of the Law, and criminal liability for crimes associated with it may be aggravated in case of pretending to be registered or supervised by the CMF.
What is the Open Finance System and what does it have to do with the processing of personal data?
Following the path of other countries, the Fintech Law establishes an Open Finance System (“SFA”). In the main, the SFA seeks to promote competition, innovation and inclusion in the financial system. To meet these objectives, it involves the implementation of remote and automated access interfaces (the famous APIs), through which financial institutions supervised by the CMF will provide and have access to certain information.
In this way, they will exchange information on the general terms and conditions of financial products and services, the identification and registration of clients (whether natural or legal persons), their transaction history, and the data necessary for the provision of payment initiation services and financial portability processes.
Considering that the bill on the protection of personal data is still pending approval in Congress, several concerns arose during the legislative process of the Law. In this line, clear obligations were included for the entities participating in the SFA – among other requirements, they must obtain the prior, express, informed and specific consent of the clients to consult or share their information; observe the principles of proportionality, purpose, quality, and transparency and information in the processing operations they carry out; comply with the requirements of information security, cybersecurity together with the risk management and internal control policies established by the CMF; and report to the CMF, without delay, the incidents they suffer.
Something no less important is that the operation of the SFA may not give rise to commissions or additional charges for end clients.
Will Fintechs be subject to money laundering and terrorist financing prevention obligations?
Yes, those Fintechs that provide collective financing platform services, alternative transaction systems, custody of financial instruments, intermediation of those instruments, and payment initiation will have the status of obliged subjects according to Law No. 19,913. The same will occur with the other natural or legal persons that are under the supervision of the CMF and that have voluntarily registered in the registry of regulated entities in charge of the Financial Analysis Unit (“UAF”).
Considering that the UAF will be able to issue differentiated and proportional rules for the different types of regulated entities, this can only be seen as a positive development, since it provides certainty to Fintechs about the regulatory burden they will face in this area, and to those who deal with them, whether as investors, commercial counterparties or clients.
Does the Law address the issue of bank account closures?
Yes, given that in recent years there have been numerous cases of closure of bank accounts of both Fintechs and their clients, the legislator has established on this occasion a baseline – banks shall establish public, objective and non-discriminatory conditions under which they will offer and give access to their current account services.
Thus, banking institutions may only refuse to open, suspend or close current accounts for justified reasons and communicate this decision as soon as possible. In the notification they must state their reasons, based on specific risks or failure to comply with the above-mentioned public, objective and non-discriminatory conditions.
Ok, I am clear on the first 4 things I should know about the Act. Will there be more regulation to comply with?
Yes, definitely. The Law establishes a general legal framework for regulated services, but entrusts the CMF with the issuance of a profuse secondary regulation. This basically implies that the CMF will progressively specify and detail how this new body of law will be applied through General Norms (NCG).
For example, NCGs will cover the form and means of submitting applications for registration with the CMF, the specific information to be provided by Fintech providers to their clients, the corporate governance and risk management standards to be met by them, the conditions for implementing and operating the SFA and the standards to be met by the APIs of the participating institutions.
When will it become effective?
An important part of the Law will be enforceable 30 days after its publication in the Official Gazette, however, deferred effective rules have also been established for some of its provisions.
In the latter group are, for example, those related to the applications for registration and authorization to be submitted to the CMF by regulated Fintech service providers, including those for payment initiation. For this purpose, there will be a period of 12 months from the entry into force of the NCG to be issued by the CMF. If the requests are not submitted within such term, or if the CMF does not obtain the authorization of the CMF, the referred providers must refrain from continuing to provide their services and may only carry out acts tending to conclude their operation, notifying their clients of such circumstance.
In the same sense, the CMF will have to issue the necessary regulations for the gradual implementation of the SFA within a period of 18 months from the publication of the Law.
As az, we consider that the approval of the Fintech Law means a great advance for the development of the industry at a national level. The regulation will undoubtedly bring new challenges to those who offer this type of services, not only with respect to compliance, but also in relation to prevention and education in this type of matters.
For more information please contact our az Tech team:
Eugenio Gormáz | Partner | egormaz@az.cl
Gonzalo Navarro | az Tech Director | gnavarro@az.cl
Francisca Franzani | Compliance Director | ffranzani@az.cl
Florencia Fuentealba | Associate Compliance | ffuentealba@az.cl
Antonia Nudman | Associate IP, Tech and Data | anudman@az.cl
Constanza Pasarin | Associate IP, Tech and Data | cpasarin@az.cl
Natalia González | Associate IP, Tech and Data | ngonzalez@az.cl