There's a lot going on in the world of financial technology right now, so here's a post to gather some recent threads together. Please get in touch if you need assistance with any of these themes. I'm also planning an update on cryptoassets.


These are typically financial technology (or 'fintech') start-ups which begin life issuing electronic money on their path toward full banking authorisation (so they can then 'accept deposits', pay interest and make loans on a 'fractional reserve' basis). But moving from issuing €1 of e-money for every €1 of actual money 'loaded' by a customer to making loans based on deposits involves a big leap in the amount of capital (own funds) the firm must hold. Bank capital is also 'risk weighted' according to the type of loans banks make. The riskier the type of loan, the more of their own funds required. This means that marketing to 'prime' or 'low risk' customers is competitive and expensive, leaving new banks with smaller marketing budgets chasing riskier segments that require them to hold disproportionately more capital (and at higher costs) - unless they can somehow bring a lower risk customer base (and investors) along for the ride.


Nothing to do with sheep, but 'banking as a service' (hell, everything is offered as a service nowadays). 

BaaS is basically just the extension of 'cloud' IT services into regulated financial services. The presumption is that authorised firms will no longer buy or develop their own software and systems, but will instead pay a subscription to a service provider who develops, hosts and maintains all that. The authorised firm avoids the capital cost of evolving its software and systems to remain cutting edge, as well as the cost of employing and managing its own developers and other support staff...

For similar reasons, BaaS is one of a financial regulator's worst nightmares come true, since it introduces a 'central point of failure' on many fronts. As a result there are plans to bring such 'technical service providers' (as they're known in the payments space, for example) within the regulatory scope (same for 'cryptoasset service providers').

While BaaS is generally permissible, there are rules requiring authorised firms to maintain a 'head office' (senior officers and decision-making) and keep certain 'central administrative' systems in-house (as a condition of authorisation); and they must follow 'guidance' issued by various regulatory bodies on how to assess and manage the risks of any outsourcing; and detect and report problems. 

Firms also remain accountable and responsible to the regulator as if any outsourced BaaS operations and systems were still in-house, while both the 'head office' and central administrative systems - and some outsourced systems - must remain in their home jurisdiction... 

Which brings us to Brexit.


Traditionally, the UK has been a key base for European and global financial institutions, but the end of free movement of services ('passporting'), labour and capital to and from the EEA is proving awkward. UK-based players who previously served the EEA resident customers now need a dedicated EEA-based entity and vice versa (with the end of the UK's Temporary Permissions Regime fast approaching). 

For the reasons explained above, this also means duplicating management, central administrative functions and related systems (including BaaS); and raising two sets of regulatory capital. 

The European Banking Authority is making sure that EEA regulators don't tolerate a simple 'brass plate' authorisation with everything behind the scenes being done/hosted back in the UK. In addition to 'passporting' their services around the region, EEA-based institutions have more freedom to outsource/locate some functions in other EEA countries - and of course staff and capital benefit are also free to move. But those freedoms now stop at the English Channel. It also follows that a UK authorised firm can't appoint an agent in the EEA or vice versa. 

It's not uncommon for an authorised firm in one country to be approached by customers who are resident or based in other countries. Serving such customers is permitted on the basis of 'reverse solicitation' provided that certain other (very restrictive) criteria are also met. But it is extremely unlikely that reverse solicitation would provide a basis for a UK firm to deal with EEA residents at any significant scale or volume compared to the rest of its business, or vice versa. Certainly it has been ruled out by major financial institutions (even sparking complaints from EEA resident customers being 'dumped' by UK firms who chose not to set up EEA entities offering the relevant services).

This is expected to be an area of considerable supervisory focus among EEA and UK regulatory authorities, regardless of whether it undermines the pre-Brexit business plans or potential efficiencies associated with neobanks or BaaS. A significant degree of duplication is inevitable (unless and until the UK joins the Single Market).

Please get in touch if you need assistance with any of these themes.