FinTech

Peer-to-peer funding platforms and marketplace lending

There is no strict definition for marketplace lending given the wide variety of entrants and financing techniques involved. The principal characteristics of new marketplace lenders, however, would include:

• operating from or through a non-bank lending platform established as a specialist corporate or special purpose vehicle (SPV) based structure;
• applying technology to leverage and optimize the lending platform and user experience; and
• connecting borrowers and lenders through the platform rather than applying funding arising from a wider deposit-based relationship.

Marketplace lending is available to address most forms of traditional bank funding products. Products under development are generally understood to include:

• virtual credit cards;
• consumer loans;
• student lending products;
• small and medium-sized enterprises (SME) lending; and
• residential property and commercial property mortgage lending.

It is likely that the volume of lending in these product areas as well as further and additional product areas will significantly increase over the coming years, as financing becomes more readily available to support the marketplace lending sector.

How are marketplace lending platforms funding themselves?

Marketplace lending includes peer-to-peer (P2P)-type structures, often operated through an electronic platform provider as well as crowdfunding and also direct-to-retail financing mechanisms. The increase in demand for credit through these marketplace platforms has also been appealing to larger pools of available capital, such as private equity and venture capital funds, as well as institutional sponsors. Funding platforms will now often be backed by institutional finance in addition to, or rather than, individual investors on a traditional P2P basis.

Issues for startup marketplace lenders

Following the initial incorporation and startup funding for a new marketplace lending business, there will be a need to establish funding lines which can accommodate growth of the ongoing lending activities of the platform. As the startup lender will not have an established track record, deposit base or asset pools, the funding structure will often follow the format of a warehouse securitization structure. Origination of new assets will be funded through drawings on a note issuance facility backed by security over the new assets. Each of the new assets will be subject to eligibility criteria determined by reference to the nature of the underlying asset. In order to provide an efficient financing structure, the assets will typically be held through a SPV with origination and servicing provided by the marketplace lender. In order to cover expected losses on the asset pool, the senior facility will be subject to the lending platform maintaining sufficient subordinated capital in the form of equity, or a combination of equity and subordinated debt.

Blockchain, smart contracts and cryptocurrencies

What is blockchain?

Blockchain provides a new approach to holding and authenticating data. It is a database operating through distributed ledger technology in which data is recorded on computers, by way of a P2P mechanism, based on pre-agreed consensus algorithms in the applicable participating network. It is a form of database where data is stored in the chain in either fixed structures called 'blocks' or algorithm functions called 'hashes'.

Each block includes unique features, such as its unique block reference number, the time the block was created and a link back to the previous block. Each block is reviewed by a number of nodes and the block is only added to the database if the node reaches consensus that the block only contains valid transactions. Content includes digital assets and instructions which reflect the transactions and parties to those transactions. The ability to track previous blocks in the chain makes it possible to identify transactions back to the first ever transaction completed, enabling parties to verify and establish the authenticity of the assets in the latest block. This makes blockchain exceptionally accurate and secure.

Specialist users on the system apply advanced computing software to identify time stamped blocks, verify the accuracy of the blocks using sophisticated algorithms and add the verified blocks to the chain. As the number of participants increases, the replication of the data over a wider base makes it harder for any person to alter the data in the chain. Any attempted addition or modification to the information on a block needs to be approved by all users in the network and verification of any block can only happen through a 'proof of work' process. This process requires vast amounts of computing power, making it practically impossible to insert fake transactions into a block.

As a result, the data is identified and authenticated in near real-time, providing a permanent and incorruptible database sufficiently robust to operate as a store of value (eg in the case of cryptocurrencies such as bitcoin) or providing an indisputable record for example relating to securities transfer.

Blockchain is a decentralized system, created and maintained by users of the network rather than being dependent on any central or third-party intermediary. It may be public and open ('permissionless' or 'unpermissioned') or structured within a private group ('permissioned').

Permissionless blockchains include bitcoin and ethereum, in which anyone can set up a node that once authorized can validate, observe and submit transactions. The identities of the participants are not known (other than the unique and random identities known as an 'address'). Permissioned ledgers restrict participation in the network and only the specific participants are given access and are known within the network. The network is private, and only organizations that have been authorized can participate and view transactions.

What are smart contracts and Decentralized Autonomous Organizations (DAOs)?

Developments in blockchain are also providing an ability to transfer and rely on instructions verified within the electronic system in the form of so called 'smart contracts'. These contracts have been converted into code and are then executed and enforced by the blockchain network on the occurrence of an event. This reduces the need for intermediaries to collect, store and act on communicated information.

Smart contracts are essentially pre-written computer codes which are stored and replicated on distributed ledger platforms such as blockchain. Execution takes place over the network, eliminating the need for intermediary parties to confirm the transaction, leading to self-executing contractual provisions. These contracts can be as simple as moving a balance from one account to another, or advanced, more-complex interactions with the outside world using so called 'Oracles'. With Oracles the contract code consults with a service outside of the blockchain network to make a decision. This may entail receiving a confirmation that an event has occurred, such as payment, which automatically executes a further step in the contract, such as the transfer of an asset, which might be in digital form or by delivering instructions to a person or warehouse to release the asset for delivery.

DAOs are essentially online, digital entities that operate through the implementation of pre-coded rules. These entities often need minimal to zero input into their operation and they are used to execute smart contracts, recording activity on the blockchain. DAOs can be particularly challenging to regulate, depending on their software engine, the nature of the transactions they are completing or other unique features. Questions of ownership and responsibility for resulting acts of DAOs can also be brought to question if any technical issues arise with their operation.

What is a cryptocurrency?

The European Central Bank definition of a cryptocurrency is that it is a digital representation of value that is neither issued by a central bank or public authority nor necessarily attached to a fiat currency, but is issued by natural or legal persons as a means of exchange and can be transferred, shared or traded economically. The oldest and best-known cryptocurrency is bitcoin (itself based on the bitcoin platform) although many other cryptocurrencies now exist. For example, the most widely-known alternatives to bitcoin include ether based on the ethereum platform and litecoin (these cryptocurrencies are now actively traded with a large developing infrastructure for holding, pricing and exchanging currency).

Initial coin offerings and token-based products

What is an Initial Coin Offering (ICO)?

ICOs are a form of digital currency or token using blockchain technology. ICOs are often a means by which funds are raised for a new blockchain or cryptocurrency venture (the market for ICOs is currently booming). ICOs come in a wide variety of forms and may be used for a wide range of purposes. Some forms of ICOs may be directed at customers or suppliers as a form of loyalty program or a form of access or purchasing power (preferential or otherwise) in respect of assets of the issuer’s business. Other forms may be more focused on raising initial funding. It is essential to examine the legal and regulatory basis for any ICO, as an unauthorized offering of securities is illegal and may result in criminal sanctions in a number of jurisdictions. Legal analysis of the underlying token will determine if it should be treated as a specified investment or form of regulated security or is more appropriately a form of asset that is not itself subject to the regulatory regime.

Typical attributes provided by tokens will include:

• access to the assets or features of a particular project;
• the ability to earn rewards for various forms of participation on the platform; and
• prospective return on the investment.

Key aspects to consider will include the:

• availability and limitations on the total amount of the tokens;
• decision-making process in relation to the rules or ability to change the rules of the scheme;
• nature of the project to which the tokens relate;
• technical milestones applicable to the project;
• basis and security of underlying technology;
• amount of coin or token that is reserved or available to the issuer and its sponsors and the basis of existing rights;
• quality and experience of management; and
• compliance with law and all regulatory requirements.

The nature of the business and the purpose and structure of the token offering will typically be set out in a white paper available to potential purchasers.

The Abu Dhabi Global Markets free zone has set out guidance on its approach to ICOs and virtual currencies under the Financial Services and Markets Regulations (see here). The Dubai Financial Services Authority, the financial regulator of the Dubai International Financial Centre, has stated that it does not regualte any of these types of offerings and that 'these offerings should be regarded as high-risk investments'.

It should be noted that any promotion of securities in the UAE (outside of the financial free zones) will require registration with the Securities and Commodities Authority (SCA) unless a qualified investor exemption applies (which does not include individuals). Public offers of securities in the UAE are outside the scope of our answer to this question.

Artificial intelligence and robo advisory systems

Automated financial advice tools, also known as 'robo advisors' are software tools driven by artificial intelligence (AI) that provide a variety of investment advice services, from portfolio selection to personal finance planning. The systems are generally operated on a platform/personal dashboard basis; a user can input a set of personalized data to be processed by the AI algorithms, which produce optimized outcomes around specified parameters. Although generally of application in the asset management sector, AI and automated advice tools also impact in the banking and private wealth advisor sectors; the implications include decreased human involvement, although recent trends have included a growth in popularity of hybrid structures which combine AI and human inputs.

Data analysis and cloud computing

Cloud computing enables delivery of IT services through internet-based tools and applications, rather than direct connection to a physical server. Cloud-based storage makes it possible to save masses of data to remote servers, accessible through the internet rather than by way of a physical connection. With the vast data processing and storage capabilities offered by cloud computing technology and virtually no infrastructure barriers to entry, there are a number of applications in building and running FinTech businesses and the technology has had a significant impact in recent years.

General financial regulatory regime

The relevant regulation and regulator will depend on where an entity is operating in the UAE.

The UAE is a federation of seven independent emirates:

• Abu Dhabi;
• Ajman;
• Fujairah;
• Sharjah;
• Umm Al Quwain;
• Dubai; and
• Ras Al Khaimah.

The majority of regulation relevant to FinTech companies operating in onshore UAE will derive from federal laws.

The Central Bank of the UAE (Central Bank) and the Securities and Commodities Authority (SCA) are the main regulatory bodies for financial services in the UAE. Pursuant to Federal Law No. 14 of 2018 (Banking Law), the Central Bank regulates financial institutions, including those who wish to provide financing in or from the UAE. A FinTech company operating in onshore UAE conducting, for instance, peer-to-peer (P2P) lending-type activities, would require a license under the Banking Law in order to legally operate.

In addition, through changes to the UAE Constitution pursuant to Federal Law No. 8 of 2004, two 'Financial Free Zones' have been created:

• Abu Dhabi Global Market (ADGM); and
• Dubai International Financial Centre (DIFC).

These two financial free zones are entitled to make their own financial regulations and are consequently regulated separately from onshore UAE, certainly in respect of financial activities. The regulators are the Financial Services Regulatory Authority (FSRA) for ADGM and the Dubai Financial Services Authority (DFSA) for DIFC.

Both of these financial free zones have specific licensing regimes for companies wishing to operate in the financial services sector. Interestingly, however, both ADGM and DIFC have created sandbox-type regimes for FinTech companies specifically, namely: the ADGM RegLab and the DIFC's Innovation Testing License.

Although FinTech is at an early stage of development in the UAE, the UAE is promoting a number of initiatives to be at the forefront of FinTech developments, such as:

• FinTech Hive at the DIFC (see here);
• Dubai Future Accelerators (see here);
• Dubai Blockchain Strategy (see here); and
• the UAE's National Innovation Strategy (see here).

Electronic payments platforms and regulation of peer-to-peer lenders

UAE

The Regulatory Framework for Stored Values and Electronic Payment Systems (Payment Systems Regulations) issued by the UAE's Central Bank came into effect on 1 January 2017. The Payment Systems Regulations apply to Payment Service Providers (PSPs), which are effectively any entity that provides digital payment services (including using electronic, mobile or magnetic means but excluding credit and debit card payments) within the UAE.

The Payment Systems Regulations further define the concept of a PSP into four distinct sub-categories:

• Retail PSP – authorized commercial banks and other licensed PSPs offering retail, government and P2P digital payment services as well as money remittances;
• Micropayments PSP – PSPs offering micropayments solutions facilitating digital payments targeting the unbanked and under-banked segments in the UAE;
• Government PSP – federal and local government statutory bodies offering government digital payment services; and
• Non-issuing PSP – non-deposit taking and non-issuing institutions that offer retail, government and P2P digital payment services. 

The Payment Systems Regulations also apply to so-called 'Stored Value Facilities', defined as non-cash facilities, whether in electronic or magnetic form, that are purchased and used by an individual or legal person to pay for goods or services. The Payment Systems Regulations provide that these services include:

• cash-in services (the exchange of cash for digital money, which is placed in a payment account);
• cash-out services (the exchange of digital money for cash, which is taken out of the payment account);
• retail credit/debit digital payment transactions;
• government credit/debit digital payment transactions;
• P2P digital payment transactions; and
• money remittances. 

The Payment Systems Regulations also provide a list of services excluded from the Payment Systems Regulations as follows:

• payment transactions in cash without any involvement from an intermediary;
• payment transactions using a credit card/debit card;
• payment transactions using paper checks;
• payment instruments accepted as a means of payment only to make purchases of goods/services provided from an issuer/any of its subsidiaries (ie closed-loop payment instruments);
• payment transactions within a payment/settlement system between settlement institutions, clearing houses, central banks, and PSPs;
• payment transactions related to transfer of securities/assets (including dividends, income, and investment services);
• payment transactions carried out between PSPs (including their agents/branches) for their own accounts; and
• 'Technical Service Providers'.

In the above exclusions, 'Technical Service Providers' is perhaps the least apparent but these are effectively defined in the Payment Systems Regulations as an entity that 'facilitates the provision of payment services to PSPs', without at any time being in possession of or transferring any funds. Examples cited include data processors, authentication service providers, payment terminal maintenance companies and network providers.

DIFC

The DIFC Innovation Testing License provides a controlled environment for a firm to develop and test FinTech ideas without being subject to all the requirements that would otherwise apply to it as an 'Authorized Firm' under the DIFC rules and regulations. To be considered for this type of license, a firm must:

• involve innovation and the use of FinTech (ie have a business model, product or service that uses new, emerging or existing technology in an innovative way, and in a way that brings a new benefit to consumers or industry);
• involve an activity that, if carried on in the DIFC, would amount to a 'Financial Service' (or combination of 'Financial Services') within the scope of the DFSA’s regulatory regime, for example, arranging deals in investments or advising on financial products;
• be ready (or soon be ready) to start testing with customers or industry; and
• intend to roll out its business on a broader scale in or from the DIFC after it has successfully completed testing.

The testing period will be for a finite period of time, normally six to 12 months. In exceptional cases, the DFSA will consider extending that period.

Beehive was the first P2P lending platform to receive a license from the DFSA to operate in the DIFC.

ADGM

According to the ADGM RegLab brochure ('The Regime For FinTech Innovation'), the ADGM RegLab is for all participants active in the FinTech space, from startups to existing, regulated companies. To qualify, the participant must be able to demonstrate that it has an innovative technological solution that is at the stage of development ready for testing. The solution should contribute to the development of the financial sector in UAE. In particular, it should:

• promote growth, efficiency or competition;
• promote risk management and better regulatory outcomes; or
• improve consumer choices.

The first five FinTech companies to be admitted to the ADGM RegLab were announced in May 2017 (see here).

Regulation of payment services

UAE

Organizations that wish to commence and maintain digital payment services must comply with the Payment Services Regulations.

If such a service falls within the Payment Services Regulations, a company needs to make sure that they (among other things):

• apply for and obtain the requisite licenses/approvals from the Central Bank, before commencing new digital payment services;
• have the facility to store and retain all user and transaction data exclusively within the borders of the UAE (excluding the UAE financial free zones) for a period of five years from the date of the original transaction;
• three months before the implementation of any outsourcing of an operational function, have written approval from the Central Bank and ensure such services are provided onshore in the UAE under a contract which satisfies the relevant safeguard requirements;
• prepare customer service agreements which meet the required standards of the regulation and ensure those agreements are put in place with all users; and
• do not use or process any form or type of virtual currency.

Application of data protection and consumer laws

At a UAE federal law level, there is no specific federal data protection or privacy law, although there are several laws which relate to data protection and privacy. Within each UAE emirate, the applicable law is a combination of:

• federal law, which applies, in the main, across the UAE;
• the law of the emirate in which business is being undertaken (to the extent that this law is different to, but not inconsistent with, the federal law); and
• free zone legislation (such as ADGM and DIFC legislation).

The Federal Law No. 24 of 2006 on Consumer Protection defines consumer's rights and obligations and outlines certain protection measures to fight monopoly, overpricing and fraudulent commercial activities against consumers.

Money laundering regulations

The UAE Decree-law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations provides a list of criminal offences and penalties, as well as the institutional arrangements regarding anti-money laundering and combating terrorism financing. Both DIFC and ADGM have their own anti-money laundering regimes as well.

Early stage

Seed investment

Initial investment in FinTech businesses may be provided by family and friends of the founders and other high-net-worth individuals (often known as business angels) in return for an equity stake. Such seed investment is often used to fund the establishment and early growth of the business before larger investment is available. The investing individuals may also provide know-how and expertise to assist in the company's development. The seed investors would typically not require the same controls over the business as, for example, venture capital providers.

Crowdfunding

The crowdfunding sector may be appropriate for a FinTech business in the early stages. It involves members of the public investing in a business by pooling their resources through an intermediary platform, such as Crowdcube or Crowdfunder.

There are two main types of crowdfunding: equity and reward-based.

• Equity crowdfunding involves company shares being given in exchange for investment in the business.
• Reward-based crowdfunding provides investors with a tangible benefit, such as early access to a platform or application that the business is developing.

Crowdfunding offers a large number of private investors an opportunity to make small-scale investments in early-stage businesses to which they may otherwise not have had access.

In the UAE, crowdfunding was not until recently provided for and those seeking to raise capital by such means would have had to work within the general financial regulatory framework in the UAE, including in relation to offers of securities. However, in August 2017 the Dubai Financial Services Authority (DFSA) launched its crowdfunding regulatory framework for loan and investment-based crowdfunding platforms, the first such framework among the Gulf Cooperation Council countries.

Accelerators

Both the Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM) have their own accelerators, as more fully described in FinTech products and uses – particular rules; performing financial services in or from the DIFC or the ADGM requires a license from the DFSA or the Financial Services Regulatory Authority (FSRA) respectively.

Venture capital and debt

Venture capital (VC) funding is a type of equity investment usually targeted at early stage FinTech companies with an established business and some trading history. VC provides a viable alternative to traditional lending, given that the business is unlikely to have the tangible asset base or long track record needed to attract traditional debt funding from financial institutions.

Corporate venture capital (CVC) is a type of VC and involves an equity investment by a corporate fund, examples of which include Santander InnoVentures and Citigroup's Citi Ventures. The benefit of having a CVC as an investor for a FinTech startup is that the fund is able to share its knowledge and expertise of the FinTech sector with the company and act as an advisor.

An additional funding option is venture debt, which is typically structured as a three-year term loan (or series of loans), which is secured against a company's assets and includes an equity element allowing the debt provider to purchase shares in the company. However, venture debt providers will usually only invest into companies that have already received investment through VC.

Warehouse and platform funding

Warehouse financing may be suitable for FinTech companies which own a portfolio of assets. Funding is often provided by way of a loan from a small number of lenders to a special purpose vehicle (SPV). The loan is secured on the assets acquired by the SPV from the originator. The lenders will only fund a portion of the assets, with the remainder being financed by way of subordinated lending from the originator.

Some FinTech companies may see warehouse funding as a temporary form of financing to be followed by a larger capital markets transaction at a later date.

Another alternative form of funding is by way of peer-to-peer (P2P) lending platforms, which bring individual borrowers and lenders together without the involvement of traditional banks. Beehive was the first P2P lending platform to receive a license from the DFSA to operate in the DIFC.

Senior bank debt and capital markets funding

As in many jurisdictions, listings via equity capital markets or debt capital markets are an option only for those of a certain size (local securities laws present various hurdles). Other debt financing options may be possible but, at this stage, equity and VC investment is a more common funding course for FinTech developers/users.

Once a FinTech company is established and has a track record, bank debt becomes a more viable source of funding, either on a secured or unsecured basis depending on the creditworthiness and asset base of the business. In contrast to capital markets funding which is often covenant-lite, bank funding will generally involve the imposition of financial covenants and controls that will apply over the life of the facility. Bank finance may be particularly important for working capital, overdraft, accounts management and general liquidity purposes.

Incentives and reliefs

One of the biggest attractions for corporates wishing to setup in the UAE (whether offshore or in the free zones) is the fact that the UAE is a (near) tax-free jurisdiction. Setting up in onshore UAE is more difficult for international firms given the rules around local ownership; however, the financial free zones are specifically setup to incentivize international corporates. They also offer clients a 50-year guarantee of zero taxes on corporate income and profits, complemented by the UAE’s network of double taxation avoidance treaties.