Insights 27

Financial Stability
Institute
FSI Insights
on policy implementation
No 27
Regulating fintech
financing: digital banks and
fintech platforms
By Johannes Ehrentraud, Denise Garcia Ocampo,
Camila Quevedo Vega
August 2020
JEL classification: G18, G21, G23, G28, O30, O38
Keywords: fintech, regulation, digital banking, fintech

platforms, crowdfunding, fintech credit, fintech balance
sheet lending
FSI Insights are written by members of the Financial Stability Institute (FSI) of the Bank for International
Settlements (BIS), often in collaboration with staff from supervisory agencies and central banks. The papers
aim to contribute to international discussions on a range of contemporary regulatory and supervisory
policy issues and implementation challenges faced by financial sector authorities. The views expressed in
them are solely those of the authors and do not necessarily reflect those of the BIS or the Basel-based
committees.
Authorised by the Chairman of the FSI, Fernando Restoy.
This publication is available on the BIS website (www.bis.org). To contact the BIS Media and Public
Relations team, please email press@bis.org. You can sign up for email alerts at
www.bis.org/emailalerts.htm.
© Bank for International Settlements 2020. All rights reserved. Brief excerpts may be reproduced or
translated provided the source is stated.
ISSN 2522-2481 (print)

ISBN 978-92-9259-422-0 (print)
ISSN 2522-249X (online)
ISBN 978-92-9259-423-7 (online)
Contents
Executive summary ........................................................................................................................................................................... 1
Section 1 – Introduction ................................................................................................................................................................. 3
Section 2 – Regulation of digital banking ............................................................................................................................... 9

Digital banking-specific licensing frameworks ........................................................................................................... 10
Initiatives to facilitate market entry ................................................................................................................................ 13
Section 3 – Regulation of fintech platform financing ....................................................................................................... 18

Fintech balance sheet lending .......................................................................................................................................... 20
Crowdfunding .......................................................................................................................................................................... 24
Section 4 – Concluding remarks ................................................................................................................................................ 31
References .......................................................................................................................................................................................... 34
Regulating fintech financing: digital banks and fintech platforms iii

Regulating fintech financing: digital banks and fintech platforms1
Executive summary
This paper explores how fintech financing is regulated. New technology-enabled business models
related to deposit-taking, credit intermediation and capital-raising have emerged. These are digital
banking, fintech balance sheet lending and crowdfunding platforms (the latter two are referred to as
fintech platform financing). In this paper, we provide a cross-country overview of the regulatory
requirements for these fintech activities in 30 jurisdictions. The paper is based on an extensive desktop
review of regulations and related documents, complemented by responses to an FSI survey conducted in
early 2019.2
The proliferation of new technology-enabled business models has raised questions about
the regulatory perimeter. Authorities are assessing whether their existing regulatory framework needs
to be adjusted. Their response will likely depend on (i) how they see potential risks to consumers and
investors, financial stability and market integrity; (ii) their assessment of how these new activities might
benefit society in terms of strengthening financial development, inclusion and efficiency; and (iii) how risks
are dealt with under the existing framework and whether opportunities for regulatory arbitrage have
emerged. The overall challenge for authorities is to maximise the benefits of fintech innovations while
mitigating potential risks for the financial system.
For digital banking, most jurisdictions apply existing banking laws and regulations to
banks within their remit, regardless of the technology they apply. From these jurisdictions, a few have
put in place initiatives that are intended to ensure that new banks find it easier to enter the market by
allowing them time to complete their build-out or to meet the requirements of the prudential framework
in full.
In the few jurisdictions that have set specific regulatory frameworks for digital banks, the
main licencing and ongoing requirements are similar to those for traditional banks. Applicants for a
digital bank licence face requirements on the place of incorporation and legal form, sustainability of
business plan, minimum paid-up capital, fitness and propriety of management, risk governance
frameworks and documentation of the exit strategy. They also face requirements on ownership and
control, although these may be different to those applicable to other banks. After obtaining a digital bank
licence, licence holders are subject to the same ongoing requirements as traditional banks on capital,
leverage, liquidity, anti-money laundering/combating the financing of terrorism (AML/CFT), market
conduct, data protection and cyber security.
The main difference between licensing requirements for traditional and digital banks is in
technology-related elements and the aims of the business plan. Digital banks face restrictions on their
physical presence and, in some cases, the market segments they are allowed to serve. Their fit and proper
1
By Johannes Ehrentraud (Johannes.Ehrentraud@bis.org) and Denise Garcia Ocampo (Denise.GarciaOcampo@bis.org), Bank for
International Settlements and Camila Quevedo Vega (caquevedo@superfinanciera.gov.co), Financial Superintendence of
Colombia.
The authors are grateful to the contacts at the central banks and financial authorities from the jurisdictions covered in this
paper; to Sharmista Appaya, Juan Carlos Crisanto, John Cunningham, Jon Frost, Kinga Huzarski, Fabiana Melo, Jermy Prenio,
Nobu Sugimoto and Greg Sutton for their helpful comments; to Mathilde Janfils for valuable research assistance, and to Martin
Hood, Esther Künzi and Christina Paavola for their helpful support with this paper. The views expressed in this paper are those
of the authors and not necessarily those of the BIS, the Basel-based standard setters or the covered jurisdictions listed in Annex
Table 1.
2
The survey covered most of the jurisdictions covered in this paper, except Chinese Taipei, Finland, India, Korea, Malaysia and
Portugal.
Regulating fintech financing: digital banks and fintech platforms 1

requirements tend to be more prescriptive in relation to board members’ expertise in technology; a
satisfactory track record in operating a technology business; and assessments of technical infrastructure
by independent third-party technical experts. In addition, some jurisdictions require digital banks to
demonstrate a commitment in driving financial inclusion, particularly for underserved and hard-to-reach
market segments.
Most surveyed jurisdictions have no specific regulatory framework for fintech balance
sheet (FBS) lending. In these jurisdictions, FBS lending is subject to regulations for non-bank lending.
Requirements on the extension of credit, however, vary considerably across countries and the
responsibility for supervising this activity does not necessarily lie with the financial authority. Brazil is the
only surveyed jurisdiction that has introduced a specific licensing framework for FBS lending.
Many surveyed jurisdictions have introduced crowdfunding (CF) regulations. The regulatory
setup, however, varies across jurisdictions and is influenced by a jurisdiction’s overall supervisory
architecture, as well as the differences in risks that loan and equity CF entail. Separate frameworks were
most often implemented for equity CF. In these cases, a third of surveyed jurisdictions have a specific
framework exclusively for equity CF. This is twice the number of jurisdictions that have frameworks for loan
CF. For multi-type frameworks, about half of surveyed jurisdictions have an exclusive regulatory framework
for loan and equity CF. In jurisdictions without a dedicated regulatory framework for crowdfunding, it is
subject to existing banking, securities and payments regulations.
Dedicated regulatory CF frameworks typically have two broad sets of requirements, where
the first set is intended to regulate how platforms may operate, which activities they can perform
and what they must do to mitigate the risks they incur. In most surveyed jurisdictions, equity or loan
CF platforms must be authorised before they can offer services. In terms of requirements, most surveyed
jurisdictions require CF providers to operate under a specific legal form and have a minimum amount of
paid-in capital. Even though they are allowed to broker multiple financial instruments, in most jurisdictions
restrictions limit the ability of crowdfunding providers to invest in the financial instruments they
intermediate. In most jurisdictions, crowdfunding platforms are subject to capital, business continuity and
operational resilience and AML/CFT requirements.
The second set of requirements is intended to protect investors and make them aware of
potential risks by disclosing relevant information. Most loan and equity CF frameworks have
requirements as to how information should be provided; on conducting due diligence checks on borrowers
and/or issuers; and on procedures for selecting potential borrowers or projects and publishing related
information. Apart from requirements related to disclosure and due diligence, there may be several other
restrictions to protect investors. Commonly used investor protection tools include restrictions on the
holding of clients’ funds, operating secondary markets or caps on investments or funds raised.
2 Regulating fintech financing: digital banks and fintech platforms

Section 1 – Introduction
1. This paper explores how fintech financing is regulated. Following the conceptual framework
in Ehrentraud et al (2020) (Graph 1), we assess fintech activities that channel funds to people and
companies. These are digital banking and fintech platform financing (fintech balance sheet lending as well
as loan and equity crowdfunding).3 For this purpose, we define these activities as follows (see Box 1 for
background information on the emergence of these activities).
• Digital banking. Banks engaged in digital banking are deposit-taking institutions that are
members of a deposit insurance scheme and deliver banking services primarily through electronic
channels instead of physical branches. While they engage in risk transformation like traditional
banks, digital banks4 have a technology-enabled business model and provide their services
remotely with limited or no branch infrastructure.
• Fintech platform financing refers to electronic platforms (not operated by commercial banks)
that provide a mechanism for intermediating financing over the internet.5 In doing so, they make
extensive use of technology and data. We distinguish two types:
− Fintech balance sheet lending refers to electronic platforms that use their own balance sheet in
the ordinary course of business to intermediate borrowers and lenders over the internet, ie they
grant loans at their own risk. Because these non-bank lenders do not take deposits, they have to
rely on other sources of funding, such as own equity capital, debt issuance or securitisation of
the loans they originate.
− Crowdfunding refers to the practice of matching people and companies raising funds from those
seeking to invest for a financial return without the involvement of traditional financial
intermediaries.6 The matching process is performed by a web-based platform that solicits funds
for specific purposes from the public. Depending on the type of funding provided, we distinguish
between loan crowdfunding and equity crowdfunding.7, 8 In either case, individual contracts are
established between those in need of funding and those seeking to invest or lend, so that the
platform itself does not undertake any risk transformation.
3
These activities may be performed by financial intermediaries whose core business is financial services; or by big techs, ie large
companies whose core business activity is typically of a non-financial nature. See Cornelli et al (forthcoming). Regulatory
frameworks, however, do not distinguish between fintech and big tech firms.
4
Alternative terms used by market participants and regulators are virtual banks, internet-only banks, neo banks, challenger banks
and fintech banks. In contrast, online banking is often used to refer to a service provided by traditional banking institutions
that allows their customers to conduct financial transactions over the internet.
5
Alternative terms used for lending-related fintech platform financing activities (ie loan crowdfunding and fintech balance sheet
lending) are marketplace lending or peer-to-peer (P2P) lending. While these terms are often used to refer to any activity that
involves an online lending platform, in their strict meaning, lenders in P2P lending are exclusively individuals whereas in
marketplace lending institutional funders may be involved as well. In practice, however, P2P and marketplace lending are often
used interchangeably.
6
In line with Ehrentraud et al (2020), crowdfunding as defined in this paper excludes reward and donation crowdfunding because
these activities do not entail a financial return.
7
While both loan crowdfunding and fintech balance sheet lending can be considered fintech credit (see Claessens et al (2018)
and CGFS-FSB (2017)), in this paper we differentiate between the two because regulatory frameworks often treat loan
crowdfunding and fintech balance sheet lending differently (Ehrentraud et al (2020)).
8
While all equity crowdfunding platforms intermediate funding to private companies in the form of equity, some may also
intermediate funding in the form of debt or other types of securities (see Section 3). Because of this, the term investment
crowdfunding is sometimes used by regulators or market participants.

Fintech tree: a taxonomy of the fintech environment Graph 1
Source: Illustration by authors based on Ehrentraud et al (2020).
2. Digital banks have attracted an increasing number of customers, although this may have
been affected by the Covid-19 pandemic. In Europe, entities engaged in digital banking have attracted
more than 15 million customers since 2011 and could reach up to about one fifth of the population over
the age of 14 by 2023.9 A similar trend was observed in the United Kingdom, where digital banks have
nearly tripled their customer base from 2018 to 2019.10 The Covid-19 pandemic, however, may have
affected the growth of digital banks, which appears to have slowed lately.11
3. Fintech platform financing, although small, is growing fast. On a global level, transaction
volumes more than doubled from USD 145 billion12 in 2015 to USD 304.5 billion in 2018.13 With a share
of 71%, China was by far the biggest market in 2018, followed by the Americas (21%) and Europe (6%)
(Graph 2). At the activity level, loan crowdfunding contributes about 83% of the overall volumes, followed
by fintech balance sheet lending (14%) and equity crowdfunding (3%).
9
See www.kearney.com/financial-services/article/?/a/european-retail-banking-radar-2019. The definition of digital banking
used as basis for Kearney’s figures may vary somewhat from the one used in this paper.
10
https://newsroom.accenture.com/news/uk-neobanks-near-20-million-customers-in-2019-but-customer-and-deposit-growth-
rates-slow-according-to-research-from-accenture.htm.
11
See eg www.cbronline.com/feature/coronavirus-is-challenger-banks-biggest-challenge-yet.
12
See KPMG and CCAF (2016).
13
Data are based on regional reports by the Cambridge Centre for Alternative Finance (CCAF) and its research partners. Data on
fintech platform financing provided by other sources may vary because of differences in the definitions of business models and
how data are collected.

Fintech platform financing per region and type of activity in 2018 Graph 2
Fintech platform Fintech balance sheet Loan Equity

financing lending crowdfunding crowdfunding
USD 304.5 billion (100%) USD 41.9 billion (14%) USD 251.3 billion (83%) USD 9.4 billion (3%)
Note: Transaction volumes for each activity were calculated as follows. Fintech balance sheet lending is the sum of balance sheet business
lending and balance sheet consumer lending; loan crowdfunding is the sum of peer-to-peer (i) business lending, (ii) consumer lending
and (iii) property lending (a loan secured against a property to a consumer/business borrower); equity crowdfunding is the sum of seven
crowdfunding activities: (i) equity-based, (ii) revenue/profit-sharing (eg securities, and sharing in the royalties of the business), (iii) debt-
based (eg bonds or debentures at a fixed interest rate); (iv) invoice trading (eg invoices/receivable notes at a discount); (v) real estate
(eg equity/subordinated-debt financing for real state); (vi) mini-bonds (eg unsecured retail bond) and (vii) community shares.
Source: FSI staff calculations based on CCAF (2020). Donation- and reward-based crowdfunding were excluded. Data are based on
regional reports by the Cambridge Centre for Alternative Finance (CCAF) and its research partners. The CCAF surveys active platforms in
each region and cross-checks transaction volumes through direct contact, secondary data sources and web-scraping methods. Please
note that the numbers might not add up due to rounding.
4. The fintech developments described above have raised questions on how an appropriate
regulatory framework should look. For novel fintech activities that are not yet captured by the existing
regulatory framework, the overarching question is whether they should be inside or outside the regulatory
perimeter.14 If they are inside, the question is how regulatory requirements should look.15 For fintech
activities that are already subject to existing regulations, the question is whether adjustments can foster
innovation and/or competition while not compromising other policy objectives such as financial stability
and customer protection; or whether stricter requirements are called for.
5. This paper provides a cross-country overview of the regulatory requirements for digital
banking and fintech platform financing. It covers 30 jurisdictions (Graph 3) and is based on an extensive
desktop review of regulations and related documents, complemented by responses to an FSI survey16
conducted in early 2019.17 Sections 2 and 3 describe the range of licensing and ongoing regulatory
requirements for digital banking, including transitional arrangements in the startup phase, and fintech
platform financing. Section 4 offers considerations for financial authorities and concludes.
14
The regulatory perimeter describes the boundary that separates regulated and unregulated financial services activities and
determines the type and scope of rules (eg on licensing, safety and soundness, consumer/investor protection and/or market
integrity) applicable to firms conducting regulated activities.
15
Questions related to the regulatory perimeter have been discussed at the international level. In 2017, the Financial Stability
Board identified 10 supervisory and regulatory issues raised by fintech that merit authorities’ attention. One recommendation
is to assess the regulatory perimeter and update it on a timely basis (FSB (2017)). Similarly, two policy elements in the IMF/World
Bank Bali Fintech Agenda are closely related to the regulatory perimeter of fintech. These are element VI (adapt regulatory
framework and supervisory practices for orderly development and stability of the financial system) and element VIII (modernise
legal frameworks to provide an enabling legal landscape with greater legal clarity and certainty regarding key aspects of fintech
activities).
16
The survey covered most of the jurisdictions covered in this paper, except for Chinese Taipei, Finland, India, Korea, Malaysia
and Portugal.
17
In a similar vein, World Bank and CCAF (2019) report key findings from a global regulatory survey among 111 jurisdictions on
the global regulatory landscape for alternative finance; and World Bank (2020) reviews progress in prudential regulatory
practices related to fintech, including credit.

Jurisdictions covered Graph 3
For the EU, only individual countries are shown. See Annex Table 1 for a complete list of jurisdictions.
Source: FSI.
Box 1
Background: emergence of fintech financing
Improvements in digital infrastructures and technology are increasingly reshaping the way funding is accessed. Over
the last decade, more people have gained access to faster communication networks and services. Internet speed
and bandwidth have improved, while mobile phones have become more affordable and widely used. For example, in
the OECD, mobile broadband penetration rates increased from around 30% in 2009 to over 100% in 2018 (Box
Graph 1). These developments have improved digital connectivity and – coupled with advances in cloud computing,
artificial intelligence and machine learning – have put web-based technologies in the spotlight as a way to
intermediate funding.
Digital connectivity: download speed and mobile broadband penetration Box Graph 1
(*) The typical download speed of 5G networks ranges from 150 Mbit/s (shown in the graph) to 200 Mbit/s.
Source: Lo (2018) and OECD.

Changing customer expectations are creating demand for digitally provided financial services. The ubiquity
of digital technology is transforming the way customers interact with financial institutions. Consumers want financial
services that are customer-centric, easy to use, frictionless, paperless, low-cost and always available. In addition,
because financial services provided digitally can be accessed from anywhere, customers are no longer bound by their
physical location but can more freely choose the financial institution of their choice to obtain funding. This may be of
particular importance for underserved communities in emerging market economies, who would otherwise have no
access to financial services.
In response, incumbent financial institutions are seeking to leverage technology when providing access to
funding. They have launched efforts – sometimes working with technology companies – to digitise processes, adjust
products and services or otherwise improve how they engage with customers digitally. But many are held back
by legacy systems that no longer meet current standards. This leads to complex IT landscapes that, without overhaul,
may not be agile enough to live up to more demanding customer expectations.
New competitors place technology at the heart of their business model. The innovative business models of
these new market entrants would not be possible without recent advances in financial technology (fintech). By
making extensive use of technology, they aim to provide their customers with broader access to improved financial
services. They are unburdened by legacy systems, expensive branch infrastructure, and, in some cases, tarnished brand
value after the global financial crisis.
Digitally driven providers of funding may foster financial inclusion by reaching more people and businesses.
By operating online, they may be able to reach customers in rural areas where it would not be economical to operate
branches. If their costs are lower than those of traditional financial institutions, they may be able to quote lower prices
for the same risk – making their services more widely affordable. By making use of big data, including alternative forms
of data such as those derived from social media or other non-financial business lines, they may be able to offer
unsecured credit, or serve clients whose creditworthiness are hard to assess using more traditional means, in particular
individuals who lack formal credit histories or small and medium-sized enterprises (SMEs).
From a customer perspective, people and businesses now have a range of options at their disposal to raise
funds for their needs (Box Graph 2). Depending on the alternatives available in a given country, they may choose to
apply for a loan at a traditional bank by visiting a branch and interacting with a human loan officer; or they may choose
a bank that operates without physical branches – the loan is sought online, with little or no human involvement.
Alternatively, they may choose a non-bank lender, ie a financial institution that makes loans without taking deposits.
Like banks, non-bank lenders may operate primarily through either physical branches or electronic
channels. Another option is to raise funds – either as a loan or, in the case of companies, in the form of equity –
from a large number of individuals or institutional funders, the “crowd”. This happens exclusively online because
borrowers and investors are connected online by so-called CF platforms.
Funding options for people and businesses Box Graph 2
Source: FSI.

 Since the 1990s, peak data rates of broadband cellular network technologies have increased from Kbit/s (2G mobile network) to Gbit/s
(5G). See https://kenstechtips.com/index.php/download-speeds-2g-3g-and-4g-actual-meaning.  For example, a first step for many
banks has been to upgrade their front-end applications, without changing the back-end infrastructure.  In addition, some banks have
launched technology-focused ventures that differ from their more traditional brand franchise (eg Marcus by Goldman Sachs, Holvi by BBVA,
imaginBank by CaixaBank or Openbank by Santander).  www.knowis.com/blog/legacy-modernization-this-is-how-banks-put-their-it-
in-the-fast-lane.  The paper adopts the FSB definition of fintech, defined as technologically enabled innovation in financial services that
could result in new business models, applications, processes or products with an associated material effect on financial markets and
institutions and the provision of financial services (FSB (2017)).  For example, social media data may include the number of posts
written by a borrower or how often he or she is mentioned in other posts (Wales (2018)).  In addition, as non-bank providers of
funding, they are said to stimulate competition in a market often dominated by banks, and to enlarge investment and diversification
opportunities for consumers and other borrowers.  See Frost (2020) for a discussion on the economic forces driving fintech adoption
across countries; Cornelli et al (2019) provide an overview of recent innovations in the financing of SMEs, including fintech credit, in Asia;
Frost et al (2019) discuss the comparative advantage of certain large fintech firms (big tech) in financial intermediation.  Irrespective of
whether a loan is sought from a bank or non-bank lender, prospective borrowers may engage a loan broker to find the best deal in the
market.  Companies may also raise capital from capital markets. This form of financing, however, is not open to SMEs or startups due to
the costs and requirements involved. Another alternative to raise funds is through initial coin offerings (ICOs). But ICOs are associated with
increased risk of fraud and manipulation in some jurisdictions because the markets for these assets are less regulated than in traditional
capital markets. For a regulator’s perspective on ICOs, see eg www.sec.gov/ICO.

Section 2 – Regulation of digital banking
6. Digital banks conduct the same type of business as other banks, incurring similar risks. Like
traditional banks, digital banks can offer a full range of banking products and services to their customers.
Both are licensed to take deposits and use the deposited money to carry out their banking activities (eg
granting loans). Consequently, they incur similar financial risks, including credit risk, market risk and, to
some extent, liquidity risk. However, for digital banks, certain types of risk such as operational or cyber risk
may be accentuated due to the nature of their operation.
7. What sets them apart is how they deliver their services. Digital banks deliver their services
primarily, if not exclusively, over the internet. If they have physical branches at all, they have very few.
Instead, they largely interact with their customers through digital platforms, on computers or mobile
devices. For this, they rely heavily on digital technologies, connectivity and advanced data capabilities.
Thanks to the lack of legacy IT systems and branch infrastructure, digital banks are said to have a cost
advantage over traditional banks.
8. Most jurisdictions apply existing banking laws and regulations to banks within their remit,
regardless of the technology they use. This means that when applying for a banking licence, entities
with a technology-enabled business model in principle face the same licensing procedures and
requirements as applicants with a more traditional business model. They may benefit however from
initiatives that are intended to ensure that new banks are able to enter the market. This could be in the
form of a transitional scheme that allows market entrants some time before they have to meet the
requirements of the prudential framework in full (Australia); or a “mobilisation” approach, which allows
new banks, once authorised, to complete their build-out under restrictions before starting to trade fully
(United Kingdom). In addition, some authorities have issued additional specific guidance on authorisation
requirements that apply to applicants with fintech oriented business models (eg ECB (2018)). Graph 4
provides an overview of digital banks licensed under existing banking regulations.
Licensed banks with technology-enabled business models Graph 4
Graph shows examples of licensed banks with technology-enabled business models in selected jurisdictions without dedicated licensing
frameworks for digital banking.
(*) Licensed under the Restricted Authorised-Deposit-taking Institution framework. (**) Nubank is not a Bank according to Brazilian
regulation, but a Payment Institution that also controls a Credit and Financing Company (Sociedade de Crédito e Financiamento).
Sources: Publicly available licensing registers; national authorities.

Digital banking-specific licensing frameworks
9. Specific licensing frameworks for digital banks exist in a handful of jurisdictions. In Chinese
Taipei, Hong Kong SAR,18 Korea, Singapore and the United Arab Emirates (Abu Dhabi Global Markets),
specific regulations took effect in 2018 or 2019. In Malaysia, the central bank is expected to finalise its
framework in 2020. In Malaysia and Singapore, the licensing frameworks incorporate transitional schemes
(Table 1). In terms of restrictions placed on digital bank licences, these may be on digital banks’ physical
presence and the number of physical branches they are allowed to maintain. In addition, some licence
types allow licence holders to provide banking services only to specified segments of the market.
Otherwise, digital banks are typically free to offer the same banking products and services as non-digital
banks.19 Graph 5 provides an overview of digital banks licensed under dedicated licensing frameworks.
Specific licensing frameworks for digital banks Table 1
Transitional
Regulatory status Licence restrictions to specific market segments
scheme
Chinese Taipei Internet-only bank No None
Hong Kong SAR Virtual bank No None
Korea Internet-only bank No Retail and SMEs
Malaysia Digital bank Yes None
Digital full bank Yes None
Singapore
Digital wholesale bank No SMEs and other non-retail customers
United Arab Digital bank No None
Emirates (ADGM)
ADGM = Abu Dhabi Global Markets.
Source: National regulations; regulators’ press releases; FSI survey.
18
In Hong Kong SAR, while there is only one type of banking licence (ie that of a “licensed bank”) for both virtual banks and
conventional banks, “Chapter 9: Authorization of virtual banks” of the HKMA’s Guide to Authorization is relevant only for virtual
banks. Chapter 9 sets out the principles which the HKMA will take into account in deciding whether to authorise “virtual banks”
applying to conduct banking business in Hong Kong. See HKMA (2018).
19
However, as for non-digital banks, authorities have the discretion to impose restrictions on the activities an entity is allowed to
perform on a case-by-case basis.

Digital banking licences granted under dedicated licensing frameworks Graph 5
(*) In December 2019, the FSC granted “Toss Bank” a preliminary licence to operate as internet-only. See
www.fsc.go.kr/downManager?bbsid=BBS0048&no=147277.
Sources: Publicly available licensing registers; national authorities.
10. In these jurisdictions, the main licensing requirements for digital banks are similar to those
for traditional banks. Applicants for a digital bank licence face requirements on the place of incorporation
and legal form, sustainability of business plan, minimum paid-in capital, fitness and propriety of
management, risk governance frameworks and documentation of the exit strategy (Table 2). Where
transitional schemes are in place, in the entry phase, some of these requirements do not have to be met
in full or on a proportionate basis.
11. Digital banks are subject to ownership and control requirements, although these may be
different to those applicable to other banks. First, digital banks may need to be owned or controlled
by local citizens. In Singapore, digital full banks are required, among others, to be controlled by
Singaporeans, which is presumed by MAS if the Singaporean and/or their related parties hold the largest
shareholding and have effective control over the proposed DFB.20 In Malaysia, applications for digital bank
licences are assessed on whether they are in the national interest, with preference given to applicants
where the controlling equity interest resides with Malaysians.21 Second, in contrast to traditional banks,
non-financial companies may be allowed to become controlling shareholders. In Korea, a non-financial
company may own up to 34% of an internet-only bank (instead of up to 4% of other banks). In Chinese
Taipei, non-financial companies may own up to 60% of internet-only banks but at least one of the founders
needs to be a bank or a financial holding company, with a shareholding of 25% or above.
20
For other banks incorporated in Singapore, there are no explicit provisions relating to control by local citizens but the approval
of the Minister needs to be obtained before acquiring, or holding share(s) with 5% or more of total votes attached to all voting
shares.
21
In Malaysia, the approval of the central bank needs to be obtained before acquiring or disposing 5% or more of total votes
attached to all voting shares in the licensed bank. Additionally, approval of the Minister is required where it involves acquisition
of aggregate interest in shares of more than 50% or controlling interest in the bank, and for any disposal that results in the
person holding less than 50% or ceases having control.

12. In addition, under specific licensing frameworks, digital bank applicants face stringent
requirements on technology-related elements. First, fit and proper requirements tend to be more
prescriptive in relation to board members’ expertise in technology. For instance, internet-only banks in
Chinese Taipei must demonstrate that more than half of the board of directors comprises industry experts
with backgrounds in banking, financial technology, e-commerce, communications or related fields.
Second, a satisfactory track record in operating a technology business may be required. For example, in
Singapore, applicants must have a track record in operating an existing business in their respective
technology or e-commerce field. Third, the technical infrastructure may need to be assessed by external
parties. For example, digital bank applicants in Abu Dhabi Global Markets, Hong Kong SAR and Malaysia
must engage an independent third-party technical expert to assess the adequacy and soundness of their
IT governance and systems.
13. In some jurisdictions, specific licensing frameworks require digital banks to foster financial
inclusion. This is the case for Malaysia and Singapore, where digital bank applicants are required to
demonstrate during the application process their ability to serve customer needs and reach underserved
and hard-to-reach market segments. In other jurisdictions, there is a more general expectation for virtual
banks to help promote financial inclusion.
Licensing requirements for digital banks Table 2
AE HK KR MY SG TW
General licensing requirements
Legal form and place of incorporation      
Ownership structure/control   * *  *
Long term sustainability of the business plan      
Fitness and propriety test      
Minimum paid-up capital   **   
Sound risk culture: risk governance frameworks      
Exit plan      
Technology-related licensing requirements

Fitness and propriety test on technology fields -     
Track record in technology -  -   -
Third-party assessment of IT systems   -  - -
Financial inclusion      -
(*) Requirements on who is allowed to own and/or control digital banks differ from those applicable to traditional banks. In Malaysia, while
not a mandatory requirement, preference is given to applicants where the controlling equity interest resides with Malaysians.
(**) Internet-only banks have a minimum capital requirement of KRW 25 billion; other banks KRW 100 billion.
 Requirement applies in full from the start.  Compliance not required in full in the initial phase of transitioning schemes. – Not explicit.
Source: National regulations.
14. After obtaining a digital bank licence, licence holders generally face the same ongoing
regulatory requirements as their traditional counterparts. In all digital banking frameworks, licence
holders are subject to the same ongoing regulatory requirements on capital, leverage, liquidity, AML/CFT,
market conduct, data protection and cyber security as traditional banks. Like them, digital banks may

benefit from a proportionate application of the prudential framework, depending inter alia on their relative
size and complexity.22
Initiatives to facilitate market entry
15. A few surveyed jurisdictions have initiatives to facilitate the establishment of new banks.
These were implemented in jurisdictions both with a digital banking-specific framework (Malaysia and
Singapore) and without (Australia and the United Kingdom).
• In Australia, applicants may apply for a restricted licence and make use of a transitional period or
apply directly for a full licence (Graph 6). Restricted licence holders are not subject to the full set
of regulatory requirements but can only conduct a limited range of business activities. At the end
of the transitional period, they are either awarded a full licence – if all requirements are met – or
must wind up their banking business.
Requirements of Australia’s restricted route Graph 6
ADI=authorised deposit-taking institution.
Source: APRA (2018).
• In Malaysia, a firm, once licensed as a digital bank, is allowed to conduct the full range of banking
business but is subjected to a simplified regulatory framework in its initial phase of operations
(Graph 7).23 Once the firm can demonstrate that all conditions are met, and has been in the
transitional phase for a period of time, the business restrictions imposed under the transitional
scheme are lifted. Digital banks will be required to comply with all equivalent regulatory
requirements applicable to incumbent banks after the entry/foundational phase.
22
The use of proportionality in implementing the Basel Framework in a manner consistent with the Core principles for effective
banking supervision is supported by the Basel Committee on Banking Supervision (BCBS) and the Basel Consultative Group
(BCG) (BCBS-BCG (2019)). In a report issued in 2019, the BCBS found that most jurisdictions apply some form of proportionality
measures (BCBS (2019)). For further information on proportionality practices, see Castro et al (2017), Hohl et al (2018) and
Duckwitz et al (2019).
23
Key features of the simplified regulatory framework include (i) a capital adequacy requirement: The risk categories to calculate
the credit and market risk components for risk-weighted assets under Basel II capital framework have been rationalised into
simpler categories; and (ii) a liquidity requirement: Some 25% of the digital bank’s on-balance sheet liabilities must be held in
high-quality liquid assets. The digital bank may, with the regulator’s approval, opt to observe the equivalent regulatory
framework of a licensed bank in its initial phase of operations, if it can demonstrate its ability to do so.

Operational progression of licensed digital banks Graph 7
Source: Central Bank of Malaysia (2020).
• In Singapore, the licensing framework provides for a phased-in approach for Digital Full Banks
(DFB) (Graph 8). A Restricted DFB can commence operations on a limited scale with restrictions
on business scope and deposit-taking activities, but does not have to meet the paid-up capital
requirement in full. Subsequently, the restrictions on business scope and deposit-taking activities
and minimum paid-up capital requirement of the Restricted DFB will be progressively increased
until it is a fully functioning DFB, ie restrictions are lifted but the minimum paid-up capital
requirement increases to the same level as existing full banks.
Two-stage process for becoming a fully functioning Digital Full Bank Graph 8
Source: MAS (2019).
• In the United Kingdom, firms may opt to take the mobilisation route, which allows new banks,
once authorised, to become fully operational and complete their build-out under restrictions
before starting to trade fully.24 Mobilisation is intended to give prospective new banks some
certainty while raising capital or investing in infrastructure. Firms using mobilisation are subject
to the full set of regulatory requirements and the UK regulators’ Threshold Conditions25 are
considered proportionately according to the risks posed by the application during
24
www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/new-bank/new-bank-start-up-unit-
guide.pdf?la=en&hash=30E5AF0EAEB35E5E857C7187416AA5A46DDA4117#page=24.
25
The PRA’s and FCA’s Threshold Conditions, which must be met by a firm at authorisation and on an ongoing basis, form the
basis of each regulator’s assessment of licence applications. For more information on the PRA’s and FCA’s Threshold Conditions
see www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/new-bank/thresholdconditionsfactsheet.

mobilisation.26 Banks that mobilise may carry on all the activities they have been granted
authorisation for but will usually have a requirement placed on their authorisation to limit the
amount of business they can undertake.27 If a firm is unable to complete mobilisation within 12
months, or to the required standard, its authorisation may be removed. Graph 9 illustrates the
road to becoming an authorised bank in the United Kingdom.
The road to authorisation Graph 9
Source: Authors’ illustration.
16. Initiatives to facilitate the establishment of new banks differ in terms of the length of the
entry phase, restrictions imposed on business activities while it lasts and conditions for exiting it
(Table 3).
• Length of the entry phase. Jurisdictions with digital banking-specific frameworks appear to have
longer entry phases (two to five years) than those that do not (one to two years) but firms are
generally encouraged to complete the entry phase as soon as possible.
• Restrictions during the entry phase. In Malaysia, under the proposed framework, digital banks
are expected to have a balance sheet of not greater than RM 2 billion in size (about EUR 405.7
million28). In Singapore, restricted digital full banks (DFB) (i) cannot take deposits of more than
SGD 50 million (EUR 31 million) in aggregate or SGD 75,000 (EUR 46,400) from any one individual;
(ii) can accept deposits only from a limited range of customers such as business partners, staff
and related parties; (iii) can offer only simple credit and investment products; and (iv) cannot
establish banking operations in more than two overseas markets. In Australia, restricted
authorised deposit-taking institutions (ADIs) are expected to have (i) a balance sheet of not
greater than AUD 100 million (EUR 60.8 million); (ii) deposits in protected accounts not greater
than AUD 2 million (EUR 1.2 million); and (iii) a limited customer base (eg staff, their relatives and
some early adopters). In the United Kingdom, the total deposits that a new bank following the
mobilisation option can accept is usually GBP 50,000 (EUR 55,470).
• Conditions for completing the entry phase. During the entry phase, authorities are monitoring
firms’ progress towards reaching compliance with the full regulatory framework (Australia,
26
As such, mobilisation does not reduce or waive any prudential minimum requirements but acts as a lever to proportionality.
27
Similarly, in the FCA’s regulatory sandbox, the full set of regulatory requirements has to be met, ie there is no possibility to
waive certain requirements so that firms can test new products. Firms that are carrying out regulated activity must apply and
be approved for the relevant regulatory permissions, on which restrictions will be placed.
28
Conversion rates as of 10 August 2020.

Malaysia, Singapore); or progress in completing their mobilisation activities so that the bank
becomes ready to be fully operational (United Kingdom). To aid monitoring, authorities typically
ask for timetables with defined milestones against which they check progress. Before allowing
firms to exit the entry phase, authorities assess compliance inter alia with the following elements.
− Capitalisation. In Australia, Malaysia and Singapore, the minimum paid-up capital requirement
is initially lower, ie capital needs to be built up in the transitional phase. In Australia, restricted
banks are required to hold AUD 3 million capital funds at all times, plus an AUD 1 million
resolution reserve. In Malaysia, digital banks would be required to maintain minimum capital
funds of MYR 100 million (EUR 20.3 million) during the entry phase, and MRY 300 million (EUR
60.8 million) at the end of the entry phase. In Singapore, a minimum paid-up capital requirement
for a restricted DFB at the entry point of SGD 15 million (EUR 9.3 million) is progressively raised
to SGD 1.5 billion (EUR 930 million) at the end of the entry phase. In the United Kingdom, one of
the mobilisation activities may include fully capitalising the bank but this depends on its nature
and business model. The minimum capital requirement in mobilisation, however, is not lower
than for banks not in mobilisation.29
− Appointment of senior staff. In the entry phase, banks are expected to finalise their senior
management appointments and recruitment of initial staff members. Authorities in Singapore,
Australia and the United Kingdom require firms to submit fitness and proprietary assessments or
declarations for relevant personnel.30 In Malaysia, the proposed key responsible persons must
demonstrate fulfilment of the fit and proper criteria issued by the Central Bank of Malaysia (BNM).
− Finalisation of documented policies and procedures. In the application, a firm may only submit
high-level descriptions of its policies and procedures in relation to risk management and control
structures, recovery and business continuity, IT infrastructure, systems and outsourcing
arrangements. Before a firm can exit the entry phase, key policies and procedures must be fully
documented for inspection by the authority.
− Viability and sustainability of the business model. In Singapore, the MAS will assess the
restricted DFB based on factors such as strength of internal controls, frequency and type of
compliance breaches, customer complaints and sustainability of business performance. In
Malaysia, the BNM analyses the feasibility of the business plan and the resulting ability to meet
regulatory requirements.
29
In the United Kingdom, the capital requirement during the mobilisation phase is often set at the minimum requirement as
required by the European Capital Requirements Directive (CRD), plus an add-on for wind-down costs. Art 12 CRD allows
Member States to grant authorisation to particular categories of credit institutions based on an initial capital of less than EUR
5 million, but above EUR 1 million.
30
In Australia, those who hold key positions within the proposed restricted ADI are assessed in accordance with Prudential
Standard APS 520 Fit and Proper. In Australia the Bank Executive Accountability Regime (BEAR) also applies. In the United
Kingdom, the Senior Managers and Certification Framework (SMCR) is intended to ensure individuals applying for senior
management functions are suitable. In Singapore, the proposed bank is expected to hire certain staff (Chief Finance Officer,
Chief Risk Officer, Chief Technology Officer, Chief Information Security Officer and Head of Compliance/AML) at least six
months before the start of operations.

Key features of initiatives to facilitate entry into the banking market Table 3
Specific framework General framework

MY SG AU GB
Timeframe for transitional/mobilisation phase
12-months or less - - - 
Up to 2 years - -  -
2 to 5 years   - -
Restrictions on licence holders in transitional/mobilisation phase
Caps on assets size  -  -
Caps on deposits -   
Limited base of customers -   -

Limits on location (overseas operations) -   -
Limits on products to be offered -   -
Restricted status to be disclosure to clients - -  -
Criteria assessed for exiting transitional/mobilisation phase
Bank is fully capitalised    *
Appointments of senior management are completed    *
Key policies and procedures are finalised  -  *
Financial performance, value added and development of business    *
model are assessed to be sufficient
 Applicable; – Not explicit in regulation or does not apply. (*) When a firm exits mobilisation upon completion of all its mobilisation
activities, the PRA takes a decision on varying the authorised firm’s scope of permission. For a positive decision, the PRA needs to be
satisfied that its Threshold Conditions will continue to be met if the requirement restricting the business the firm can undertake is removed.
That might necessitate, for example, senior management appointments or more sophisticated policies or systems.
Source: National regulations; national authorities.

Section 3 – Regulation of fintech platform financing
17. Fintech platform financing (FPF) refers to those fintech activities that are facilitated by
electronic platforms and provide a mechanism for intermediating funding over the internet.
Building on the definitions in Section 1, we distinguish between two types. The first, fintech balance sheet
(FBS) lending, refers to credit activity facilitated by non-bank lenders that use their own balance sheet to
provide credit to borrowers through electronic channels. The second, crowdfunding, refers to the practice
of matching lenders and borrowers (loan crowdfunding – loan CF) or investors and investees (equity
crowdfunding – equity CF) online. When they meet, one party receives the needed financing for business
or consumption purposes and the other party makes an investment.31 The matchmaking is performed by
internet-based CF platforms that typically collect structured information from borrowers or investees;
conduct due diligence assessments, assign scores and filter out unviable funding requests; establish prices
for different levels of risk; and initiate or execute payment transactions between parties or engage third-
party payment providers to do so.32 For their service, CF platforms charge origination, servicing or other
types of fees, instead of earning profits from bearing risks themselves.
18. While finance is intermediated in all FPF activities, there are important differences. First,
FBS lending and crowdfunding rely on different sources of funding (Table 4). Crowdfunding channels funds
from the wider public to fund seekers, and providers of funds have a say in what project they wish to invest
in or who they wish to lend to. In contrast, FBS lenders can make these decisions themselves because they
use their own capital or money received mainly through debt issuance. The different sources of funding
also mean that CF platforms are not engaged in risk transformation but FBS lenders are. Second, there are
different types of fund raiser involved. Funds raised in equity CF are exclusively for projects or companies
such as startups or SMEs. This is in contrast to FBS lending and loan CF, where funds may also be raised
for other purposes such as consumption.
Elements of different types of fintech platform financing Table 4
Sources of funding Fund raisers Main regulated activity

Use of own Collection Retail/ Businesses/ Making Issuing,
balance of funds private projects loans offering or
sheet from many customers (lending dealing in
investors business) securities
Fintech balance sheet    
lending
Loan crowdfunding    
Equity crowdfunding   
Source: FSI.
31
Apart from being an alternative source of financing, crowdfunding may provide several other benefits to those raising funds.
For example, if a project does not attract sufficient funding from the crowd, it may mean that its business case is not sound.
On the other hand, successful funding campaigns provide free marketing. In addition, open funding campaigns on
crowdfunding platforms may attract other financiers such as venture capitalists or business angels, or establish contacts with
people who could provide valuable information to the entrepreneur (EBRD (2018)).
32
They may also offer additional functionalities or services, such as managing cases of default by taking steps to recover any
unpaid balances; providing an auto-selection function that allows investors to automate their lending/investing based on pre-
set criteria; and operating a contingency fund that spreads risks across different lenders or investors (Havrylchyk (2018)).

19. From a consumer/investor protection standpoint, the risks of different FPF activities are
not equivalent. FBS lending may be considered less risky than loan and equity CF because funds are not
sought from the crowd.33 In addition, investors who provide funding to FBS lenders are not exposed to
the default risk of individual borrowers as they are in loan CF but to the default risk of the FBS lender. Loan
CF, in turn, may be considered less risky than equity CF because loans do not absorb losses (unless there
is a default) and their returns (capital and interest) are less volatile.
20. The supervisory architecture has a bearing on the regulatory structure for FPF activities.
Because of the regulated activities FPF business models involve (Table 4), they may be regulated by
different authorities.34 Entities with business models that involve lending, such as FBS lending and loan
CF, often fall under the jurisdiction of the central bank or a supervisory agency tasked with banking
regulation and supervision; those that involve securities business, such as equity CF, often fall under the
jurisdiction of securities supervisors.35
21. Many surveyed jurisdictions introduced specific regulations for FPF activities (Graph 10).
• Loan and equity CF are often subject to a common regulatory framework. About half of
surveyed jurisdictions have a regulatory framework for crowdfunding. Common frameworks that
apply to FBS lending and either loan or equity CF or both do not appear to have been
implemented in surveyed jurisdictions.
• Equity CF is more often subject to a separate framework than loan CF. A third of surveyed
jurisdictions have a specific framework exclusively for equity CF; over twice as many jurisdictions
as compared with loan CF.
• Only one jurisdiction has a specific framework for FBS lending. In others, FBS lending is
subject to the existing frameworks for non-bank (ie non-deposit taking) lenders.
Specific regulatory frameworks for fintech platform financing Graph 10
(*) In Australia, providing crowdfunding services requires an Australian Financial Services (AFS) Licence. If the platform grants consumer
loans, an Australian Credit Licence (ACL) is required. (**) Work in progress. In the United Arab Emirates, at the federal level, the UAE Central
Bank issued a draft regulation on loan CF. (***) Under the European Commission’s proposal, platforms may apply for an EU passport based
on a single set of rules and hold one type of licence at a time: (i) European Crowdfunding Serviced Provider (ECSP), (ii) licence provided
under national framework, or (iii) MiFID licence.
33
Crowdfunding can involve funding from institutional funders as well as from individuals.
34
See Calvo et al (2018) on a discussion of the institutional design for financial sector oversight.
35
Fintech platforms that engage in both FBS lending and CF are likely subject to more than one regulatory framework.

Fintech balance sheet lending
22. Although FBS lenders perform activities similar to those of other non-bank lenders, they
differ in the way they deliver their services. Like non-bank lenders, FBS lenders use their own balance
sheet to lend, and keep loans either to maturity or sell them on to investors. However, unlike non-bank
lenders, FBS lenders operate on internet platforms instead of in physical branches, often designed to make
it as easy, fast and convenient as possible for the prospective borrower to obtain a credit decision –
typically with little or no human interaction.
23. Most surveyed jurisdictions have no specific regulatory framework for FBS lending. In these
jurisdictions, FBS lending is subject to existing regulations for non-bank lenders. Regulatory requirements
for the latter vary considerably across countries. As a consequence, requirements for FBS lending diverge
markedly and the responsibility for supervising this activity does not necessarily lie with the financial
authority.
• Banking licence: In a few jurisdictions, an entity whose business model involves lending money
and concluding loan agreements must hold a banking licence. This is the case, eg, in Austria and
Germany, where extending loans is classified as a regulated banking business if it is done on a
commercial basis. However, regulatory requirements for such entities may be applied in a
proportionate manner.
• Non-bank licence: Many jurisdictions have licensing frameworks for different types of non-bank
lender. While some frameworks regulate mainly entities whose primary business activity is to lend
money (without taking deposits), others regulate different kinds of entities that may be allowed
to lend money among other permitted activities. For example:
− Money lenders. In Hong Kong SAR, any person (or corporation) who carries on business as a
money lender (ie making loans) must obtain a money lender’s licence. Licences are subject to
approval by the Licensing Court.36 A similar framework exists in Japan, where a non-bank lender
who extends credit to a Japanese borrower must register as a Money Lending Business Operator
and fulfil certain requirements (eg maintaining net assets of at least JPY 50 million).37
− Non-bank financial intermediaries/lenders. In Italy, non-bank financial intermediaries must be
authorised by the Bank of Italy in order “to provide financing in any form” and are subject to a
prudential supervisory framework equivalent to that of banks.38 In the United States, non-bank
lenders are required to comply with state laws regulating money lending in each state they offer
their services (Box 2).
− Investment funds. In the EU, alternative investment fund managers (AIFMs) that use investment
funds to carry on lending activities are often subject to authorisation requirements under the
Alternative Investment Fund Managers Directive (AIFMD), and must meet certain requirements
(ACC 2019).39 For example, AIFMs, including those acting as non-bank lenders, are required to
“have and employ effectively the resources and procedures that are necessary for the proper
36
See www.cr.gov.hk/en/services/money-lenders/governing.htm.
37
To register as the MLB Operator, the lender must first fulfil certain requirements including the maintenance of certain net assets
and hiring a money lending business manager who has passed certain examinations under the MLB Act (Nassiri (2016)),
www.amt-law.com/asset/res/theLendingAndSecuredFinanceReview2ndEdition_JapanChapter%20.pdf; www.responsible-
credit.org.uk/wp-content/uploads/2016/03/Taking-on-the-money-lenders-lessons-from-Japan-final.pdf.
38
www.bancaditalia.it/compiti/vigilanza/intermediari/index.html?com.dotmarketing.htmlpage.language=1.
39
For Alternative Investment Fund Managers below certain thresholds as provided by AIFMD, no authorisation is required and
registration with the national competent authority is sufficient.

performance of their business activities”. Moreover, “the persons who effectively conduct the
business of the AIFM are of sufficiently good repute and are sufficiently experienced also in
relation to the investment strategies being pursued”.40
• No licence or registration: In some jurisdictions, entities that engage in granting loans are not
regulated under financial law and may only be subject to requirements under commercial law.
Also, usury laws may apply that mandate limits on interest rates to prevent borrowers from being
exploited. For example, in Peru, lending activities performed by non-banks are not regulated but
subject to an interest rate ceiling that is established by the Peruvian Central Bank (Baker and
McKenzie (2019)).
Box 2
Lending by non-banks in the United States
Non-bank lenders are important providers of credit in the United States, particularly for credit to purchase residential
properties. They play a significant role in key market segments, such as mortgage loans insured by the Federal Housing
Administration. In 2019, non-banks originated and serviced approximately half of all mortgages, a fivefold increase
for origination and an eightfold increase for servicing since 2009 (FSOC (2019)). In addition, mortgage application
data collected under the Home Mortgage Disclosure Act (HMDA) suggest that, in 2015, FSB lenders granted 12% of
all residential mortgage loans originated by non-banks, up from 5% in 2007. Looking at only mortgage loans insured
by the FHA, which are typically taken out by borrowers with credit scores on the lower end of the spectrum, FBS
lenders originated approximately 16% in 2015, up from close to zero in 2007 (Buchak et al (2017)).
To fund their lending activities, non-bank mortgage lenders typically rely heavily on short-term funding and
follow an originate-to-distribute model, ie they sell most of their originated mortgage loans to government-owned
or government-sponsored enterprises (GSEs) such as Fannie Mae and Freddie Mac. GSEs either hold these mortgages
in their portfolios or package the loans into mortgage-backed securities (MBS), in which case GSEs guarantee the
timely payment of principal and interest on the underlying mortgages. Similarly, non-bank lenders that originate
loans other than mortgages may also obtain funding through issuing asset-backed securities. For example, student
loans-focused lender College Ave securitised nearly one third of the loans it originated until Q2 2018, and
CommonBond even twice as much (S&P (2018)).
From a regulatory perspective, FBS lenders are treated like brick-and-mortar non-bank lenders and are
required to comply with relevant state laws regulating loan origination or brokerage. This means that, unless they
partner with a chartered bank, they are often required to obtain a licence in every state in which they lend. In other
words, FBS lenders that operate nationwide are subject to 50 state regulatory frameworks and may need to obtain
numerous state licenses (Treasury (2018)).
Regulatory requirements for non-bank lenders vary across states and depend, inter alia, on whether an
entity is in the business of making loans to consumers or to businesses, and whether loans are for purchasing real
estate, in which case a licence for mortgage-related activities such as origination, brokering and servicing may be
required. For example, Quicken Loans – the largest mortgage lender in the United States with nearly half a trillion
dollars of mortgage volume closed from 2013 through 2018 – is licensed in all states it operates in. This includes, for
illustration, Arizona (Mortgage Banker Licence), Kansas (Licensed Mortgage Company), Maine (Supervised Lender
Licence), Massachusetts (Mortgage Lender Licence), New York (Licensed Mortgage Banker) and Washington
(Consumer Loan Company).
Another example for an entity with a different modus operandi is OnDeck, an FBS lender that lends
exclusively to SMEs. OnDeck applies Virginia law to all the loans it originates in states (such as Virginia) that do not
require a licence for commercial loans and that honour Virginia choice of law provisions. In states that require a licence
and may not honour a Virginia choice of law, loans are issued by a federally chartered bank, which is not subject to
state licensing, and then purchased by OnDeck. These loans are not governed by Virginia law but by the laws of the
issuing bank’s home state (Chiu and MacNeil (2018)).
40
Articles 12(1)c and 8(1)c AIFMD, respectively.

Efforts to update the current state-based regulatory framework are under way. At the state level, regulators
launched “Vision 2020”, which is a state-driven initiative to build a more unified licensing framework and supervisory
process for non-bank financial companies. In a report issued by the US Department of the Treasury in 2018, it
supported these harmonisation efforts but recommended that “if states are unable to achieve meaningful
harmonization across their licensing and supervisory frameworks within three years, Congress should act to encourage
greater uniformity in rules governing lending and money transmission to be adopted, supervised, and enforced by
state regulators” (Treasury (2018)).
At the federal level, in July 2018, the OCC issued a Supplement to its licensing manual to clarify how it would
evaluate applications for a special purpose national bank (SPNB) charter from fintech companies. Charter holders
would be allowed to engage in two of the three “core banking functions” (ie lending money and paying checks)
defined in the National Bank Act (NBA) but would not be allowed to take deposits. For FBS lenders, the charter would
allow them to avoid seeking state-by-state lending licences and, instead, adhere to a uniform set of national banking
rules. In 2018, the US Treasury endorsed the OCC’s SPNB charter for fintech companies and provided guidance on
implementation (Treasury (2018)). Following a lawsuit, however, the OCC is currently unable to grant non-depository
SPNB charters to fintech companies because, as argued by the US District Court for the Southern District of New York,
only depository institutions are eligible to receive national bank charters from the OCC.
Potential risks to financial stability from non-bank companies in the origination and servicing of residential
mortgages led the Financial Stability Oversight Council (FSOC) to call upon federal and state regulators to strengthen
oversight of the sector. In its 2019 annual report, the FSOC emphasised that, over the last decade, non-bank mortgage
companies have assumed a larger role in the origination and servicing of residential mortgages, and pointed to
potential risks to the US financial system. For example, non-bank lenders may rely heavily on short-term funding for
their activities and have relatively few resources to absorb adverse economic shocks despite their role as providers of
mortgage credit and servicing to low-income and riskier borrowers. In addition, they may have the obligation to make
payments to the investor even when a borrower does not make a mortgage payment (“servicing advances”) (FSOC
(2019)).
Some risks related to these servicing advances appear to have materialised in the course of the Covid-19
pandemic. In 2020, the US government implemented a set of relief measures for men and women impacted by the
Covid-19 situation. These legislative measures gave newly unemployed borrowers the right to request payment
forbearance without financial penalty. Many borrowers made use of this right. This affected repayments on loans
originated by non-bank lenders, which often serve as underlying assets for securities that carry a guarantee by Fannie
Mae and Freddie Mac. This, in turn, created significant liquidity stress for non-bank lenders engaged in mortgage
servicing – they collect balances due from borrowers and remit these payments to investors – because they are
obligated to keep paying investors even if they do not receive payments from borrowers, such as those who asked for
forbearance. While Fannie Mae and Freddie Mac eventually cover losses under the terms of their guarantees, until
then it is up to mortgage servicers to bridge the gap with their own funds. In response, the Federal Housing Finance
Agency, as responsible regulator, provided a measure of relief for loans guaranteed by Fannie Mae and Freddie Mac
by capping servicers’ obligations at four months’ worth of missed payments.
 The US Federal Housing Administration (FHA) is one of the largest insurers of mortgages in the world and provides mortgage insurance
on loans made by FHA-approved lenders, for which it collects insurance premia from borrowers via lenders. FHA mortgage insurance
provides lenders with protection against losses if a property owner defaults on their mortgage. The lenders bear less risk because FHA will
pay a claim to the lender for the unpaid principal balance of a defaulted mortgage. FHA insured loans are more accessible than
conventional mortgage loans. For borrowers, to qualify for an FHA-insured loan, they must meet certain requirements established by FHA,
such as a steady employment history, a debt-to-income ratio of no more than 50%, a minimum FICO® credit score of 500 with a down
payment of at least 10%, or 580 with a down payment of at least 3.5%. See US Department of Housing and Urban Development
(www.hud.gov/program_offices/housing/fhahistory), Quicken Loans (www.quickenloans.com/home-loans/fha-loan) and Investopedia
(www.investopedia.com/terms/f/fhaloan.asp).  This is consistent with Buchak et al (2017), who find that non-bank lenders – called
shadow bank lenders in their paper – originated 30% of all residential mortgages in 2007, and 50% in 2015.  See
www.fhfa.gov/SupervisionRegulation/FannieMaeandFreddieMac/Pages/About-Fannie-Mae---Freddie-Mac.aspx.  In 2008, in order to
improve coordination and information sharing among regulators, and to improve consumer protection, an online platform (“Nationwide
Mortgage Licensing System”, or NMLS) was set up by the Conference of State Bank Supervisors (CSBS) and the American Association of
Residential Mortgage Regulators (AARMR). NMLS is a system of record for non-depository, financial services licensing or registration in
participating state agencies and does not itself grant or deny licence authority. For consumers, it provides licensing and other relevant
information through “NMLS Consumer Access”. See Treasury (2018) for more details.  Non-bank lenders are also regulated by the
Consumer Financial Protection Bureau (CFPB) for compliance with consumer financial laws.  Comprehensive information on Quicken
Loans can be accessed through NMLS Consumer Access under www.nmlsconsumeraccess.org/EntityDetails.aspx/COMPANY/3030; for an

overview of main facts on Quicken Loans see www.quickenloans.com/press-room/fast-facts/.  See also Form 10-K filings with the SEC
at www.sec.gov/Archives/edgar/data/1420811/000142081116000111/ondk-20151231x10k.htm.  In the context of Vision 2020, in
February 2020, the Conference of State Bank Supervisors (CBSB) announced the rollout of a new State Examination System (SES), intended
to enhance supervisory oversight of non-banks and improve collaboration between licensees and their
regulators.  www.dwt.com/blogs/payment-law-advisor/2019/10/nydfs-fintech-charter-challenge.  www.ft.com/content/045aee80-
3688-440b-98e6-38c22ac57733.
24. A specific licensing framework for FBS lending was introduced in only one surveyed
jurisdiction. In Brazil, the National Monetary Council issued a 2018 resolution that introduced direct credit
companies (Sociedades de Crédito Direto, SCD) as a new type of financial institution. SCDs are restricted
to conducting their lending business exclusively on the basis of an electronic platform. SCDs require a
licence by the Central Bank of Brazil, are subject to prudential supervision and must meet requirements,
inter alia, on minimum capital and on funding (Box 3).
Box 3
Direct credit companies in Brazil
In April 2018, the National Monetary Council (Conselho Monetário Nacional) issued Resolution CMN 4,656, which
introduced direct credit companies (Sociedade de Crédito Direto, SCD) as a new type of financial institution. The
resolution requires any entity engaged in FBS lending to be licensed as an SCD by the Central Bank of Brazil.
The resolution defines SCDs as financial institutions that engage primarily in lending, financing and
acquisition of receivables exclusively through electronic channels. SCDs may also provide additional services, such as
credit analysis, loan collection, insurance distribution and electronic money issuance. Since March 2020, SCDs have
also been permitted to issue credit cards.
SCDs are not allowed to raise funds from the public, except by issuing shares, and must operate on the basis
of their own capital. However, they are allowed to sell or assign the originated loans to other financial institutions,
securitisation companies and credit rights investment funds (FIDC – Fundos de Investimento em Direitos Creditórios).
The latter two may only conduct business with accredited investors as defined by the Securities and Exchange
Commission of Brazil (CVM). Since March 2020, SCDs have also been able to fund their operations with resources from
the Brazilian Development Bank (BNDES).
In terms of prudential rules, SCDs are subject to risk-weighted capital requirements comparable with those
applied to the smallest tier of credit institutions in Brazil, to which most SCDs are expected to belong (segment S5).
Because of their limited size, financial institutions in S5 are subject to simplified prudential requirements such as a
simplified solvency ratio. At a minimum, SCDs are required to hold paid-up capital of at least BRL 1 million, which
must be deposited with the central bank or invested in government bonds. In addition, because SCDs do not engage
in maturity transformation, there is no liquidity requirement in place.
In terms of governance and risk management, an SCD needs to, inter alia, be established as a corporation
and include “Sociedade de Crédito Direto” in its legal name; have senior staff that is deemed to be fit and proper;
pursue an integrated risk management approach; and conduct its lending business by selecting borrowers according
to “consistent, verifiable and transparent criteria” that are relevant for assessing their credit risk.

Since introducing the SCD status, the Central Bank of Brazil has authorised 25 institutions to operate as
SCDs (as of June 2020). Based on data provided by the central bank, it appears that most licence holders, with the
exception of QI Tech, fund their lending activities almost exclusively with their own capital; the rest represents liabilities
incurred by selling or assigning originated loans to other financial institutions.
 Resolution CMN 4,656 also introduced peer-to-peer loan companies (Sociedade entre Pessoas, SEP) as new types of financial institution,
ie any entity engaged loan crowdfunding is required to be licensed as an SEP.  Since January 2017, Resolution 4,553 has divided the
Brazilian financial system into five segments for the proportional implementation of prudential regulation. See Table 4 in Carvalho et al
(2017) for details of the segmentation of Brazil’s financial system.  The minimum is 17% of simplified risk-weighted assets, which are
calculated as the sum of an entity’s financial exposure to credit and operational risk.
Crowdfunding
25. Many surveyed jurisdictions have introduced a dedicated regulatory framework for
crowdfunding (CF). Dedicated regulatory frameworks for crowdfunding typically have two broad sets of
requirements. The first is intended to regulate how CF platforms may operate, which activities they can
perform and what they must do to mitigate the risks they incur. The second set of requirements relates to
consumer/investor protection and seeks to reduce the information asymmetries involved in the investment
process.
26. In other surveyed jurisdictions, CF platforms are subject to existing requirements under
banking, securities and payments regulations. In these jurisdictions, regulatory requirements depend
on: what concrete types of activity are performed; what types of entity are involved; who performs which
activity; and who bears the risk (Ehrentraud et al (2020)). For example, if the extension of credit requires a
licence, then any firm engaged in loan CF would need to be authorised accordingly.
Requirements on crowdfunding platforms

27. CF platforms are typically subject to registration or authorisation requirements. In most
surveyed jurisdictions, equity and loan CF platforms must be formally authorised before they can offer
their services (Graph 11). In some other cases, it is sufficient for them to provide the required
documentation within a relatively simple registration process. In most surveyed jurisdictions,
crowdfunding platforms are required to operate under a specific legal form (Annex Table 3) and have a
minimum amount of paid-in capital.

Licence/registration requirements for crowdfunding platforms Graph 11
Sources: National regulation; FSI. See Annex Table 2 for details.
28. When applying for authorisation or registration, a prospective CF platform must typically
provide specific information. This may include, inter alia, the planned business model, the platform’s
organisational setup (eg who owns the entity and who is responsible for its management), its legal status,
available financial resources, and envisaged policies, procedures and controls (eg for risk management or
governance). In addition, CF platforms are regularly required to provide evidence that their proposed
managers and directors are of good repute with sufficient expertise and professional qualifications.
29. In several jurisdictions, CF platforms are allowed to broker multiple financial instruments.
Most regulatory frameworks for equity CF allow platforms to intermediate funding not only in the form of
equity but also debt or other types of security (Table 5). For example, in Argentina, platforms may also
intermediate trust certificates. In most cases, loan CF frameworks explicitly forbid platforms to intermediate
financial instruments other than loans. Regulatory frameworks that cover both loan and equity CF allow
the broadest range of instruments. For example, in the Philippines, in addition to loans and equity,
platforms may also intermediate asset-backed securities, trust certificates or other types of instrument.
Under the proposed EU crowdfunding regulation, platforms would be allowed to intermediate any type
of transferable securities.
Permissible financial instruments by type of crowdfunding framework Table 5
Equity Total number

Number of frameworks Debt securities Loans Other types*
securities of jurisdictions
Loan CF 1 1 6 2 6
Equity CF 7 11 1 5 11
Loan and equity 13 15 15 13 15
CF
(*) Other types include certificates, derivatives and collective investment schemes.
Source: National regulations. Breakdown by jurisdiction in Annex Table 4.
30. Most CF platforms are not allowed to invest in the financial instruments they intermediate.
Where this is permitted, the platform may need to outsource due diligence procedures to an independent
party (eg Italy); inform other investors; and keep the amount invested below certain limits (Table 6). For

instance, in Spain, CF platforms may invest not more than 10% of the total funds raised per offer; under
the EU proposal, only 2% would be allowed. In a limited number of jurisdictions, there are no such limits
on risk retention (eg United Kingdom). In Mexico, as part of the licensing process, a CF platform needs to
present a plan that sets out how it will align its incentives with those of the investors it serves.
Requirements around risk retention Table 6
Equity CF Loan and equity CF

IT BE CL* ES EU* MX SG
Adopt suitable measures to manage potential conflicts of interest   -    
Outsource due diligence procedures to an independent party  - - - - - -
Inform investors on the platform’s participation - -     -
Cap on the amount invested - - -   - -
Restrictions to invest in projects hosted by other platforms - - -  -  -
Sources: National regulation; FSI. *Draft regulation.
31. In most jurisdictions, CF platforms are subject to minimum capital obligations. These are
often in the form of a fixed amount of minimum paid-up capital. In some jurisdictions, capital obligations
increase with the scale of activities (Annex Table 5). For instance, in Spain and the United Kingdom,
minimum capital for loan CF platforms increases with the amount lent. In lieu of paid-up capital, some
jurisdictions require a professional liability insurance policy that covers certain amounts (eg Italy). In others,
platforms can choose between holding capital, taking out insurance or a combination of both (eg Portugal,
Spain). In contrast, the proposed EU crowdfunding regulation does not foresee any capital obligations for
so-called European Crowdfunding Service Providers.
32. Many regulatory CF frameworks, in particular those that regulate loan CF and equity CF
jointly, have requirements to ensure business continuity and operational resilience.
• If a CF platform fails, it may cease to manage the loans or securities it has facilitated, causing
disruption and damage to its customers. Therefore, crowdfunding platforms are often required
to put in place contingency arrangements to ensure continuity of services in the event of their
failure (Table 7). Some frameworks require these arrangements to be documented when applying
for a licence (eg Mexico, UAE).
• If a CF platform goes offline, clients may lose access to their accounts and transaction data. Hence
platforms are often required to manage the risks of IT infrastructure problems, and to take steps
to strengthen their cyber resilience (Table 7). In some cases, they are explicitly required to report
cyber incidents (eg Italy, Mexico), conduct cyber resilience health checks (eg Australia), establish
recovery targets such as recovery point objectives41 (Mexico), or are recommended to have their
cyber security policy certified by an external auditor (India).
41
Recovery point objective (RPO) describes the interval of time that might pass during a disruption before the quantity of data
lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or “tolerance”.

Contingency planning requirements Table 7
Number of frameworks
Loan CF Equity CF Loan and equity CF
Contingency arrangements 2 6 9
IT resilience and cyber security arrangements 3 8 7
Number of jurisdictions per framework 6 11 15
Sources: National regulation; FSI. Breakdown by jurisdiction in Annex Table 6.
33. Crowdfunding platforms are typically subject to requirements on anti-money laundering

(AML) and combating the financing of terrorism (CFT). Categorised as financial institutions, they are
generally brought into scope of existing AML/CFT regulations, ie they must implement AML/CFT measures
such as customer due diligence checks (know your customer, KYC). For example, the EU proposal requires
that payments for crowdfunding transactions must take place via entities that are authorised under the
Payment Service Directive (PSD), which are subject to the Anti-Money Laundering Directive (AMLD).
Consumer/investor protection
34. Consumer/investor protection measures are central to the CF frameworks of surveyed
jurisdictions. These typically require the disclosure of relevant information and the conduct of due
diligence checks on borrowers and/or issuers; impose limits on how much individual investors can invest;
and restrict CF platforms from engaging in certain activities. While these measures focus primarily on
protecting (retail) investors, and less so on protecting borrowers, responsible lending requirements are
often part of the broader regulatory framework for consumer credit lending in general.
Requirements on disclosure and due diligence

35. In all surveyed jurisdictions, loan and equity CF platforms are required to make investors
aware of potential risks and disclose related information. These requirements are meant to ensure
that investors have adequate information to decide whether the investment is suitable for them and
whether they can bear the risks involved.
• Disclosure requirements are either principles-based or prescriptive. In the former case, the
burden is put on platforms to decide what information their investors need in order to make
informed decisions (eg United Kingdom); in the latter case, platforms face more prescriptive
requirements on the type of information that platforms must provide to investors, such as
sufficiently detailed information on the project or loan characteristics, and the borrower or issuer.
• In most cases, platforms must ensure that potential investors declare that they have understood
the risks (eg France), or to pass a suitability test (eg retail investors in Singapore42). Similarly, in
the EU, it will be “mandatory for crowdfunding service providers to run an entry knowledge test
of their prospective investors to establish their understanding of the investment”.43
42
MAS requires retail investors to pass a knowledge or experience test, or suitability assessment test.
43
www.europarl.europa.eu/doceo/document/A-8-2018-0364_EN.html.

• In some cases, regulators provide indications of common risks (eg loss of capital and lack of
liquidity) for use on platforms’ websites (eg United Kingdom44), or mandate platforms to provide
educational material on the risks associated with different security types (eg Philippines).
36. Most loan and equity CF frameworks have requirements as to the form in which
information should be provided. In many cases, to ensure comparability of information across different
funding requests and platforms, information needs to be disclosed via standardised templates. These
standardised information documents typically feature at least four main elements (Graph 12). These are (i)
key features of the loan or security; (ii) details and characteristics of the borrower or issuer; (iii) risk warnings
and explanatory statements;45 and (iv) additional information, eg on the fees and costs involved.
Main features of information documents Graph 12
37. Companies raising funds through CF platforms may need to prepare a prospectus or an
alternative information document. In general, a public offering of securities requires the preparation
and publication of a prospectus, unless the amount to be raised within a given period of time is below a
44
The UK rules require firms to give a fair, clear and prominent indication of any relevant risk. Risks may include risk to capital,
illiquidity, fraud, equity dilution, conflicts of interest, lack of due diligence, insider trading and systems failures.
45
In the EU, the following explanatory statement will need to be provided: “This crowdfunding offer has been neither verified nor
approved by ESMA or national competent authorities. The appropriateness of your education and knowledge have not been
assessed before you were granted access to this investment. By making this investment, you assume full risk of taking this
investment, including the risk of partial or entire loss of the money invested.”

specified threshold.46 So that companies do not need to prepare a prospectus, crowdfunding frameworks
often limit the amounts that can be raised per crowdfunding offer to levels at or below applicable
prospectus thresholds. In lieu of a prospectus, however, companies often have to prepare a simpler
information document. For example, in the EU, a company raising funds will be responsible for preparing
a so-called “key investment information sheet” but not a prospectus.47 Similarly, in Canada, issuers looking
to raise capital from a group in a CF-like manner are generally required to prepare an offering document
that contains information about the issuer, its business and the intended use of proceeds.
38. In most jurisdictions, CF platforms are responsible for conducting due diligence checks on
borrowers and/or issuers. Most loan and equity CF frameworks make platforms responsible for
conducting due diligence on borrower and/or issuers (Table 8). In a few cases, both the project and the
platform share the obligation to provide accurate information to investors (eg Brazil and Colombia), or it
becomes the responsibility of the project or an independent third party hired by the platform. For example,
in Peru, it is the sole responsibility of the recipient to provide accurate information regarding the project
to be funded. CF platforms however bear responsibility if disclosure-related issues are attributable to them.
In Italy, platforms are required to outsource due diligence checks for projects they also invest in.
39. Most jurisdictions require loan and equity CF platforms to have procedures in place for
selecting potential borrowers or projects and publish related information. For example, in Argentina,
equity CF platforms are required to publish information on the main criteria and methodologies they apply
when assessing, selecting and publishing the projects hosted on their website. In the Netherlands,
platforms must have a policy on how they assess potential borrowers and assign credit ratings, and publish
both the policy and any rating scale used.
40. In two jurisdictions, equity CF platforms are required to set up a dedicated body for
screening projects. In India, under the framework for equity CF proposed by the Securities and Exchange
Board, platforms must have a “Screening Committee”, which is responsible for operating a “filtering
mechanism to differentiate between the quality of ideas and business plans”. In Turkey, equity CF platforms
must have an investment committee that approves projects before they are allowed onto the platform.
Due diligence requirements Table 8
Number of frameworks
Loan CF Equity CF Loan and equity CF
Due diligence is responsibility of the platform 5 11 10
Due diligence is responsibility of the project - 3 3
Due diligence is outsourced to a third party - 1 -
Platforms are obliged to disclose their selecting methods 3 7 12
Potential projects must be screened and approved by a - 2 -
dedicated committee
Total of jurisdictions per framework 6 11 15
46
For an overview of thresholds below which the obligation to publish a prospectus does not apply in EU member states (EUR 8
million within 12 months in the majority of countries), see ESMA (2020).
47
The key investment information sheet needs to provide a defined set of information. It has eight parts: (i) information about
the project owner(s) and the crowdfunding project; (ii) main features of the crowdfunding process and conditions for the capital
raising or funds borrowing, as applicable; (iii) risk factors; (iv) information related to the offering of securities; (v) issuer
information, where the issuer is different from the project owner and is therefore an SPV; (vi) investor rights; (vii) disclosure
related to the loan agreement; and (viii) fees, information and legal redress.

Restrictions
41. Apart from requirements related to disclosure and due diligence, CF platforms may face
several restrictions to protect investors. Crowdfunding frameworks often have requirements that
prevent platforms from engaging in certain types of activity, or limit the amount investors can invest or
that borrowers/investees can receive.
42. In several jurisdictions, CF platforms are explicitly restricted from engaging in the
following activities (Table 9).
• Holding clients’ funds. Customers may incur losses if a CF platform fails. To protect against this
risk, in many jurisdictions crowdfunding platforms are not allowed to hold the funds of clients,
unless they have a separate licence. For example, in France, a CF platform can only receive funds
from investors if authorised as payment provider; the same logic applies under the proposed
regulation in the EU. In some jurisdictions, platforms must place customer funds in either a trust
account or into an account directed by the customer (eg Singapore) or use custody or trust
accounts (eg equity CF in Japan).
• Operating secondary markets. In several jurisdictions, CF platforms are not allowed to provide
a means through which investors can sell the positions they have acquired through the platform
to other investors.48 When they are so permitted, they are subject to certain safeguards to
protect investors. For example, secondary markets may be restricted to qualified investors (eg
loan CF in Brazil), their operation may need an additional licence (eg equity CF in Australia), or
prospectus requirements may apply (equity CF in Japan). In addition, to avoid the impression that
secondary markets allow investors to exit their positions at any time they wish, or that it is the
responsibility of the platform to guarantee this, investors may need to be warned that their funds
are subject to illiquidity risk (eg United Kingdom) or that the platform does not accept liability
for any trading exposures (eg EU proposal).
• Active customer acquisition. In a few jurisdictions, CF platforms are not allowed to play an active
role in finding potential investors for the projects they host. For instance, in Japan, platforms are
not allowed to use any means (eg phone calls) other than the internet to find potential investors.
Selected restrictions in crowdfunding frameworks Table 9
Restriction on Restriction on Restriction on

Total number
Number of frameworks holding clients’ operating secondary actively acquiring
of jurisdictions
funds markets clients
Loan CF 4 3 - 5
Equity CF 9 6 4 10
Loan and equity CF 7 4 5 16
Note: Not counted are cases where the restriction may not apply due to the licence held.
43. Caps on investments or funds raised are commonly used as investor protection tool.
Investors often face caps on the amount of money they can provide, in particular under equity CF
frameworks (Table 10). These caps may be defined by project and/or year (eg EUR 3,000 per project and
EUR 10,000 per year in Spain), or are set relative to the wealth or income of the investor targeted (eg equity
CF promotions in the United Kingdom can only target ordinary retail investors if the investor agrees not
to invest more than 10% of their net investable assets in such securities). Caps on investments often apply
48
Despite this restriction on operating organised or official secondary markets, instruments facilitated by platforms might be
exchanged under private contracts governed by commercial law.

to less experienced retail investors, or they face lower caps than other investors, or they are excluded from
using CF platforms altogether. In addition, there are also caps on the amount a borrower or issuer can
raise, either by project and/or year across multiple platforms, but these are less common than investor-
based caps (Table 11).
Regulatory caps on investments Table 10
On: Investor
Cap: Per project cap Annual cap Relative cap None
Maximum Maximum Amounts to be
Maximum Total jurisdictions
amount an amount an invested are not
amount an per framework
investor can investor can restricted
Description: investor can
provide per year provide
provide to a
across multiple depending on
single fundraiser
projects wealth or income
LBC 2 1 - 3 5
EBC 5 1 5 2 10
LBC + EBC 7 5 6 6 16
Regulatory caps on funds raised Table 11
On: Issuer/borrower
Cap: Per-project cap Annual cap None
Total jurisdictions
Maximum amount that Amounts to be raised
per framework
Maximum amount that can be raised per year are not restricted
Description:
can be raised by project across multiple
platforms
LBC 1 2 3 5
EBC 7 2 3 10
LBC + EBC 5 3 10 16
Section 4 – Concluding remarks
44. Confronted with the rise of digital banking and fintech platform financing, financial
authorities have responded by making adjustments to the existing regulatory framework. In doing
so, it appears that they may have given particular weight to selected policy objectives. These are often
fostering competition and financial inclusion, while preserving consumer and investor protection.
45. For digital banking, only a few surveyed jurisdictions have introduced a specific licensing
framework. In those that have, they may have done so to provide solutions to existing challenges in the
financial sector. Such may be the case for jurisdictions that award digital bank licences only to applicants
with business models that serve specific segments of the market. In addition, most requirements for digital
banks are similar to the ones applicable to traditional banking licenses, with the exception of

ownership/control requirements and special requirements in relation to technology-related risks.49 But
because these risks are also important to traditional banks, in jurisdictions without a dedicated licensing
framework, regulators may feel that their existing rulebooks already adequately address such risks. This
may explain why most jurisdictions have not introduced specific regulatory frameworks for digital banks.
46. For FBS lending, the way this fintech activity is regulated varies widely. Virtually none of
surveyed jurisdictions have a dedicated regulatory framework for FBS lending, ie FBS lenders are treated
in the same way as brick-and-mortar non-bank lenders. As a result, the way FBS lenders are regulated
varies as widely as the treatment of non-bank lenders does, ranging from the requirement to acquire a
banking licence to only having to observe interest rate ceilings.
47. For crowdfunding, many of the jurisdictions covered in this paper have implemented a
dedicated regulatory framework.50 This may be because, without a dedicated framework, CF is typically
subject to a host of regulatory requirements found in different sectoral regulations such as banking,
securities or payments regulation. While these requirements ensure that anybody who intermediates
funding and performs related activities is within the broader regulatory perimeter, they are not tailored to
crowdfunding models and may be blind to a range of issues that are unique to CF.
48. Regulatory frameworks for crowdfunding show many similarities. Apart from requirements
imposed on platforms to ensure they operate securely and reliably, it appears that investor protection
measures are a common element. These often take the form of comprehensive information requirements
and limits on how much individual investors can invest per project, year, or in relation to their wealth or
income. Other common features include AML/CFT measures such as KYC requirements.
49. However, some differences stand out. For one, there are different approaches as to how much
risk CF platforms are allowed to retain on their balance sheet. Most jurisditions disallow any risk retention,
in others there are limits, or no restrictions at all. This diversity of approaches may be explained by the fact
that there are different views on the effect of risk retention requirements on how closely the interests of
platforms are aligned with those of investors.51 Second, and probably relatedly, there are different
approaches to how much capital platforms must hold. Minimum capital obligations may be in the form of
a fixed amount of paid-in capital, or they may increase with the scale of activities, or there are no capital
obligations at all. Thus, the financial buffers CF platforms have at their disposal may vary substantially
across countries.
50. In general, financial authorities will probably have to weigh a number of elements when
assessing whether their regulatory framework is adequate or needs to be adjusted to account for
new fintech activities. Authorities will need to assess not only potential risks of these new activities to
consumers and investors, financial stability and market integrity but also potential benefits for society in
terms of strengthening financial development, inclusion and efficiency. Based on this assessment,
authorities will have to consider whether fintech-related risks are adequately dealt with under the existing
regulatory framework and whether opportunities for regulatory arbitrage have opened up. Overall, the
49
Nevertheless, how regulatory requirements are applied to digital banks and how they are supervised in practice may differ from
traditional banks.
50
In contrast, probably due to differences in sample size, World Bank and CCAF (2019) report that CF is typically unregulated.
Based on a global survey among regulators from 111 jurisdictions (with 40% of the respondents from high-income jurisdictions
and 30% of the respondents from lower-middle or low-income jurisdictions), they find that only 22% of jurisdictions formally
regulate loan CF and only 39% equity CF.
51
On the one hand, not allowing platforms to invest in the financial instruments they intermediate, or only up to a limit, aims to
prevent conflicts of interest and adverse selection issues. For example, platforms may exploit their informational advantage to
cherry-pick the best projects (Havrylchyk (2018)). On the other hand, it can be argued that having skin in the game to some
extent is necessary to alleviate principal-agent problems because the platform and its clients share the outcome of investments
made (Micic (2014)).

challenge for authorities will be to achieve a balance that encourages innovation without compromising
the soundness of the financial system.

References
Alternative Credit Council (2019): “Non-bank lending in the European Union”.

Australian Prudential Regulation Authority (2018): “ADI licensing: Restricted ADI Framework”, Information
Paper, May.
Baker McKenzie (2019): Global Financial Services Regulatory Guide.
Basel Committee on Banking Supervision (2019): “Proportionality in bank regulation and supervision – a
survey on current practices”, March.
Basel Committee on Banking Supervision and Basel Consultative Group (2019): Joint BCBS-BCG statement
on proportionality, November.
Buchak, G, G Matvos, T Piskorski and A Seru (2017): “Fintech, regulatory arbitrage, and the rise of shadow
banks”, Journal of Financial Economics, vol 130, no 3, May, pp 453–83.
Calvo, D, J C Crisanto, S Hohl, and O P Gutiérrez (2018): “Financial supervisory architecture: what has
changed after the crisis?” FSI Insights on policy implementation, no 8, April.
Cambridge Centre for Alternative Finance (2020): The global alternative finance market benchmarking
report, April.
Castro Carvalho, A P, S Hohl, R Raskopf and S Ruhnau (2017): “Proportionality in banking regulation: a
cross-country comparison”, FSI Insights on policy implementation, no 1, August.
Central Bank of Brazil (2017): “Resolution CMN 4,553”, January.
——— (2018): “Resolution CMN 4,656”, April.
Central Bank of Malaysia (2020): “Licensing Framework for Digital Banks”, Exposure Draft, March.
Chiu, I and I MacNeil (2018): Research Handbook on Shadow Banking: Legal and Regulatory Aspects.
Claessens, S, J Frost, G Turner and F Zhu (2018): “Fintech credit markets around the world: size, drivers and
policy issues”, BIS Quarterly Review, September, pp 29–49.
Committee on the Global Financial System and the Financial Stability Board (2017): “Fintech credit: market
structure, business models and financial stability implications”, May.
Cornelli, G, V Davidson, J Frost, L Gambacorta and K Oishi (2019): “SME finance in Asia: recent innovations
in fintech credit, trade finance, and beyond”, Asian Development Bank Institute, ADBI Working Paper Series,
no 1027, October.
Cornelli, G, J Frost, L Gambacorta, R Rau, R Wardrop and T Ziegler (forthcoming): “Fintech and big tech
credit: a new database”, BIS Working Papers.
Dixit, N (2018): 2018 US Digital Lending Market Report.
Duckwitz, V, S Hohl, K Weissenberg and R Zamil (2019): “Proportionality under Pillar 2 of the Basel
framework”, FSI Insights on policy implementation, no 16, July.
Ehrentraud, J, D Garcia Ocampo, L Garzoni and M Piccolo (2020): “Policy responses to fintech: a cross-
country overview”, FSI Insights on policy implementation, no 23, January.
European Bank for Reconstruction and Development and Clifford Chance (2018): “Best practices for
regulating investment - and lending-based crowdfunding”, August.
European Central Bank (2017): “Guide to assessments of fintech credit institution licence applications”,
September.

European Securities and Markets Authority (2020): “National thresholds below which the obligation to
publish a prospectus does not apply”, March.
Financial Stability Board (2017): “Financial stability implications of fintech”, Supervisory and Regulatory
Issues that Merit Authorities’ Attention, June.
Financial Stability Oversight Council (2019): Annual Report 2019.
Frost, J (2020): “The economic forces driving fintech adoption across countries”, BIS Working Papers,
no 838, February.
Frost, J, L Gambacorta, Y Huang, H S Shin and P Zbinden (2019): “BigTech and the changing structure of
financial intermediation”, BIS Working Papers, no 779, April.
Green, R (2019): “The global neobanks report: How 26 upstarts are winning customers and pivoting from
hyper-growth to profitability in a $27 billion market”, Business Insider Intelligence, December.
Havrylchyk, O (2018): “Regulatory framework for the loan-based crowdfunding platforms”, OECD
Economics Department Working Papers, no 1513, November.
Hohl, S, M Sison, T Stastny and R Zamil (2018): “The Basel framework in 100 jurisdictions: implementation
status and proportionality practices”, FSI Insights on policy implementation, no 11, November.
Hong Kong Monetary Authority (2018): “Authorization of virtual banks”, Guide to Authorization, Chapter 9.
KPMG and Cambridge Centre for Alternative Finance (2016): “Global insights from regional alternative
finance studies”, October.
Lo, K (2018): “Download speeds: what do 2G, 3G, 4G & 5G actually mean? “, November.
Micic, I (2014): Crowdfunding: overview of the industry, regulation and role of crowdfunding in the venture
startup, Anchor Academic publishing, December.
Monetary Authority of Singapore (2019): “Eligibility criteria and requirements for digital banks”.
Nassiri, A (2016): “The lending and secured finance review”, Law Business Research.
Organisation for Economic Co-operation and Development: OECD Broadband Portal.
United States Department of the Treasury (2018): “A Financial System That Creates Economic
Opportunities: Nonbank Financials, Fintech, and Innovation”, July.
Wales, K (2018): Peer-to-peer lending and equity crowdfunding: A guide to the new capital markets for job
creators, investors and entrepreneurs, Praeger, November.
World Bank (2020): “Prudential regulatory and supervisory practices for fintech: payments, credit and
deposits”, FCI insight, January.
World Bank and Cambridge Centre for Alternative Finance (2019): Regulating alternative finance: results
from a global regulator survey, October.

Insights 27

Uploaded by

Copyright:

Available Formats

Insights 27

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Insights 27

Uploaded by

Copyright:

Available Formats

Financial Stability

JEL classification: G18, G21, G23, G28, O30, O38

Keywords: fintech, regulation, digital banking, fintech

ISSN 2522-2481 (print)

Section 1 – Introduction ................................................................................................................................................................. 3

Section 2 – Regulation of digital banking ............................................................................................................................... 9

Section 3 – Regulation of fintech platform financing ....................................................................................................... 18

Section 4 – Concluding remarks ................................................................................................................................................ 31

Regulating fintech financing: digital banks and fintech platforms iii

Regulating fintech financing: digital banks and fintech platforms 1

2 Regulating fintech financing: digital banks and fintech platforms

Regulating fintech financing: digital banks and fintech platforms 3

Source: Illustration by authors based on Ehrentraud et al (2020).

4 Regulating fintech financing: digital banks and fintech platforms

Fintech platform Fintech balance sheet Loan Equity

Regulating fintech financing: digital banks and fintech platforms 5

Background: emergence of fintech financing

Source: Lo (2018) and OECD.

6 Regulating fintech financing: digital banks and fintech platforms

Funding options for people and businesses Box Graph 2

Regulating fintech financing: digital banks and fintech platforms 7

8 Regulating fintech financing: digital banks and fintech platforms

Sources: Publicly available licensing registers; national authorities.

Regulating fintech financing: digital banks and fintech platforms 9

Specific licensing frameworks for digital banks Table 1

Source: National regulations; regulators’ press releases; FSI survey.

10 Regulating fintech financing: digital banks and fintech platforms

Sources: Publicly available licensing registers; national authorities.

Regulating fintech financing: digital banks and fintech platforms 11

Licensing requirements for digital banks Table 2

Fitness and propriety test      

Minimum paid-up capital   **   

Sound risk culture: risk governance frameworks      

Technology-related licensing requirements

Source: National regulations.

12 Regulating fintech financing: digital banks and fintech platforms

Initiatives to facilitate market entry

Requirements of Australia’s restricted route Graph 6

ADI=authorised deposit-taking institution.

Source: APRA (2018).

Regulating fintech financing: digital banks and fintech platforms 13

Source: Central Bank of Malaysia (2020).

Source: MAS (2019).

14 Regulating fintech financing: digital banks and fintech platforms

The road to authorisation Graph 9

Source: Authors’ illustration.

Regulating fintech financing: digital banks and fintech platforms 15

16 Regulating fintech financing: digital banks and fintech platforms

Specific framework General framework

Limited base of customers -   -

Source: National regulations; national authorities.

Regulating fintech financing: digital banks and fintech platforms 17

Elements of different types of fintech platform financing Table 4

Sources of funding Fund raisers Main regulated activity

18 Regulating fintech financing: digital banks and fintech platforms

Specific regulatory frameworks for fintech platform financing Graph 10

Source: National regulations.

Regulating fintech financing: digital banks and fintech platforms 19

20 Regulating fintech financing: digital banks and fintech platforms