SWITZERLAND FinTech CHAMBERS. Global Practice Guides. Contributed by Lenz & Staehelin LAW AND PRACTICE: p.3

Transcription

1 CHAMBERS SWITZERLAND FinTech Global Practice Guides LAW AND PRACTICE: Contributed by Lenz & Staehelin Law & Practice Switzerland p.3 The Law & Practice sections provide easily accessible information on Contributed bywhen conducting business in the jurisdicnavigating the legal system tion. Lenz Leading& lawyers explain local law and practice at key transactional Staehelin stages and for crucial aspects of doing business. 2018

2 SWITZERLAND LAW AND PRACTICE: p.3 Contributed by Lenz & Staehelin The Law & Practice sections provide easily accessible information on navigating the legal system when conducting business in the jurisdiction. Leading lawyers explain local law and practice at key transactional stages and for crucial aspects of doing business.

3 Law and Practice SWITZERLAND Law and Practice Contributed by Lenz & Staehelin CONTENTS 1. FinTech Market p The Development of FinTech Products and Services p The Market for FinTech Products and Services p The Key Market Participants in the Specified Activities p FinTech Technologies/Companies p Partnerships Between Traditional Institutions and FinTech Companies p Approach to FinTech Innovation p Laws or Policy to Encourage Innovation p.5 2. Regulation p Regulatory Regimes for Specified Activities or FinTech Companies p Regulatory or Governmental Agencies for Specified Activities or FinTech Companies p Capital and Liquidity Requirements p Sandbox or Other Regulatory Neutral Zones p Change of Control Approval Requirements p Recent Developments or Notable Proposed/ Forthcoming Regulatory Changes p Burden of Regulatory Framework and Protection of Customers p Regulatory Impediments to FinTech Innovation at Traditional Financial Institutions p Regulatory Regime s Approach to Consumers and Small Business Customers p Outreach by Regulators or Government Authorities to Engage with FinTech Innovators p Unregulated Specified Activities p Foreign FinTech Companies p Regulatory Enforcement Actions Against FinTech Companies p Shadow Banking p.9 4. Legal Infrastructure (Non-regulatory) p Desirable Changes to Facilitate Specified Activities p Access to Real-Time Gross Settlement Systems p Special Insolvency Regimes p Electronic Signatures p Standards for Proving Identity in Electronic Transactions p Data Privacy and Cybersecurity p Data Privacy and Cybersecurity Regulatory Regimes p Recent and Significant Data Privacy Breaches p Companies Utilising Public Key Infrastructures or Other Encryption Systems p Biometric Data p Intellectual Property p Intellectual Property Protection Regime p Trade Secret Regime p Copyrights, Patents, Trade Marks p Protection of Intellectual Property or Trade Secrets p Joint Development of Intellectual Property p Intellectual Property Litigation p Open Source Code p Tax Matters p Special Tax Issues, Benefits or Detriments p Issues Specific to the Specified Activities p Additional Legal Issues p Form of Legal Entity p Potential Forms of Charter p Key Differences in Form p Recent Legal Changes p.9 3

4 SWITZERLAND Law and Practice Lenz & Staehelin provides tailored services through a dedicated and multidisciplinary FinTech team to clients operating and investing in all areas of FinTech. Our Fin- Tech professionals have a deep understanding of the business models and underlying technologies on top of legal expertise in a wide range of areas, including regulatory, corporate and investment, financing, technology-enabled innovation and data exploitation. We advise start-ups, investors, technology companies and established financial institutions. Our team covers the full range of relevant legal services while navigating the regulatory environment with close contacts to regulators, including banking and finance, Authors Lukas Morscher a partner and the head of TMT and outsourcing is an expert on digitisation of the financial services industry. He practices in transactional and regulatory matters, outsourcing (IT and business process transactions), TMT, internet and e-commerce, data privacy, FinTech and digitisation/industry 4.0. A member of the SwissICT, the Swiss Internet Industry Association (simsa) and the International Technology Law Association (ITechLaw), Lukas is a frequent speaker on topics related to FinTech and digitisation/industry 4.0. TMT and outsourcing, corporate and M&A, commercial and contracts, competition, tax and employment. The firm s activities include regulatory and compliance; corporate and investment; financing; IP creation and protection, product and technology development; licensing and distribution; joint ventures, strategic co-operations and (out)sourcing; distributed ledger (blockchain), smart contracts; Regtech, Insurtech; data protection, data-based services and data analytics; trade secrets and business models; financial products; crowdfunding and peer-to-peer lending; mobile payment, trading systems; robo advisers, wealth management applications; competition law; and tax. Stefan Bürge is an associate practising in TMT, IP, internet and e-commerce, data privacy, FinTech and digitisation/industry 4.0. Memberships include the International Technology Law Association (and co-chair of its Substantive Law Committee on Start-Ups), the Swiss Finance + Technology Association and the Swiss Risk Association (financial engineering and risk management). Recent speaking topics include FinTech business models, smart contracts and the protection of IP in a digitisation/industry 4.0 context. 1. FinTech Market 1.1 The Development of FinTech Products and Services FinTech market growth (value chain share) and expansion (range of products and services) have accelerated in Switzerland based on a relatively high level. The market conditions for FinTech offerings are generally considered as favourable, in particular based on broad access to credit and venture capital, the available human know-how (number of graduates in science and technology) as well as the access to, and use of, information and communication technology. 1.2 The Market for FinTech Products and Services There are more than 200 FinTech organisations (both emerging and incumbent players) in Switzerland. Most of their business models focus on the financial market sector (payment services, investment management, banking infrastructure, deposit and lending, distributed ledger technology and analytics). A considerable number of these organisations offer their products and services to incumbent financial institutions and/or offer co-operation opportunities with respect to digitisation processes. 1.3 The Key Market Participants in the Specified Activities The FinTech market in Switzerland is dominated by start-ups that are mainly financed through venture capital. However, established companies firmly rooted in the financial and technology sectors play an important role and get a lot of market visibility. Incumbents are competitors of emerging companies or (and more often) companies that co-operate with emerging companies to develop new products and services. 1.4 FinTech Technologies/Companies A co-operation strategy between established providers of financial services and emerging players is frequent among FinTech organisations in Switzerland. While no general displacement trends can be identified at present, it is apparent that the value chain of established providers of financial services is under scrutiny and subject to (internal and/or external) challenges, including based on technology-driven 4

5 Law and Practice SWITZERLAND new products and services that have the potential to disrupt the value chain of many established players. It can also be noted that there are traditional income models that are, currently and based on technology deployed today, of less interest to emerging companies (eg, interest and trading services or commission-based transactions). A general impression is that established providers of financial services have the financial and organisational resources required to adapt their business processes gradually to avoid such displacement. Such steadfastness may also be due to assets on which only a relatively small number of emerging companies can rely, such as a trust-emanating brand or a financial market licence (including, among others, as a bank or a securities broker). 1.5 Partnerships Between Traditional Institutions and FinTech Companies Many traditional financial institutions have partnered with emerging FinTech companies to source, develop and/or test solutions that allow traditional financial institutions to rethink and rearrange their value chain, which can include the creation and/or branching off of new product or service offerings. Contractual joint ventures, participations by means of a minority stake and acquisitions are common ways to access the service offering and talent of emerging FinTech companies. Incubators funded and/or run by traditional financial institutions exist but are not widespread. 1.6 Approach to FinTech Innovation Swiss law is generally technology neutral and principle based. Accordingly, FinTech companies based in Switzerland generally have considerable regulatory latitude compared with other jurisdictions. The Swiss Financial Market Supervisory Authority (FINMA), in line with broader political tendencies, has recently suggested and partly initiated regulatory changes allowing FinTech companies to develop further, thereby contributing to an even more FinTech-friendly legal environment in the near future. In this vein, the Swiss Federal Council issued for consultation proposed amendments to the relevant banking regulation aimed at facilitating the emergence of innovative business models based on financial technology. The proposed risk-based and technology-neutral amendments are designed to lower market entry barriers and include a new type of licence for FinTech and other companies accepting public deposits. 1.7 Laws or Policy to Encourage Innovation Various associations and interest groups have been set up to co-ordinate the interests of FinTech-oriented organisations and individuals. They organise networking events, facilitate the exchange of experience and know-how, and raise the voice of the FinTech sector in the political process. Pre-existing but quite active in the FinTech field is the federally funded Commission for Technology and Innovation (CTI), which (subject to certain eligibility criteria) provides financial and administrative support. Further, a considerable number of private initiative incubators and accelerators are active or have been recently launched to support emerging FinTech companies in the development of their business ideas and models. A number of FinTech-specific awards and challenges (eg, Swiss FinTech Awards) are intended to encourage innovation in the FinTech sector. 2. Regulation 2.1 Regulatory Regimes for Specified Activities or FinTech Companies Switzerland has not yet enacted regulation specifically aimed at FinTech companies. There is no general FinTech licensing or approval requirement in Switzerland. The applicable licensing requirements or special approval processes, if any, depend on the business model of any given FinTech company. Under current law, the general financial market regulation and other laws (including consumer protection, privacy and similar regimes) are applicable. Such regulation applies uniformly on a national basis. Under the current financial market regulation, acceptance of more than 20, or public solicitation of, deposits, regardless of the amounts involved, currently falls within the definition of banking activity and requires a banking licence granted by FINMA. This in turn triggers authorisation-granting requirements (eg, minimum equity, liquidity and controls). Under Swiss law, any natural or legal person accepting or holding deposit assets belonging to others or assisting in the investment or transfer of such assets qualifies as an intermediary according to the Federal Anti-Money Laundering Act (AMLA). This includes persons who carry out credit transactions (in particular in relation to consumer loans or mortgages, factoring, commercial financing or financial leasing) and who provide services related to payment transactions. This applies to many upcoming business models, such as those involving mobile payment, blockchain and related applications, cryptocurrencies, automated investment advice, crowdfunding or peer-to-peer lending. Based on this broad scope, many, if not most, FinTech companies qualify as financial intermediaries and are generally subject to anti-money laundering obligations, including compliance with know your customer (KYC) rules. A Fin- Tech company that is subject to AMLA is required to join a self-regulatory organisation (Art.12 AMLA) or to obtain FINMA approval as a directly supervised financial intermediary (Art.14 AMLA). Compliance with Swiss anti-money laundering regulations is relatively easy to achieve and should not represent a significant entry barrier. However, dealing with the associated costs (which can be substantial and, hence, a key aspect with 5

6 SWITZERLAND Law and Practice respect to certain business models) requires careful planning and possibly adaptation of envisaged business models. This applies, in particular, to FinTech companies providing alternative finance (eg, crowd investment) platforms, payment services and the professional purchase and sale of virtual currencies. FinTech companies can also fall under the scope of the Federal Stock Exchanges and Securities Trading Act (SESTA), as is generally the case for financial market infrastructures such as stock exchanges and multilateral trading systems, or the Federal Collective Investment Schemes Act (CISA), as is generally the case for asset managers of collective investment schemes. In these cases, a FINMA licence is generally required. Certain FinTech products and services, including providing digital services in the fields of asset management and/or digital investment advice, can, in the future, also trigger a licensing requirement pursuant to the contemplated Federal Financial Services Act (FinSA) and pursuant to the Federal Financial Institutions Act (FinIA). In essence, the FinSA sets out cross-sector rules for offering financial services and distributing financial instruments reflecting recent EU law developments, including the Markets in Financial Instruments Directive (MiFID) and the Prospectus Directive with adjustments made to reflect the specific Swiss circumstances. Based on the FinIA, a differentiated and risk-based supervisory regime for portfolio managers, managers of collective assets, fund management companies and securities companies will be introduced. The FinSA and FinIA aim to create uniform competitive conditions for financial intermediaries and improve client protection. The FinSA contains code of conduct provisions with which financial service providers are required to comply and that, as is the case with anti-money laundering obligations, cause additional costs. The FinIA aims at harmonising the authorisation rules for financial service providers. The FinSA and FinIA, which are expected to enter into force in 2018, are part of a new financial market architecture covering supervision, as already governed by the Financial Market Supervision Act (FINMA- SA); infrastructure, based on the Federal Financial Market Infrastructure Act (FMIA); services (FinSA); and supervised entities (FinIA). The proposed FinTech-specific amendments to the relevant banking regulation are currently being discussed and may be enacted as early as The proposed risk-based and technology-neutral amendments are designed to lower market entry barriers and include a new type of licence for FinTech and other companies accepting public deposits (banking licence light, requiring that the aggregate amount of public deposits must generally not exceed CHF100 million and may neither be invested nor be interest-bearing). This new licence type aims to ease the regulatory burden in cases where Fin- Tech or other companies (eg, online banking, mobile payment processing and crowdfunding) take deposits, while, from a risk perspective, it would seem disproportionate to impose a full traditional banking licence given their specific business model. 2.2 Regulatory or Governmental Agencies for Specified Activities or FinTech Companies FINMA is responsible for the authorisation, supervision, enforcement and documentation of all financial services market activities requiring approval. There is generally no differentiation by target market (ie, consumer versus wholesale markets); rather, FINMA s supervision is risk-based, ie, the intensity of the supervision (including the frequency of examinations) depends on the FINMA-perceived risk posed by the respective participant on the market for financial services. The applicable laws are enforced by FINMA by means of administrative measures as required under supervisory law. FINMA s powers include precautionary measures or measures to restore compliance with the law, withdrawal of authorisations, liquidation of unauthorised companies, issuance of industry bans and ordering the disgorgement of profits generated by illegal means. FINMA can also publish final decisions naming those involved. In addition to the supervisory and enforcement functions of FINMA, Swiss financial market regulation is also enforced by criminal prosecution authorities and self-regulatory organisations. In cases where irregularities fall under the scope of criminal law, FINMA may file a complaint with the competent authorities, such as the Federal Department of Finance, Office of the Attorney General and/or cantonal prosecution authorities. Other authorities, such as the Swiss Competition Commission and the Federal Data Protection and Information Commissioner, enforce the relevant regulations in their respective areas of enforcement responsibility. 2.3 Capital and Liquidity Requirements Under current Swiss law, there are no capital and liquidity requirements or affiliate transaction limitations that specifically apply to FinTech companies. Any organisation qualified as a bank, irrespective of whether such organisation is a FinTech company, is subject to Swiss banking and financial market regulation, including the Federal Ordinance on the Liquidity of Banks (LIQO). In general, a financial institution is required at all times to have sufficient liquidity to meet its payment obligations. A sustainable liquidity reserve against short-term liquidity deterioration has to be maintained and adequate medium to long-term refinancing must be ensured. No differentiation among charter types applies. The proposed new FinTech regulation, which may be enacted as early as 2018, features a new type of licence for FinTech and other companies accepting public deposits (banking licence light ). Under such licence, eligible FinTech companies would be subject to a more lenient capital adequacy 6

7 Law and Practice SWITZERLAND framework (minimum capital of CHF300,000 or 5% of accepted public deposits, whichever is higher). 2.4 Sandbox or Other Regulatory Neutral Zones Under current Swiss law, there are no sandbox or other regulatory neutral zones that specifically apply to FinTech companies. Under the proposed FinTech law amendments, a sandbox approach would serve the purpose of providing an innovation environment wherein providers of financial services are not subject to licensing as a result of public deposit-taking. Under the relevant draft legislation, a FinTech company would be allowed to accept deposits without a banking licence up to an aggregate deposit amount of CHF1 million and irrespective of the number of public deposits, provided that the deposits are not invested and no interest is being paid. The sandbox is intended to allow FinTech and other companies to test and develop business models without blocking capital and incurring the cost that a full banking licence entails. See 2.6 Recent Developments or Notable Proposed/Forthcoming Regulatory Changes. 2.5 Change of Control Approval Requirements Under current Swiss law, there are no sector-specific impediments for FinTech companies (beyond those that apply in general, including with respect to competition law and for listed companies). 2.6 Recent Developments or Notable Proposed/ Forthcoming Regulatory Changes The proposed Swiss FinTech regulation model is based on three key components: (i) a banking licence light to cater for the specific risk profile of FinTech business models, (ii) creation of an innovation area (ie, sandbox) and (iii) targeted regulatory adjustments with respect to the holding period for settlement accounts. The new licence type proposed under the draft regulatory amendments of the Swiss Banking Act (BA) targets companies accepting public deposits while not using such deposits to fund traditional lending business. Under the licence, the aggregate amount of public deposits must not exceed CHF100 million (a higher threshold may be individually authorised) and may neither be invested nor be interestbearing. Companies licensed accordingly would be subject to a more lenient capital adequacy framework intended to ease the regulatory burden in cases where FinTech or other companies take deposits, while, from a risk perspective, it would seem disproportionate to impose a full traditional banking licence given their specific business model. The proposed sandbox is aimed at creating an innovation environment wherein providers of financial services are not subject to licensing as a result of public deposit taking. Under the draft regulatory amendments of the Swiss Banking Ordinance (BO), a company would be allowed to accept deposits without a banking licence up to an aggregate deposit amount of CHF1 million and irrespective of the number of public deposits, provided that the deposits are not invested and no interest is being paid. The sandbox allows FinTech and other companies to test and develop business models without blocking capital and incurring the cost that a full banking licence entails. This is generally of particular relevance for crowdfunding platforms because no time limit applies with respect to the CHF1 million threshold, allowing a funding volume over a certain time period that may exceed this threshold. The new licence type and the sandbox would be subject to certain additional requirements, including a disclosure to the depositor that the provider of financial services (ie, any eligible FinTech company) does not hold a banking licence and that deposits are not covered by the Swiss depositor protection system. As a targeted regulatory adjustment under the proposed Swiss FinTech regulation model, the proposed revised BO provides for an extended holding period for settlement accounts in that third-party monies accepted on accounts for the sole purpose of settling client transactions would not qualify as deposits. The maximum holding period, which is currently seven days, would be extended to 60 days, which would allow alternative finance platforms to hold monies during the (collection) time period without requiring a banking licence, again provided that no interest is paid and funds are not invested. Based on the broad scope of the generally applicable antimoney laundering regulation (in particular AMLA, which is applicable to any natural or legal person accepting or holding deposit assets belonging to others or assisting in the investment or transfer of such assets), many, if not most, FinTech companies qualify as financial intermediaries and are generally subject to anti-money laundering obligations, including compliance with KYC rules. See 2.11 Unregulated Specified Activities. The Federal Data Protection Act (DPA) and the Federal Ordinance on Data Protection (DPO), which are currently being amended, may also affect FinTech and other companies because a number of provisions with respect to the processing, notification and transfer of data, including with respect to considerable organisational and administrative requirements as well as significant sanctions, are likely to be amended. The particulars of the amendments and the timeline with 7

8 SWITZERLAND Law and Practice respect to the entering into force of such amendments are not yet determined. 2.7 Burden of Regulatory Framework and Protection of Customers Under current law, there is no specific regulatory framework for FinTech companies. Based on its general technology neutrality and principle-based approach, the Swiss regulatory framework allows for considerable regulatory latitude and room for development for FinTech companies, including compared with other jurisdictions. Two key principles of Swiss financial market regulation are system stability and consumer protection. Accordingly, a number of cross-sector regulations aim to strengthen the robustness of financial institutions and ensure transparency. The suggested amended Swiss FinTech regulation would maintain these principles while addressing the most critical barriers to innovative business models ie, the regulatory threshold for accepting client money and holding more than 20 deposits and is tailored to allow for the fair and equal treatment of all market players while providing a risk-based framework to encourage innovation. In combination with other regulatory relief, notably the FINMA Circular 2016/7 on Video and Online Identification (due diligence requirements for client onboarding via digital channels), the proposed amendments generally create new business opportunities for FinTech companies and other more traditional financial services providers irrespective of the technology used, including by way of collaboration, outsourcing and otherwise. 2.8 Regulatory Impediments to FinTech Innovation at Traditional Financial Institutions Given that there is no specific regulatory framework for Fin- Tech companies under current law, there are generally no regulation-induced impediments to FinTech innovation at traditional financial institutions. Traditional financial institutions encounter lower barriers when entering the FinTech market because such institutions are typically fully licensed and, hence, in a position to develop and deploy technologydriven business models without the additional burden of ensuring that such development and deployment is in line with applicable general regulatory requirements. 2.9 Regulatory Regime s Approach to Consumers and Small Business Customers Under Swiss law, there are certain sector-specific regulations aimed at protecting consumers. With respect to private borrowers entering into a credit agreement for private purposes, the Swiss Consumer Credit Act (CCA) provides for protection against excessive debt. A key protection element is the requirement that such credit agreements can only be validly concluded in writing (Art.9 para.1 CCA). Pursuant to the Swiss Code of Obligations (CO), a contract required by law to be in writing must be signed by all persons on whom it imposes obligations and signatures are to be appended by hand (Art CO). While regulatory amendments with respect to electronic signatures have recently been implemented, this requirement still imposes limitations on automation processes generally desired across most FinTech business models Outreach by Regulators or Government Authorities to Engage with FinTech Innovators FINMA holds occasional roundtable sessions with stakeholders and is an active discussion partner with respect to the challenges and opportunities presented by FinTech business models. FINMA and other government authorities generally emphasise the importance of making use of technological progress and make efforts to facilitate lower market entry barriers for technology-driven business models in the FinTech sector. By way of example, FINMA Circular 2016/7 on Video and Online Identification (due diligence requirements for client onboarding via digital channels) has been a convincing response to stakeholders calls to facilitate the client onboarding processes without any change in media; ie, solely based on digital channels by allowing video and online identification. Such regulatory activity is in line with Switzerland s national Digital Switzerland strategy, as published in September Unregulated Specified Activities Under current Swiss law, only specified activities that are carried out without reaching the (low) thresholds under the applicable regulation in particular, BA with respect to the acceptance of a maximum of 20 deposits can be considered as unregulated. However, based on the broad scope of the generally applicable anti-money laundering regulation in particular, AMLA, applicable to any natural or legal person accepting or holding deposit assets belonging to others or assisting in the investment or transfer of such assets many, if not most, FinTech companies qualify as financial intermediaries and are generally subject to anti-money laundering obligations, including compliance with KYC rules. A FinTech company that is subject to AMLA is required to join a self-regulatory organisation (Art.12 AMLA) or obtain FINMA approval as a directly supervised financial intermediary (Art.14 AMLA) Foreign FinTech Companies There are no special limitations, requirements and/or barriers to entry specifically aimed at foreign FinTech companies. Regulations that apply in general and that may be of particular relevance to foreign FinTech companies include imprint and other business conduct obligations pursuant to the Federal Act against Unfair Competition (UCA) and investment offering limitations pursuant to the Federal Col- 8

9 Law and Practice SWITZERLAND lective Investment Schemes Act (CISA; see 2.1 Regulatory Regimes for Specified Activities of FinTech Companies). With respect to anti-money laundering obligations, foreign FinTech companies providing inbound services into Switzerland are generally not subject to respective Swiss regulation provided that the foreign FinTech company s presence in Switzerland is limited to an online presence. A considerable number of foreign FinTech companies have decided to be domiciled in Switzerland and to offer products and services by using Switzerland s generally FinTech-accommodating regulatory environment, which can be expected to become even more accommodating following the adoption of the proposed Swiss FinTech regulation model, as amended Regulatory Enforcement Actions Against FinTech Companies FINMA strictly enforces financial market regulation based on its supervisory and enforcement function. However, there is no knowledge of high-profile enforcement actions directed against FinTech companies Shadow Banking Under Swiss law, shadow banking refers to non-bank financial intermediaries providing services that are similar to the services of traditional commercial banks but carried out outside financial market regulations applicable to banks. Bond funds and other investment funds, which are generally presumed to account for 60% of the assets of the shadow bank sector in Switzerland, are monitored by FINMA. The system stability risks by shadow banking are hence generally considered as low. However, while there is no regulation specifically addressing shadow banking, the limitation thereof is occasionally addressed in the course of amendments of thematically related regulations (eg, respective measures have recently been enacted in the context of the revision of the capital adequacy and risk distribution regulation applicable to banks and securities brokers). 3. Form of Legal Entity 3.1 Potential Forms of Charter In general, any commercial charters and legal organisational forms pursuant to Swiss law may be used by FinTech companies. As is the case for any type of business, the legal form of stock companies (Aktiengesellschaft, or AG) and limited liability companies (Gesellschaft mit beschränkter Haftung, or GmbH) are most common, including as these legal forms generally allow for a limitation of liability to the assets of the respective company (generally without exposing the invested individual). The organisational form of a FinTech company does not trigger a licence requirement. Whether there is a licence requirement and which licence type applies are determined by the business activity of the relevant Fin- Tech company (see 2.1 Regulatory Regimes for Specified Activities of FinTech Companies). 3.2 Key Differences in Form See 3.1 Potential Forms of Charter. 3.3 Recent Legal Changes Not applicable. See 3.1 Potential Forms of Charter. 4. Legal Infrastructure (Nonregulatory) 4.1 Desirable Changes to Facilitate Specified Activities Swiss commercial law has not been specifically amended to accommodate FinTech innovation. Based on Swiss commercial law being technology neutral, such amendments have, to this day, not been required. The specified activities cover a broad range of technologies and business models. The Swiss legislator has noted that implementing regulatory changes as they are envisaged based on the proposed Swiss FinTech regulation model; see 2.6 Recent Developments or Notable Proposed/Forthcoming Regulatory Changes is necessary but not sufficient to allow FinTech companies to unleash the full potential of their business models. Key legal uncertainties under Swiss law include the legal classification of virtual currencies as digital objects and the evidentiary value of confirmations provided for digitised assets and the transfer thereof by means of distributed ledger technology (public faith in blockchain entries). Legal ownership of digital objects is not established under Swiss law and ownership generally requires an object to be tangible for the owner to be in a position to claim legal title and exercise factual control over such object as property. Digital information is not tangible and can therefore, according to current Swiss law, not be subject to legal ownership. However, ownership of digital objects is often allocated in contracts, as between the parties (ie, with effect for the parties of the respective agreement only), to one of the contracting parties. Similarly, there is as of yet no public faith in the digital records of the assets and of the transfer as registered by means of public ledger technology (blockchain). Acknowledging such pubic faith would require legislative changes. A working group led by the Federal Department of Finance has been mandated to provide suggestions on recommended further steps, including with respect to appropriate legislative changes. 4.2 Access to Real-Time Gross Settlement Systems As a matter of principle, FinTech companies do not have direct access to real-time gross settlement systems. Rather, real-time gross settlement systems must be accessed through 9

10 SWITZERLAND Law and Practice banks or other regulated financial institutions supervised by FINMA. The Swiss National Bank (SNB) and FINMA are the authorities overseeing regulatory functions related to the payment, clearing and settlement infrastructure in Switzerland. As Switzerland is not an EU Member State, the Payment Services Directive (2007/64/EG, PSD) and the Extended Payment Services Directive (2015/2366, PSD2) are not applicable with respect to Switzerland. However, in order to participate in the Single Euro Payments Area (SEPA), Swiss banking institutions had, among other things, to implement certain obligations pursuant to the PSD. Whether and to what extent the PSD2 is implemented into, or reflected in, Swiss legislation and the timeline with respect to the entering into force of such amendments are not yet determined. 4.3 Special Insolvency Regimes There are no special insolvency regimes or other regimes that would apply differently to FinTech companies (see 2.1 Regulated Regimes for Specified Activities of FinTech Companies). 4.4 Electronic Signatures An authenticated electronic signature combined with an authenticated time stamp (both pursuant to the Swiss Electronic Signatures Act, or ESA) is deemed equivalent to a handwritten signature (Art.14 para.2 bis CO). There are a number of service providers administrating the technical prerequisites to use and/or process authenticated electronic signatures and related time stamps. No special requirements must be met by FinTech companies before electronic signatures can be used. 4.5 Standards for Proving Identity in Electronic Transactions Under Swiss law in particular, ESA; see 4.4 Electronic Signatures an authenticated electronic signature is a technical process for verifying the authenticity of a document, an electronic message or the identity of the sender. It is based on a certification infrastructure managed by third-party providers of certification services. Under current law, providers of electronic identification systems can be certified on a voluntary basis. The Swiss legislator is considering the creation of a more detailed legal and organisational framework for the authorisation of electronic identification tools and the suppliers thereof, including the creation of a legal and technical basis for the certification of e-id systems developed and/or maintained by providers of certification services. The particulars of the contemplated amendments and the timeline with respect to the entering into force of such amendments are not yet determined. 5. Data Privacy and Cybersecurity 5.1 Data Privacy and Cybersecurity Regulatory Regimes The processing of personal data by private persons and federal bodies is regulated in particular by the DPA and DPO, which apply, with some exceptions, to the processing of data relating to natural persons as well as (contrary to most other jurisdictions) legal entities. Personal data must be protected against unauthorised processing by appropriate technical and organisational measures (Art.7 DPA; measures as specified in Art.8-12 DPO and Art DPO). Such protection has been specified with respect to the storing, processing and transferring of client data in the banking sector (Annex3 to FINMA Circular 2008/21 on capital adequacy requirements for operational risks within the banking sector). Swiss data protection law is currently being amended. While the technical requirements are likely to remain unchanged, there are considerable organisational and administrative requirements as well as significant sanctions foreseen, but the particulars of the amendments and the timeline with respect to the entering into force of such amendments are not yet determined. Regarding cybersecurity, non-binding guidelines with respect to minimum security requirements for telecommunications services have been issued by the competent regulator, the Federal Office of Communications (OFCOM). However, there is no cross-sector cybersecurity legislation in Switzerland that would generally be applicable to FinTech companies. 5.2 Recent and Significant Data Privacy Breaches There is no knowledge of significant data privacy breaches or other cybersecurity attacks involving FinTech companies. Minor attacks did not trigger relevant consequences because no sensitive data had been revealed. 5.3 Companies Utilising Public Key Infrastructures or Other Encryption Systems The use of public key infrastructures and/or other encryption systems is protected by criminal law pursuant to the Federal Criminal Code (CC). Any person who obtains unauthorised access by means of data transmission equipment to a data processing system that has been specially secured to prevent his or her access is liable to imprisonment not exceeding three years or to a monetary penalty (Art.143 bis para.2 CC). Similarly, with respect to computer fraud, any person who by the incorrect, incomplete or unauthorised use of data (or in a similar way) influences the electronic or similar processing or transmission of data and as a result causes the transfer of financial assets is liable to imprisonment not exceeding five years (not exceeding ten years in 10

11 Law and Practice SWITZERLAND case a commercial gain is intended) or to a monetary penalty (Art.147 CC). 5.4 Biometric Data There is no specific regulatory regime applicable to biometric data. Biometric data qualifies as personal data or sensitive personal data, depending on the type of the data (Art.3 DPA). The consent of the data subject is generally required to process biometric data. Any processing of personal data must be performed lawfully and in accordance with the principles of proportionality and good faith. Data, including biometric data, may only be processed for the purpose indicated at the time of collection (Art.4 DPA). 6. Intellectual Property 6.1 Intellectual Property Protection Regime Swiss law provides for the protection of intellectual property rights, including copyrighted materials (Federal Act on Copyright and Related Rights, or COPA), patents (Federal Act on Patents for Inventions, or PA), trademarks (Federal Act on the Protection of Trade Marks and Indications of Source) and designs (Federal Act on the Protection of Designs). Databases are generally of particular relevance for FinTech companies and may be protected under COPA as collective works to the extent they qualify as original creations with individual character with respect to their selection and arrangement (Art.4 COPA). Unlike EU law, Swiss law does not provide for general protection of databases by way of a right of its own (sui generis right) in favour of the creator. If databases do not reach the threshold of copyright protection as collective works, the economic effort to compile the database is generally not protected in Switzerland. In contrast, the Federal Act against Unfair Competition (UCA) protects marketable work results against technical reproduction performed without commensurate effort by the reproducing party (Art.5 lit.c UCA). 6.2 Trade Secret Regime The unauthorised disclosure or exploitation of trade secrets can be sanctioned (Art.4-6 UCA, Art.162 CC), including when a trade secret is disclosed by employees (Art.321a CO). In general, information is protected as a trade secret if, cumulatively: the information in question is related to the business of the trade secret s owner; the information is not generally known; the owner of the secret intends to keep the information secret; and the owner of the secret has a legitimate interest for the information to be kept secret. 6.3 Copyrights, Patents, Trade Marks Whether FinTech technology can be protected under copyright and/or patent law depends on the particulars of such technology. In general terms, a copyrightable technology must be a work based on a literary or artistic intellectual creation with individual character (Art.2 COPA). An invention must be of technical nature, new, commercially applicable and include an inventive step ie, an invention cannot be obvious to a specialist in the relevant technical field to qualify as patentable subject matter (Art.1 PA). Certain computer-implemented inventions may also qualify as patentable subject matter. Related signs can be registered as trade marks by means of national registrations or designations in Switzerland pursuant to international protection treaties (Madrid Agreement and Protocol). 6.4 Protection of Intellectual Property or Trade Secrets Under Swiss law, the ownership of employee inventions is dependent on the nature of the created intellectual property. Copyrights vest in the author (ie, the natural person that created a copyrightable work). Commercial exploitation rights in software developed by an employee in the course of employment vest in the employer (Art.17 COPA). In contrast, patentable inventions or designs conceived in the course of employment and in performance of the respective employee s contractual obligations vest in the employer (Art.332 para.1 CO). Provided that the employee receives appropriate compensation for the assignment, the employer may (in addition) have inventions assigned to him or her that have been created in the course of employment but unrelated to the respective employee s tasks (Art.332 para.2-4 CO). Considering the above, FinTech companies should ensure that all employment agreements address the assignment of intellectual property created by employees. A tech log, to be regularly updated by each employee, can serve as a basis to determine the original author of any given technology. This is of key importance in co-operation and/or co-creation cases to attribute newly created intellectual property, including as a basis to implement the contractual protection of trade secrets and other relevant information. 6.5 Joint Development of Intellectual Property With respect to the attribution of collaboratively developed intellectual property, Swiss law in particular the CC differentiates between co-ownership (Art.646 CC) and joint ownership (Art.652 CC). Pursuant to the Federal Act on Copyright and Related Rights (COPA), the copyright belongs to all persons jointly in cases where two or more persons have contributed as authors to the creation of a work and, unless such persons have agreed otherwise, they may 11

12 SWITZERLAND Law and Practice only use the work with the consent of all authors (Art.7 COPA; joint ownership). In cases of co-ownership, several persons own a share in an object/work that is physically undivided. Unless stipulated otherwise by way of agreement, these persons are co-owners in equal parts. In case of joint ownership, several persons associated by law or contract are joint owners whereby the rights of each joint owner relate to the whole object/work. It is generally recommendable to avoid joint ownership because a unanimous decision of all joint owners is required for any exercise of ownership rights. The involved persons can modify the applicable ownership attribution any time by way of contract. 6.6 Intellectual Property Litigation While intellectual property is generally a significant source of litigation, there is no knowledge of high-level disputes that specifically involved FinTech companies. 6.7 Open Source Code Open-source software is not specifically regulated under current Swiss law. The general principles with respect to software and possible copyright protection apply (see 6.1 Intellectual Property Protection Regime). Issues with opensource software in particular, commercial use of further developments, platform compatibility and security can generally be best identified by means of a regularly updated and monitored software log detailing the types of software used, sourced and developed within an organisation. 7. Tax Matters 7.1 Special Tax Issues, Benefits or Detriments There is no knowledge of any tax issues, benefits or detriments specifically applicable to FinTech companies. 8. Issues Specific to the Specified Activities 8.1 Additional Legal Issues The maximum interest permissible for consumer (cash) credits currently amounts to 10% (Art.14 CCA). See 4.1 Desirable Changes to Facilitate Specified Activities regarding other specified activities. Lenz & Staehelin Brandschenkestrasse 24 Zürich Switzerland CH-8027 Tel: Fax: zurich@lenzstaehelin.com Web: 12