Josje Fiolet
Josje Fiol
Josje Fiolet

Future-proofing FinTech operating models: EU regulatory benchmark


In the past decade, FinTech players have emerged that operate across borders with agile and customer centric propositions whilst continuously challenging the status quo. As part of their growth path, a regulatory authorisation often becomes necessary to broaden and scale up their business operations. Supervisory procedures are not always transparent, which is why this article aims to shed some light on how aspiring payment and electronic money service providers can define the best authorisation strategy. Recent INNOPAY study of authorisation procedures across Europe will support executive decision making regarding the regulatory approach. In conclusion, we explain why a Compliant by Design operating model should be on every FinTech company’s strategic agenda.

Rise of FinTech and authorisations

FinTech firms that expand their business by providing financial services such as payment and electronic money services often require a regulatory authorisation (i.e. licence or registration). Becoming authorised not only future-proofs the sustainable growth of the business, but also signals trustworthiness towards market participants such as consumers and other financial institutions.

Statistics show that the number of authorised payment and electronic money institutions in the EU is growing at a staggering rate: from 248 to 1,311 (January 2017 to January 2020), which is an increase of 529%.[1] Main growth drivers are new licences for third-party providers under the Payment Services Directive 2 (PSD2), the diversifying financial ecosystem with new (tech) companies starting to offer regulated services, and Brexit which is forcing financial institutions to obtain additional authorisations to retain market access.

New insights in European authorisation procedures

Acquiring an authorisation can be complex and costly, because internal procedures need to be (re)designed in line with the applicable requirements and the exact requirements are often unclear upfront. Therefore, it is important for FinTech firms to develop an optimal authorisation strategy. One of the first steps is to decide in which country to apply for the authorisation. The right choice depends on criteria including the supervisory approach and the regulator’s level of transparency. These criteria can be assessed by comparing the availability and quality of information on authorisation procedures in various countries.[2] Therefore, INNOPAY assessed the authorisation procedures in 13 countries as the basis for helping FinTech firms to determine their optimal authorisation strategy.

The 13 European supervisors that were selected for the benchmark have issued 82% of the payment licences and 88% of the electronic money institution licences between them, so this can be regarded as a representative sample. To study best practices in transparency and proactiveness, the aim was to identify the supervisors that provide the most successful and efficient support to FinTech firms during the authorisation process. Therefore, the supervisors were evaluated on the following related topics: (i) the availability and quality of relevant information, and (ii) the accessibility of and required effort for the authorisation procedure (see Figure 1).

Key criteria used for evaluation of supervisory authorisation procedures. © INNOPAY. All rights reserved.
Figure 1: Key criteria used for evaluation of supervisory authorisation procedures. © INNOPAY. All rights reserved.

Key findings

The results of the study of the authorisation procedures in the 13 countries reveal that the level of transparency and proactiveness varies greatly among the financial authorities analysed.

Relative position of different supervisors across Information and Process axes, based on INNOPAY analysis. © INNOPAY. All rights reserved.
Figure 2: Relative position of different supervisors across Information and Process axes, based on INNOPAY analysis. © INNOPAY. All rights reserved.

The top-right quadrant shows the supervisors with the highest perceived level of transparency and proactiveness: Republic of Ireland, Lithuania, the Netherlands, Sweden and the United Kingdom (UK). The positive results of these countries are mainly due to the following reasons:

  • Ireland provides detailed local authorisation requirements. Interestingly, Ireland is the only country without initial authorisation fees, although all regulated firms do need to pay yearly supervisory costs (just as in other countries);
  • Lithuania sets itself apart by providing clear information such as FAQs and tutorial videos, in conjunction with more relaxed local requirements such as no need to pay regulatory fines in the first year after authorisation;
  • The Netherlands excels in terms of the availability and quality of published information such as authorisation manuals in both Dutch and English, and due to having a digital portal for the authorisation applications;
  • Sweden excels in providing extensive ‘what’ and ‘how to’ information for applicants via a handbook, clear template application forms and additional explanatory notes;
  • The UK optimises both the Information and Process aspects by not only providing transparent and high-quality information, but also by having a straightforward and understandable process and stimulating FinTech through clear regulatory sandbox procedures with actual FinTech use cases.

Regulatory approach towards FinTech firms

Regulators often promote the fact that they foster innovation, but many FinTech firms wonder what that means in practice. To clarify this, the INNOPAY study additionally looked into the regulatory approach towards FinTech firms. The findings were largely positive; various regulators publish research on FinTech activities and support FinTech firms through initiatives such as regulatory sandboxes and innovation hubs (see Figure 3).

Figure 3: Examples of Fintech support procedures by regulators in EU. © INNOPAY. All rights reserved.
Figure 3: Examples of Fintech support procedures by regulators in EU. © INNOPAY. All rights reserved.

Three examples of proactive countries

  • UK: FinTech firms can test their innovative products and services in a regulatory sandbox. In fact, the FCA chairs the Global Financial Innovation Network, which is a cross-border regulatory sandbox comprising 29 regulatory bodies around the world.
  • France: in July 2019, the ACPR announced its plans to create a voluntary framework for crypto firms including capital requirements, tax mandates and consumer protection protocols.
  • Germany: the legislator and supervisor are reacting to FinTech developments by proactively establishing new (authorisation) regulations around crypto assets such as utility, investment and payment tokens.[3]

Claims by supervisors that they facilitate innovation and competition can create an expectation that they apply ‘more relaxed’ or ‘FinTech-friendly’ procedures for innovative firms. However, the study reveals that regulatory requirements are almost never loosened, meaning that FinTech firms must ensure a compliant operating model regardless of their chosen home country.

Why Compliance by Design should be on every strategic agenda

Based on 20 years of digital transformation and innovation experience, INNOPAY believes that the fast pace of digital change will only accelerate further as everything increasingly becomes a transaction. To control this new data-driven world, almost all existing rules and regulations will need to be adapted or updated. This will further intensify the current compliance and operational risk burden. Supported by the findings from the INNOPAY benchmark study, we are convinced that companies with a Compliant by Design operating model will consistently outperform FinTech companies that lack such a model. The latter will have to deal with a much greater degree of change, higher implementation and operational costs and inherent risks. History has shown that shareholders are rarely kind to such organisations, especially when the expanding cost base does not create any top-line growth value. Therefore, every executive board in the FinTech sector should ensure that restructuring the operating model – including developing an authorisation strategy – is on their company’s strategic agenda and roadmap.

With our expertise in FinTech, payments and financial authorisations, INNOPAY can provide support with all the challenges to be tackled on the way to obtaining an authorisation and ensuring compliancy by design. We do so by (re)designing an effective and compliant operating model that suits your company’s strategy, whilst aligning as much as possible with the current way of working. To further discuss your own case and how we can help you, do not hesitate to contact Josje Fiolet.


Do you need more information on how you can successfully obtain and retain a PSD2 license? Download our approach below:


[1] EBA Public Register,

[2] In every country the same financial authority is responsible for licensing payment institutions and electronic money institutions, which makes sense as both financial institution types provide payment services

[3] Changes in the German Banking Act (Kreditwesengesetz, KWG) will enter into force on 1 January 2020, as transposition of AMLD5, resulting in crypto assets qualifying as financial instruments. This results in a KWG-licence as bank or investment firm at BaFin.

Nehmen Sie Kontakt auf

Bereit für die Zusammenarbeit mit den Experten von INNOPAY?