- Compliance for Fintech Companies: What Your Website Visitors Have a Right to Know
- March 29, 2017 | Author: Yasmine Aquilina
- Law Firm: GVZH Advocates - Valletta Office
In recent years, the financial services industry has been stepping into the digital world, with many financial institutions also operating online. The evolution of the use of software for the provision of financial services is also known as “FinTech”. Between 2010 and 2015, total global investment in FinTech amounted to $49.7 billion. The most popular FinTech areas are those of payment and lending services (consumer and retail), block-chain services, such as bitcoin, and cybersecurity and cloud-based services, such as market monitoring and tracking.
Legislation regulating the information which must be provided on a financial institution website and the manner in which this information is to be presented are both factors which financial services providers need to take into consideration. Below is an outline of the principle Maltese rules and regulations which financial institution websites must adhere to.
DISTANCE MARKETING OF CONSUMER FINANCIAL SERVICES
Key information about the financial institution’s products and services must be provided in at least one of the official languages of Malta. Before the conclusion of a contract between the financial institution and a third party, certain information about the institution as the service provider, the financial service itself, elements which are to be found in the distance contract and methods for redress must be provided by the institution.
Compliance with the Distance Marketing of Consumer Financial Services Directive is regulated by the Malta Financial Services Authority (MFSA). Failure to comply with the provisions in the Distance Marketing of Consumer Financial Services Directive may result in an administrative fine of up to €93,000 on the supplier, or the manager, secretary, director or other person responsible for the supplier’s activity.
Under the Electronic Commerce (General) Regulations, implemented through S.L. 426.02 in Malta, the financial institution shall only send direct marketing by electronic means if certain conditions are met. For example, no unsolicited communications may be sent unless the client gives his prior consent, and the person/company sending the advert must be identified. The Malta Communications Authority has the power to impose fines of up to €23,293.73 for non-compliance with the provisions in these regulations.
The use of comparative advertising in Malta must comply with certain provisions found in the Commercial Code. For example, comparative advertising must not be misleading, and must not take unfair advantage of the reputation of a third party trademark. The First Hall of the Civil Court in Malta may fine up to €4,658.75 for any breach of the provisions relating to comparative and misleading advertising.
DATA PROTECTION & COOKIES
The data controller or any other person authorised by him on his behalf must provide a data subject from whom data relating to the data subject himself are collected, with certain information, inter alia, the identity and habitual residence or principal place of business of the controller and of any other person authorised by him on his behalf, and the purposes of the processing for which the data is intended.
In Malta, the Data Protection Commissioner may impose fines of up to €23,300 for breach of any provisions within the Data Protection Act, and €50 for each day the violation persists, and/or to imprisonment of up to six months.
A website disclaimer, although not required by law, should be utilised to describe in particular the intellectual property and hyper-linking matters such as advertisements, hyperlinks and pointers to web sites operated by third parties.