Answer ... Fintech is not a regulated activity in itself and no regulations specifically created for the fintech space have been introduced in Norway. However, the practice of the Norwegian regulators is evolving to adapt to the application of new technologies. In general, an entity must not carry on regulated activity in Norway unless it is authorised or exempt. The Norwegian Financial Undertakings Act of 10 April 2015 and supplementary regulations set out the public law aspects of the licensing and operation of financial entities. If products and/or services involve financial activities (e.g. deposit taking, lending, payment services, e-money, foreign exchange services, insurance and mediation, securities trading) which require regulatory authorisation, the entity must be authorised by the Norwegian Financial Supervisory Authority (Norwegian FSA), or the Ministry of Finance in exceptionally important cases.

The private law aspects of fintech products and services are regulated by the Financial Contracts Act of 25 June 1999. Norway also has extensive consumer protection legislation.

In addition, the fintech space is governed by the Information Communication and Technology Regulation and the EU General Data Protection Regulation (GDPR), together with other consumer protection regulations.

Norway is not a member of the European Union, but is part of the slightly wider European Economic Area (EEA). As part of the EEA, Norway has incorporated the EU institutional legislation that establishes the foundations for the EU-EEA single passporting licencing regime, which is also available to start-ups in the fintech space.

Answer ... Lending (both retail and corporate) is a regulated activity (unless exempt) in Norway. An entity that offers lending products on a digital platform directed at the Norwegian market must be authorised to conduct such business by the Norwegian FSA.

Norway has a special regime governing peer-to-peer lending. A peer-to-peer lending platform is deemed to be a loan intermediary. Norwegian crowdlending platforms include Kameo (Nordic footprint), Kredd, Funding Partner, Dealflow, Perx and Monner. A loan intermediary is an independent intermediary that mediates between borrowers and lenders, and helps them to negotiate and conclude a loan agreement. The loan agreement must be entered into between the lender and the borrower. The loan intermediary cannot itself provide any funds or assume any risk for loss in the loans that are mediated. A lender is restricted to lending out in total NOK 1 million over a peer-to-peer lending platform without being subject to the licensing requirement. The relevant regulations for loan intermediaries are set out in Section 2-18 of the Financial Undertaking Act and Chapter 5 of the Financial Contracts Act. Loan intermediaries are also subject to suitability requirements. This area is still evolving and further regulation of crowdlending platforms is expected in the Norwegian market.

Further, in general, the loan intermediary regulations are not harmonised with EU law (i.e., there is no single passport regime for brokers and agents). Legislative work is therefore ongoing in Norway to regulate the loan intermediary role to cover not only loan intermediation of housing loans, but also in general; this will impact on digital platforms in this space.

In the payment area, rules on the approval of payment systems are also set out in the Payment System Act of 1999, in addition to the EU Second Payment Services Directive.

Answer ... The Norwegian FSA regulates entities that offer financial services and products in the retail and wholesale markets. It oversees all regulated sectors in Norway, including information communication and technology (ICT) and anti-money laundering compliance. It deals with application processes and provides regulatory guidance to supervised entities, as well as conducting inspections and thematic supervision.

If the Norwegian FSA discovers a breach of the finance legislation, it will instruct the relevant entity to change its practices accordingly. Depending on the type of breach and the circumstances, the Norwegian FSA can issue an administrative order or a fine. It can also report criminal charges to the police, but it is up to the prosecuting authority to take further action.

The Norwegian Data Protection Authority (NDPA) is responsible for enforcing applicable laws and regulations in relation to the processing of personal data. The NDPA is entrusted with investigative and corrective powers, including the power to undertake on-site audits, and to issue public warnings, reprimands and orders to carry out specific remedy activities. The NDPA may issue administrative fines under Article 83 of the GDPR of the higher of up to €20 million or, in the case of an undertaking, up to 4% of its total worldwide turnover in the preceding year, depending on the nature of the infringement. Fines can be imposed in combination with other sanctions. Breach of the GDPR is not subject to criminal sanctions in Norway.

Answer ... The regulators have the same level of expectations of fintech companies as of any established entity. In our experience, the often lengthy application processes to obtain authorisations, licences and permits, and the difficulties in obtaining appropriate guidance on new areas, present real challenges for fintech companies in Norway. In general, the attitude of the Norwegian FSA is that it does not want to pick the winners and losers in the industry. It has set up a guidance service relating to financial technology and regularly posts information online to assist fintech companies. The Ministry of Finance has also delegated the task of establishing a regulatory sandbox for fintech companies to the Norwegian FSA. The purpose of the sandbox is to assist new fintech players with little experience of the financial regulatory framework, allowing them to test innovative products, services and technologies on a limited number of customers under the supervision of the regulator. The aim is to establish the sandbox before the end of 2019 and the program is recently being published. The entities applying to be part of the regulatory sandbox must apply new innovate technology and the service or product must be to the benefit to the consumers or to the financial system.

Answer ... There is no overarching trade association for the fintech sector in Norway. Finance Innovation is a fintech organisation within the Norwegian Centre of Expertise cluster programme, which focuses on the entire fintech ecosystem. Sector groups such as the Norwegian Crowdfunding Association and the Oslo Blockchain Cluster are relevant for entities that apply blockchain technology. ICT Norway and Finance Norway are also working to improve the overall framework for the finance sector, including the fintech regulatory sandbox, as well as creating networking opportunities for industry players through events and other forums.