Answer ... The German fintech industry covers all kinds of regulated and unregulated activities.

Typical examples include:

• payment services (including mobile payments, payment initiation services and account information services);
• crowdfunding and crowdlending (peer-to-peer lending);
• roboadvice and automated portfolio management;
• crypto assets, virtual currencies and other blockchain-related activities;
• insurtech; and
• regtech.

Answer ... The services offered by fintechs are diverse. The most common services are those relating to alternative payment methods, automated financial portfolio management, virtual currencies, blockchain technology, crowdfunding, crowd-investing, crowd-lending, investment advice and automated order execution.

Answer ... Most fintechs in Germany are structured as limited liability companies. However, there are also stock corporations.

Answer ... In 2019 Germany ranked second for fintech venture funding in Europe. As a rule, equity financing is initially the most common form of funding for fintechs; debt financing becomes more important as they mature. In general, funding is driven by financial institutions.

Answer ... Fintechs cooperate with established financial service providers in order to increase their expertise, expand their client base and reduce costs. An increasing number of German financial service providers invests in fintechs, and especially in B2B fintechs.

Answer ... The outsourcing of back office functions is not unusual for start-ups, as it enables them to focus on their core business and save on human resources. Several companies already offer such services and some start-ups have even been set up as pure ‘white label’ providers of regulated financial services to fintechs (so-called ‘reverse outsourcing’). In German financial services law, outsourcing is generally permitted, but strictly regulated. Fintech companies that are subject to the Banking Act and the Payment Services Supervision Act must comply with their provisions concerning outsourcing. In addition, white label providers of regulated services to fintechs must comply with the same rules which apply to the fintech’s business.

The Banking Act sets out different standards for material and non-material outsourcing. Outsourcing is material if:

• banking transactions, financial services and other services typical of an institution are affected by the outsourcing; and
• the outsourcing gives rise to risks relevant to banking supervision.

Based on a risk analysis, the institution must determine whether the outsourcing is material. Non-material outsourcing includes, for example:

• debt collection;
• cash dispenser services;
• general and support services (eg, facility management);
• pure consulting services (eg, consulting on legal and tax matters);
• standardised services (eg, market information services).

Outsourcing must not lead to a delegation of management responsibility. In case of non-essential outsourcing, the general requirements for proper business organisation in accordance with the Banking Act and the Federal Financial Supervisory Authority’s (BaFin) administrative practice must be observed. Additional requirements apply in the case of essential outsourcing (eg, specification and delimitation of outsourcing services in the outsourcing agreement). Furthermore, the European Banking Authority (EBA) Guidelines on Outsourcing Arrangements (EBA/GL/2019/02) – which in some respects go beyond the national requirements on outsourcing of BaFin – must be observed. Significant institutions supervised by the European Central Bank must, in principle, apply these guidelines directly. However, as a rule, it may be expected that BaFin will incorporate the EBA guidelines into its administrative practice. Otherwise, BaFin sets out the guidelines on its homepage.

With regard to national implementation, in July 2019 BaFin stated that it “intends to comply with the EBA Guidelines on outsourcing arrangements by 31 December 2020”, and pointed out that the Minimum Requirements for Risk Management (MaRisk) will be subject to modifications in this regard. However, BaFin expects indirect but immediate application of the EBA guidelines on outsourcing for less significant institutions (LSIs), with regard to requirements that mainly contain concretisations and that are already addressed in the principle-based MaRisk and the Supervisory Requirements for IT in Financial Institutions – BAIT. Although LSI will have to observe further requirements only after the amendments to MaRisk have been implemented, BaFin generally recommends that they familiarise themselves with the content of the EBA guidelines at an early stage. Experience suggests that an additional transition period after publication of the amendments is expected to be limited to those amendments that result from national scope of interpretation or that require national interpretation.