1 Legal and enforcement framework
1.1 In broad terms, which legislative and regulatory provisions govern the fintech space in your jurisdiction?
Fintech-specific regulation is still limited in Hungary. Although the regulator has introduced specific regimes in respect of innovation-based services - such as rules pertaining to account information service providers (AISPs) and payment initiation service providers (PISPs) - in general terms, there are no specific fintech regulations in Hungary. It must therefore be analysed on a case-by-case basis whether the rules applicable to incumbents also apply to fintech companies.
The provision of financial services, investment services and insurance services – irrespective of the method or device used – is regulated and subject to licence from the National Bank of Hungary (NBH). As Hungary is a member state of the European Union, all EU laws and regulations relating to financial services and capital markets have been implemented into national law or are directly applicable.
Financial institutions (ie, credit institutions and financial enterprises) that take deposits, grant loans, credit or financial leasing, or provide payment services, among other things, fall under the scope of Act CCXXXVII of 2013 on Credit Institutions. Act LXXXV of 2009 on Payment Services and Act CCXXXV of 2013 on Payment Service Providers are also applicable. Investment service providers must comply with Act CXXXVIII of 2007 on Investment Service Providers and Commodity Dealers and Act CXX of 2001 on the Capital Markets. Insurance activities are regulated under Act LXXXVIII of 2014 on Insurance Activities. Where an activity falls under the scope of the corresponding regulation, the service provider must comply with each regulatory requirement specified by law.
As a result of the implementation of the Second Payment Services Directive (PSD2), rules on open banking (under which financial institutions are obliged to grant access to third-party service providers) and more relaxed conditions regarding AISPs and PISPs have been introduced.
1.2 Do any special regimes apply to specific areas of the fintech space?
As mentioned in question 1.1, the level of fintech regulation in Hungary is rather limited. Special rules in line with PSD2 apply, for example, to AISPs and PISPs.
In order to incentivise innovation, the NBH has introduced a regulatory sandbox, which allows regulated financial service providers to test innovative technologies, business models, products and services that would make financial services cheaper or more easily available for customers. Where the NBH allows admission to the regulatory sandbox, it may exempt the financial service provider from the application of certain regulatory requirements (eg, regarding client identification through the use of audited electronic instruments; secondary account identification; professional competence in respect of the provision of investment advice; complaints handling; and debt service to income ratio or total expense ratio). A licence for testing is valid for a limited period of 12 months and the service provider cannot have more than 10,000 clients in this period.
1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?
Service providers in the money market and capital markets, as well as insurance companies, fall under the supervision of the National Bank of Hungary (NBH). The provision of financial services, investment services and insurance is subject to a licence issued by the NBH. The NBH will ensure that the service provider complies with all regulatory requirements, both when applying for a licence and while operational. Major operational changes (eg, the appointment of new management, or changes relating to initial capital, activities or general terms and conditions of services) are also subject to the prior approval of the NBH.
Service providers must regularly submit data to the NBH to facilitate the ongoing supervision of market players.
The NBH is also responsible for supervising compliance with the rules on consumer protection. To this end, it may carry out investigations of service providers. In case of infringement, the NBH will impose administrative sanctions such as fines, the appointment of a supervisory commissioner or withdrawal of a licence.
The governor of the NBH may also issue decrees on specific rules concerning financial services. The NBH also issues guidelines and opinions on good practice or the interpretation of law.
The Hungarian National Authority for Data Protection and Freedom of Information (DPA) is responsible for monitoring compliance with data protection rules. Among other things, the DPA may conduct investigations in case of data protection infringements and has the right to impose fines.
1.4 What is the regulators' general approach to fintech?
According to its fintech strategy published in October 2019, the NBH is dedicated to developing an advanced and active fintech ecosystem. As the level of digitalisation in Hungarian financial institutions is rather low, an indirect goal of the NBH is to promote greater digitalisation, so that the financial sector becomes more effective and competitive. The NBH believes that a high level of digitalisation should help to support the stability of the financial system; but it also points out in its strategy that risks relating to financial stability and consumer protection may result if financial services fall outside the scope of its supervision. Security and consumer protection are key aspects that the NBH is considering in connection with innovation.
In its fintech strategy, the NBH suggests that legislation should support the fintech sector through the following solutions:
- The regulatory sandbox should be available for service providers that do not yet hold a licence.
- Crowdfunding platforms, initial coin offerings and security token offerings should be regulated.
- Tax burdens (eg, the financial transaction duty) should be eased.
- The rules on online contracts and signatures should be simplified.
- Certain central database data (eg, land registry data, tax income data) should be made available for financial market players.
The government is also making efforts to promote digitalisation and other fintech-related developments. The objectives set out in its Fintech Strategy include:
- enhancing the possibility to use artificial intelligence (AI) in credit scoring;
- increasing electronic transactions to 50% of all payments;
- extending the use of the regulatory sandbox; and
- regulating crowdfunding.
It has also launched a Digital Wellbeing Programme, through which research labs have been established in cooperation with universities. These research labs provide a platform not only for the exchange of information, but also for research programmes concerning a wide range of digital improvements, from the Internet of Things to smart cities.
1.5 Are there any trade associations for the fintech sector?
There is no official trade association for the fintech sector. However, the NBH has suggested that a fintech association be established. Associations that represent market players relating to the fintech sector include the Hungarian Banking Association, the Association of Hungarian Insurance Companies, the Electronic Payment Service Providers Association and the Association of Hungarian ICT.
FintechGroup (https://fintechgroup.hu/) is a digital financial agency that helps to connect fintech and insurtech companies and local financial institutions, as well as third-party service providers. It analyses fintech trends, promotes best practices and organises fintech conferences.
On the initiative of the Ministry of Innovation and Technology, the Hungarian AI Coalition has been established. Its members include universities, research labs and international and local enterprises, including market players in the financial sector.
2 Fintech market
2.1 Which sub-sectors of the fintech industry have become most embedded in your jurisdiction?
Due to the characteristics of the Hungarian financial market and the relevant EU legislation (especially the Second Payment Services Directive (PSD2)), in terms of fintech-specific regulation, the field of payment services is the most developed. The regulations in this space include rules relating to open banking, the regulation of account information service providers (AISPs) and payment initiation service providers (PISPs), and the instant payment system, which will launch in March 2020. The National Bank of Hungary's (NBH) fintech strategy states that mobile payment solutions and other innovative payment solutions are the most common fintech products on the market. As it is the NBH's strategic goal to increase the percentage of electronic payment transactions, payment services regulation will remain a key focus.
Innovation is also evident in the field of insurtech. In addition to online contracting, the use of big data and blockchain technology is on the rise; although no specific regulatory regime has as yet been introduced.
Crowdfunding and crowdlending are not well developed in Hungary, as they could easily qualify as activities requiring a licence. However, the NBH's fintech strategy states that a special regulatory regime governing these activities should be introduced. Also, the EU regulation on crowdfunding platform providers will apply in Hungary once it is adopted.
2.2 What products and services are offered?
Several regulated financial institutions, along with start-ups, are developing new products to make payment services more easily available for customers and develop online banking and mobile apps to initiate transactions. The NBH estimates that approximately 100 fintech companies are offering products and services to clients in Hungary.
Although in Hungary more than 80% of transactions are cash transactions, most fintech solutions are offered in the payments sector, in particular regarding payments initiated via mobile. With the implementation of PSD2, AISPs have appeared on the market (eg, Aggreg8), offering financial data aggregation services that help service providers with credit scoring and tracking, among other things, and allow customers to pay utility bills. In cooperation with banks, fintech companies have also launched roboadvisory apps (eg, Blueopes). Innovations are also appearing in the insurance sector. Insurance company Aegon is offering ski-slope insurance via Insurwiz for clients. Pursuant to this blockchain-based insurance, the insurer automatically reimburses insureds if the ski-slope is closed during their holiday. Insurance company Uniqua has also launched its own fully online insurance product, called Cherrisk. Another insurtech innovation, called Cristo, collects data on time spent on the road: clients' driving styles are analysed in order to calculate the premium to be paid.
2.3 How are fintech players generally structured?
Fintech players are generally small start-ups. As their financial resources are rather limited, they are generally established in the form of a limited liability company or a company limited by shares, for which the minimum initial capital required by law is HUF 3 million and HUF 5 million respectively.
2.4 How are they generally financed?
Fintech start-ups are generally financed by their shareholders. It is relatively difficult for start-ups to obtain loans from banks. However, funding from business angels and investment programmes may be available.
Investment programmes (eg, Hiventures, OXOLabs) specifically tailored to start-ups offer a variety of solutions in terms of funding innovation, from the very early stages of incubation to entering international markets. Some of these programmes are financed from the governmental budget (eg, those under the Digital Wellbeing Programme) or EU funding.
Several banks have also launched incubator programmes to support start-ups. These not only provide much-needed financing, but also help start-ups to develop their understanding of the banking business. Such cooperation can also be beneficial for the banks, as they acquire new ideas and solutions which they can offer to clients.
2.5 How are they positioned within the broader financial services landscape?
With the exception of AISPs and PISPs that are licensed or registered by the NBH, fintech players are generally independent companies which are not specifically regulated. However, their activities may easily fall under the scope of the financial regulations, in which case they can operate only if they hold a licence issued by the NBH.
It is quite difficult for start-ups to obtain a licence for the provision of financial or investment services. Most start-ups thus operate mainly as IT service providers or vendors of fintech products for financial institutions. In such cases it is the financial institution that provides the fintech solution to customers. However, certain financial institutions have also established their own subsidiaries and labs to develop innovative solutions.
2.6 Do start-ups generally outsource back office functions and is there a developed market for them to access? What are the legal implications of outsourcing?
Start-ups often outsource back-office functions such as accounting and administration. As these companies are usually small, they generally use individual accountants or smaller service providers for cost reasons. Such services are easily available on the Hungarian market.
With regard to IT services, start-ups generally use cloud services.
Outsourcing may raise legal issues if the outsourcing party falls under the scope of financial regulations. In that case, core activities may not be outsourced, but only auxiliary operations relating to the provision of financial services in the course of which data processing is carried out. However, even if a financial service provider outsources such operations, it will remain liable for compliance with regulatory requirements.
3.1 How are the following key technologies in the fintech space regulated and what specific legal issues are associated with each? (a) Internet (e-commerce); (b) Mobile (m-commerce); (c) Big data (mining); (d) Cloud computing; (e) Artificial intelligence; and (f) Distributed ledger technology (Blockchain, cryptocurrencies)
(a) Internet (e-commerce)
Internet banking solutions are offered by all major banks in Hungary. Other e-commerce solutions – such as prepaid cards, Apple Pay, Revolut and Transferwise – are also present on the market. Financial service providers must ensure that services are provided in a secure manner, irrespective of the communication medium or device. A detailed recommendation (Guideline 15/2015) including recommended practices and solutions issued by the National Bank of Hungary (NBH) helps market players to meet these obligations.
In line with the Second Payment Services Directive, if a client has online access to a bank account or initiates an electronic payment transaction, the payment service provider must apply strong customer authentication (SCA). Requirements relating to SCA entered into force in September 2019. However, further to negotiations with market players, the NBH – in line with the opinion of the European Banking Authority – allowed an additional 12 months for payment service providers to adopt the necessary IT measures. It is thus presumed that SCA will be obligatory from September 2020.
Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union was implemented into Hungarian law through Act CVIII of 2001 on certain matters concerning electronic commercial services and information society services (the Act on Electronic Commercial Services). The act applies to online marketplaces, online search engines and cloud computing services. Service providers with more than 50 employees or a turnover or total balance sheet of more than HUF 10 million must inform the Special Service for National Security of any incidents in the IT security system that may have a substantial impact.
(b) Mobile (m-commerce)
Mobile applications are widely used in payment services. All major Hungarian banks offer e-banking mobile applications. Furthermore, several third-party service providers provide mobile solutions, such as account information. Many EU-based mobile payment firms also provide their services in Hungary. In terms of security and data protection, the same rules apply as in the case of payments made via the Internet.
(c) Big data (mining)
The use of big data in the provision of financial services is not yet subject to regulation. However, as a data-driven approach develops in the industry, the regulatory authorities have started to monitor the associated challenges and risks. A final report published by the European Banking Authority (EBA) (https://eba.europa.eu/file/609786/download?token=Mwkt_BzI), and referred to by the NBH, highlights that the use of big data raises questions relating to data protection, among other things. The rules of the General Data Protection Regulation apply in relation to data protection. Big data solutions are used, for example, to improve accuracy in the forecasting of ATM and branch cash supply.
(d) Cloud computing
Financial institutions, investment service providers and insurance companies are free to use cloud computing services; however, they must comply with all regulatory requirements relating to IT security, data protection and other rules regarding the necessary technical equipment. If personal data, bank secrets, securities secrets or insurance secrets are affected, the rules on outsourcing shall apply. In the case of outsourcing, the financial service provider remains liable for compliance with the data protection and confidentiality rules.
As cloud computing services are widely used in the financial sector, the NBH has issued detailed guidelines on the risk assessments that financial institutions should conduct before availing of such services, and the minimum requirements relating to the contract between the financial institution and the cloud computing service provider. These include the following:
- The financial institutions should maintain a day-to-day list of activities in relation to which cloud computing services are used.
- Client data and bank secrets should be handled, processed and stored by the handler or processor only to the extent and for such time as is necessary to achieve the purpose of handling the data.
- The financial institution should have a plan in place in case it becomes necessary to end the agreement with the cloud computing service provider.
- The outsourcing contract should include provisions on certain key issues, including:
- the cancellation of data;
- the rights of control of the financial institution;
- how force majeure cases will be handled;
- data handling and data processing; and
- responsibilities for data protection and IT security tasks.
(e) Artificial intelligence
In order to foster the widespread use of artificial intelligence (AI), the AI Coalition was established. The coalition consists of companies, universities, IT firms and law firms. Its objective is to determine jointly the directions and framework for AI development in Hungary and to serve as a forum for cooperation.
(f) Distributed ledger technology (Blockchain, cryptocurrencies)
The National Tax Authority has published an opinion which states that mining activity is subject to tax, and that tax may also be payable on profits earned from cryptocurrencies. The scope of the regulations on anti-money laundering and terrorist financing has further been extended to service providers that exchange virtual currencies for fiat currencies and vice versa. Apart from this, however, cryptocurrencies are not regulated in Hungary and as such, their legal status is uncertain.
In its publications, the NBH has repeatedly highlighted the risks that may arise from cryptocurrencies and investments in initial coin offerings (ICOs) and security token offerings (STOs), as these instruments and their providers do not fall under the scope of financial regulation, including customer protection. In an opinion, the Ministry of Finance has also highlighted that cryptocurrencies do not qualify as electronic money, financial instruments or non-cash means of payment. A joint working group, comprising members of the NBH, the Ministry of Finance and the National Tax Authority, has been established to assess the legal and economic aspects of cryptocurrencies. However, ICOs and STOs may also fall under the scope of financial instruments as defined under the Second Markets in Financial Instruments Directive (MiFID 2). Consequently, where such instruments are offered to the public, the Prospectus Regulation and the corresponding rules on public offerings set under the Capital Markets Act may apply.
Although blockchain technology is not regulated in Hungary, it is already being used in fintech innovations (eg, Aegon's ski-slope insurance, discussed in question 2.2). Hungary has joined the European Blockchain Partnership, which aims to develop a European blockchain services industry that meets the highest standards in relation to privacy, cybersecurity, interoperability and energy efficiency.
4.1 How are the following key activities in the fintech space regulated and what specific legal issues are associated with each? (a) Crowdfunding, peer-to-peer lending; (b) Online lending and other forms of alternative finance; (c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb); (d) Forex; (e) Trading; (f) Investment and asset management; (g) Risk management; (h) Roboadvice; and (i) Insurtech.
(a) Crowdfunding, peer-to-peer lending
In its fintech strategy, the National Bank of Hungary (NBH) suggests that crowdfunding, initial coin offerings and security token offerings should be regulated in order to assist small and medium-sized enterprises and start-ups with capital raising. However, since its publication, no further steps have been taken in this regard.
Without specific regulation, the general rules also apply to crowdfunding activities. As two opinions issued by the NBH bear out, determining which specific rules apply is not always easy. From the perspective of online platforms, offering investment opportunities to registered users may qualify as an investment service (eg, placement of financial instruments, investment advice or investment research and financial analysis), which is subject to licence. From the perspective of fundraising companies, activities may qualify as the offer of securities, which is generally subject to publication of a prospectus approved by the NBH. The recruitment of members through a public offer may present other constraints, as this is forbidden for limited liability companies, and small and medium-sized enterprises and start-ups are generally established in this legal form. However, if the fundraising company does not provide membership or security in return for the contribution paid by platform users, the fundraising may be regarded as the collection of a deposit. This activity again requires a licence from the regulator. From the perspective of platform users, providing money to companies may qualify as the provision of loans, which may also be subject to licence and may be conducted by credit institutions and financial enterprises only.
A regulatory framework for crowdfunding is under development: the European Commission has submitted a proposal to the European Council on European crowdfunding platform providers. Once adopted, EU rules concerning crowdfunding platforms will also apply in Hungary. Although the legislation is lagging behind, Hungarian start-ups are nonetheless establishing crowdfunding platforms. A successful example is Inlock (https://inlock.io/about-us/), which provides a crypto-backed peer-to-peer lending platform from Estonia.
(b) Online lending and other forms of alternative finance
The provision of loans is subject to licence and may be conducted by credit institutions and financial enterprises only. These financial institutions can also contract with clients via electronic devices. However, loan contracts must be concluded in writing, which presents constraints even though the Hungarian Civil Code adopts a neutral approach, stipulating that ‘writing' includes all forms that allow the content of the contract to be recalled and the contractual parties and the time at which the contract was executed to be identified. In case of disputes, an electronic document with an electronic signature has full probative value only if the electronic signature is a qualified or advanced electronic signature based on a qualified certificate.
Currently, several banks offer the possibility for clients to enter into loan contracts online; however, these contracts relate to unsecured loans or loans provided in relation to bank accounts only.
(c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb)
Payment services is an important field of innovative solutions whose development has been strongly encouraged by the NBH. Within the framework of open banking, banking data is made available to third-party service providers (ie, payment initiation service providers (PISPs) and account information service providers (AISPs)) through web-based interfaces of banks. With the authorisation of clients, AISPs may access information on their payment accounts, enabling them to share such data with other service providers. Via PISPs, clients can initiate payments from their bank accounts without direct contact with their banks. PISPs are subject to a licence issued by the NBH; if a payment service provider provides account information services only, the prior notification of the NBH is sufficient. Although the regulation sets out conditions in relation to PISPs (eg, an initial minimum capital of HUF 15 million), thus far no service providers have obtained the necessary licence, although several AISPs have been registered.
From 2 March 2020, PISPs and AISPs will have access to the instant payment system operated by GIRO Zrt (a subsidiary of the NBH) and the central database of secondary account identifiers also maintained by GIRO Zrt, which enables clients to initiate payments using mobile numbers or email addresses. If the instant payment system commences operations as planned, payments under HUF 10 million will be received by the beneficiary within five seconds.
Under the Act on Investment Service Providers and Commodity Dealers, options, futures, swaps, forward rate agreements and other derivative contracts relating to currencies, as well contracts for difference, are qualified as financial instruments. Investment services in respect of financial instruments (including forex trading) may be provided by investment firms and credit institutions that hold the necessary regulatory licence from the NBH.
According to an opinion of the NBH, there is a risk that the development and distribution of software for forex trading may fall under the scope of the Act on Investment Service Providers and Commodity Dealers. This risk may arise if such activities are not limited to software development and distribution, but also facilitate the initiation and execution of orders relating to forex trading. If the software can collect orders initiated through it and transfer such orders to a trading platform, or if the reference to the software's past performance relating to trading may influence clients' investment decisions, the provision of the software may qualify as an investment service or as an intermediation of investment services.
Where trading concerns financial instruments listed in the Act on Investment Service Providers and Commodity Dealers, such activities fall under the scope of the act and may be conducted only by an investment firm or a credit institution that holds the necessary licence.
Financial instruments include transferable securities, money market instruments, options, futures, swaps, other derivative contracts relating to securities and currencies and similar.
(f) Investment and asset management
The regulation of investment services in Hungary is based on MiFID 2. Only investment firms and credit institutions may provide investment services in respect of financial instruments as a regular business activity. The Act on Investment Service Providers and Commodity Dealers sets out a list of activities that constitute an investment service (eg, receipt and transmission of client orders; execution of client orders; portfolio management; investment services; placement of financial instruments; investment research and financial analysis). The act also sets out a list of financial instruments (eg, transferable securities, money market instruments, options, futures, swaps and other derivative contract relating to securities or currencies). Investment services may be provided only by investment firms or credit institutions that hold the necessary licence from the NBH.
An investment service provider must meet all regulatory requirements, including rules on:
- initial capital (ie, a minimum of €50,000 for the most limited scope of activity);
- legal form;
- necessary personnel and equipment;
- IT systems;
- risk management; and
- record keeping.
(g) Risk management
Where a financial or investment service constitutes a regulated activity, the rules on risk management set out under the relevant act shall apply accordingly. As the fintech space is not regulated in Hungary, specific risk management rules do not exist.
However, certain rules applicable in the field of payment services may have an impact on fintech solutions. Client identification required under the anti-money laundering rules may be conducted digitally through an audited electronic device if the financial service provider has such a system in place. On this basis, bank accounts may be opened online. However, until real-time client identification is performed, the client cannot initiate cash transactions above HUF 300,000 per month or any transactions with a value of HUF 10 million or more.
There are no specific regulations on roboadvice. Services provided by a roboadviser may easily qualify as investment research and financial analysis, investment advice, portfolio management or algorithmic trading. These services fall under the scope of the Act on Investment Service Providers and Commodity Dealers; as such, they are subject to licence from the NBH and may be provided for profit by investment companies and credit institutions only.
‘Investment research and financial analysis' is defined as making investment recommendations under the Capital Markets Act. Investment recommendations include analyses, proposals and other information relating to financial instruments and/or exchange-traded instruments and their issuers, which are published or otherwise made available to the public and which may thus influence a client's decision to invest. As this definition is particularly broad, it may even apply to roboadvisers that merely collect and arrange publicly available market data. However, if the roboadviser provides personal recommendations to a client in relation to transactions relating to financial instruments, this activity may qualify as the provision of investment advice. If the roboadviser manages clients' assets, this activity may qualify as portfolio management. If orders in respect of financial assets are initiated via the roboadviser based on a computer algorithm, this activity may qualify as algorithmic trading.
Those wishing to provide a service that falls under the scope of the Act on Investment Service Providers and Commodity Dealers must comply with the requirements relating to initial capital and necessary personnel and equipment. Different thresholds as regards the minimum initial capital are set out under the act based on the scope of activities, although the initial capital must be at least €50,000.
Although, from the fintech perspective, insurance is not as well developed as payment services, innovative solutions are nonetheless available in the market, including online contracting, comparison sites, blockchain-based insurance products and specific motor insurance products.
However, insurance activities, including the provision of insurance products through tied or non-tied agents, fall under the Act on Insurance Activities and are subject to licence from or notification of the NBH. In the absence of a special regime, innovative solutions in the insurance sector may be provided by regulated market players. As fintech companies offer insurance products through their apps, they must be registered as agents of insurance companies. The companies that provide insurtech solutions discussed in question 2.2 are all registered insurance agents.
5 Data security and cybersecurity
5.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for fintech companies?
In relation to data protection, the General Data Protection Regulation and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information apply in Hungary.
Both regulated institutions in the financial sector and fintech companies must comply with the data protection rules if they handle or process personal data. There are no specific implications with regard to fintech companies. In case of infringement of the General Data Protection Regulation, an administrative fine of up to €20 million may be imposed. It is thus essential that fintech companies have a proper understanding of the personal data they process and ensure there is a legal basis for such data processing.
5.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for fintech companies?
Hungary implemented Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union through the Act on Electronic Commercial Services. Its rules apply to online marketplaces, online search engines and cloud computing services. The Act on Electronic Commercial Services sets out some technical requirements concerning the conclusion of contracts via electronic means and data protection (eg, relating to the purposes for which a service provider may process personal data; the user's right to prohibit data processing; and the right to erasure of personal data). Micro and small companies operating online marketplaces or online search engines, or providing cloud computing services, are exempt from a set of rules on cybersecurity (eg, relating to registration with and notification of the National Cybersecurity Institution). Depending on their size, fintech companies often qualify as small and medium-sized enterprises and are thus likely to fall under the exemption.
6 Financial crime
6.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for fintech companies?
p>According to Act C of 2012 on the Criminal Code, money laundering and the provision of unauthorised financial activities are criminal offences.
Those that engage in money laundering may be punished by imprisonment. Money laundering may be punished if it is committed wilfully or negligently. Fintech companies face the same risks relating to money laundering as financial institutions in general.
Those that provide financial services, investment services, investment fund management services or insurance services without a licence issued by the National Bank of Hungary may be punished by imprisonment. Those that carry on intermediary activities in relation to financial services without a licence or registration may be punished by imprisonment. It is therefore essential that fintech companies to carefully assess whether their planned operations fall under the scope of regulated financial services.
Financial service providers also fall under the scope of the anti-money laundering (AML) regime. The Fifth AML Directive extended the scope of this regime to service providers that exchange virtual currencies for fiat currencies and vice versa, and to custodian wallet providers. The Hungarian legislature transposed the rules of the Fifth AML Directive into national law; however, the provision of exchange services between virtual currencies and fiat currencies is not regulated.
7.1 Does the fintech sector present any specific challenges or concerns from a competition perspective? Are there any pro-competition measures that are targeted specifically at fintech companies?
The presence of fintech companies is encouraging competition in the financial markets, in particular in the field of payment services. As a result of the Second Payment Services Directive, within the framework of open banking, financial service providers must provide access to account information service providers and payment initiation service providers, which may be regarded as a pro-competition measure.
Both the European Central Bank and the National Bank of Hungary are encouraging financial institutions to develop and offer their own innovative payment solutions and applications for clients.
8.1 How is innovation in the fintech space protected in your jurisdiction?
As there is no specific regime for fintech solutions, fintech innovations may fall under the general rules relating to intellectual property. Fintech solutions are often based on software innovations. Software recorded as either source code or object code, including user programs and operating systems and databases recognised as a compilation, is protected under Act LXXVI of 1999 on Copyright. Ideas, theories, processes, working methods and mathematical operations or algorithms, even if they are the basis of in-future software, are not protected by copyright. However, they may be subject to the rules on business secrets. Novel inventions that are industrially applicable are subject to patent protection.
8.2 How is innovation in the fintech space incentivised in your jurisdiction?
The National Bank of Hungary (NBH) has established an Innovation Hub, through which information on applicable regulations is made available for market players. The Innovation Hub also serves as a platform for the exchange of information among market players and a channel through which fintech companies can contact the NBH. It also helps the NBH to collect ideas and feedback from market players in respect of their needs relating to regulation and other aspects of fintech.
Within the framework of its Digital Wellbeing Programme, the government supports fintech companies through several incentives. In order to encourage private investments, a reduced level of tax has been introduced, allowing angel investors to reduce their corporate tax base by the value of their investment in start-ups.
The 9% corporate tax in Hungary could also incentivise foreign investment in Hungary.
Within the framework of the Digital Wellbeing Credit Programme, the government provides grants of between HUF 5 million and HUF 200 million for projects of small and medium-sized enterprises (SMEs) aimed at improving the development of digital products and services. Under the Digital Wellbeing Capital Programme, SMEs and start-ups may apply for a capital injection of HUF 5 million to HUF 500 million in consideration for the acquisition of a 50% stake. These resources may also be available for fintech start-ups.
9 Talent acquisition
9.1 What is the applicable employment regime in your jurisdiction and what specific implications does this have for fintech companies?
Employment relationships are regulated under Act I of 2012 on the Labour Code. The applicable regime regulates issues such as:
- the minimum wage;
- the minimum number of holidays;
- the maximum of working hours; and
- payments that must be reimbursed in case of absence or sickness.
Special rules apply with regard to part-time work and teleworking. The basic approach of the rules under the Labour Code is to protect the interests of employees; as such, they are often mandatory (ie, the parties may not derogate therefrom).
Depending on the duties, working hours and scope of instructions of an employee, self-employment may be less cumbersome than an employment relationship. Self-employed specialists are frequently engaged to work at fintech companies on a project basis, whereby the parties can more freely regulate their cooperation. These solutions may also be cheaper and less complicated in terms of administration.
9.2 How can fintech companies attract specialist talent from overseas where necessary?
EU citizens may stay and work in Hungary without any special permit or administrative conditions. Employees from third countries must obtain a residence permit to work in Hungary. This allows the employee to stay and work in Hungary for a period exceeding three months. The upper limit of the permit is determined on a case-by-case basis by the Employment Office, but cannot exceed two years.
In Hungary, the level of knowledge and expertise of professionals in the IT sector is particularly high and English is widely spoken. As mentioned in question 1.5, platforms for the exchange of information and research programmes in cooperation with universities provide an innovative environment for fintech players.
10 Trends and predictions
10.1 How would you describe the current fintech landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?
In 2020, the instant payment system will enter into force, allowing transactions with a value below HUF 10 million to be completed within five seconds, 24/7/365. Along with the database of secondary account identifiers that will be available for account information service providers and payment initiation service providers, transactions may be initiated using phone numbers or email addresses. The introduction of instant payment and secondary account identifiers could boost further innovations in relation to payment solutions.
Once the European crowdfunding platform regulation has been adopted, more transparent crowdfunding solutions might also appear in the market.
11 Tips and traps
11.1 What are your top tips for fintech players seeking to enter your jurisdiction and what potential sticking points would you highlight?
In light of the favourable tax rules and funding programmes available for small and medium-sized enterprises, Hungary is a perfect destination for fintech companies and investors. The presence of talented and highly educated professionals also facilitates innovation.
However, the regulatory framework has not yet caught up with such innovation. Thus far, the National Bank of Hungary (NBH) has drawn attention to the possible risks arising from new trends and has adopted a rather cautious approach towards fintech solutions. The NBH prioritises the stability of the financial sector and consumer protection. Therefore, in the case of all fintech-related solutions, the assessment of whether they qualify as regulated activities is particularly important.
Co-author: Dr. Dániel Szabó
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.