Fintech landscape and initiatives
General innovation climate
What is the general state of fintech innovation in your jurisdiction?
A lively fintech scene has evolved in Vienna with notable accelerators, start-ups and innovation hubs. Vienna-based fintech companies can profit from an investor-friendly tax system and Austria’s links to both central and eastern Europe.
During the rise of fintech, many people believed that it had the potential not only to disrupt the financial market, but also to take down financial institutions. However, the latter perception is fading and traditional players in the financial market (eg, credit institutions) have started to embrace fintech companies by entering into partnerships and cooperations.
Given that the financial industry is one of the most regulated, fintech companies essentially have three options:
- structure their business models in a way that avoids any licence requirements;
- enter into partnerships with existing market players that hold all relevant licences; or
- acquire the required licences.
Government and regulatory support
Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?
The Austrian regulator is open to new technology and has therefore established a fintech contact point that handles all fintech-related questions and can be contacted by fintech companies planning to become active in the Austrian market.
In May 2019 a legal initiative was drafted to implement a protected development framework for innovative companies with new technologies in Austria (regulatory sandbox). The law has not yet been enacted owing to the upcoming elections later in 2019.
Which bodies regulate the provision of fintech products and services?
The Financial Market Authority (FMA) is responsible for banking, insurance, securities and pension company supervision. Accordingly, a fintech company will be supervised by the FMA, provided that it conducts activities subject to financial market regulation.
Which activities trigger a licensing requirement in your jurisdiction?
There is a long catalogue of activities that trigger a licence requirement if conducted in Austria on a commercial basis, of which the following are of particular relevance for fintech activities:
- connecting potential lenders with potential borrowers requires either a licence according to the Banking Act (the brokerage of loans constitutes banking business) or a respective trade licence according to the Trade Act;
- dealing in investments as principal or agent might trigger a licence requirement pursuant to the Act on Securities Supervision 2018;
- advising on investments might trigger a licence pursuant to the Act on Securities Supervision 2018;
- the (sole) granting of loans (lending) is also subject to a licence requirement under the Banking Act (irrespective of the lender accepting deposits from the public);
- factoring is subject to a licence requirement pursuant to the Banking Act;
- secondary market loan trading may require a licence for factoring on the part of the buyer;
- deposit taking is subject to a banking licence requirement pursuant to the Banking Act;
- foreign exchange trading is also a regulated activity for which a banking licence pursuant to the Banking Act is required; and
- payment services are subject to a licence requirement pursuant to the Payment Services Act 2018.
Is consumer lending regulated in your jurisdiction?
The provision of loans in Austria on a commercial basis is a banking activity and therefore subject to an Austrian or passported EEA banking licence. If loans are granted to consumers, the Consumer Credit Act, providing for certain information rights and rights of withdrawal on the part of the consumer, must be observed in addition.
Secondary market loan trading
Are there restrictions on trading loans in the secondary market in your jurisdiction?
The purchase of receivables from the supply of goods or services constitutes factoring business and is subject to a licence requirement if conducted in Austria on a commercial basis. The Austrian regulator has adopted an extensive view on the scope of factoring business. Accordingly, trading loans in the secondary market might constitute factoring business.
Collective investment schemes
Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.
To operate a business model based on collective investment schemes, a licence from the FMA pursuant to the Banking Act, the Act on Alternative Investment Fund Managers or the Payment Services Act 2018 may be required. A prospectus according to the Capital Market Act may be required, although the Capital Market Act itself as well as the Act on Alternative Financing provide for certain relief and exemptions.
Fintech companies that offer investment, asset and wealth management services or robo-advice may require a licence under the Securities Supervision Act 2018, implementing the EU Markets in Financial Instruments Directive II (MiFID II) into Austrian law.
To provide alternative finance products and services, such as peer-to-peer or marketplace lenders or crowdfunding platforms, a licence according to the Banking Act might be required if it is the provider of the platform who grants the loans. If the provider of the platform or marketplace confines itself to connecting potential lenders with potential borrowers, either a licence according to the Banking Act (the brokerage of loans constitutes banking business) or a respective trade licence according to the Trade Act is required.
Alternative investment funds
Are managers of alternative investment funds regulated?
The management of alternative investment funds (AIFs) is subject to authorisation. AIFs are certain collective investment undertakings or compartments thereof, which raise capital from a number of investors, with a view to investing it in accordance with a defined investment policy for the benefit of those investors. One of the characteristics of a collective investment undertaking is that it does not have a general commercial or industrial purpose. Conversely, classification as an AIF can be avoided by carrying out an operational activity.
Peer-to-peer and marketplace lending
Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.
Austrian-based alternative lending platforms are still rare. This is because, unlike in other jurisdictions, the platform operator may become subject to (banking) licence requirements.
Under Austrian law the connecting of potential lenders with potential borrowers requires either a banking licence under the Banking Act for the brokerage of loans or a trade licence under the Trade Act for the brokerage of mortgage or personal loans. The (sole) granting of loans – if provided on a commercial basis in Austria – is also subject to a licence requirement under the Banking Act (irrespective of whether the lender accepts deposits from the public).
Accordingly, both the lenders (ie, those providing loans via the platform) as well as the platform operators (in cases where the operators partly fund the loans) may require a banking licence for lending.
While Austrian law imposes rather strict requirements on lending and the brokerage of loans, lending platforms can be operated without triggering any banking licence requirement. This requires careful structuring of the contractual relations among lenders, borrowers and the platform operator, and usually the involvement of a licensed credit institution (bank partner).
Describe any specific regulation of crowdfunding in your jurisdiction.
Before the Act on Alternative Financing came into force in 2015, crowdfunding raised a number of regulatory concerns. The Act on Alternative Financing aimed to create a legal framework for alternative financings and, in particular, to meet the needs of newly established and innovative companies and citizen participation projects.
The Act on Alternative Financing applies to enterprises and crowdfundings that meet certain thresholds (eg, total consideration received within 12 months through the issue of securities or investments in accordance with the Act on Alternative Financing not reaching €2 million). Crowdfunding exceeding these thresholds does not benefit from the eased rules under the Act on Alternative Financing and requires careful structuring to avoid regulatory pitfalls such as triggering a banking licence or capital markets prospectus requirements, or being qualified as an alternative investment fund.
Describe any specific regulation of invoice trading in your jurisdiction.
Invoice trading allows businesses to sell invoices (ie, receivables) to investors to generate liquidity and is typically conducted online via specific invoice trading platforms. The purchase of receivables from the supply of goods or services constitutes factoring business and is subject to a licence requirement if conducted in Austria on a commercial basis. Accordingly, business models based on invoice trading might constitute factoring business on the part of the purchaser requiring a banking licence.
Are payment services regulated in your jurisdiction?
A licence according to the Payment Services Act 2018 may be required if the fintech company is involved in executing payment services – for example, initiating or executing payment transactions, enabling cash placements or withdrawals on a payment account, or money remittance. Depending on the business model, digital payment services may also constitute:
- issuance of electronic money (subject to the provisions of the Electronic Money Act, which implemented the EU Electronic Money Directive (2009/110/EC)); or
- issuance and administration of payment instruments, such as credit cards or bank cheques (subject to the Banking Act).
The provision of mere technical services (to be construed on a narrow basis) is generally exempt from the Payment Services Act 2018.
Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?
In June 2018 the Second EU Payment Services Directive (PSD2) was implemented into national law (Payment Services Act 2018). PSD2 is a game changer in the field of digital payments. It has widened the scope of payment services regulation by covering new services and players. The collection and consolidation of information regarding different customer bank accounts in a single place (account information services) now fall within the scope of PSD2. These services typically aim to provide a global view on an individual’s financial situation and spending patterns. Other providers facilitate the use of online banking to make internet payments (payment initiation services), which are also now regulated.
In order to facilitate the market entry of these third-party providers of account information services and payment initiation services, PSD2 requires banks to allow to access to their payment accounts services on an objective, non-discriminatory and proportionate basis via an open application programming interface.
Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?
The sale or market of insurance products in Austria on a commercial basis is reserved to insurance distributors authorised under the Trade Act and to insurance companies holding an Austrian or passported EEA licence. It is subject to the Directive on Insurance Distribution, which was transposed into Austrian law by means of the Trade Act and the Insurance Supervision Act 2016, among others.
Are there any restrictions on providing credit references or credit information services in your jurisdiction?
Providing credit reference and credit information services in Austria on a commercial basis is subject to prior registration with the trade authority. A company that provides credit reference services on a commercial basis in Austria qualifies as a financial institution. Financial institutions have to observe due diligence obligations to combat money laundering and terrorist financing as well as certain provisions contained in the Banking Act (eg, relating to internal audit).
Credit intermediation (ie, connecting potential lenders with potential borrowers) is subject to prior authorisation, which is only granted if the necessary qualification is proved to the trade authority.
Can regulated activities be passported into your jurisdiction?
Foreign companies wishing to access the Austrian market for fintech products and services have the following options:
- obtain a licence from the Austrian regulator (provided that the fintech company engages in a regulated activity);
- if applicable, passport their existing EEA licence to Austria and either establish a branch or directly provide cross-border services;
- collaborate with a company that holds the required licences; or
- adapt the business model for the Austrian market to avoid licence requirements.
Requirement for a local presence
Can fintech companies obtain a licence to provide financial services in your jurisdiction without establishing a local presence?
Sales and marketing
What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?
The reception and transmission of orders in relation to financial instruments is a regulated financial activity. The sale and marketing of financial instruments in Austria are therefore subject to a licence requirement pursuant to the Act on Securities Supervision 2018, transposing MiFID II into national law.
A public offer of securities, investments and shares in certain funds in Austria may only be made if a prospectus approved by the FMA has been published no later than one banking day before the offer.
The information provided for the purposes of marketing the services and products must be truthful and must not mislead the customer.
Change of control
Notification and consent
Describe any rules relating to notification or consent requirements if a regulated business changes control.
The (direct or indirect) acquisition of qualifying holdings (ie, greater than or equal to 10 per cent) in an Austrian credit institution, (re)insurance undertaking, investment services company, payment institution or electronic money institution is subject to the written notification to the Austrian regulator, which must be made well in advance of the transaction. The Austrian regulator assesses the proposed acquisition and has the right to object against it within a defined period (amounting to 60 working days in regular proceedings).
Anti-bribery and anti-money laundering procedures
Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?
Due diligence obligations to combat money laundering and terrorist financing are regulated in the Act on Anti-money Laundering in the Financial Market. They are based on the Fourth EU Money Laundering Directive. Fintech companies must observe these due diligence requirements if they perform activities that require a licence and are therefore subject to the supervision of the FMA.
The provisions are based on the know-your-customer principle, which aims to deprive money launderers of their anonymity. Accordingly, customers must be identified by means of an official photo ID (eg, upon entering into a business relationship). If money laundering or terrorist financing is suspected, a report must be submitted to the Money Laundering Reporting Office.
Similar obligations may also arise on the basis of the Trade Act. In addition, the Fifth EU Money Laundering Directive will apply anti-money laundering obligations to cryptocurrency exchanges and custodian wallet providers for digital currencies.
Is there regulatory or industry anti-financial crime guidance for fintech companies?
Regulatory anti-financial crime guidance for fintech companies is available on the website of the FMA at www.fma.gv.at/en/cross-sectoral-topics/fintech-navigator/fintech-aml/.
Peer-to-peer and marketplace lending
Execution and enforceability of loan agreements
What are the requirements for executing loan agreements or security agreements? Is there a risk that loan agreements or security agreements entered into on a peer-to-peer or marketplace lending platform will not be enforceable?
A regulatory requirement to hold a banking licence applies to the lender if it grants loans on a commercial basis in Austria. If such licence requirement is disregarded, the agreements on remuneration (eg, interest and commissions) as well as suretyships (and other accessory security interests such as pledges) and guarantees associated with banking transactions and other regulated financial services conducted without the required licence are deemed invalid. Particular account must therefore be taken of whether the business model is subject to a licence requirement.
Credit agreements with consumers shall be drawn up on paper or on another durable medium. However, a breach of this provision does not invalidate the credit agreement.
Assignment of loans
What steps are required to perfect an assignment of loans originated on a peer-to-peer or marketplace lending platform? What are the implications for the purchaser if the assignment is not perfected? Is it possible to assign these loans without informing the borrower?
The assignment of receivables (eg, loan repayment claims) is generally not subject to any formal requirements unless it is made as security. The transfer or acquisition of a loan is generally perfected at the moment when it is assigned. It does particularly not depend on whether the borrower is informed of the assignment. If the debtor is not notified of the assignment, it will be discharged from its debt even if it repays the loan to the former creditor instead of the new creditor.
Under Austrian law, credit institutions, their shareholders, board members, employees and other persons working for credit institutions have to observe banking secrecy, meaning that they must not disclose or exploit secrets that have been entrusted or made accessible to them exclusively on the basis of business relations with customers or on the basis of credit reporting requirements. In the present context, it is important to note that the assignment of receivables is invalid if it violates the banking secrecy provisions. Such assignment is null and void.
Securitisation risk retention requirements
Are securitisation transactions subject to risk retention requirements?
Pursuant to Regulation (EU) 2017/2402 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation, the originator, sponsor or original lender shall retain on an ongoing basis a material net economic interest in the securitisation of not less than 5 per cent.
Securitisation confidentiality and data protection requirements
Is a special purpose company used to purchase and securitise peer-to-peer or marketplace loans subject to a duty of confidentiality or data protection laws regarding information relating to the borrowers?
Special purpose companies are subject to banking secrecy requirements as far as receivables originated by a credit institution are concerned. Banking secrecy obliges credit institutions, their shareholders, board members, employees and other persons working for credit institutions not to disclose or exploit secrets which have been entrusted or made accessible to them exclusively on the basis of business relations with customers or on the basis of credit reporting requirements.
Banking secrecy provisions have high priority in Austria. For example, an assignment of receivables disregarding banking secrecy obligations would be null and void.
Artificial intelligence, distributed ledger technology and crypto-assets
Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?
The use of artificial intelligence is not governed by any technology-specific rules or regulations and does not restrict the applicability of laws and regulations governing the provision of financial services. It is always the activity being conducted by the respective fintech company that is relevant for the applicability of those regulations.
Fintech entities that offer investment, asset and wealth management services, including robo-advice, may require a licence under the Act on Securities Supervision 2018, implementing MiFID II into Austrian law.
Distributed ledger technology
Are there rules or regulations governing the use of distributed ledger technology or blockchains?
Austrian law and the Austrian regulator are neutral as to which technology is used. Accordingly, products and services using distributed ledger technology or blockchains operate in the same regulatory environment as traditional market participants. If and to what extent the financial regulatory regime applies to them primarily depends on their actual business activities. In addition, supplementary provisions might apply depending on clientele (particularly in the case of business with consumers).
Are there rules or regulations governing the use of cryptoassets, including digital currencies, digital wallets and e-money?
In determining which rules and regulations apply to a business model using cryptoassets, the nature of the cryptoassets is decisive. Business models that involve currency tokens, utility tokens or security tokens, including digital wallets and e-money, can in particular trigger licence requirements, due diligence obligations to combat money laundering and terrorist financing, and information requirements towards customers.
Directive (EU) 2018/843 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, which is to be transposed into national law by January 2020 at the latest, includes a definition of the term virtual currencies and obliges the providers of certain business models based on virtual currencies to observe due diligence obligations to combat money laundering and terrorist financing.
Digital currency exchanges
Are there rules or regulations governing the operation of digital currency exchanges or brokerages?
Depending on the set-up of the digital currency exchange or brokerage, a licence from the FMA pursuant to the Banking Act or the Payment Services Act 2018 may be required. Owing to differences in the technical, functional and economic design of digital currency exchanges, the individual business model needs to be considered to determine which rules and regulations apply.
Directive (EU) 2018/843 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, to be implemented into national law by January 2020, explicitly applies to providers engaged in exchange services between virtual currencies and fiat currencies. It obliges them to observe due diligence obligations to combat money laundering and terrorist financing.
Initial coin offerings
Are there rules or regulations governing initial coin offerings (ICOs) or token generation events?
In determining which rules and regulations apply to an ICO or similar token generation event, the nature of the generated tokens is decisive. Business models that involve currency tokens, utility tokens or security tokens, including digital wallets and e-money, can trigger licence requirements, due diligence obligations to combat money laundering and terrorist financing, and information obligations towards customers.
Data protection and cybersecurity
What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?
The processing and transfer (domestic and cross-border) of data relating to fintech products and services is subject to the EU General Data Protection Regulation (GDPR), which in Austria is supplemented by national data protection law.
The GDPR applied as of 25 May 2018 and provides for substantial fines (up to €20 million or 4 per cent of the company’s annual turnover) in case of material violations (eg, illegal transfers of data to countries outside the European Union).
What cybersecurity regulations or standards apply to fintech businesses?
Regulators have become focused on cybersecurity and its associated risks. Accordingly, both European and national regulators have issued guidelines on IT security with which credit institutions must comply.
These guidelines are also relevant for fintech companies because such businesses are either licensed themselves or cooperate with licenced institutions that will hold them to the same level of accountability.
Outsourcing and cloud computing
Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?
The outsourcing of material operational activities by a fintech company that engages in a regulated activity is subject to prior written notification to the FMA and must meet certain regulatory requirements.
Outsourcing can never lead to a delegation of management responsibility. The outsourcer remains responsible for the outsourced activities and is obliged to monitor their execution. Both internal control functions and supervisors (such as the FMA) must not be impaired by the outsourcing.
Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?
In February 2019, the European Banking Authority issued revised guidelines on outsourcing arrangements, which also contain regulatory guidance with respect to IT outsourcing, fintech and outsourcing to cloud service providers. Several aspects of the recommendations, such as business continuity and contingency arrangements, apply in general and are relevant beyond outsourcing to cloud service providers.
Intellectual property rights
IP protection for software
Which intellectual property rights are available to protect software, and how do you obtain those rights?
The following categories of intellectual property will typically be relevant for fintech innovations:
- Computer programs are protected by copyright (as works of literature), provided that they are the result of the unique intellectual creation of their author. In addition to copyright law, protection may also be provided under utility model and patent law. However, software as such is unprotectable either in the form of a patent or a utility model. The legislature allows such protection of software if it is a ‘computer-implemented invention’ (ie, if it relates to a technical context).
- Databases can also constitute a particular intellectual creation as a result of the compilation of individual contributions into a unified whole. Such compilations are protected by copyright.
- Individual contents contained on web pages in word, picture or sound are protected by copyright if they are the result of the unique intellectual creation of their author.
- Websites can also enjoy copyright protection under the same preconditions as described above. If the content of several web pages is independent, but conceptually linked by hyperlinks that together form a systematically arranged internet presence, this may constitute a database provided that it is original; however, this does not affect potential copyrights on the individual web pages.
IP developed by employees and contractors
Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?
Pursuant to the ‘creative principle’ of copyright, the author of a work is always the one who created it. Therefore, the first copyright owner must always be a natural (physical) person – legal persons are unable to develop the intellectual activity required for a work protectable by copyright. Since copyright cannot be transferred among living persons (except in the case of renunciation of a co-author), the author retains his or her position as author for his or her entire life (and his or her legal successors for a period of 70 years from the author’s death). Only after the author dies can the copyright be transferred among legal persons. For the protected period, the author may only dispose of his or her copyright to the extent that he or she can (exclusively) grant rights of use of works to third parties or (non-exclusively) grant authorisations to use works.
Patent rights and utility model rights
Software as such is not protectable under the Patent Act or the Utility Model Act. Protection may be afforded if the software applies technical measures to achieve a technical purpose.
Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?
If several have jointly created a work in which the results of their creative work form an inseparable unit, then copyright is the joint property of all co-creators. The exploitation, such as using or providing licences to use the work, is then subject to the consent of all co-creators, which in some cases can subsidiarily be replaced by a court decision.
The co-creatorship shares are generally not transferable among living persons. In the event that a co-creator waives his or her copyright, it shall pass to the other co-creators.
How are trade secrets protected? Are trade secrets kept confidential during court proceedings?
Trade secrets are protected by the Act against Unfair Competition, which was amended accordingly with effect as of February 2019, as to implement the EU Directive on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure into Austrian law.
Trade secrets essentially mean secret information with commercial value that has been subject to reasonable steps to keep it secret. To prevent, or obtain redress for, the unlawful acquisition, use or disclosure of their trade secret, trade secret holders are entitled to claim omission, removal and, in case of culpably caused infringements, damages.
To protect trade secrets in court proceedings, courts may, at the request of one of the parties, exclude the public if, for the purposes of resolving the dispute, business secrets must be discussed and proved.
Depending on the individual case, the disclosure of trade and company secrets may even be punishable by criminal penalties.
What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?
In order to enjoy trademark protection, the sign must be registered in the trademark register. When applying for registration, the goods and services for which trademark protection is sought must be indicated in the application in such a clear and unequivocal manner that anyone can determine the scope of protection sought on that basis alone. If the sign does not contravene the legal criteria (such as no violation of public order or morality, distinctiveness, not merely a descriptive or generic name), it is registrable.
In order to ensure that no prior trademarks are infringed, a similarity search in the Community Trademark Register (https://euipo.europa.eu/eSearch/) and in the Trademark Register of the Austrian Patent Office should be conducted (http://seeip.patentamt.at/?).
Remedies for infringement of IP
What remedies are available to individuals or companies whose intellectual property rights have been infringed?
Anyone who is infringed in the rights resulting from his or her intellectual property rights can demand injunctive relief, removal of the unlawful situation as well as compensation, damages and profit.
Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?
The provision of fintech products or services raises no particular competition regulatory concerns per se.
General competition law restrictions may have to be complied with when entering into long-term cooperation agreements.
Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?
In addition to R&D expenses, which continue to be tax-deductible, there is the possibility to claim an R&D grant amounting to 14 per cent of R&D costs annually. This tax incentive is granted for in-house research and contract research. The grant for contract research can only be claimed for R&D expenses of up to €1 million per year. The benefit of this tax incentive is a tax-free credit, which must be claimed after the end of the financial year.
Increased tax burden
Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?
In April 2019 a legal initiative was drafted to implement a new digital tax in Austria. The proposed new tax should cover online advertising services provided in Austria against payment. According to the ministerial draft, the digital tax would only apply to companies with a worldwide turnover of at least €750 million and a domestic turnover of at least €25 million from the performance of online advertising services.
Although the law has not yet been introduced owing to a change of the executive branch and in light of upcoming elections later in 2019, the digital tax package has nevertheless been brought forward as legislation in the National Council and might be adopted shortly before the elections in September with the votes of two parties having a majority.
What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?
EU and EEA citizens do not require a visa or a residence or other permit to work or reside in Austria.
An employer may employ a non-EU or EEA citizen (foreigner) if the foreigner has been issued an employment permit or a residence permit valid for this employment.
For skilled staff there are special immigration schemes in place (requiring, among other things, a certain skill level and a salary reaching certain thresholds).
Update and trends
Are there any other current developments or emerging trends to note?
Current developments45 Are there any other current developments or emerging trends to note?
A notable current development is that the Austrian regulator is becoming increasingly interested in the fintech scene, including possible impacts on the business models of entities that are under the supervision of the Austrian regulator.