AIFC Financial Technology Rules
FinTech
Guidance: Purpose of these Rules
The purpose of these Rules is to establish the AIFC framework in FinTech, which regulates the FinTech Lab, a special regulatory environment to Test and/or Develop the FinTech Activities.
The purpose of this rulebook, “FINTECH”, is to complement the regulatory framework established by the Financial Services Framework Regulations (“the Framework Regulations”).
Part 1 sets out the commencement date, application scope, interpretation and administration matters.
Part 2 sets out the features of the FinTech Lab.
Part 2.1 is an introduction to the FinTech Lab.
Part 2.2 describes the approach to Testing FinTech Activities within the FinTech Lab.
Part 2.3 describes the approach to Developing FinTech Activities within the FinTech Lab.
Part 2.4 describes the Licence application process.
Part 2.5 describes the waivers, conditions and restrictions to which the Licence may be subject.
Part 2.6 describes the reporting obligations of the FinTech Lab Participant.
Part 2.7 describes the results of Testing and/or Developing the FinTech Activities within the FinTech Lab.
Part 3 provides for the general overview of the AFSA FinTech Office, outlines the objectives and scope of the functions performed by the CFTO.
PART 1. INTRODUCTION
1.1. Title
These Rules may be cited as the AIFC Financial Technology Rules (or FINTECH).
1.2. Commencement
These Rules commence on 15 March 2019, meaning that the AIFC FinTech Regulatory Sandbox Guidance expires.
1.3. Application
These Rules apply within the jurisdiction of the AIFC.
1.4. Interpretations
Words and expressions used in these Rules and interpretative provisions applying to these Rules are specified in the Glossary.
PART 2. FINTECH LAB
2.1. General introduction to FinTech Lab
2.1.1. The FinTech Lab is a regulatory environment within the AIFC that allows a Person to Test and/or Develop the FinTech Activities without being immediately subject to the full set of regulatory requirements under the Framework Regulations and Rules made thereunder.
2.1.2. FinTech Lab is designed to allow Persons to deliver effective competition in the interests of consumers by:
- (a) reducing the time, and potentially the cost, of getting FinTech to market;
- (b) enabling greater access to the market for innovative Persons, including start-ups;
- (c) the AFSA collaborating with the Person to ensure that appropriate consumer protection safeguards are built into their FinTech Activities; and
- (d) enabling FinTech Activities to be Tested and/or Developed.
2.1.3. Risk and failure are an integral part of innovation. The FinTech Lab is intended to incorporate appropriate safeguards to identify and manage potential and actual risks in order to promote development of FinTech Activities. Given that the FinTech Lab operates in a live environment, failure may result in financial losses to FinTech Lab participants and their customers arising from potential risks.
2.2. Testing the FinTech Activities
2.2.1. Eligibility Criteria
(a) The regime for Testing the FinTech Activities is a live environment which allows a Person to test the validity of the following types of activities in a cost-effective and timely manner, in close collaboration with the AFSA:
(i) Financial Activities which are being regulated in the AIFC or similar to those that are already being regulated in the AIFC, where:
- i. a different technology or process is being applied; or
- ii. the same technology or process is being applied differently, meaning that an established technology or process is being applied to create a new business model;
(ii) Financial activities not currently regulated in the AIFC but regulated in other jurisdictions; and
(iii) Activities likely to be regulated in the AIFC as a financial or an ancillary service.
(b) The regime for Testing the FinTech Activities is also suitable for a start-up that does not satisfy the full set of requirements for regulated activities, but intends to deploy FinTech Activities and to commit to complying with regulatory obligations gradually and with the approval of the AFSA
(c) The FinTech Activities specified in (a) and (b) above must be intended to bring benefits to consumers, which may include, for example, increase of the accessibility, efficiency, security and quality in the provision of financial services, thus promoting better risk management solutions and regulatory outcomes for the financial industry.
2.3. Developing the FinTech Activities
2.3.1. Eligibility Criteria
(a) Developing FinTech Activities provides access to a live market environment in which a Person can engage in activities that are currently regulated by the AFSA, or not regulated, without immediately being subject to the full set of regulatory requirements under the Framework Regulations and Rules made thereunder.
(b) Developing FinTech Activities is appropriate in the circumstances where:
- (i) it is not clear whether the proposed FinTech Activity would have demand in Kazakhstani or regional market (test the waters), and
- (ii) a Person has a licence to operate the proposed FinTech Activity in other jurisdiction(s) which are not currently regulated by the AFSA, subject to the AFSA being satisfied that those jurisdictions have appropriate regulatory standards and practice.
(c) For the purposes of 2.3.1, the FinTech Activities eligible for the FinTech Lab are those that are regulated and not regulated by the AFSA.
2.4. Application process
2.4.1. General overview
(a) A Person seeking to Test and/or Develop the FinTech Activities within the FinTech Lab must meet the eligibility criteria specified in 2.2.1. and 2.3.1. and satisfy the application requirements specified in 2.4.3(b) to be granted with a Licence.
(b) A Person may apply to the AFSA for a Licence to Test and/or Develop the FinTech Activities by:
- (i) completing the pre-application and application forms and filing each completed form with the AFSA accompanied by such documents as are specified in the form; and
- (ii) providing such further information as the AFSA may require.
2.4.2. Pre-application form
(a) The pre-application process is intended to verify the eligibility of a Person to Test and/or Develop the FinTech Activities within the FinTech Lab.
(b) The pre-application form is intended to provide information to the AFSA regarding the proposed FinTech Activities; to verify its suitability for support from the FinTech Lab; and to enable the applicant to become familiar with the AFSA’s approach in fostering innovation within the FinTech Lab.
(c) A Person must comply with the eligibility criteria before lodging the application form. 2.4.3. Application form
(a) Once the AFSA is satisfied that the Person meets the eligibility criteria, the AFSA will invite the Person to proceed with submission of additional information necessary for assessment and authorisation purposes.
(b) In assessing the application, the AFSA will consider whether:
- (i) the Person has performed a rigorous due diligence on legal and regulatory requirements of the AIFC for deploying the proposed FinTech Activities and understands them; and
- (ii) the Person has the necessary financial and non-financial resources to support Testing and/or Developing the FinTech Activities in the FinTech Lab; and
- (iii) the applicant is fit and proper; and
- (iv) the Person has submitted to the AFSA the business, testing and/or development plan(s); and
- (v) other criteria that the AFSA may consider relevant have been met.
(c) Upon submission of materially complete application form, the AFSA will review the application and inform the applicant of its authorisation decision.
(d) The procedures for assessing the application, terms and conditions of issuance of the Licence are defined by the AFSA.
(e) Nothing in these Rules prevents the Person whose application had been rejected from applying to the FinTech Lab again, provided that the issues causing the rejection of application have been addressed.
2.5. Licence
2.5.1. General
(a) A Person must not Test and/or Develop FinTech Activities within the FinTech Lab unless it holds a Licence issued by the CFTO on behalf of the AFSA.
(b) A Licence issued by the CFTO, which can be subject to a set of conditions, serves as an authorisation of a Centre Participant to:
- (i) Test the FinTech Activities within the FinTech Lab; and/or
- (ii) Develop the FinTech Activities within the FinTech Lab.
(c) The Licence has effect for 2 years from the date of its issuance.
2.5.2. Extension, varying, withdrawal of the Licence
(a) The FinTech Lab Participant is entitled to apply to the AFSA to extend, vary or withdraw the Licence.
(b) The FinTech Lab Participant may submit an application for the Licence extension, but no later than 2 months prior to the Licence expiration date.
(c) The FinTech Lab Participant is entitled to apply to the AFSA to extend the validity, to change the scope, and to have a condition/restriction varied or withdrawn from its Licence (or to have its Licence withdrawn) by:
- (i) filing a written request with the AFSA accompanied by such documents as may be requested by the AFSA;
- (ii) providing such further information as the AFSA may require.
(d) Each application for an extension, variation or withdrawal of the Licence must be accompanied by sufficient reasons for such an application.
(e) In the case of withdrawal of the Licence, the FinTech Lab Participant follows the procedure specified in 2.5.3(d) of these Rules.
(f) The CFTO may approve the extension, variation or withdrawal of the Licence on a caseby-case basis.
(g) The CFTO, subject to 7 days prior notification to the FinTech Lab Participant and consideration of any comments received from the FinTech Lab Participant, may vary the terms of the Licence on his/her own initiative and at his/her own discretion based on the progress of the FinTech Lab Participant in Testing and/or Developing the FinTech Activities.
2.5.3. Suspension, revocation of the Licence
(a) The CFTO may suspend or withdraw the Licence based on an application of the FinTech Lab Participant.
(b) The CFTO is entitled to suspend or revoke all or some of the terms of the Licence at his/her own discretion.
(c) For the purposes of 2.5.3(b), the CFTO may exercise its power only if the CFTO:
- (i) is satisfied that there is a breach, or likely breach of a provision of legislation administered by the AFSA; or there is a failure, or likely failure, to comply with any obligation to which the FinTech Lab Participant is subject under the Licence; or
- (ii) considers that the exercise of the power is necessary or desirable in the interests of the AIFC as the risks posed by the Testing and /or Developing FinTech Activities exceed the benefits to consumers or the financial system.
(d) Upon revocation or withdrawal of the Licence, the FinTech Lab Participant must:
- (i) immediately implement its exit strategy to cease provision of the FinTech Activities to new and existing customers;
- (ii) provide notification to customers informing them of the cessation and their rights to redress, where relevant;
- (iii) compensate any customers who had suffered financial losses from engaging with the FinTech Lab Participant pursuant to the safeguards submitted by the FinTech Lab Participant while submitting the application for authorisation;
- (iv) ensure that the exit strategy is employed and all the existing obligations to its customers must be fully fulfilled or addressed; and
- (v) submit a final report to the AFSA on the actions taken pursuant to the paragraph 2.7.3. of these Rules within 30 days after the revocation or withdrawal.
2.6. Waivers, conditions, restrictions
2.6.1. General
(a) Existing legislative requirements of the Framework Regulations and the Rules would not generally apply initially to FinTech Lab Participants. On receipt of an application for a Licence to carry out FinTech Lab Activities, the AFSA works with the applicant to identify the provisions of the Framework Regulations and the Rules that are relevant to the proposed FinTech Lab Activities and issues, as appropriate, individual guidance to the applicant or a FinTech Lab Participant according to the specific characteristics of, and risks associated with, the proposed FinTech Lab Activities.
(b) The AFSA may, on the application of a Person or its own initiative and by written notice:
- (i) waive or modify any condition, restriction or requirement of the Framework Regulations and the Rules in relation to FinTech Lab Activities or proposed FinTech Lab Activities; and
- (ii) define appropriate conditions for a FinTech Lab Participant at authorisation and through different stages of Testing and / or Developing the FinTech Lab Activities.
(c) Conditions defined by the AFSA in relation to a FinTech Lab Participant, referred to in (b), are reflected in the Schedule 1 of these Rules, may include, for example, conditions in relation to the following:
- (i) type of Clients with or for whom the FinTech Lab Participant is permitted to carry on FinTech Lab Activities;
- (ii) the type and size of Client transactions that the FinTech Lab Participant is permitted to enter into;
- (iii) whether the FinTech Lab Participant is permitted to hold or control Client Money and Client assets, including Investments or other financial instruments.
2.7. Reporting
2.7.1. Monitoring
(a) The FinTech Lab Participant is subject to monitoring by the AFSA throughout the validity period of the Licence. The AFSA requires that the FinTech Lab Participant submit information on fulfillment of the testing and/or development plan according to the paragraph 2.4.3(b)(iv) of these Rules.
(b) The FinTech Lab Participant must ensure proper maintenance of records during the Testing and/or Developing period to support reviews by the AFSA of the testing and/or development plan.
2.7.2. Interim reports
(a) The FinTech Lab Participant must submit interim reports to the AFSA on the progress of fulfilment of the testing and/or development plan, which must, without limitations, include information on the following:
- (i) key performance indicators, key milestones and statistical information, covering the number of clients served, number of transactions performed, values of transactions, the number of customer complaints and other indicators;
- (ii) key issues observed from his fraud or operational incident reports and resolution of customer complaints (if any); and
- (iii) actions or steps taken to address the key issues referred to in (ii) above.
(b) The frequency of, and specific details for, reporting will be defined by the AFSA, depending on the duration, complexity, scale and risks associated with the Testing and/or Developing the FinTech Activities.
2.7.3. Final report
The FinTech Lab Participant must submit a final report containing the following information to the AFSA within 30 calendar days from the expiry, or the revocation, or withdrawal of the Licence:
(a) key outcomes, key findings, risk management measures of the Testing and/or Developing the FinTech Activities and other information as per the request of the AFSA;
(b) a full account of all incident reports and resolution of customer complaints (if any); and
(c) in the case of a failed Test and/or Development, the lessons learnt.
2.8. Miscellaneous
2.8.1. Upon expiry of the Licence’s validity, the legal and regulatory requirements which have been waived or modified by the AFSA will expire.
2.8.2. Unless an extension of the Licence is requested pursuant to paragraph 2.5.2. of these Rules, or at such time as otherwise might be necessary and agreed by the CFTO, the FinTech Lab Participant will be required to exit the FinTech Lab and choose to either:
(a) migrate to the full authorisation and supervisory regime under the AIFC regulatory framework and deploy its FinTech Activities on a broader scale; or
(b) continue its business in the AIFC as a non-regulated activity; or
(c) exit following the procedure specified in paragraph 2.5.3(d).
2.8.3. Migration to full authorisation is possible provided that:
(a) both AFSA and the FinTech Lab Participant are satisfied that the intended Test and/or Development outcomes are achieved; and
(b) the FinTech Lab Participant can fully comply with the relevant legal and regulatory requirements envisaged under the AIFC acts to carry on the Regulated and/or Market Activities.
2.8.4. The FinTech Lab Participant may continue its business in the AIFC as a non-regulated activity in certain circumstances when, for instance, the Testing and/or Developing FinTech Activities will be classified by AFSA as a non-regulated activity.
2.8.5. The content of the exit strategy of the FinTech Lab Participant may vary based on commercial needs, and may include ceasing the business, or transferring the FinTech and engaged customers to other authorised financial institution(s).
PART 3. THE AFSA FINTECH OFFICE
3.1. Overview
3.1.1. The FinTech Lab and the FINTECH are administered by the CFTO.
3.1.2. The CFTO is an agent and employee of the AFSA and is subject to the same responsibilities and has the same rights as other agents or employees of the AFSA under the AIFC laws.
3.1.3. The CFTO is accountable to the AFSA Board of Directors.
3.2. Objectives and functions
3.2.1. Objectives
(a) In exercising the CFTO’s functions, the CFTO acts in an independent and non-biased way.
(b) The CFTO exercises the CFTO’s functions only in pursuit of the following objectives:
- (i) to promote good practices and observance of the requirements of these Rules; and
- (ii) to pursue effectiveness and transparency in administering of these Rules.
3.2.2. Functions
(a) The CFTO has the powers given to the CFTO by or under the applicable law of the AIFC, decisions of Governor, AFSA Board of Directors and AFSA Executive Body.
(b) Without limiting paragraph (a), the CFTO’s functions include the following:
- (i) preparing draft rules, codes of practice and submitting them to the AFSA Board Legislative Committee for consideration;
- (ii) preparing and adopting guidance for the AIFC FinTech Lab Participants, and seeking approval of the Board of Directors of the AFSA of any guidance adopted by the CFTO;
- (iii) issuing or approving the necessary forms, procedural guidance and other necessary documents pertinent to these Rules;
- (iv) initiating and convening the AFSA Committee on Authorisation of FinTech Lab applicants;
- (v) devising a tailored regulatory regime for FinTech Lab Participant to Test and/or Develop the FinTech Activities within the FinTech Lab, including, without limitations, the following:
- i. create and modify eligibility criteria on a case by case basis at his/her own discretion after due consideration of risks posed by the proposed FinTech;
- ii. issue individual guidance to the FinTech Lab Participant having regard to specific characteristics of the participant, or risk posed by, a specific FinTech Activity of the FinTech Lab participant;
- iii. holding the signature right of various legal matters:
- i. approve the form of the Licence and other application forms, and make modifications thereto;
- ii. issue the Licence;
- iii. modify, suspend or revoke the Licence at any time at his/her own discretion due to necessity to pursue one or more regulatory objective.
- (vi) waiving or modifying any conditions, restriction, requirements of the Framework Regulations or the Rules defining the conditions to apply to FinTech Lab Participants upon authorisation through different stages of Testing and/or Developing their FinTech Activities; and/or
- (vii) exercise all or any of the following functions on behalf of the AFSA in relation to FinTech Activities:
- i. approving the form of Licence;
- ii. issuing Licences; and
- iii. modifying, suspending or revoking Licences at any time, at the CFTO’s own discretion, to give effect to or further 1 or more regulatory objectives.
(c) The CFTO may make a decision under (vi), (vii).iii with immediate effect. However, if the CFTO makes a decision under (vi), (vii).iii the CFTO must refer the decision to the AFSA Committee on Authorisation for its consideration. The committee may confirm, set aside or change the condition in any way it considers appropriate.
3.2.3. Other powers
(a) These Rules are not an exhaustive source of the CFTO’s exercise of AFSA’s statutory powers and discretion. In discharge of his/her regulatory duty, the CFTO is entitled to exercise other powers or functions which the CFTO considers necessary or desirable for or in connection with, or reasonably incidental to, the exercise of the CFTO’s functions, where it might be relevant to address any specific matter in FinTech.
(b) The CFTO may delegate all or any of the CFTO’s functions to any AFSA employee.
(c) The CFTO, and any delegate of the CFTO, is not liable to third parties for anything done or omitted to be done in the exercise or purported exercise of the CFTO’s functions (including any function delegated to the CFTO) under the AIFC Acts, decisions of Governor and AFSA Executive Body, except when it is established that such an action or omission was committed with unfair intentions and/or malicious intent and/or for the purpose of deliberate non-fulfillment or violation of his/her official duties.
Schedule 1: Conditions
1. Conditions for commencing business with Clients
1.1. A FinTech Lab Participant (the participant) must meet the following minimum requirements before commencing business with Clients:
a) the participant must demonstrate evidence of the availability of the policies, procedures, arrangements, systems and controls required by AML;
b) the participant must make the mandatory appointments as required by GEN 2.1 and must appoint a Chief Information Technology Officer, who must be an individual responsible for the participant’s ongoing information technology (IT) operations, maintenance and security oversight to ensure that the participant’ IT systems are reliable and adequately protected from external attack or incident;
c) the participant must have a Client agreement that outlines the risk disclosure measures required by the participant’s licence issued by the AFSA;
d) the participant must comply with GEN 5.2 (Outsourcing);
e) the participant must provide to the AFSA a signed statement, certifying that the participant has adequate measures in place to ensure the following:
- (i) that the participant’s IT systems are resilient and not prone to failure;
- (ii) business continuity if a part of the IT system fails;
- (iii) the protection of the IT systems from damage, tampering, misuse or unauthorised access;
- (iv) the integrity of data forming part of, or being processed through, the IT systems;(v) real time monitoring and reporting on system performance, availability and integrity;
- (vi) that policies and procedures for the IT systems are adequately established and maintained;
- (vii) that the participant has sufficient resources to operate without disruption, maintain and supervise the participant’s IT facilities.
f) the participant must provide to the AFSA evidence of the availability of adequate funds to meet at least 12 months of operational expenses, as per the participant’ application to become a FinTech Lab Participant;
g) the participant must ensure that Client Money is held in a segregated Client Money Account with a third-party account provider that is a Bank or a Regulated Financial Institution that is authorised in any jurisdiction to Accept Deposits;
h) if the participant is providing Digital Asset transactions - the participant must have arrangements in place to ensure storage of Client funds on a Hot Digital wallet at most equivalent to 10 Bitcoin (further BTC) or 10% of all Client funds or assets, whichever is greater.
2. Testing limits
2.1.
The AFSA defines conditions for activities of the FinTech Lab Participants by setting standardised limits on size of funds, types of Clients permitted for the purpose of Testing FinTech Activities, which are determined based on the maturity of the FinTech firm, riskiness and type of activities.
2.2.
The AFSA does not impose any limits on the number of Clients, size of funds, types of Clients for Developing FinTech Activities given that they are performed by the firms authorised in foreign jurisdiction/-s.
2.3.
The maximum size of funds (per Client/Investor) up to which the Client Money Accounts are permitted to be deposited and/or refilled is reflected in the Table 1:
A | B | C | D | |
# | Currency | Retail Clients and Investors: natural persons | Retail Clients and Investors: Body Corporates | Professional Clients and Accredited Investors |
1 | Fiat Currency | 1,000 (thousand) USD or equivalent | 20,000 (twenty thousand) USD or equivalent | within aggregated limits |
2 | Operating a Digital Asset Trading Facility or Providing Custody for safeguarding and administering Digital Assets belonging to another Person | 0.5 (point five) BTC or equivalent amount in another Digital Asset | 5 (five) BTC or equivalent amount in another Digital Asset | within aggregated limits |
3 | Any other Digital Asset related business | 0.25 (point twenty-five) BTC or equivalent amount in other Digital Asset | 2.5 (two point five) BTC or equivalent in other Digital Asset | within aggregated limits |
2.4
The maximum size of aggregated funds of Clients that a FinTech Lab Participant is permitted to hold without ensuring compensation arrangement (which can be, for instance, in the form of performance assurance or guarantee) at any given instance for the purpose of Testing the FinTech Activities is:
a) for Retail Clients and Investors:
- (i) 200,000 (two hundred thousand) USD or equivalent Fiat Currency; or
- (ii) 50 (fifty) BTC or equivalent Digital Asset.
b) for Professional Clients and Accredited Investors:
- (i) 5,000,000 (five million) USD or equivalent Fiat Currency; or
- (ii) 1,250 (one thousand and two hundred fifty) BTC or equivalent Digital Asset.
2.5.
If a FinTech Lab Participant has an adequate arrangement to compensate its Clients against losses or damages, the AFSA may consider increasing the values of maximum sizes of Retail Clients funds outlined in 2.3 and 2.4 above.
2.6.
The AFSA must be appointed as the trustee of a performance assurance or guarantee provided by a FinTech Lab Participant
2.7.
The AFSA Committee on Authorisation may, at any time, increase or reduce a limit under 2.3. and/or 2.4. for a particular FinTech Lab Participant, or a Person who is an applicant to become a FinTech Lab Participant, if satisfied that it is justified to do so
2.8
A FinTech Lab Participant may apply to the AFSA Committee on Authorisation for a limit applying to it under this 2.3. and/or 2.4. to be increased. Without limiting the grounds on which the participant may justify the application, the participant may justify the application on 1 or more of the following grounds:
i. successful performance of the authorised FinTech Activities during a period of 6 (six) months without any incident and with properly execution of the participant’s Testing/Developing plan;
ii. fulfillment of all requirements in relation to systems and controls and all legal and regulatory requirements;
iii. providing adequate arrangement to compensate its Clients against losses or damages in the case of default.
3. Outsourcing core functions
3.1.
The AFSA generally permits a FinTech Lab Participant to outsource any of the participant’s functions to a service provider (including a service provider within the participant’s Group). However, the FinTech Lab Participant remains responsible for compliance with the requirements of the Framework Regulations and the Rules.
3.2.
If the AFSA has difficulty in obtaining information from the FinTech Lab Participant about an outsourced function, the AFSA may limit the outsourcing of the function.
4. Minimum number of employees
4.1.
FinTech Lab Participant shall appoint at least 2 (two) individuals who can carry out the functions of Approved Individuals and Designated Individuals and at the same time ensure that there is no conflict of interests in the carrying out of the functions.
Guidance
One Person may hold the positions of Senior Executive Officer and Finance Officer, and another Person may hold the positions of Compliance Officer and Money Laundering Reporting Officer
5. Use of corporate bank accounts
5.1.
A FinTech Lab Participant is allowed to receive and hold Client Money in corporate bank accounts of a Third-Party Account Provider, which is a Bank or a regulated financial institution which is authorised to accept Deposits or funds, subject to relevant segregation of funds in place