Simont Braun strengthens Financial Services and FinTech capabilities with top hires

Simont Braun boosts the capabilities of its Fintech and Financial Services practices by welcoming Partner Joan Carette and Senior Associate Jean-Christophe Vercauteren. These strong additions to the firm enhance our Digital Finance Team’s position on top of the Belgian market.

The highly respected Joan Carette joins our Fintech and Financial Services team as a partner next to Catherine Houssa and Philippe De Prez, where she will reinforce our regulation and FinTech skills and allow to improve our focus on the Tech aspect of our expertise.

Joan Carette has 20 years of experience in FinTech, payments, e-money, AML and more generally banking and financial services and the prudential supervision of financial institutions. She worked as a regulator in the prudential supervision department of the FSMA, and in Belgian and international law firms for over 15 years.

Clients admire her “very flexible, pragmatic approach,” as well as her “deep knowledge of financial regulation.” (Chambers & Partners)

FinTech, Payments and Financial Services play key roles in our economy and require to combine strong legal knowledge with tech-savviness and proactivity. In this context, I am delighted to join the strongest Digital Finance Team on the Belgian legal market. Together, we will be able to offer the best possible guidance to our clients,” says Joan Carette.

Jean-Christophe Vercauteren has solid regulatory expertise in FinTech, payment services and e-money, AML and more generally banking and financial services. He gathered experience as a lawyer in Belgian and international business law firms, and as a legal counsel in a Belgian bank.

I could not think of a more stimulating environment than Simont Braun’s Digital Finance Team to further develop my expertise. Being part of the pioneer FinTech law firm in Belgium will be a daily motivation, and I am happy to contribute to broadening its capabilities,” says Jean-Christophe.

We are proud to welcome top talents like Joan and Jean-Christophe in the team. With them on board, our Digital Finance Team strengthens both its financial services and tech capabilities,” adds Philippe De Prez, partner in FinTech and Financial Services.

***

Simont Braun’s pioneer Digital Finance Team is one of the best and most-qualified teams in Belgium. “The firm has proven itself as one of the very leading players in the market, having advised on groundbreaking projects involving areas such as alternative lending, micro-savings, robo-advisory, blockchain, ICOs and virtual currencies.” Simont Braun is the only law firm ranked in Band 1 in Belgium in FinTech by Chambers & Partners. The firm is also ranked Tier 1 in FinTech by the Legal 500, and Tier 1 in Financial Services Regulatory by IFLR 1000.

Should health and life insurers use the data collected by health-related apps?

With the generalisation of health-related apps, health and life insurers are keen to use the collected data to improve the accuracy of their insureds’ profiles. This trend raises important questions in terms of privacy but also in terms of risks mutualisation in society.

A bit of context

With the increase of technology and the ability of our smartphones or smartwatches to collect our heartbeats, count our steps, and assess our pace, developers have naturally seen an opportunity to develop health-related apps.

These apps track running performances (Runkeeper, Runtastic, Nike+, Fitbit…), monitor diet (MyFitness Pal…), analyse sleeping habits (Fitbit, Jawbone, isommeilr…), etc.

Citizens are using more and more of these health-related apps in their daily life.

Of course, health and life insurers are greatly interested in the health data collected by these apps. This is not necessarily a bad thing as this can mean that insurers can better assess the risk they insure and its evolution, and request more accurate premiums from their policyholders. Nonetheless, this trend also raises important questions in terms of privacy, but also in terms of insurance paradigm as such.

The privacy issue

The privacy issue is rather obvious. One might reasonably desire to keep certain aspects of one’s life private.

The privacy issue is not limited to the insurance world. Privacy is primarily addressed by the EU General Data Protection Regulation (GDPR). The purpose of this news is not to examine this regime in details. Let us simply remind that under Article 9 of the GDPR, health-related data are considered as “special categories of data”.

The process of this kind of data is subject to higher requirements and may only serve highly valued purposes. The data subject may, however, always give its explicit consent to the use of his/her health-related data (Art. 9, 2, (a) GDPR).

This explicit consent is rather well protected and must be free and genuine. For instance, a service provider may normally not monetise or subject the delivery of its services to the data subjects’ consent.

The segmentation issue

Where do we stand?

The insurance industry is based on the idea of risk mutualisation. This principle can be extremely useful to the operation of a society. In a nutshell, the healthy clients’ premiums pay for the insurance indemnity of the ill insured persons.

Health and life insurers have always tried to assess the risks presented by insured persons with the highest accuracy possible using statistical data. Typically, all things being equal, a young sporty person is less likely to die than and old person suffering from diabetes. This reality will normally result in the young person paying a lower insurance premium.

The division of insured persons in categories (e.g. young and healthy versus old and ill) is called “segmentation”. To each category corresponds a level or premium, certain categories of risk being simply refused by insurers (depending on their risk appetite). This is the reason why health and life insurances are almost systematically subject to a medical questionnaire and, in some cases, a medical examination.

Naturally, the more accurate and detailed the segmentation is, the less insurance services offer a mutualisation of risk to society and – arguably – the less useful become insurance services to society as a whole.

This risk has been identified by the Belgian legislator. One of the main Belgian attempts to avoid the risk of “demutualisation” is embodied in Article 44 of the law of 4 April 2014 relating to insurances. Under this provision “Any segmentation made in terms of acceptance, cost, and/or extent of the insurance cover must be objectively justified by a legitimate purpose, and the means to achieve this purpose must be appropriate and necessary”.

This provision lays down the legislator’s ideal but it is very broad and offers a lot of room for interpretation.

What’s next?

Certain members of Parliament fear that connected devices and health-related apps unduly change the paradigm of mutualisation in the insurance sector.

To prevent this potentiality, they have filed a law proposal with the intention of prohibiting the use by health and life insurers of personal data collected by connected devices. The law proposal further prohibits to subject insurance acceptance, pricing and/or extent of the insurance cover to the use by the insured person of health checkers and the sharing of data collected by such health checkers with insurers.

Practically, if enacted, the law proposal would bring a new Article 44, § 2nd, to the Law Insurances:

In derogation to Article 43, § 1st, this paragraph applies to the following insurance contracts:

1° Individual life insurance;

2° health insurance […].

No segmentation can be applied to acceptance, pricing and/or extent of the insurance cover subject to the condition that the policyholder accepts to acquire or use a health checker, accepts to share the data collected by the health checker, or subject to the condition that the insurer uses such data. The processing of the personal data collected by a health checker, relating to the way of life or health of the policyholder, is prohibited”.

The concept of “health checker” would be defined in a new Article 5, 53°, of the Law Insurances as “a device allowing the measurement of one or more variables associated to the way of life or the health of the policyholder”.

At the end of January 2020, the Belgian Data Protection Authority (“DPA”) issued an opinion on the law proposal.

The law proposal is primarily based on Article 9.4 of the GDPR, according to which “Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health”.

The proposal is further based on abovementioned Article 9, 2, (a) of the GDPR, which provides that special categories of data (such as health-related data) cannot be processed unless “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition […] may not be lifted by the data subject”.

According to the DPA, these two provisions of the GDPR effectively allow the Belgian legislator to introduce additional limitations to the processing of health data so that the law proposal is compliant with the GDPR.

Conclusion

While nothing is (yet?) cast in stone, the discussed law proposal is a perfect illustration of the difficult balance regulators need to strike between innovation and the preservation of existing paradigms.

Interestingly, it shows a strong desire of certain members of Parliament to safeguard the principle of mutualisation of risks in the insurance industry. This mutualisation is often seen as a key principle to the health system as a whole.

The DPA’s opinion is also a good reminder that the GDPR, although an EU regulation, still allows Member States to adopt stricter requirements when it comes to protecting special categories of data. In the case at hand, the law proposal somehow “protects the data subjects from themselves” by revoking their right to agree to certain use of their connected devices.

***

For any question or assistance, please contact Thomas Derval
td@simontbraun.eu  |  +32 (0)2 533 17 09

Autonomous Vehicles in Belgium. Is our legal system ready?

We have been hearing about autonomous vehicles (“AVs”) for quite a while. However, as time goes by, the use of AVs is getting closer to becoming a reality. In various countries, car manufacturers are now carrying out tests on open or closed parts of public roads. Just like engineers are facing technical challenges in this field, lawyers have to deal with questions around liability, cybersecurity, data protection, insurance, intellectual property, etc. In this framework, news about AVs accidents are getting less and less uncommon, and they lead to tricky liability questions, such as: can a car user be held liable if he or she had no direct control over the wheel?

Such questions might need a clear answer in the near future and the whole AV subject at large is gaining track. Recently, a Belgian politician launched the idea to make Belgium the first country to welcome AVs. In parallel, the European Commission issued in February 2020 a White Paper on Artificial Intelligence, referring to liabilities incurred by AI, and by extension by AVs.

What do you mean, “autonomous” vehicle (“AV”)?

AVs’ autonomy varies in degree. Subject to a specific European scale of autonomy measurement, authors generally refer to the Society of Automotive Engineering (“SAE”)’s scale. SAE is an international organisation based in US. It brings together engineers, CEOs, researchers, professors, and students who share ideas on automotive engineering. It established six levels of autonomy, ranging from a complete human intervention (level 0) to a total absence of human action (level 5).

To date, the most advanced AVs on the market are of level 3. In that case, the vehicle can handle itself all aspects of the driving tasks within a certain set of circumstances. In some instances, the human driver must be ready to take back control of the vehicle when the AV so requires, e.g. during a traffic jam. According to car manufacturers’ (enthusiastic) declarations, the next levels of autonomy should reach our market in the coming months or years.

How does Belgian law address liability issues in the case of AV accident?

At this stage, Belgian law does not have any specific liability regime addressing the risks generated by AVs.

A victim of an AV should thus find its way through the existing and non-specific Belgian liability regimes. In short, four liability regimes can be identified as potential legal basis for a claim.

1. The fault-based liability regime (Article 1382 of the Civil Code)

This requires the victim to prove three things: a wrongful behaviour from the AV user, a damage and a causal relationship between the behaviour and the damage.

The tricky question here is whether a driver can be found guilty of a wrongful behaviour if he or she was letting the AV operating itself at the time of the accident?

2. The strict liability regime for the use of defective things (Article 1384 of the civil Code)

The victim should prove its damage and a causal relationship, just like in the previous fault-based liability regime. However, in this case, the victim can limit itself to proving a malfunctioning in the AV, rather than proving a wrongful behaviour of the AV user.

This solves the question raised by the previous regime but raises a new one, e.g. how do you prove a malfunctioning when the accident is the result of an algorithmic decision, which in turn could potentially be the outcome of machine learning?

3. The product liability regime (law of 25 February 1991 on product liability)

This regime is similar to the second liability regime as the victim must prove its damage, a malfunctioning of the AV and a causal relationship between these two aspects. However, in this case, the victim will seek compensation against the manufacturer, not the driver.

Furthermore, the compensable damage will be limited to personal injuries (including moral damage) and, subject to certain conditions, damages to property. Other types of damage (e.g. loss of opportunity) are not recoverable under this specific liability regime.

4. The insurance liability (Article 29bis of the law of 28 November 1989 on compulsory motor vehicles liability insurance).

Once a vehicle is involved in an accident, “weak users” (e.g. pedestrians and cyclists) may obtain compensation from the car insurer for the damages resulting from this accident.

In this case too, recoverable types of damage are limited. They only cover personal injuries or death, as well as damage to clothing (quite oddly).

What’s next?

Vehicles are becoming more and more autonomous. Level 5 (fully autonomous) AVs are still prohibited at this stage but their eventual arrival on the market will generate liability questions for which our legal system is not well equipped.

They will change the fault-based paradigm and we anticipate that a dedicated liability regime (e.g. based on the mere use of the AV) will be needed to complement our existing legal framework. We at Simont Braun will closely follow up on this and keep you posted.

***

For any question, please contact the authors:

Thomas Dervaltd@simontbraun.eu
David-Alexandre Sauvagedas@simontbraun.eu

Covid-19 & Banks: Emergency Response and Sound Management

The health crisis caused by Covid-19 and the economic and social consequences it has for banks oblige these financial institutions to inform their regulator of the specific measures, both internal and external, that they implement to address the situation.

Business Continuity – Regulatory Context

Given their essential role in the economic and financial system, banks are legally required to pay particular attention to the risks that are associated with a potential halt or slowdown of their activities.

This is an illustration of the banks’ more general obligation to have at all times adequate measures to ensure the maintenance or rapid restoration of their critical functions (Article 21, § 1st, 9°, of the Banking Act of 24 April 2014). This requirement results from the need for credit institutions to have a sound and prudent management in place.

  1. Contingency Plan

This obligation of continuity is reflected in the contingency, business continuity and recovery plan. This plan must be established by all banks on an annual basis under the responsibility of their Board of Directors. The contingency plan must demonstrate (and convince the supervisors) that the banks have the capacity to limit the operational, financial and legal consequences that would result from a disaster (we usually think of a fire at the head office, but also a severe computer bug, a terrorist attack or, in this case, a health crisis), or result from a prolonged unavailability of its resources leading to difficulties in ensuring the institution’s operations or, in the most serious cases, forcing the institution to interrupt its activities.

As risks are likely to change and evolve, credit institutions must of course regularly test their contingency plans to be able, in a given context, to document and analyse the shortcomings or errors that emerge during testing, and then update their plans accordingly.

  1. Preliminary risk analysis

The development and drafting of this contingency plan require banks to have first carried out a detailed analysis of their exposure to serious business disruptions and to have assessed how to address them, both quantitatively and qualitatively. It is the only manner for banks to be able to define their priorities and objectives should an incident occur.

The spectrum of risks that can hinder or even prevent the continuity of an institution’s activities is obviously very broad and depends above all on the activities carried out by the bank. The risks incurred by a private bank differ, at least in part, from those incurred by a bank whose main activity consists in granting mortgage loans to private individuals or by an institution specialising in export financing.

Covid-19: Emergency and continuity measures

The Covid-19 crisis is a severe test of the banks’ obligation of continuity and the accompanying duty of vigilance.

It is the duty of each bank to urgently establish and maintain, throughout the Covid-19 crisis, the necessary measures to ensure the continuity of their activities while protecting their staff and complying with the government measures.

The scenario of a health crisis of this magnitude and its important economic consequences was unlikely to be included in the banks’ contingency plans. Nevertheless, in theory, credit institutions must have appropriate tools to face it.

In practical terms, and without going into the details of each institution’s particularities, the following emergency measures are examples of what banks can do to deal with the current crisis – from a regulatory standpoint:

  • Raising staff awareness and implementing concrete measures to avoid the spread of the virus (teleworking, shift of teams, reduced flex-office, closure of branches, etc.);
  • Implementing reliable alternatives for customer communication;
  • Increasing IT capacity to cope with remote working;
  • Coordinating critical processes, resources as well as critical staff and their back-ups;
  • Reinforced assessment by the compliance of cyber-attack scenarios and implementation by IT of the measures internally (monitoring of operations) and externally (communication to customers). Risks of fraud such as phishing, identity theft, etc. increase in times of crisis;
  • Additional requirements for subcontractors performing critical functions (outsourcing). This is the case, for example, if customer data is stored in the cloud;
  • Setting up of a crisis committee that assesses the situation on a daily basis;
  • Communication of the measures implemented to the Board of Directors and possible convening of the risk committee and/or an exceptional audit committee;
  • Regular reporting to the competent financial supervisors (e.g. the National Bank of Belgium) on the implemented measures;
  • Assessment and possible adaptation of the emergency plan. This assessment is normally made on an annual basis, but it should also be carried out when the emergency plan is to be implemented.

Conclusion

Banks are subject to very burdensome and stringent regulatory requirements. These include the detailed assessment of their risks and the implementation of necessary measures to address the risks identified. This obligation is complex because the regulator requires a risk-based approach that is both concrete and detailed. However, it is in days like these, when a concrete risk arises that the full usefulness of these regulatory requirements becomes apparent. Afterwards, useful lessons will most probably be learned as to the effectiveness of the current regulatory framework in this respect, and possible modifications can be proposed.

***

For any question or request for assistance, please contact Catherine Houssa or Philippe De Prez:
Catherine Houssacho@simontbraun.eu
Philippe De Prezphde@simontbraun.eu

Simont Braun assists AION in building the new next generation Challenger Bank

Brussels, 10 March 2020  |  Simont Braun successfully assisted AION in building an entirely digital and mobile bank, making it the first of its kind next generation Challenger Bank in Belgium. AION has officially launched its services on 3 March 2020.

AION is the former Banca Monte Pasci Belgio and was purchased by the American fund Warburg Pincus in 2018 in order to transform it into a fully digital financial services provider. AION offers an unrivalled broad spectrum of financial products and services, and beyond banking services, benefitting from an impressive technology and IT support.

Simont Braun’s team has been involved for over a year in developing the new digital products and services in close and successful collaboration with AION’s team,” comments Philippe De Prez, Partner at Simont Braun in Digital Finance and Financial services. “We had the pleasure to collaborate with a very motivated and talented group of people at AION, all working towards an ambitious goal. It has been an intense ride during which we often explored innovative solutions which were so far not available on the Belgian market. This is a space where our team is at its very best. We would like to sincerely thank our clients for this great opportunity to both assist and learn.”

Simont Braun’s Digital Finance Team advised AION on the compliance of their services and products with the applicable regulation, was involved in numerous contract drafting, screen-by-screen compliance analysis and negotiations with the regulator.

The Simont Braun team was led by partner Philippe De Prez, with the assistance of partners Catherine Houssa and Axel Maeterlinck, counsel Thomas Derval, and associates Sander Van Loock, Charlotte De Thaye, Amine Chafik and David-Alexandre Sauvage.

For any question, please contact Nelly Chammas (Marketing & Communication Manager).

Insurance – National Bank of Belgium published the Multilateral Memorandum of Understanding on supervisory cooperation and exchange of information

Recognising the need and the benefit of mutual assistance in ongoing supervision and on-site inspections and in the exchange of information concerning (re)insurance undertakings with cross-border establishments in the UK and the EEA, the UK authorities and EEA authorities responsible for the supervision of the insurance industry have agreed on the establishment of cooperation agreements between the UK authorities and each single EEA authority, subject to the Multilateral Memorandum of Understanding (MMoU).

The MMoU, being a statement of intent and hence not legally binding on the signatory UK authorities and EEA authorities, serves to establish a formal basis for co-operation between the UK authorities, on the one hand, and each single EEA authority, on the other hand. The MMoU is therefore not intended to create commitments for the UK Authorities in relation to each other, nor for the EEA Authorities in relation to each other. The supervisory cooperation includes the exchange of supervisory information (where permitted or not prevented under applicable law) and supervisory assistance in order to ensure adequate levels of policyholder protection and to promote the prudential soundness of the insurance industry and the financial stability in their respective countries.

Although it does not create directly or indirectly any legally enforceable rights or obligations for the signatory authorities or third parties, this MMoU shows the intent to safeguard prudential supervision of (re)insurance undertakings with cross-border establishments in the UK and the EEA after the finalisation of the Brexit. This ensures that the prudential supervision of those undertakings does not merely fall back on the regime for supervision regarding (re)insurance undertakings established in or with cross-border establishments in third countries as is provided by the Law of 13 March 2016 on the status and supervision of insurance or reinsurance undertakings. Also, this memorandum and the cooperation agreements that will normally follow may have an impact with regard to supervisory activities on outsourcing arrangements between such (re)insurance companies and undertakings in third countries.

The MMoU enters into force on the date the European Treaties and EU secondary legislation have ceased to apply in the UK. To view or read the MMoU in full, please click here.

***

For any question, please contact Thomas Derval or Charlotte De Thaye

 

Simont Braun promotes Fanny Laune and Thomas Derval to Counsel

Belgian independent law firm Simont Braun boosts its capabilities with two new counsels.

Fanny Laune has been assisting Belgian and international clients before the Belgian courts in commercial and corporate matters for more than ten years. Recently, she successfully completed a training in mediation, an increasingly popular method of dispute resolution.

Apart from her expert knowledge in procedural law, Fanny has also gained extensive experience in all types of insolvency proceedings.

Fanny’s nomination as counsel is a recognition for her sharp legal knowledge and expertise, as well as her excellent communication skills which are highly appreciated by clients,” says Béatrice Thieffry, co-Managing Partner.

Thomas Derval has been practising financial & insurance law for several years, advising and representing the interests of many companies and regulated institutions. Thomas assists his clients on both advisory and litigation aspects of this field of expertise. On the regulatory side, he has notably developed a strong track-record with Fintech & InsurTech companies, helping them to obtain their licences, and to develop and adapt their products and services to the legal requirements of the Belgian market.

Thomas always makes sure to understand clients’ business and to keep the global picture in mind. His multidisciplinary skills allow him to offer expert yet comprehensive guidance to our clients,” says Catherine Houssa, Partner in Banking & Digital Finance. “This is an essential quality as our clients highly appreciate Simont Braun’s multidisciplinary offer.”

We are delighted to count such appreciated and qualified lawyers amongst our counsels. Their respective skills are highly valuable to Simont Braun, and will boost the sustained growth of the firm,” adds Steven Callens, co-Managing Partner.

Contact details:
Fanny Laune – fanny.laune@simontbraun.eu
Thomas Derval – thomas.derval@simontbraun.eu