I. Introduction

This is what a friend of mine, who happens to be a reputed Internet consultant, told me a couple of weeks ago, when in the course of a boring dinner when we were talking about the use of Internet as a privileged means for the rendering of banking, insurance and investment services (jointly, "financial services"). He was trying to convince me that the current use of Internet to render financial services will be considered a marvellous ancient jewel in five years time, when a new form of Internet banking spreads across society and reaches the most remote places on Earth.

Although some optimistic and open-minded people may think that Internet is the best possible means to carry out those day-to-day tasks that most consumers loathe (except my wife) like shopping, paying bills or any other financial transactions, the OECD reports reveal that the use of the Internet to conduct financial services is still fairly new. Even nowadays, the volume of financial services transactions actually concluded is relatively small and the variety of financial services is still very limited1.

Nevertheless, like my friend, experts tend to foresee a radically different scenario, with forecasts for the European electronic commerce through 2002 ranging between 5 and 64 billion dollars2 (from 51 million Euro in 1999 up to 1,532.5 million Euro in 2002 in the case of Spain)3. The future will not only be radically different in terms of size; variety and sophistication of the tools made available to the clients, it will have nothing to do with current Internet banking.

Contracting financial services via the Internet is already a significant source of legal work in areas as broad as compliance with licensing requirements and other regulatory provisions (e.g., money laundering, public disclosure, etc.), compliance with advertising or consumer-related rules, contract formation issues, rules of evidence matters, available redress procedures, privacy and data protection matters, violation of industrial and intellectual property rights, customs and taxation queries4. Fortunately, this will not be hampered by the advent of the new Internet banking; quite the opposite, we lawyers believe that it will flourish.

The delocalisation of the Internet poses a number of difficult legal concerns, which deal mainly with the question of which law and regulatory provisions should govern the marketing process (from the initial offer or advertising of goods or services on the Internet to the execution and enforcement of a transaction) or which jurisdiction should enforce the duties, liabilities and rights of the parties. More often than not, in a transaction contracted through the Internet, there are different individuals and legal entities (e.g., client, goods or service provider, Internet connection service provider, index provider, etc.) based in different countries and accustomed to different legal systems, which, in principle, intend to have the relevant transaction subject to their national law and to the jurisdiction of their national courts. There are, effectively, conflicting interests between the parties involved. This fact multiples the legal systems and legal fora involved, which results in an increasingly complex reality. Although a number of attempts have been made both in domestic and international legal fields to provide specific responses to Internet contracting5, this trend is still far from providing bullet-proof answers to Internet Financial Service Providers. International organisations6 have fostered initiatives and action plans for worldwide harmonisation of basic rules and re-address mechanisms, which have not yet resulted in a uniform and generally-accepted set of rules. In the absence of a solidly defined playfield, consumer confidence in electronically-delivered financial services may be eroded by events such as the first bankruptcy of an e-money issuer7, or, even worse, by the presence of fraudulent, misleading or unfair commercial conduct.

I would probably under-estimate the readers’ patience if I attempted to address all these topics in this paper. Hence, I will concentrate on trying to define a single criterion to settle the various regulatory concerns that may arise from the rendering of financial services through the Internet.

II. Regulatory Framework Applicable To Internet Financial Services

To different extents, the provision of financial services is a regulated activity in most countries. This means that these services may only be conducted in each country on a regular basis by licensed entities, i.e. by entities which have first obtained an administrative license from the local banking or securities regulators or which otherwise benefit from the possibility of conducting services in such countries on a cross-border basis or by means of establishing a branch under the license awarded in their home country under international or EU regulations. It is important to note that the conduct of financial services on a regular basis in Spain qualifies as a restricted activity, not merely the conducting of such activities through electronic means (like the Internet).

The provision of financial services via the Internet raises two main regulatory issues, namely (i) whether the specific services to be provided are restricted or regulated activities according to the laws of the various jurisdictions often involved (i.e., the place where the service provider is established, the place where the client is based, etc.); and (ii) the location of the services.

It must be stated that there are no clear guidelines under European or Spanish law (other than as described below) for determining the location of distance services to be provided by a legal entity established outside Spain to Spanish-resident clients or investors without an establishment located in Spain and, in the end, to determine the legal and regulatory regime to which those services must be accommodated. Furthermore, the delocalisation of the Internet undermines the possibility of obtaining clear and straightforward answers in this connection. Two different approaches have been thus far sponsored as a way to resolve the debate, namely, the objective and the subjective approach.

(1) The subjective approach. As opposed to an objective and one-sized response, under this approach, importance is given to the will, expectations and intents of the parties to the Internet-based service relationship, in order to determine which regulatory and legal system should apply to regulate Internet-rendered financial services. The subjective approach has followed a number of different, but related, criteria, as follows:

a) One of the criteria most frequently upheld in the framework of the Internet, with a view to balance the conflicting interest of the parties at the time of determining which legal or regulatory regime should prevail is the consideration of the legitimate expectations of the parties. Thus, the closer the contract or transaction is connected to a particular jurisdiction, the more justified are the expectations of either party that the laws and regulatory provisions of that jurisdiction will apply. For example, the expectations of a consumer to benefit from the protective laws and mandatory rules of his/her country of residence may be justified if he/she receives a specific invitation or offer by e-mail or if the supplier is specifically targeting the consumers of that country in its Internet communication. However, the same expectations may not be deemed reasonable if the consumer voluntarily approaches the service provider by accessing its Web site or sending an e-mail. Where this approach is inadequate to solve the problem (because all the parties have reasonable expectations that their own laws will govern an Internet transaction), a second criterion must be added: the burden of contradicting the other party's expectations should be placed on the party which could more easily have alerted the other party that his/her expectations were erroneous.

Considering these two criteria for the purpose of determining the applicability of Spanish regulatory provisions to the rendering of restricted financial services through the Internet, it can be concluded that any Spanish customer or investor requesting financial services on the Internet should not reasonably expect that Spanish regulatory provisions are applicable to such services if the Internet Service Provider was already providing such services on an unsolicited basis prior to the implementation of the Internet facility. Conversely, the Spanish customer or investor directly or indirectly targeted or approached by the Internet Service Provider (or any other person acting on its behalf) and invited to enter into a contract, those restricted financial services could reasonably expect that Spanish regulatory provision are applicable to any such financial services.

Internet service providers offering restricted financial services over the Internet world-wide will become subject to the Spanish regulatory provisions to the extent a Spanish investor or client accesses those services, unless the service provider refrains from specifically addressing the financial services, the relevant web site, any particular section thereof or any marketing material in respect of the provision of such restricted financial services to Spanish resident customers (for instance, by means of quoting a dedicated telephone number or e-mail address for such investors) and, in general, from taking any action that could make the Spanish investor reasonably expect that Spanish regulatory provisions are applicable. Specifically, the posting of restricted financial services from a Spanish server could undoubtedly attract the applicability of Spanish regulatory provisions.

Should these safeguards not be implemented, the Spanish regulators would consider the restricted financial services rendered in Spain and the Internet Service Provider may be requested to seek and obtain a domestic Spanish license (or otherwise be authorised to benefit from the freedom to provide financial services under the applicable directives) and abide by Spanish regulatory provisions.

(b) Although none of the Spanish regulatory bodies with competencies on the matter (i.e., the Bank of Spain, the National Securities Exchange Commission or the General Insurance Directorate) have construed or issued any other rules on the rendering of financial services over the Internet, a kind of common market practice could be identified from the provision of services on a distance basis. The traditional market practice upheld on the provision of services by means of other mass media to which Spanish residents have access (e.g., foreign newspapers, magazines or other periodical publications published or circulated in Spain, satellite TV broadcasts received in Spain, etc.) could also be relevant regarding Internet financial services. In these cases, the regulators have maintained that no restricted activities will be considered performed in Spain merely by the fact that Spanish residents receive information on a restricted financial activity through said mass media, unless the services so offered were specifically addressed to the Spanish market. Thus, under the securities market practice consistently applied in Spain (in line with those internationally applied8), where a non-Spanish resident entity is providing restricted securities market activities (such as securities trading activities) to Spanish-based investors without any Spanish establishment (i.e., on a distance basis, such as telephone, mail, etc.), the key element to determine whether it is acting in Spain on a cross-border basis (and hence, subject to Spanish regulatory provisions) or abroad (i.e., not subject to Spanish regulatory provisions) is soliciting. Thus, if the service provider solicits the restricted activities to Spanish investors, these activities will be deemed to have been conducted in Spain; conversely, if the restricted activity is carried out upon the client’s unsolicited request, it will be deemed rendered in the place where the service provider is based. Obviously, this criterion only applies if the services are exclusively rendered on a distance basis. Hence, if significant Spanish-based activities are rendered as part of the conducting of the restricted services (i.e., advertising in Spanish media, other marketing or selling activities being conducted in Spain, road-shows or presentations, etc.), even where the activities have not been initially solicited in Spain, the restricted services will be deemed rendered in Spain. If the Spanish-based activity ancillary to the provision of the restricted services is not especially relevant in the prevailing circumstances, then the "soliciting criteria" may still be helpful.

If this criterion were to be followed, an offer, solicitation or other communication communicated in respect of financial services via an Internet web site ("Internet Communication") may be deemed made in Spain and hence subject to Spanish regulatory provisions if, in view of the facts and circumstances, it may be concluded that it is targeted to Spain. Thus, the Spanish regulators would not view banks, insurance companies, issuers, investment companies, investment advisers, broker-dealers or other individual or legal entity providing restricted financial services in Spain (the "Internet Services Providers") which implement measures that are reasonably designed to protect against the provision of such services to Spanish clients or investors, as having targeted Spanish clients or investors (and hence, rendered restricted financial activities in Spain) through an Internet Communication. Examples of these measures could be (i) meaningful disclaimer or warning (seen in the same browser format as the rest of the website) in the Internet Communication making it clear that the services are directed only to specific countries other than Spain, or (ii) assessment of the prospective client’s residence by obtaining information such as mailing address or telephone numbers prior to the rendering of the financial services and subsequent impossibility to provide such services to a person at a Spanish address or telephone number. Quite the opposite, the fact that the Internet Communication emphasises the client's or investor’s ability to avoid Spanish income taxes or to obtain any other advantage specifically reserved to Spanish residents as a result of the implementation of the financial services communicated in the Internet Communication or the fact that the Internet Communication is drafted in Spanish when the Internet Service Provider is based in a non-Spanish language country will be construed as being targeted to Spain and, consistently, deemed rendered in Spain. An electronically-delivered financial service accessible by Spanish consumers will not be considered exempt from Spanish regulatory rules simply because it contained wording stating that it was to be restricted to non-Spanish resident investors or clients if, after applying the objective test of intention and ease of access, it clearly results that it could be easily accessed by such Spanish customers.

E-mail and mass e-mail through the Internet (the so-called "bulk e-mail" or "spam") to Spanish clients or investors should be considered "targeted communication methods". Hence, any financial service offered, solicited or simply rendered through any of these methods will, in principle, be considered rendered in Spain and be subject to Spanish regulatory provisions. The same may apply when the Internet Communication is communicated in other means of communication directed at the Spanish market (including having regard, where appropriate, to the existence of hypertext links). However, the existence of a hyperlink between a web site clearly directed at Spanish customers and a second web site should not in all circumstances be indicative that the financial services offered or promoted in the second web site are directed at the Spanish market: relevant factors to take into account when determining the significance of hypertext links could include consideration of which person established the link or whether there was co-operation or agreement between the web sites in its establishment.

This criteria, which could thus far be generally considered market practice, has been at least partially endorsed by means of the amendment introduced by Royal Decree 2590/1998, of December 7, 1998, to Article 1.2 of Royal Decree 291/1992, of March 27, on securities issues and securities offers. Thus, the issues and offers of (i) securities similar to others listed in any of the exchanges or securities markets in the Spanish territory or (ii) securities offered through the conduct of advertising campaigns in Spain, are deemed made in Spain and subject to certain filing and disclosure requirements (e.g., prospectus). The expression "advertising campaigns" is defined as any communication addressed to investors with a view to promoting the subscription and/or acquisition of negotiable securities. An "advertising campaign" is deemed to exist when the means used consist of telephone calls initiated by the issuer/offeror or any third party acting on its behalf (the so-called "cold calls"), house visits, individual letters, e-mail or any other telematic mechanism used in a campaign for the diffusion, promotion or publicity and is deemed made in Spain if targeted to Spanish-resident investors. A specific provision has been introduced to deal with offers made via e-mail: should the means used to make the offer/issue be via e-mail or any other telematic means, the offer/issue shall constitute an offer/issue made in Spain if the offeror/issuer or any third party acting on its behalf proposes the acquisition of the securities to the Spanish resident investors (i.e., makes a solicitation) or submits all information relevant for the Spanish investor to assess the features of the offer/issue and to accept it.

Although specifically referring to securities offers and issues, the Spanish securities regulator has tried to extend this criterion to other investment services in the draft Circular-Letter by the Chairman of the National Securities Market Commission made open to public comment on March 3, 2000. This circular-letter was not finally adopted.

A lack of any interpretation or rules by the regulators and legislators, clarifying the regulatory regime to be applied to Internet financial services has left the legal certainty somewhere between the devil and the deep blue sea.

(2) The objective approach: consumer end vs. service provider end. Under the objective approach, legal and regulatory matters related to the provision of Internet financial services must comply with the regime prevailing either at the place where the consumer is based (the consumer-orientated approach) or where the service provider is based (the service provider-orientated approach).

(a) Consumer-orientated approach. With a view towards ensuring full protection of the interests and expectations of the financial service consumer, some voices were lobbying for the application of the consumer-based approach when dealing with the legal and regulatory matters involved in the provision of financial services. This actually means that any authorised European Financial Service Provider may provide financial services over the Internet to consumers based in any European country provided it fulfils all legal and regulatory provisions set forth in the country where the consumers are based. Some EU Council Resolution9 seemed to encourage application of this consumer-orientated approach. However, having to comply with different legal and regulatory provisions hampers the proper functioning of the internal European market and hence, renders the rights to freedom of establishment and freedom to provide Europe-wide financial services futile. For this reason, this approach has been progressively abandoned and replaced by a service provider-orientated approach.

(b) Service provider-orientated approach. The Interpretative Release on the Second Banking Co-ordination Directive 29/646, of 20 June 1997 enacted by the European Commission represents the turning of the tide in the determination of the legal and regulatory regime on Internet financial services. It represents the first decisive movement towards a doubtless choice of the place of the service provider as key criterion to determine legal and regulatory applicable requests. This release considers significant criteria in determining the localisation of a service falling within the Annex of the Second Banking Co-ordination Directive (hereinafter, "2BD") (and thus within the passported activities) the place of the "characteristic performance" of the service, that is, the place where the essential supply for which payment is due is carried out. Specifically as regards marketing of services through the Internet, the Interpretative Release states that "the provision of distance banking services, for example through the Internet, should not, in the Commission’s view, require prior notification, since the supplier cannot be deemed to be pursuing its activities in the customers’ territory". In this regard, it seems clear from this Interpretative Release that services provided through the Internet should not be considered rendered within the customers’ territory.

The service provider place of business orientation has been strongly endorsed under the EU Directive 2000/31/EC, of 8 June 2000 on certain legal aspects of the information society services, in particular, electronic commerce, in the Internal Market (the "E-Commerce Directive"). This Directive, with a view towards reducing legal barriers to electronic commerce, has adopted the "country of origin" or "home state" regulatory principle. Thus, Whereas (22) of the E-Commerce Directive reads: "Information society services10 should be supervised at the source of the activity, in order to ensure an effective protection of public interest objectives (...); moreover, in order to effectively guarantee freedom to provide services and legal certainty for suppliers and recipients of services, such information society services should in principle be subject to the law of the Member State in which the service provider is established". Consequently, Member States may not restrict the freedom to provide information society services from another Member States, for reasons falling within the coordinated field (Article 3, 3 of the E-Commerce Directive). The coordinated field encompasses all requirements laid down in Member States’ legal systems applicable to information society services, including requirements in respect of the taking up of the activity (i.e., qualification, authorisation, etc.), and the pursuit of the activity (i.e., behaviour and liability of service provider, advertising, contract, and quality or content of the service). The Member States’ ability to take measures in derogation of this "country of origin" principle is heavily restricted in the E-Commerce Directive, both by the limited reasoning requirements for allowing derogation (measures necessary for reasons of public policy, protection of public health and security and protection of consumers) as well as the formalities and communications imposed on the Member State so derogating.

It is important to note that the E-Commerce Directive excludes this "country of origin" principle in respect of a number of fields which, inter alia, affect certain financial services, such as (i) the emission of e-money by certain institutions in respect of which Member States have applied one of the derogations to the requirements set forth in the e-money directive, (ii) the law applicable to the insurance contracts and the freedom to render insurance services in the European Union, (iii) advertising in a Member State by UCITS licensed in a different Member State, (iv) the freedom of the parties to chose the law applicable to the contract and, more importantly, (iv) the contractual obligations concerning consumer contracts.

The wideness of this latter exclusion erodes the universality of the application of the "country of origin" principle and rises new questions as to the scope of the derogation. Actually, the extent of the use of the consumer protection grounds to apply "country of destination" rules is the main risk that may hamper consolidation of the single financial services market. The European Commission is well aware of this, hence its aggressive approach to limit as much as possible the discretion of Member States to apply home rules on consumer matters. Evidence of this may be noted at the Commission’s Communication to the Parliament and the Council on Political Challenges on Financial Services made in June 2001 (COM(2001) 286 final). In such a report, the Commission states that the principle underlying the E-Commerce Directive (i.e., Member States must ensure that financial services offered on the Internet -with some exemptions- by a service provider established on its territory comply with the national provisions in that Member State within the coordinated field and hence, other Member States must not in principle restrict the freedom to provide financial services via Internet on a cross-border basis) is largely upheld by Member States as the cornerstone for future policy developments in retail financial services. However, it also recognises that some Member States are concerned that the "country of origin" approach would leave gaps in consumer protection and even argue that further harmonisation of consumer protection rules should precede an internal market in e-commerce and financial services.

On the basis of the orientations of the E-Commerce Directive, I am tempted to predict a steady (though slow) decline in the application of subjective approaches (whether based on active soliciting, targeting, etc.) by Member States regulators and legislators when trying to solve the question of the regulatory provisions applicable to the rendering of financial services over the Internet within the European Union. Together with this decline, importance shall be given progressively to the place of origin to solve the vast majority of the regulatory and legal concerns related to the rendering of financial services over the Internet. Notwithstanding this main stream, the importance and scope of the matters in respect of which the "country of origin" principle is derogated (mainly, regarding the contractual obligations concerning consumer contracts) reinforce the powers granted to host country authorities to apply "country of destination" rules.

FOOTNOTES

  1. The investment services most frequently available on the Internet include the possibility of communicating with the customer’s financial consultant via electronic mail; to have access to the customer securities or current account information; to obtain on-line (or off-line) stock quotes and daily mutual fund prices, and to view selected research reports. Seldom, the electronic investment services enable the trading in securities, futures and/or other negotiable instruments and even, the settlement of bills and other debts electronically. Amongst the Spanish experiences, see, for instance, the Internet banking facilities offered by Open Bank (OpenVia, at http:\\www.openvia.es); BBVA (BBVAnet at http:\\www.bbva.es), Bankinter (BKNet at http:\\www.bankinter.es), Banco de Sabadell (Banc Sabadell and Infobanc Sabadell at http.:\\www.bancsabadell.es) and Ibersecurities (http.:\\www.ibersecurities.es). Abroad, see the Merrill Lynch OnLine service (http:\\www.ml.com), the foreign exchange on-line trading offered by Currency Management Corporation (http:\\www.forex-cmc.eo.uk/online.htm) or the banking services offered by the Portuguese Caixa Geral de Depósitos (http:\\www.cgd.pt).

  2. OECD Report "The economic and social impact of electronic commerce: Preliminary findings and research agenda", cited at the EU Commission Communication on the Action Plan on Consumer Policy 1999-2001. Forecasts made by the consulting company Forrester Inc. estimate a world-wide electronic trade for 2003 ranging between 1.25 and 4.5 billion Euro (as cited in the "Second Report of Industrial Technologic Prospects" published in September 2000 by the Spanish Ministry of Science and Technology).

  3. Source: Spanish E-Commerce Association, as cited in the "Second Report of Industrial Technologic Prospects", op. cit.

  4. The situation is not much worse than that resulting from contracting other goods and services over the Internet. For a description of most common concerns in e-commerce, see the report "A Framework for Global Electronic Commerce" by US President William J. Clinton and US Vice President Albert Gore, Jr.

  5. See, for instance, the Model Law on Electronic Commerce of the United Nations Commission on International Trade Law (UNCITRAL); Recommendation 94/820/EC, dated October 19, 1994, on the legal aspects of the electronic data interchange, Recommendation 87/598/EC, on European Rules of Conduct for electronic payment, Recommendation 97/489/EC, dated July 30, 1997, on transactions carried out through electronic means of payment, Recommendation 88/590/EC, on payment systems regulating the issue and use of means of payment.

  6. See, for instance, the "Declaration on Consumer Protection in the context of Electronic Commerce" made by OECD Ministers at the Conference "A Borderless World: Realising the Potential of Global Electronic Commerce", 7-9 October 1998, Ottawa, Canada. See also the "General Usage for International Digitally Ensured Commerce" of the International Chamber of Commerce, Paris, 1997.

  7. See report on Der Standard 7-8/11/98 on the bankruptcy of Digicash.

  8. See the US Securities Exchange Commission interpretative release dated March 23, 1998 and the Guidance Release 2/98 issued by the UK Financial Service Authority in May 1998. See also Part Two of "Financial Promotion – A consultation Document" prepared in March 1999 by the UK Treasury on the Financial Service and Markets Bill. This paper recommends to limit the basic scope of the financial legislation in train to allow communications which, although they originated outside the UK and are capable of having an effect in the UK, are not directed at the UK.

  9. "The Consumer Dimension of the Information Society" Resolution adopted at the 2128th Council meeting on "Consumer Affairs", Brussels, November 3, 1998: "(...) in the case of transborder transactions effected by means of information technologies, consumer should, within the framework of Community law and of the Brussels and Rome Conventions, be able to benefit from the protection afforded by the legislation of their country of habitual residence (...)" (section I, 3).

  10. "Information society service" meaning any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services (Directive 98/34/EC, of 22 June 1998, as amended by Directive 98/48/EC, of 20 July 1998).

 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.