Legal tips for FinTech start-ups in NZ Guide

FinTechs starting up on a limited budget need to be business-focused and agile – but also aware of how attention to legal and regulatory matters at the outset can set you up for future success. 

We have gathered below some of the legal and regulatory issues affecting FinTechs that we regularly deal with at MinterEllisonRuddWatts. The tips set out in this document are not an exhaustive or detailed list of the issues that may be relevant to your business. They do not constitute legal advice and may go out of date. If you are a FinTech start up, we recommend you seek legal or other professional advice appropriate to your own circumstances. But we hope these tips will set you off in the right direction.

Choosing your business structure and branding

Whilst there are other structures available, it is conventional for businesses to be set up as limited liability companies under the Companies Act 1993. This limits the liability of shareholders for the debts of the company.

Research the availability of your preferred company name, trade marks, brand name, website address and/or Facebook page and register these as necessary. The New Zealand Intellectual Property Office is a good place to start. Don’t forget to check for, and if necessary register, similar names. Don’t forget to check both locally and in export markets. Reserve your company name and then register your company with the New Zealand Registrar of Companies. Income tax, GST and employer registration for tax purposes can be applied for at the same time as company incorporation.

Note there are ongoing record keeping, filing, reporting and other obligations in operating a company and specific duties applying to directors - with criminal sanctions applying for breaches of certain director’s duties. Make sure you understand these duties.

Documenting the legal relationship between founders 

Consider how to structure the shareholding of the company and consider having an agreement between shareholders if there is more than one founder involved – what rights and powers should each founder have to determine the direction of the company or to enjoy the profits? A founder who has made significant intellectual property contributions over financial contributions may wish to seek fair recognition of that.

Without these protections, a founder may end up losing control of the company or receiving low value for their contribution. Trying to deal with unfair outcomes when the business is more established or when relationships have broken down is usually much harder than considering the ground rules at the outset (which can avoid these issues from arising at all).

Navigating the financial regulatory landscape

A very important part of FinTech product development is that it is tested against the financial regulatory regime (certainly before the product is launched).

At a very high level, some of the applicable laws might be:

• Anti-Money Laundering and Countering Financing of Terrorism Act 2009, particularly if you are accepting deposits from customers, managing or issuing a means of payment, transferring money or value, or currency exchange;
   
• Financial Markets Conduct Act 2013 and/or the Financial Service Providers (Registration and Dispute Resolution) Act 2008, which may be relevant if you are issuing a financial product or providing a financial service, including financial advice; and
   
• Non-Bank Deposit Takers Act 2013 if you are taking deposits that create interest or repayment obligations.

A small change to how the product operates may significantly change the level of compliance overhead required in offering the product. It is advantageous to understand this up front and early on as this may affect the product design, investment that would need to be made in the product and the timing of launch.

Considering privacy / data protection and cyber-security

FinTech businesses handle sensitive financial, commercial and personal information, making privacy and security a major concern. FinTechs will need to implement robust data management and cyber-security measures – including establishing policies for properly collecting and then safeguarding customer information from unauthorised access, disclosure and use, and protocols for dealing with cyber-attacks and data breaches.

These obligations to protect customer information arise on several fronts, including compliance with the Privacy Acy 2020, the Financial Markets Authority licence conditions, contractual requirements to customers, a duty of care under tort (negligence) law – or simply for reputation management and preservation of goodwill in your business.

We recommend adopting a “privacy / security by design” approach, embedding good privacy and security measures into the design of products you launch and the systems you use from the very beginning. Failing to do this can lead to re-engineering costs - as well as exposing you to liability and reputational damage - down the line.

Understanding your obligations as an employer

Start-ups may have heard the business advice “hire slowly, fire fast”.  Whilst this may be optimal from a business perspective, be aware: the Employment Relations Act 2000 imposes a range of obligations on employers and provides robust protections for employees, including the right for an employee to bring a personal grievance for unjustifiable dismissal. One of the remedies they can seek is reinstatement to their role, so it is critical to follow a fair process if you are considering needing to dismiss any employee.

Commercial agreements with partners and other service providers

Many FinTechs collaborate with financial institutions, technology providers and other third parties to help provide or enhance their offerings. These collaborations require well-drafted contracts that clearly outline responsibilities, timeframes, costs, data-transfer arrangements, liabilities and risk apportionment, and the dispute resolution mechanisms of the relationship.

Some key things to look out for are contracts that:

• do not reflect the goods and services as they have been marketed to you or grant you rights of use that are too narrow for the way that your business will realistically operate;
   
• require significant payments upfront or lock you in to term commitments for longer than you may need them - with termination penalties if you terminate early;
   
• allow the counterparty to terminate on short notice, leaving you insufficient time to find a replacement;
   
• restrict your ability to work with other partners;
   
• do not protect your intellectual property or confidential information (including your customer’s personal or confidential information) adequately, including where you terminate and want your data back; or
   
• have wide ranging liability disclaimers minimising the risk to the counterparty and onerous liability provisions increasing the risk to you.

Protecting intellectual property

FinTech companies often rely on innovative ideas, branding, technology, software, algorithms, processes, and databases to offer their services. Protecting confidential information and intellectual property rights (IP) through patents, trademarks, copyright protection and contractual arrangements is crucial to preventing unauthorised use of its innovations and maintaining value in the company.

Think about what arrangements might be necessary from the very beginning, and make sure that you act at the right time to avoid losing the chance to take advantage of those protections.

For example:

• are your innovative ideas protected under confidentiality / non-disclosure agreements?
   
• have you registered your company name, trade mark, website address and Facebook page?
   
• have you checked (through so-called "freedom to operate” searches) that your products and processes will not infringe someone else’s rights such as copyright, design or patent rights and, where possible, have you registered your own (again, covering local and export markets)?
   
• do you have an effective IP policy in place to give staff clear direction on how to protect IP?
   
• if the business is built or going to be built on IP originally created by the founders, has that IP been formally transferred to the company and does it need to be?
   
• do your contracts with developers or other third parties recognise your ownership of the resulting intellectual property? 
   
• do your customer contracts restrict use of the services as necessary to protect your investment?
   
• do your employment agreements have sufficient protections and do you need to place restraints on key employees their employment agreement so they don’t set up in competition if they leave?

Dealing with competitors and customers

As the business is up and running, FinTechs will want to compete for business in the market. Dealing with competitors, and dealing with customers or potential customers, is regulated largely by the Commerce Act 1986, the Fair Trading Act 1986, the Consumer Guarantees Act 1993 and the Credit Contracts and Consumer Finance Act 2023. There are rules about spam marketing in the Unsolicited Electronic Messages Act 2007.

At a very high level, these statutes seek to encourage competition for the benefit of customers and to protect customers, especially individual consumers, from deceptive, misleading or otherwise unfair (or irritating) business practices.  Make sure you understand what is good practice.

Who can advise me?

At MinterEllisonRuddWatts we have lawyers who help clients navigate the issues raised above, and the many adjacent issues that can arise with running a business.

Please get in touch to see if we can assist.