Authors

Dr. Verena Ritter-Döring

Partner

Read More

Dr. David Klein, LL.M. (Univ. of Washington), CIPP/E

Salary Partner

Read More
Authors

Dr. Verena Ritter-Döring

Partner

Read More

Dr. David Klein, LL.M. (Univ. of Washington), CIPP/E

Salary Partner

Read More

16 December 2022

December 2022/2 – 1 of 4 Insights

Banks and Insurance Companies in the Metaverse - The Regulatory framework persists

  • Briefing

At least the older ones among us surely remember the Dotcom Bubble and the Second Life, where you could buy virtual properties with Linden Dollars and do some shopping in virtual stores. The daily news about opportunities in the Metaverse one almost feels like being transported back in time by a time machine. But the equation is not quite so simple. The technological progress enables new business models that would have been unthinkable in virtual worlds two decades ago.

Through its various platforms, the Metaverse represents a digital evolutionary stage similar to “www” at the beginning of the Internet’s development. This allows not only existing business models to be virtualized, but also expanded with additional functions or even completely reinvented. It is this diversity that poses a major challenge for regulated institutions. What legal frameworks must be adhered to and what regulatory frameworks are real in the virtual world?

Bank 3.0

Before any traditional business model is digitalized, it has to be tested. The approach in the Metaverse is not any different. The first step is to establish a virtual presence. Just like in the early days of the Internet, when companies wanted to convey digital competence with web business cards, today it is good manners to open a representation in the Metaverse and show the flag. The challenges that come with setting up a business like this are very similar, just the same as in real life.

If you want to open a virtual branch, you need a suitable property, a presentable building with company logo and perhaps a touch of art within so that the office doesn't look so empty. After the first interested parties walk in, you would of course like to get in touch with these potential customers, demonstrate your products and services to them and, ideally, offer these products and services directly in a digital format. Legally, however, a number of questions need to be clarified for such an activity, which in itself seems quite straightforward. A good analysis of the regulatory requirements in the field of IT, data protection, money laundering law and financial supervision law is essential before taking the step into the virtual world.

Opportunities with real legal issues

Basically, the step into the Metaverse is nothing more than contracting an IT service provider or booking an IT service. For this purpose, a suitable Metaverse platform is selected and a contract is concluded with the provider. Depending on the scope of the future activity in the Metaverse, it must be checked whether there is any substantial outsourcing. The decisive factor for this classification is whether specific services are to be provided by the platform or whether only pure IT infrastructure is used. The European supervisory authorities like EBA, ESMA and EIOPA will also have to deal with this issue. As for the use of cloud providers, it is to be expected that a guideline for the market presence of banks and insurance companies will also be published in the future.

If the engagement in the Metaverse is limited to a virtual store, general legal limits for advertising are likely to be relevant first. This also includes the use of trade marks. As with all digital services, national borders play a subordinate role. However, conventional property rights, such as trade mark rights, link the scope of protection in the real world on a territorial basis. The trade mark, such as a protected company logo, may only be used if corresponding rights of use exist or no third-party rights are infringed. This naturally also applies to delimitation agreements or similar agreements that are linked to the territorial scope of use.

Another challenge is the potentially global reachability of recipients of the advertising: Under certain circumstances, the form of advertising is not permitted in the target country or is only permitted under certain conditions. Regulated institutions in particular must take special care not to exceed the limits of their own permits.

Since the ads have to be displayed in the Metaverse, an area is needed for this, whereby the term "area" is not to be understood literally; you can look for boundary stones in the Metaverse for a long time. Instead, the so-called digital assets (the touch of art mentioned at the very beginning and the digital properties) regulate the Metaverse. These digital assets can be transferred or rights to them can be granted. What this process looks like differs depending on the platform and, above all, the type of asset (i.e. NFTs). The type of acquisition may also determine the classification of art or real estate for tax or accounting purposes.

Regulation remains

If a bank decides to open a branch in the Metaverse, this should of course be filled with virtual life. The exciting possibility of direct interaction with prospective customers and clients suggests information or advisory meetings. If the Metaverse has no territorial boundaries, but the offering of financial services globally is determined precisely by territorial boundaries and territorial licenses, the first question arises as to who is actually addressing the German market here, i.e. also German consumers, and how. From the point of view of the supervisory authorities, nothing else can initially apply here than in the real world. Offering financial services presupposes a certain level of expertise, which is to be ensured by specific permission from the supervisory authority. But how can a bank or an insurance company offer only a certain sub-market in the virtual world without fixed borders? Exciting developments can certainly be expected here.

Other regulatory frameworks also remain in place, whether in the virtual or real world. This concerns, for example, the rules on data protection (including the General Data Protection Regulation GDPR) and the security of IT systems and the IT infrastructure. Automated communication programs, so-called bots, can take over parts of the communication with prospects and customers, but may have to comply with the requirements of the future Artificial Intelligence Regulation (AI Regulation). For employees, in turn, the rules of the works constitution apply, i.e., in particular, co-determination. In addition to the necessary information, employers must consider whether there are any rights of co-determination, some of which are far-reaching, with regard to the rules on working hours or the use of a technical device to monitor employees.

For the distribution of regulated products and services, various transparency requirements must also be met. In addition, not every product or service can simply be digitized without carefully checking whether separate permission may be required. An existing permission for the non-digital counterpart of the product or service is no guarantee that digital distribution is permitted. In addition, it must be examined how the regulatory requirements from the Markets in Financial Instruments Directive (MiFID), for instance, are to be complied with.

Despite these challenges, it is obvious that regulated institutions see the Metaverse as an opportunity and offer certain banking services in the Metaverse. The common currency in the Metaverse is various cryptocurrencies, which must first be exchanged for fiat currencies and then held in so-called wallets. These transactions are regulated differently around the world and require a corresponding permit in the European Union, for example. So even the payment transactions in the Metaverse are not in a legal vacuum.

Conclusion

Some of the legal challenges in the metaverse, which are only touched upon, sound strangely familiar. This closes the circle to the time travel to Second Life. Greater opportunities in the Metaverse conversely require a more multi-layered legal assessment than was necessary for Second Life.

On the other hand, the Metaverse provides many possibilities not only to duplicate the existing business model in the Metaverse, but also to offer, expand and improve further services. Just as the Internet was the engine to modernize the regulatory framework step by step, the Metaverse will significantly influence and shape the further development of the legal framework.

In this series

Technology, media & communications

Banks and Insurance Companies in the Metaverse - The Regulatory framework persists

What legal frameworks must be adhered to and what regulatory frameworks are real in the virtual world?

16 December 2022

by Dr. Verena Ritter-Döring, Dr. David Klein, LL.M. (Univ. of Washington), CIPP/E

Competition, EU & trade

Meta Quest – The competition law battle for the gate to the metaverse

The world is meeting up in the metaverse, only Germany isn’t there yet?

15 December 2022

by Stephan Manuel Nagel, LL.M. (EUI), Niklas Melzer

Technology, media & communications

Web 2023.0 - a sleeping giant?

Calum Parfitt looks at the future of Web3 in the context of a difficult 2022.

5 December 2022

Technology, media & communications

Bits and pieces from the Metaverse

Issue #17 | We keep you up to date with everything you need to know about the Metaverse.

16 December 2022

by Multiple authors

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

Technology, media & communications

IAB Transparency and Consent Framework must be improved

8 March 2024
Briefing

by Dr. David Klein, LL.M. (Univ. of Washington), CIPP/E

Click here to find out more
Life sciences & healthcare

CJEU referral on violations of data protection law on the basis of competition law and on the interpretation of the concept of health data

24 March 2023
Briefing

by Dr. Daniel Tietjen and Dr. David Klein, LL.M. (Univ. of Washington), CIPP/E

Click here to find out more
Data protection & cyber

Telecommunications-Telemedia Data Protection Act (TTDSG) - Summary of the main provisions

Summary of the main provisions

18 July 2022
Briefing

by Dr. David Klein, LL.M. (Univ. of Washington), CIPP/E

Click here to find out more