FinTech Insights #6 –
Embedded Finance in Malta

The concept of embedding a financial service within a non-financial service entails the integration of licensable financial activities into non-financial digital platforms. The embedded services typically encompass payments, lending, investments, and insurance. The financial services are integrated into platforms such as social media and various productivity/lifestyle applications, which would otherwise not be considered as financial products at all.

Embedded Finance (commonly abbreviated as “EmFi”) is the term associated with the notion of integrating a regulated financial service within a digital platform that is unregulated for that specific financial service. EmFi raises legal queries relating to compliance, investor protection, and financial stability which arise from the activity of offering financial services outside traditional banking/broker channels.

As of this insight’s publication, the term ‘Embedded Finance’ is neither legislated in Malta nor harmonised at EU-level. However, the Malta Financial Services Authority (“MFSA”) has taken the proactive approach of providing insights into this new type of financial model. The Fintech Supervision function within the MFSA had already noted in its report titled ‘Digital Transformation & FinTech Adoption Within the Maltese Financial Services Sector’¹ that EmFi was one of the eight enabling technologies which formed part of its survey.  Subsequently, the MFSA issued the ‘MFSA FinSights Sectoral Applications of Embedded Finance’² which is a document with the Maltese regulator’s forward-looking perspectives on EmFi.

The MFSA defines EmFi as “the integration of financial offerings and solutions within non-financial applications with the aim to enhance the customer’s experience. Essentially, this means that financial services, such as payments, lending, insurance, and investment management, are embedded within other applications or services, such as e-commerce or social media platforms.”³

Separately, the European Supervisory Authorities (ESMA, EBA and EIOPA jointly) had defined EmFi in a report on Digital Finance as “‘embedded finance’ [occurs] when financial services are ‘embedded’ into other products/services (e.g. the use of Banking-as-a-Service and API-driven banking and payments services to integrate financial services within other environments and ecosystems). Some products or services in the package may be regulated financial services, while others may not be; the products and services may be offered by the same firm, by firms forming part of the same group, and/or by different firms/groups.”⁴

The following are some real-life examples of how EmFi manifests across different platforms:

• Investment services embedded in consumer platforms: Consumer platforms are integrating investment services, allowing users to engage in activities such as stock or cryptocurrency trading without the need for traditional brokerage services. This integration facilitates direct investments through user-friendly applications.
• Social media platforms facilitating peer-to-peer transactions: Some social media platforms have embedded financial services that allow users to send money to each other within the application. This feature supports easy peer-to-peer transactions without leaving the social media environment.
• Ride-sharing apps with in-app payments: Ride-sharing/taxi applications integrate payment processing, allowing users to pay for their services directly through the app. This integration eliminates the need for cash transactions or physical credit cards, streamlining the financial transaction process for both passengers and the chauffeur. When the payment for a service is not conducted through a payment gateway that is visible to the payer and distinguishable thereto, the payment service has effectively been embedded into the non-financial product.
• E-commerce platforms offering payment solutions: E-commerce platforms incorporate embedded payment solutions to enable consumers to complete purchases directly on the website. These solutions can include direct bank transfers, digital wallets, or buy now, pay later options, facilitating a seamless shopping experience.
• Banking services through non-financial platforms: Non-financial platform increasingly provide banking services, such as small business loans, directly to their customers. These services are embedded in the platform and offered within the non-financial platform’s ecosystem, allowing for quick and efficient access to finance.
• ‘Buy now, pay later’ services at retail checkouts: ‘Buy now, pay later’ services enable consumers to spread the cost of a purchase over a series of payments without incurring interest. Integrated into the checkout processes of online retailers, these services offer customers flexible payment plans at the point of sale.
• Insurance services within online purchases: Online platforms offer immediate access to insurance products at the point of sale for products or services being purchased. This could include travel insurance offered during the booking process on travel booking websites, streamlining the purchase and policy activation process.

These examples underscore the diversity of embedded/integrated financial applications, showcasing effectiveness in streamlining the investor and consumer experiences whilst providing seamless access to financial services across various platforms.

EmFi is increasingly becoming part of various sectors of the economy, demonstrating the integration of financial services within non-financial digital ecosystems. A 2024 report on ‘global payments and fintech trends’ by a payments-related research-group noted that EmFi will continue to experience significant growth.⁵ Moreover, in the proposed EU Payment Services Regulation and the proposed EU PSD3 (i.e. the third payment services directive which will succeed PSD2⁶ as transposed into Malta’s Financial Institutions Act⁷) all financial services which are embedded in other platforms (e.g. a social media app) will require stronger customer authentication (i.e., SCA) systems. The goal is to offer customers a more seamless and convenient experience when making payments or accessing other financial services without leaving the environment they are in.

The EU and Malta face the challenge of balancing innovation with risk mitigation arising from EmFi. Regulatory bodies are tasked with updating existing frameworks to address new risks without stifling innovation. The European Supervisory Authorities and the MFSA play critical roles in this evolving landscape, potentially leveraging regulatory sandboxes to test and adapt regulations to EmFi models. Adapting regulatory frameworks to accommodate EmFi will require the development of regulations specifically addressing the unique aspects of EmFi, namely, increased cooperation between regulators, fintech companies, and traditional financial institutions; and a focus on transparency and consumer education to enhance user understanding and protection in EmFi transactions.

EmFi might make it more difficult for entities involved in providing financial services to comply with regulatory requirements because the end-user is not transacting directly with the regulated licence holder. Such requirements include: adherence to know-your-customer protocols arising from anti-money-laundering legislation, consumer protection regulations, and data protection laws. The collaboration between fintech firms, banks, and non-financial entities necessitates clear legal frameworks to define responsibilities and liabilities, particularly in data sharing and customer interactions. The integration of financial services into non-financial platforms also requires transparency in contractual terms and accessible dispute resolution mechanisms.

In a previous fintech insight by our Firm, it was noted that proponents of Decentralised Finance (“DeFi”) opined that DeFi, as opposed to Centralised Finance (“CeFi”), could innovate the financial system by providing easier methods of payments and other financial services without a centralised⁸  intermediary in the financial system which would entail a simpler economy with less regulatory burdens. EmFi is neither CeFi nor DeFi. However, an EmFi transaction could contain characteristics similar to the DeFi concept because the EmFi transaction could occur within the structure of the non-financial service provider itself rather than through a centralised intermediary.

The MFSA explains that EmFi-enabled platforms utilise a variety of business models, from traditional ones like B2C (business-to-consumer) and B2B (business-to-business), to more complex structures such as B2B2B (business-to-business-to-business) and B2B2C (business-to-business-to-consumer). Additionally, newer models such as C2C (customer-to-customer) and G2G (government-to-government) are being explored.⁹ The MFSA provides some examples of these business models:

• B2C models enable consumers to access financial services at the point of purchase, exemplified by ‘buy now, pay later’ schemes.
• B2B models offer financial services, including lending and payment solutions, to other businesses.
• B2B2B involves a non-financial business providing financial services to other businesses, often enhancing efficiency through EmFi, such as in supply chain financing.
• B2B2C connects technology or fintech companies with non-financial businesses to offer financial products directly to consumers, such as insurtech firms offering car insurance at the point of sale through a dealership.
• C2C platforms support the exchange of goods and services among peers, often incorporating flexible payment options.
• G2G models enable transactions between government entities, including tax collection, facilitated by EmFi technologies for secure payments.

Due to the quasi-decentralised characteristics of EmFi, in a brief analysis, the MFSA outlined that EmFi presents numerous advantages which might come at a higher risk to the financial system. As with respect to advantages¹⁰, the MFSA noted that it would be beneficial for both consumers and innovators, including the potential for financial institutions to expand their customer base through strategic partnerships with non-financial entities. This will create new revenue streams by combining financial and non-financial products whilst enhancing customer convenience through seamless transactions and valuable data insights gained from AI and API technologies. However, EmFi also faces significant risks¹¹ and regulatory challenges due to its novelty and the potential for future compliance complexities, cybersecurity threats stemming from its reliance on internet technologies, and operational risks associated with integrating financial services into non-financial products. These risks could affect reliability and consumer trust.

Any effective directive/regulation/act on EmFi will likely challenge existing paradigms both within the EU and Malta. Whilst EmFi provides existing service providers with new methods of how to distribute their financial products through partnerships with non-financial digital services, there can be a risk of a creating lacunae where non-financial service providers start providing services which would otherwise classify as licensable activities. Drafting future legislation on EmFi necessitates a detailed understanding of the intersection between technology and financial law, with a focus on protecting investors/consumers to ensure broader stability within the financial system.