The FinTech Series: Part 1 Contracts
By Lisa Farrah Ho, Updated: 2023-05-24 (published on 2019-08-22)
Certain types of contracts are almost universally used by start-ups. However, as is the case with many things in life, some contracts deserve more attention than others. Two contracts that FinTech companies in particular should pay close attention to are privacy policies and confidentiality agreements (also known as non-disclosure agreements). These two agreements appear to be fairly standard documents that require little modification from a template before being put into use. However, it is advisable for FinTech companies to review and amend such contracts more closely before finalising them so as to ensure that the relevant agreement is sufficiently tailored to the FinTech company’s business model and operations.
Given the nature of their services and operations, FinTech companies may collect, use, or handle personal data in ways that companies outside the financial industry do not. Or obtain types of personal data that such companies typically cannot access. For example, FinTech companies that provide a stored value facility can obtain information about a customer’s funding sources, while FinTech companies that provide automated portfolio investment services can use the data from customers’ transactions and investment activities to build a profile of a customer’s specific financial circumstances. Accordingly, it is important to modify clauses on the collection, use, and handling of personal data to ensure that they form an accurate and comprehensive statement of what the FinTech company does in the course of conducting its business.
We only retain personal data for as long as it is necessary for us to do so. This includes situations where there is a binding legal or regulatory requirement upon us to retain the data (e.g., for at least five years from the termination of our business relationship with you). Data may be archived as long as the purpose for which the data was used still exists.
The types of information that a FinTech company would regard as confidential will vary depending on its particular business. Template confidentiality agreements tend to define “confidential information” as broadly as possible, so that the widest possible range of information can be captured within this definition. The below clause (from Zegal’s Mutual Non-Disclosure Agreement) is a typical example:
Confidential Information: all confidential information (however recorded, preserved or disclosed) disclosed by a party or its Representatives to the other party and that party’s Representatives after the date of this agreement including but not limited to:
- the fact that discussions and negotiations are taking place concerning the Purpose and the status of those discussions and negotiations;
- the existence and terms of this agreement;
- any information that would be regarded as confidential by a reasonable business person relating to:
- the business, affairs, customers, clients, suppliers, plans, intentions, or market opportunities of the Disclosing Party or of the Disclosing Party’s Group;
- the operations, processes, product information, know-how, designs, trade secrets or software of the Disclosing Party or of the Disclosing Party’s Group;
- any information or analysis derived from Confidential Information;
- but not including any information that:
- is or becomes generally available to the public other than as a result of its disclosure by the Recipient or its Representatives in breach of this agreement or of any other undertaking of confidentiality addressed to the party to whom the information relates (except that any compilation of otherwise public information in a form not publicly known shall nevertheless be treated as Confidential Information); or
- was available to the Recipient on a non-confidential basis prior to disclosure by the Disclosing Party; or
- was, is or becomes available to the Recipient on a non-confidential basis from a person who, to the Recipient’s knowledge, is not bound by a confidentiality agreement with the Disclosing Party or otherwise prohibited from disclosing the information to the Recipient; or
- was lawfully in the possession of the Recipient before the information was disclosed to it by the Disclosing Party; or
- the parties agree in writing is not confidential or may be disclosed; or
- is developed by or for the Recipient independently of the information disclosed by the Disclosing Party.
While it may in most cases be helpful to define “confidential information” broadly, FinTech companies should still closely review this definition in their confidentiality agreements so that they can tailor it to maximise the advantage to themselves. For example, the company should try to anticipate as accurately as possible what sort of information it will likely have to share with the other contracting party over the course of their business relationship and check that the contractual definition of “confidential information” clearly includes such information as appropriate. Similarly, if the other contracting party tries to negotiate further carve-outs to the type of information that would otherwise be considered “confidential”, the FinTech company should carefully check these carve-outs to ensure that information it wants to keep confidential will not fall within the scope of these carve-outs.
In summary, while template contracts may be convenient resources, it is important for FinTech companies to review and modify them to ensure maximum support for and coverage of their business and operations. This is especially imperative for FinTech companies that are or will be regulated financial institutions, as they will all the more need to ensure that weak contractual clauses will not hinder them in discharging their regulatory obligations. Implementing effective contract management practices allows FinTech companies to proactively address potential gaps or limitations in template contracts, aligning them with regulatory requirements and industry best practices. By engaging in thorough contract review and modification, FinTech companies can mitigate risks, enhance compliance, and strengthen their contractual framework to support their business objectives while meeting their regulatory obligations.
Lisa Farrah Ho is an associate in Rajah & Tann Singapore LLP’s Financial Institutions Group, where she works with a range of financial institutions and FinTech companies.
This article does not constitute legal advice.
The opinions expressed in the column above represent the author’s own.