Fintech: Your Rights (Revolut, N26, Wise)
Millions of Irish consumers use fintechs. But when things go wrong — frozen accounts, missing funds, unresponsive support — knowing where you stand is critical.
Who Regulates What?
This is the most important thing to understand. Different fintechs are regulated in different countries, which determines where you complain:
Revolut
EU banking licence from Lithuania (European Central Bank via Bank of Lithuania). Irish customers are covered by Lithuanian deposit guarantee. Complaints go to Bank of Lithuania or can be referred to the FSPO for conduct issues in Ireland.
N26
German banking licence (BaFin). Irish customers are covered by German deposit guarantee. Complaints go to BaFin or the German banking ombudsman.
Wise (TransferWise)
Authorised as a payment institution by the Central Bank of Ireland. Irish regulator. Complaints can go to the FSPO.
PayPal
Authorised by the Central Bank of Ireland (PayPal Europe). Complaints can go to the FSPO.
Key point: Even if a fintech is regulated abroad, you can still file a GDPR complaint with the Irish Data Protection Commission. GDPR applies based on where the data subject (you) is located.
Account Freezes
The most common fintech complaint. Accounts are frozen — often with no warning and no explanation — for “security” or “compliance” reasons. Your rights:
- You have the right to know why your account is frozen (with limited exceptions for ongoing law enforcement investigations)
- Your funds must be returned to you if the account is permanently closed
- The freeze must be proportionate — freezing an entire account over a single suspicious transaction may be disproportionate
- You have the right to a proper complaints process — “chat support” is not a substitute
Common problem: Fintechs often cite anti-money laundering (AML) obligations to justify freezes. While they do have AML obligations, they also have an obligation not to use AML as a blanket excuse to avoid dealing with legitimate complaints.
GDPR Rights with Fintechs
Regardless of where the fintech is regulated, GDPR gives you:
- Subject Access Request (Article 15) — all data they hold, including internal risk assessments and decision logs
- Right to explanation of automated decisions (Article 22) — if they used an algorithm to freeze your account or refuse a transaction, you can demand an explanation
- Right to rectification (Article 16) — if their data about you is wrong
- Right to complain to the DPC (Article 77) — Irish DPC regardless of where the fintech is based
Payment Services Directive (PSD2)
All payment service providers in the EU must comply with PSD2, which gives you:
- Immediate refund of unauthorised transactions (max EUR 50 liability)
- Right to receive funds within specific timeframes
- Right to dispute transactions
- Transparency about fees and exchange rates
How to Fight Back
- Exhaust their complaints process — document every interaction, screenshot chat conversations, note reference numbers
- Send a GDPR SAR — this often reveals risk scores, automated decision logs, and internal notes that contradict their public reasons
- Identify the correct regulator — use our Company Lookup tool to find the right ombudsman
- File with the FSPO if they're Irish-regulated, or the relevant foreign ombudsman
- File with the DPC for GDPR breaches — always available regardless of where they're regulated
- If your funds are trapped, send a formal demand letter with a deadline, citing the relevant payment services regulations