POLAND Law and Practice Contributed by: Wojciech Trzciński, Łukasz Łyczko, Konrad Frąckowiak and Katarzyna Kaczmarzyk, PwC Legal Business Solutions
as obtaining consent from management to establish/ continue a relationship with the client, more frequent monitoring of the client’s transactions, or determining the source of the client’s assets. Reporting Obligations The AIF/AIFM is also obliged to report suspicious cli - ent transactions to the General Inspector of Financial Information. One important requirement is to prepare a risk assess - ment generated by the AIF/AIFM, under which the entity should demonstrate the extent to which it is exposed to money laundering and terrorist financing. 4.12 Data Security and Privacy for Investors Investment funds that are processors of personal data within the meaning of the General Data Protection Regulation are not obliged to comply with the data access obligations to the extent that this is necessary for the proper performance of AML/CFT and crime prevention tasks. The practical meaning of this provi - sion is to remove the exclusivity of access to personal data by the data subject whose personal data is being processed by the controller. Investment funds are obliged to implement technical and organisational conditions ensuring the safety and continuity of the business and its proper performance. Furthermore, since 17 January 2025 financial institu - tions must ensure compliance with the requirements set forth in DORA. This includes implementing robust ICT risk management frameworks, conducting regular testing of their operational resilience and effectively managing third-party ICT service providers. Financial institutions are obliged to follow rules for the protec - tion, detection, containment, recovery and repair capabilities against ICT-related incidents. In addition, institutions are required to establish clear reporting procedures for significant ICT-related incidents to relevant authorities, to enhance overall digital opera - tional resilience.
DORA’s entry into force has had a twofold practical impact: requiring the adjustment of ICT service pro - vider agreements to meet regulatory mandates, and prompting numerous modifications to risk manage - ment practices within institutions. 4.13 Anticipated Changes for Investors The EU is currently anticipating the entry into force of the AML Package, which will strengthen the EU’s AML/CFT rules. The package includes: • Directive (EU) 2024/1640 of the European Parlia - ment and of the Council of 31 May 2024 on the mechanisms to be put in place by EU member states for the prevention of the use of the finan - cial system for the purposes of money launder - ing or terrorist financing, amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (AMLD 6); • Regulation (EU) 2024/1624 of the European Parlia - ment and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLR); and • Regulation (EU) 2024/1620 of the European Parlia - ment and of the Council of 31 May 2024 estab - lishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (AMLA-R). Although the AML Regulation legally came into effect on 9 July 2024, its full direct applicability is deferred until 10 July 2027. This transition period includes interim deadlines, with provisions for transparency registers to be in place by 10 July 2025, and by 10 July 2029 for real estate registers.
250 CHAMBERS.COM
Powered by FlippingBook