FINLAND Law and Practice Contributed by: Olli Kiuru, Jere Lehtimäki and Essi Hietaoja, Waselius
2.10 Significant Enforcement Actions As far as is known, no significant enforcement actions have been undertaken against fintech companies, but some enforcement actions have been undertaken against legacy players. For instance, on 25 August 2022, S-Bank Plc received an administrative fine from the FIN-FSA for errors in reporting on derivative contracts. S-Bank Plc had failed in its obligation to ensure that information on all derivative contracts it had concluded was reported to a trade repository as required by Regulation (EU) No 648/2012 on OTC derivatives, central counterparties and trade repositories (the “European Market Infra - structure Regulation” or EMIR). On 13 September 2021, the FIN-FSA imposed a pen - alty payment of EUR1.65 million on S-Bank Plc for omissions in the detection of suspicious transactions; S-Bank Plc had neglected its obligations to monitor its customers’ trading, as required under Article 16 of the EU’s Market Abuse Regulation. Another enforcement action was publicised on 2 July 2021, in which the FIN-FSA withdrew the invest - ment firm authorisation of Privanet Securities Ltd with immediate effect after it detected several seri - ous omissions and violations in the firm’s activities. The legal authority of the FIN-FSA to withdraw the investment firm licence derives from Section 26 of the Financial Supervisory Authority Act, according to which authorisation may be withdrawn where essen - tial statutory conditions under which authorisation was granted no longer exist or where the activities of a supervised entity constitute a material breach of the provisions governing financial markets. In a more recent case, on 27 January 2023, the FIN- FSA withdrew Nada express osk’s registration under the PIA, due to deficiencies in compliance with anti- money laundering regulation. Nada express osk had already received a penalty fine for these deficiencies but had failed to correct its actions. In another recent case, on 6 June 2023 the FIN-FSA prohibited Ermitage Partners Oy from offering invest - ment services without a licence, as it classified the
Payment Institutions Similar to institutions offering investment services, payment institutions may outsource substantial func - tions of their payment services where doing so does not materially weaken their internal supervision. Once payment institutions have outsourced their ser - vices, they must ensure the adequacy of the resources and the professionalism, financial stability and exper - tise of the outsourced operator; they must also have procedures in place to assess the performance of the outsourced operator. In order to meet their due dili - gence requirement, payment institutions must ensure, for example, that the outsourced operator has the necessary skills, resources and operating licences required by law to provide the service. In addition, payment institutions must ensure that the outsourced operator has arranged for an adequate level of internal supervision and risk management. When outsourcing payment services to an agent, pay - ment institutions are held liable for the agent’s opera - tions. Crypto-Asset Service Providers Under Article 73 of MiCAR, crypto-asset service pro - viders (CASPs) can outsource functions, but they remain fully responsible for compliance with MiCAR. Outsourcing must not compromise their ability to meet regulatory obligations, weaken internal controls nor hinder supervision by competent authorities. The CASP must ensure that outsourcing arrangements are governed by a written agreement setting out the rights and obligations of both parties, including pro - visions that allow supervisory authorities to access relevant data. The CASP must continuously monitor the outsourced activities and take necessary steps to mitigate risks arising from the arrangement. 2.9 Gatekeeper Liability Certain fintech entities are subject to the Finnish AML Act and must therefore comply with the regulations set forth therein. These requirements include that they actively monitor their client relationships and under - take due diligence procedures prior to forming cus - tomer relationships. Furthermore, investment service providers and CASPs must ensure that the investor/ client is suitable to receive certain services.
271 CHAMBERS.COM
Powered by FlippingBook