HUNGARY Law and Practice Contributed by: Pál Rahóty, Lakatos, Köves & Partners
lated functions, it is unlikely to be viewed as a neutral intermediary. 2.10 Significant Enforcement Actions Significant MNB enforcement in fintech-relevant sectors has focused primarily on AML/CFT compli - ance, PSD2/open banking obligations and super - visory remediation orders. The MNB has imposed fines on major financial institutions for deficiencies in customer due diligence, screening systems and internal AML controls, signalling strict expectations that equally apply to licensed fintechs, including pay - ment and CASPs. In the payments space, the MNB has also sanctioned institutions for failures to comply with PSD2 open-banking access requirements, dem - onstrating active enforcement of technical and data access obligations. Beyond monetary penalties, the MNB frequently issues corrective resolutions requir - ing firms to strengthen governance, risk management and compliance systems, underscoring a supervisory approach that combines financial sanctions with man - datory remediation across core fintech verticals. 2.11 Implications of Additional, Non- Financial Services Regulations In Hungary, non-financial regulations such as the General Data Protection Regulation (GDPR; privacy), cybersecurity rules (including DORA and national IT security requirements), consumer protection and EU digital platform rules apply to fintechs broadly the same as they do to legacy banks, but fintechs often face greater practical impact due to their digital-first models, heavy use of cloud and outsourcing, applica - tion programming interface (API) connectivity and reli - ance on online marketing. While banks typically have mature compliance and IT governance structures, fin - techs must ensure that their software development, data monetisation, social media engagement and third-party integrations meet the same strict stand - ards for data protection, incident reporting, resilience, transparency and auditability expected by Hungarian and EU regulators. 2.12 Review of Industry Participants by Parties Other Than Regulators Beyond the MNB, Hungarian fintechs are reviewed by statutory external auditors (mandatory annual finan - cial audits under Hungarian and EU audit rules), inde -
pendent AML and compliance reviewers and, increas - ingly, ICT/cybersecurity assessors under DORA and national IT security requirements. Regulated entities must ensure independent testing of financial state - ments, internal controls, AML frameworks, and (where applicable) resilience and outsourcing arrangements, and auditors may have reporting obligations where material breaches are identified. In practice, larger or licensed fintechs typically engage established audit and advisory firms (often Big Four or specialist consul - tancies), while smaller or non-regulated firms face less formal scrutiny unless required by investors, banking partners or outsourcing clients. 2.13 Conjunction of Unregulated and Regulated Products and Services In Hungary, fintechs often offer unregulated services (eg, analytics, rewards, marketplace features) along - side regulated ones (eg, payments, lending, crypto custody). These are structured either within the same licensed entity with clear contractual separation and disclosures, or through a separate affiliated entity to avoid regulatory spill-over. The MNB applies a sub - stance-over-form approach: if an “unregulated” fea - ture effectively performs a regulated activity, it may trigger licensing requirements. Regulators expect clear customer disclosure, segregation of functions and governance controls to ensure unregulated ser - vices do not undermine prudential, conduct or AML obligations. 2.14 Impact of AML and Sanctions Rules No response has been provided in this jurisdiction. 2.15 Financial Action Task Force (FATF) Standards In Hungary, AML and sanctions rules heavily impact regulated fintechs (eg, payment institutions, e-money issuers, lenders, investment firms, crypto providers), which are treated as “obliged entities” under the AML Act and must conduct KYC, beneficial ownership checks, transaction monitoring, suspicious activity reporting and EU sanctions screening, subject to MNB supervision and enforcement. Unregulated fintechs are not automatically subject to AML law, but in prac - tice face an indirect impact through partnerships with regulated institutions, contractual compliance require - ments, outsourcing controls and the risk of inadvert -
342 CHAMBERS.COM
Powered by FlippingBook