HUNGARY Law and Practice Contributed by: Pál Rahóty, Lakatos, Köves & Partners
However, where a firm engages in algorithmic trad - ing or HFT, MiFID II requires robust governance, test - ing, change of management and risk controls over algorithm design and deployment. This means pro - grammers operate within a regulated framework: algo - rithms must be properly tested, subject to approval procedures, monitored in real time and capable of being switched off (“kill switch”). Firms must main - tain detailed records of algorithm development and changes, and ensure staff involved are fit, properly supervised and trained. Internal controls typically include segregation of duties between development, testing and production environments. If a programmer independently provides trading tools commercially (eg, selling algorithmic trading software to firms), they are generally not regulated as invest - ment firms unless they also provide regulated services such as investment advice or order execution. That said, outsourcing rules, contractual oversight, ICT risk management (including under DORA), and potential liability exposure mean that programmers working for or supplying regulated firms are indirectly subject to regulatory expectations, even if they are not individu - ally licensed. The underwriting methodology itself is not prescribed in detail by regulation, but insurers must comply with the Hungarian Insurance Act and EU Solvency II framework. 8.2 Treatment of Different Types of Insurance In Hungary, different types of insurance are treated differently both in practice and under regulation. From a regulatory perspective, all insurers are governed by the Hungarian Insurance Act and the EU Solvency II framework, but capital requirements, technical pro - visions and risk management expectations differ depending on the nature and duration of the risk. In industry practice, insurtech models also vary by line of business. Digital-first solutions are more common in motor, travel and simple casualty products. Life and investment-linked insurance products tend to involve 8. Insurtech 8.1 Underwriting Processes
more regulatory oversight, advice requirements and capital intensity, making them less frequently the focus of purely digital insurtech start-ups. Overall, while the core legal framework is unified, regulatory intensity and business models differ by insurance class.
9. Regtech 9.1 Regulation of Regtech Providers
In Hungary, regtech providers are not automatically regulated simply because they provide compliance technology. If they only supply software or technical services, they are generally treated as unregulated technology vendors. However, they may become regulated depending on their activities. If a regtech provider goes beyond providing tools and directly per - forms a regulated financial service, it may fall within the scope of financial services regulation. Even where not directly regulated, regtech providers are often indirectly affected by regulation through out - sourcing and ICT risk rules (including DORA), as regu - lated financial institutions must conduct due diligence, impose contractual controls (audit rights, data access, incident reporting) and monitor regtech vendors. 9.2 Contractual Terms to Ensure Performance and Accuracy In Hungary, financial institutions typically require robust contractual protections from regtech and other technology providers to ensure performance, accuracy and regulatory compliance. Common terms include: • detailed SLAs; • warranties; • audit and access rights (including rights for the MNB or other authorities where required); • incident notification and breach reporting obliga - tions; • data protection and confidentiality clauses; • business continuity and disaster recovery commit - ments; • subcontracting restrictions; • regulatory co-operation clauses; • indemnities for compliance failures; and
349 CHAMBERS.COM
Powered by FlippingBook