HUNGARY Law and Practice Contributed by: Pál Rahóty, Lakatos, Köves & Partners
11. Open Banking 11.1 Regulation of Open Banking
12. Fraud 12.1 Elements of Fraud
In Hungary, open banking is primarily driven by PSD2, which has strongly supported its development by requiring banks to provide licensed third-party pro - viders – account information service provider (AISPs) and payment initiation service provider (PISPs) – with secure access to payment accounts via APIs, subject to customer consent. The MNB supervises compli - ance, and banks must meet technical standards on strong customer authentication (SCA) and secure communication. While PSD2 created the legal foun - dation for fintech innovation and competition, practi - cal implementation challenges have at times slowed adoption. Overall, regulation has enabled open bank - ing structurally, but market uptake depends on tech - nical readiness and business incentives rather than regulatory barriers alone. 11.2 Concerns Raised by Open Banking Banks and technology providers address open bank - ing privacy and security risks through SCA, secure APIs, encryption and strict consent management, in line with PSD2 and GDPR. They also implement enhanced vendor due diligence, data minimisation, monitoring and incident reporting frameworks to man - age third-party and cybersecurity risks.
In Hungary, fraud in the financial services and fin - tech context is primarily governed by the Hungarian Criminal Code. In fintech specifically, fraud often over - laps with related offences such as information sys - tem fraud, misuse of payment instruments, money laundering and unauthorised access to IT systems. Regulatory consequences may also arise under AML, consumer protection and payment services laws, meaning firms can face both criminal liability (for indi - There is focus on authorised push-payment (APP) fraud, phishing and social engineering scams, pay - ment card fraud and account takeover attacks, espe - cially in digital and instant payment environments. 12.3 Responsibility for Losses In Hungary, a fintech service provider may be respon - sible for customer losses where it breaches contrac - tual duties, fails to comply with statutory obligations, or is negligent in preventing fraud or unauthorised transactions. Under PSD2, providers are generally liable for unauthorised payment transactions unless the customer acted fraudulently or with gross negli - gence. Liability may also arise from defective services, data breaches or failure to meet disclosure and con - duct standards, subject to contractual limits where permitted by law. viduals) and administrative sanctions. 12.2 Areas of Regulatory Focus
352 CHAMBERS.COM
Powered by FlippingBook