PORTUGAL Trends and Developments Contributed by: Diogo Pereira Duarte, Ricardo Henriques, Isabel Pinheiro Torres, Diogo Matos Horta and Marta Boura, Abreu Advogados
In Portugal, the National Implementation Law desig - nates the BdP, the CMVM and the Insurance and Pen - sion Funds Supervisory Authority (ASF) as the national competent authorities responsible for supervising entities under their respective scopes of action. It also introduces centralised incident reporting (with the BdP designated as the national authority responsible for receiving such notifications), mandatory co-operation and information-sharing obligations between the three authorities to ensure co-ordinated supervision, and empowers them to regulate critical implementation details of the DORA, including reporting formats, ICT subcontracting registers and advanced threat-led penetration testing (TLPT). The National Implementa - tion Law further establishes a comprehensive sanc - tions regime, covering a broad range of infringements, imposing fines and requiring the public disclosure of serious or very serious sanctions, which may have significant reputational consequences for the entities involved. For fintech companies, compliance with DORA requires increased investment in cybersecurity, inci - dent response capabilities and operational continuity, alongside the development of specialised expertise. Institutions should prioritise reviewing governance structures, strengthening ICT risk management frame - works, aligning contracts with ICT service providers, mapping outsourcing arrangements, conducting resil - ience testing, including TLPT where applicable, and training relevant teams. Early adoption will be key to meeting supervisory expectations and maintaining operational stability. Payment Services and the Role of Electronic Money Institutions Payment services remain at the heart of fintech innovation, and the European regulatory framework is evolving rapidly to keep pace with technologi - cal change, new market entrants and shifting con - sumer expectations. The transition from PSD2 to the forthcoming PSD3, together with the introduction of a directly applicable Payment Services Regulation (PSR), will represent a structural shift in how payment services and electronic money institutions (EMIs) are regulated in Europe.
EMIs and non-bank payment institutions are expect - ed to continue to play an increasingly prominent role within this evolving framework, consolidating their position as efficient alternatives to traditional banks. The growth of digital finance, enhanced by develop - ments relating to the digital euro, create new opportu - nities for these institutions across the EU. As a result, EMIs are positioned as the primary drivers of innova - tion, leading the expansion of digital wallets, instant payment services and cross-border solutions, while simultaneously facing increased regulatory scrutiny in areas such as fund safeguarding, operational resil - ience and AML/KYC compliance. Embedded finance is further accelerating this market trend, as non-financial companies partner with EMIs to integrate financial services directly into their plat - forms. This allows EMIs to offer a broader range of services within wider commercial ecosystems, while intensifying competition among digital payment ser - vice providers. By enabling seamless cross-border transactions, EMIs are becoming crucial enablers of international digital payments. At the same time, open banking is prompting EMIs to enhance their data-sharing capabilities, giving con - sumers greater control over their financial informa - tion and allowing institutions to deliver more personal - ised, data-driven services. As their importance grows, so does regulatory oversight. EMIs are expected to manage digital wallets, transaction data and payment infrastructures to the highest standards, requiring ongoing investment in AML/KYC compliance, cyber - security and data privacy to ensure that technology and regulatory requirements evolve together. Looking ahead, the European payments ecosystem is set to become more integrated, resilient and competi - tive. For fintech companies, success will depend on the ability to combine innovation with compliance. The evolution of payment regulation reflects a deliberate policy strategy to promote competition and techno - logical innovation while safeguarding transparency, security and financial stability, positioning payment services as a key arena where regulation and innova - tion intersect to shape the future of digital finance.
666 CHAMBERS.COM
Powered by FlippingBook