FINLAND Law and Practice Contributed by: Olli Kiuru, Mia Rintasalo and Essi Hietaoja, Waselius
to cloud outsourcing arrangements entered into, renewed or amended on or after 31 July 2021. Financial institutions falling within the scope of the guidelines must ensure that their cloud out - sourcing arrangements comply with said guide - lines. In its Regulations and guidelines 4/2021, the FIN-FSA recommends that investment firms, credit institutions providing investment services, alternative investment fund managers and alter - native investment fund depositaries, among oth - ers, comply with the guidelines issued by ESMA. Furthermore, the FIN-FSA stated in 2020 that it complies with the EIOPA’s guidelines in its supervisory work. 2.12 Review of Industry Participants by Parties Other than Regulators Besides regulators, Finance Finland (FFI) reviews the activities of industry participants within the Finnish financial sector. FFI represents banks, life and non-life insurers, employee pension companies, finance houses, fund management companies and securities dealers operating in Finland. It actively participates in raising aware - ness amongst decision-makers of any potential impacts that might ensue from regulation, and provides expert opinions on legislative process - es. The organisation of FFI is divided into five groups, of which the Infrastructure and Security group is concerned with fintech. The Fintech Finland Association (a neutral, non- profit organisation) is another relevant party reviewing the activities of fintech companies – for instance, by actively promoting the interests of the Finnish fintech industry. 2.13 Conjunction of Unregulated and Regulated Products and Services The offering of unregulated products or bundling them together with regulated products and/or services is not that common in Finland. If such
offering does exist, it is mainly conducted by a regulated entity due to regulatory concerns. 2.14 Impact of AML and Sanctions Rules The Finnish AML Act imposes a variety of obliga -
tions upon obliged entities, including: • “know your customer” procedures; • record-keeping; • ongoing monitoring; and • identifying beneficial owners.
In accordance with the AML Act, obliged entities are financial market players such as fintech enti - ties engaging in payments and financing, wealth managers, fund companies and CASPs. Know Your Customer Obliged entities must identify their customers prior to forming permanent customer relation - ships. However, obliged entities will also be required to identify their customers when form - ing occasional customer relationships if the con - ditions set forth in the AML Act are fulfilled. If an obliged entity fails to identify its customer to the extent stipulated in the AML Act, it will be prohibited from forming a customer relation - ship and carrying out the business operation, and from maintaining the business relationship. Depending on the customer, obliged entities must identify their customers by means of a simplified or enhanced due diligence procedure. Government Decree 929/2021 lays down the due diligence procedures that must be under - taken when identifying customers, particularly in relation to simplified and enhanced due dili - gence procedures. The AML Act does not necessarily apply to many unregulated fintech companies, but its applica -
230 CHAMBERS.COM
Powered by FlippingBook