Fintech 2025

FRANCE Law and Practice Contributed by: Hubert de Vauplane and Hugo Bordet, Morgan Lewis & Bockius LLP

not allow the ESMA and EBA to temporarily sus - pend the application of the relevant regulations. This observation has led both the AMF and the HCJP to advocate for granting European regu - lators the authority to issue genuine no-action letters, similar to that granted to the SEC in the USA. 2.8 Outsourcing of Regulated Functions As a general rule, regulated activities performed by financial institutions may only be delegated to entities which are also authorised to perform such activities. Operational functions related to a regulated service may also be outsourced, although the supervision of the competent reg - ulator extends to the vendor. Outsourcing such functions does not relieve the regulated entity from its primary responsibility towards clients or third parties. The regulated entity must efficiently implement measures to monitor the compliance of the ven - dor with the applicable regulatory requirements. In certain cases, the outsourcing must also be declared to the competent regulator. The ACPR, for example, issues detailed guidelines relating to the procedure that must be followed by regu - lated entities wishing to outsource key functions. The ACPR also fully complies with the 2019 EBA Guidelines on outsourcing arrangements, which set out the internal governance arrangements, including sound risk management, that payment institutions and electronic money institutions should implement when they outsource func - tions, in particular with regard to the outsourcing of critical or important functions. 2.9 Gatekeeper Liability As a general rule, regulated entities (whether start-ups or large companies) are responsible for ensuring that the services they provide are not used for illicit purposes. This is why all the

regulated actors are subject to AML legislation and are expected to obtain sufficient knowledge of their clients to be able to prevent their clients from using their platform for illicit activities. Unregulated fintech companies are not subject to AML legislation but are still forbidden from knowingly facilitating illicit activities. These actors need to be careful not to become the vehicles of money-laundering or terrorism- financing schemes. An interesting example is the emergence of blockchain-based decentralised trading plat - forms. Whether the person who deploys the smart contract on which the decentralised platform is based is responsible for potential illicit activities conducted through the platform remains unclear. 2.10 Significant Enforcement Actions Both the AMF and the ACPR are empowered to investigate and prosecute entities subject to their supervision. Within each regulator, an independent enforcement committee acts as a specialised court and is able to sanction regu - lated entities as well as individuals. The AMF’s enforcement committee typically issues 20 to 30 rulings a year, which is twice as many as the ACPR’s enforcement committee issues. French regulators have recently focused on issu - ing warnings regarding crypto-assets. Several publications of the AMF and the ACPR nota - bly outlined the significant volatility and risk of loss. Both institutions reminded their read - ers that these crypto-assets are not legal ten - der and do not qualify as financial instruments under French law. Consequently, the investors’ attention is drawn to the fact that the legacy regulations aimed at protecting them do not apply. Moreover, the AMF published an analysis

255 CHAMBERS.COM

Powered by