LITHUANIA Law and Practice Contributed by: Donatas Šliora and Marius Matiukas, ADON legal
Continuous oversight and monitoring of out - sourced activities are essential, including the appointment of a designated individual within the fintech to oversee the arrangement and track performance against agreed-upon service levels (SLAs). Outsourcing of critical functions, such as internal control, compliance and AML, may necessitate notification to or pre-approval by the Bank of Lithuania. Outsourcing agreements must always be formalised in written contracts that clearly outline: • inspection rights; • performance metrics (KPIs); • consequences in the case of breaches; and • termination provisions. With the application of DORA from 17 January 2025, additional robust requirements apply to IT outsourcing. As there is no grandfathering clause for existing contracts, adjusting IT contracts is a focus area for financial service providers. In certain cases, Lithuanian regulations mandate the outsourcing of specific functions solely to other regulated entities. This is particularly com - mon in areas such as asset management, where sensitivity might require that all parties be sub - ject to direct regulatory oversight. Additionally, there are instances where functions cannot be outsourced at all; for example, the internal audit function of a bank must be performed in-house and cannot be delegated to an external service provider. 2.9 Gatekeeper Liability In Lithuania, whether a fintech provider is deemed “gatekeeper” is determined based on its specific activities and services. Fintechs offering regulated financial services directly (eg, lending) bear primary responsibility for regula - tory compliance, including within AML/CTF and
sanctions compliance frameworks. Fintechs involved in activities with AML/CTF implications must implement know-your-customer (KYC) procedures, monitor transactions and report suspicious activities to the FCIS. An additional trend is the increased focus on fraud prevention through provided services. 2.10 Significant Enforcement Actions The past 12 months have shown a continued emphasis on AML compliance and consumer protection within Lithuanian fintech enforcement actions. Regulators – primarily the Bank of Lithu - ania – are actively supervising the sector. Both payment institutions and electronic money institutions have received substantial fines or lim - itations of activity for insufficient customer due diligence, transaction-monitoring weaknesses and failures to report suspicious activity. Fin - techs offering services related to crypto-assets are being closely scrutinised for compliance with AML/CTF obligations. Regulators have taken action against fintechs in various areas, demonstrating the importance of clear disclosures, responsible practices and consumer rights protection. Investigations into peer-to-peer lenders have focused on appropriate creditworthiness assessments and clear communication of terms and fees. Companies offering payment or investment solutions have faced penalties for providing insufficient or potentially misleading marketing information to consumers.
484 CHAMBERS.COM
Powered by FlippingBook