Fintech 2025

POLAND Law and Practice Contributed by: Wojciech Ługowski, Lawarton Lugowski Kapica Spolka Komandytowa

2.8 Outsourcing of Regulated Functions Outsourcing regulated functions to external ser - vice providers is permitted but subject to strict requirements, which vary depending on the nature of the outsourced activity (eg, investment or payment services). Several general principles apply across nearly all regulated financial services. These principles primarily derive from the Act on Supervision on Securities Market, PSD2 and DORA, as well as EU-level outsourcing guidelines, including the EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02), the ESMA Guidelines on out - sourcing to cloud service providers (ESMA50- 157-2403) and related domestic laws. Regulated entities must consider and address all the risks associated with outsourcing arrange - ments before proceeding. This requires thorough due diligence on potential service providers to ensure they possess the appropriate skills, expe - rience and resources to perform the outsourced services effectively. Furthermore, regulated entities must have a writ - ten outsourcing policy in place and ensure that outsourcing arrangements do not compromise their ability to fulfill legal obligations or hinder the competent authority’s ability to supervise them. Significantly, outsourcing does not relieve the regulated entity of responsibility to clients or third parties to deliver regulated services. Additionally, a written outsourcing agreement must be established between the regulated entity and the service provider, including spe - cific mandatory provisions covering aspects such as data protection, security, the right of the regulated entity and KNF to monitor and audit the outsourcing provider and termination rights. Stricter requirements apply when outsourcing

of Finance, enforces AML/CFT regulations, monitors transactions and co-operates with law enforcement to combat financial crime. Other key regulators include UOKiK, which ensures fair competition and consumer pro - tection and the National Bank of Poland (the “NBP” ), which is responsible for monetary policy and financial stability. The Ministry of Finance oversees financial legis - lation and tax policy. Polish regulators collaborate with EU bodies like the ECB, the EBA, the ESMA and the EIOPA, which oversee major financial institutions and KNF does not issue “no-action” letters. Although the Polish financial regulator does not issue for - mal “no-action” letters, market participants can seek regulatory guidance on the compliance of their planned activities by asking for a written opinion from the regulator. While these opinions are not legally binding, they help reduce regula - tory risk by clarifying supervisory expectations. Unlike “no-action” letters in other jurisdictions, these opinions do not guarantee immunity from enforcement actions, as the regulator retains discretion to intervene if needed. However, this approach supports innovation while ensuring regulatory compliance. Additionally, the regulator provides informal guidelines to market participants. These so- called “soft laws” provide essential insights into whether a particular activity aligns with regula - tory requirements. The participants may expect that fulfilling those guidelines will not result in any negative actions from the regulator. ensure market stability. 2.7 No-Action Letters

651 CHAMBERS.COM

Powered by