POLAND Law and Practice Contributed by: Wojciech Ługowski, Lawarton Lugowski Kapica Spolka Komandytowa
critical functions like risk management, ICT or AML. While outsourcing to a regulated entity is not always required, it is often preferable as such providers are already subject to supervisory con - trols, reducing compliance risks. 2.9 Gatekeeper Liability Fintech providers are considered “gatekeepers” in certain regulatory areas, particularly under AML/CFT legislation. They are required to con - duct customer due diligence (KYC), monitor transactions and report suspicious activities to the relevant authorities. These obligations help ensure the legality, security and integrity of finan - cial activities on fintech platforms. Additionally, depending on their business model, some fintech companies may have broader con - sumer protection and market integrity responsi - bilities, such as preventing fraud or unauthorised financial activities. The Digital Markets Act intro - duces further obligations for large fintech plat - forms that could be designated as “gatekeep- ers” under EU law, potentially subjecting them to stricter compliance and operational transpar - ency requirements. While fintech providers have significant compli - ance responsibilities, their liability for user activi - ties depends on the nature of their services and whether they actively facilitate or merely provide access to financial transactions. 2.10 Significant Enforcement Actions National supervisory authorities enforce regula - tions in the fintech sector to ensure market integ - rity and consumer protection. The most severe is licence revocation or suspension, which can be imposed for serious violations of regulatory requirements. Regulators also impose penalties
and fines on non-compliant fintech firms, serv - ing as a deterrent against breaches of financial regulations. Additionally, supervisory authori - ties can mandate corrective measures, such as improving internal controls, enhancing security protocols or modifying business practices to align with regulatory standards. For example, in a recent case, the largest online currency exchange group in Poland had its pay - ment institution licence revoked by the regula - tor due to non-compliance with supervisory requirements. This decision forced the company to cease certain operations, leading to severe financial difficulties and a real threat of insol - vency. Polish regulators focus heavily on AML/CFT procedures, increasing penalties when not prop - erly implementing and handling AML regula - tions. One of the fines for AML non-compliance reached approximately PLN22 million (approxi - mately EUR5.2 million) in 2022. Market observers conclude that obtaining licences from local regulators is consistently becoming more complex, time-consuming and labour-intensive. 2.11 Implications of Additional, Non- Financial Services Regulations Data Protection The GDPR requires fintechs to apply privacy by design principles to minimise the amount of data processed and properly handle consumers’ personal data. In addition, some industry partici - pants may soon be subject to the newly adopted Data Act, which focuses on data sharing and compensation and will apply for the most part from September 2025.
652 CHAMBERS.COM
Powered by FlippingBook