POLAND Law and Practice Contributed by: Wojciech Ługowski, Lawarton Lugowski Kapica Spolka Komandytowa
Cybersecurity Cybersecurity regulations, such as the NIS2 Directive and DORA, add further complexity. These laws mandate robust cybersecurity meas - ures, operational resilience and incident report - ing requirements for financial entities. Fintechs must demonstrate their ability to withstand and recover from ICT-related disruptions and man - age third-party risks, particularly when relying on cloud providers. This poses a challenge for fintechs, which must prioritise agile development and third-party tech - nologies, which are harder to control. Legacy players, by contrast, often have larger budgets, dedicated compliance teams and established security infrastructures, giving them an advan - tage in meeting these requirements. Crypto-Assets Regulation MiCAR recently came into force in Poland to reg - ulate the crypto-assets market. See 10 Block- chain . Social Media The Digital Services Act establishes rules for online platforms, including social media, to pre - vent the spread of illegal content and ensure transparency in advertising. Fintechs must dis - close sponsored content and advertising prac - tices, moderate user-generated content and avoid misleading or harmful information. Fin - techs relying heavily on social media marketing face additional compliance costs related to con - tent moderation and transparency. In contrast, traditional banks and financial institutions tend to adopt more conservative marketing practic - es. They are less reliant on social media, which reduces their exposure to Digital Services Act- related compliance risks.
Consumer Protection Polish consumer protection legislation, such as the Consumer Credit Act or the Competition and Consumer Protection Act, is also relevant for fintech industry participants who target con - sumers. 2.12 Review of Industry Participants by Parties Other than Regulators Most fintech companies or regulated operations must provide financial statements reviewed by qualified external auditing firms. Additionally, other entities like banks, payment institutions or investment firms must prepare proper special risk management plans, conduct regular due diligence and conduct internal audits. Most banks, payment institutions and invest - ment firms must develop risk management frameworks, conduct due diligence and perform internal audits to identify financial and opera - tional risks. While audits and risk controls are legally required, many fintechs adopt stricter cybersecurity, fraud detection and compliance monitoring standards, especially for cross-border operations. Regulatory oversight of the fintech sector is pri - marily conducted by state supervisory authori - ties, with internal audits within regulated entities playing a key role in ensuring risk management and regulatory adherence. The involvement of non-state external organisations, such as industry associations or self-regulatory bod - ies, remains minimal in the fintech sector. For - mal state supervision and internal governance structures within regulated firms largely shape Poland’s fintech landscape.
653 CHAMBERS.COM
Powered by FlippingBook