Fintech 2025

POLAND Law and Practice Contributed by: Wojciech Ługowski, Lawarton Lugowski Kapica Spolka Komandytowa

However, investment firms, particularly those engaged in HFT and algorithmic trading, must ensure compliance with MiFID II regulations and DORA, even when outsourcing software devel - opment. Firms remain liable for the risk controls, secu - rity and compliance of their trading systems. While not directly regulated, programmers may face scrutiny if their algorithms facilitate market manipulation or system failures. Additionally, firms must assess service providers’ reliability and ensure adherence to regulatory and cyber - security standards. Insurtech companies mostly follow the same regulations as traditional insurers, operating under the Insurance and Reinsurance Activity Act and KNF supervision, with Solvency II ensur - ing capital adequacy and risk management. Insurers must act in the customer’s best inter - est, comply with pre-contractual and contractual obligations and maintain transparent underwrit - ing standards. Online underwriting for consum - er insurance requires clear disclosures, explicit consent and strict compliance with consumer protection laws. This framework allows insurtech firms to inno - vate, but within strict regulatory boundaries, ensuring fairness and risk transparency in under - writing. 8.2 Treatment of Different Types of Insurance All insurers operate under the Insurance and Reinsurance Activity Act, supervised by KNF. 8. Insurtech 8.1 Underwriting Processes

Life insurance requires stricter capital reserves and consumer protections, while property and casualty insurance follow different risk models. Solvency II and the Insurance Distribution Direc - tive further differentiate capital requirements and distribution rules across insurance types. 9. Regtech 9.1 Regulation of Regtech Providers Regtech providers are not directly regulated unless they engage in regulated financial activi - ties such as AML monitoring or regulatory report - ing. In these cases, they may require licensing or registration. Financial institutions using regtech solutions must comply with regulated outsourc - ing laws, which impose strict oversight on third- party providers (TPPs) handling critical functions. Firms remain fully responsible for compliance, ensuring service providers meet regulatory and operational standards. DORA further strengthens cybersecurity and resilience requirements for ICT providers work - ing with financial institutions. Outsourcing agree - ments must meet detailed legal requirements, covering audit rights, risk management, report - ing obligations and termination conditions. These contractual terms ensure that financial firms maintain control over outsourced servic - es, linking directly to performance and accuracy requirements. 9.2 Contractual Terms to Assure Performance and Accuracy Regulated outsourcing agreements in financial services must include detailed contractual provi - sions to ensure compliance, security and service reliability. Contracts define service levels, regula - tory obligations and liability for breaches. Finan - cial institutions must ensure that outsourced

662 CHAMBERS.COM

Powered by