Fintech 2025

PORTUGAL Law and Practice Contributed by: João G Gil Figueira, Rodrigue Devillet Lima and Catarina Andrade Miranda, GFDL Advogados

a limit of four times a day on an AISP’s access to payment account data without the customer being directly involved. The EU rigorously regulates both domains, with GDPR extending its reach to cover open banking and broader financial sector regulations, encom - passing directives such as PSD2. DORA Act does not directly address specific issues like data privacy or data security con - cerns raised by open banking, but it does play an important role in strengthening the overall resilience of financial institutions, which indi - rectly impacts security and operational risks, including in the context of open banking. Portugal has criminalised insider dealing and market manipulation in regulated markets but does not provide specific provisions for fraud in financial services. The generic criminal provi - sions set out in the Portuguese Penal Code can apply if the objective legal elements are met. The most similar specific crime in the financial servic - es sector would be the use of false or misleading information in investment solicitation, which can result in imprisonment of between six and eight years, with loss of gains of the perpetrator for engaging in such practice. The most closely related crime in the financial service, in this case, would most of the time be that which is known as “Burla” , which criminal - ises the conduct of “whoever, with the inten- tion of obtaining for themselves or for a third party illegitimate enrichment, by means of error or deceit about facts that they cunningly pro- voked, induces another person to perform acts 12. Fraud 12.1 Elements of Fraud

that cause them or another person patrimonial damage” , leading to a punishment of imprison - ment up to three years or a fine. The Portuguese Penal Code establishes an aggravated “Burla” classification when the loss incurred by the victim is greater than EUR5,100. In these cases, the penalty can be imprisonment of up to five years. If other conditions are met, the term of imprisonment can go up to eight years. Any fraudulent agent should also be aware that they will likely also be charged with forgery, tax fraud and money laundering. 12.2 Areas of Regulatory Focus Regulators are not focused on any specific type of fraud and will communicate any crimes they detect while exercising their supervisory powers and conducting inspections. Considering the severity of the penalties applica - ble to financial crimes, most industry players do not flirt with such crimes because of the actual risk of incarceration, loss of gains and profes - sional licence cancellation. 12.3 Responsibility for Losses There are no specific provisions regarding liability for losses other than those set out in MiCA relat - ed to damages for providing incorrect informa - tion in the white paper. As a general rule, fintech firms do not benefit from the same level of legal protection as provided by Directive 2014/49/EU of the European Parliament and Council of 16 April 2014 on deposit guarantee schemes. As such, losses arising from “bad” investments are typically borne by investors. The absence of a specific framework for cus - tomer losses does not imply that a fintech firm

701 CHAMBERS.COM

Powered by