RegTech and compliance management
RegTech is composed of the words “regulatory” and “technology”. It is a collective term for the application of modern technologies, to get the increasing regulation in the banking- and financial sector under control both from an IT and a legal standpoint.
Attitude of the country towards RegTech-services
The use of technology to comply with regulatory requirement became a basic expectation of the regulators in Portugal. Several FinTechs in the area of Financial Crime combat have appeared and developed, such as Elucidate, Fraudio, and Feedzai (first Portuguese FinTech Unicorn).
International FinTechs, such as Oxford Risk, are also operating in Portugal in cooperation with incumbents to help them to comply with suitability requirements arising from MIFID II.
Obligations and requirements to provide RegTech-services
No license is required, but outsourcing agreements with authorised firms must be in place. RegTech is subject to the regulation applicable to the regulatory duties to be satisfied by the technology. The banking legislation specifically foresees outsourcing agreements for the use of technological instruments for the performance of ancillary activities in AML, internal control, and whistleblowing.
Additional comments regarding the legal situation for RegTech-services or what RegTech’s must be aware of in this business area
Collaboration scenarios have focussed the attention of supervisory authorities to the outsourcing and cyber risk arising from the fragmentation of the value chain, so they need to be framed by robust contracts that establish appropriate mechanisms to mitigate and manage the inherent risks and, in most cases, subject to prior communication to competent authorities (Bank of Portugal, CMVM or Insurance Authority, as applicable).
Market size for RegTech-services and biggest companies in this business area
No public data available.
Additional comments regarding the economic situation for RegTech-services or what RegTech’s must be aware of in this business area