Financial Crime World

Financial Institutions Warned to Identify and Manage Outsourcing Risks

Introduction

In a bid to prevent money laundering and terrorist financing, financial institutions (obliged) have been advised to identify, assess, and monitor any risks arising from outsourcing arrangements. This warning comes as the European Banking Authority (EBA) has issued guidelines on the need for obliged institutions to notify or engage in dialogue with supervisory authorities when planning to outsource critical or important functions.

Outsourcing Arrangements

When entering into outsourcing agreements, obliged institutions should take into account the consequences of the service provider’s location. The contract should include an undertaking from the service provider to ensure the protection of confidential, personal, and other sensitive information and comply with all legal data protection requirements.

  • Consider the service provider’s location when entering into outsourcing agreements.
  • Ensure the contract includes an undertaking to protect confidential, personal, and other sensitive information.
  • Comply with all legal data protection requirements.

Sufficient Resources and Capacity

Obliged institutions have been recommended to have sufficient resources and capacity to control outsourced activities and ensure their compliance with applicable laws, supervisory standards, and obligations under the outsourcing agreement.

  • Ensure sufficient resources and capacity to control outsourced activities.
  • Ensure compliance with applicable laws, supervisory standards, and obligations under the outsourcing agreement.

AML Act Violations

Violations of the Anti-Money Laundering (AML) Act in Poland can result in administrative penalties. The General Inspector for Financial Information, the President of the National Bank of Poland, and the Polish Financial Supervision Authority have the power to impose fines ranging from publication of information on the obliged institution’s website to pecuniary penalties of up to EUR 1,000,000.

Administrative Penalties

The catalogue of administrative penalties includes:

  • Publication of information on the obliged institution and the scope of the violation
  • Order to stop certain actions
  • Withdrawal of a concession or permit
  • Prohibition from performing managerial duties for a period not exceeding one year
  • Pecuniary penalty up to twice the amount of the benefit gained or loss avoided

Beneficial Owners

Commercial companies are required to report information on beneficial owners and update such information within 7 days. Failure to do so can result in fines of up to PLN 1,000,000.

Individuals Liable for Penalties

Members of senior management, the person responsible for implementing AML obligations, and employees responsible for supervising compliance may be fined up to PLN 1,000,000 if an obliged institution they manage is found to have violated AML Act provisions.

Conclusion

Financial institutions must take heed of these warnings and ensure that they are identifying, assessing, and monitoring any risks arising from outsourcing arrangements. Failure to comply with the AML Act can result in severe penalties, making it essential for institutions to prioritize compliance.