RegRally Insights: Regulatory Compliance Update, October 2024

Dear reader,

Welcome to our all-in-one essential compliance newsletter - Regulatory Compliance Update, which you should familiarise yourself with this month.

Here's what our team of experts prepared for you in our October 2024 update. Here are some highlights:

AML/CTF Regulation

Bank of Lithuania Urges Electronic Money and Payment Institutions to Strengthen AML and Fraud Prevention Measures

The Bank of Lithuania (BoL) recently released findings on money laundering and terrorist financing (ML/TF) risks faced by electronic money and payment institutions (EMIs) based on data from January to December 2023. Alongside these findings, the BoL reinforced its guidance on Anti-Money Laundering (AML), fraud prevention, sanctions compliance, and robust internal controls across financial institutions.

Key Recommendations:

1. Sanctions Compliance and Monitoring: Financial institutions should regularly review and test transaction monitoring rules to ensure compliance with international sanctions and restrictive measures.
2. Enhanced Internal Controls for ML/TF: Institutions are advised to strengthen their internal control systems to manage ML/TF risks effectively.
3. Fraud Prevention Efforts: Investment scams, the most frequent type of fraud, remain a significant threat. Financial institutions are encouraged to screen customers for potential links to fictitious or unlicensed investment platforms.
4. Conflict of Interest Management: The BoL highlighted the need for clear role separation within institutions to mitigate risks related to conflicts of interest, particularly by reducing overlapping employee duties.
5. Ongoing Training Programs: Regular training programs should integrate the latest ML/TF typologies to inform staff about emerging threats.
6. Improved Information-Sharing Mechanisms: Institutions should enhance internal communication to ensure management remains fully aware of current ML/TF risks.

This guidance reflects the Bank of Lithuania's commitment to safeguarding the financial sector against financial crime by encouraging proactive risk management, regular staff training, and a well-coordinated internal control framework.

Ra?tas atkreipiantis EPM? vadov? d?mes? ? PPTF rizikas.pdf

EMI/ PI Regulation

Bank of Lithuania Sets 2025 Contribution Rates for Financial Market Participants

On October 14, 2024, the Bank of Lithuania's Board approved Resolution No. 03-115, establishing the 2025 contribution rates for supervised financial market participants, including electronic money and payment institutions. This resolution, alongside a previous one outlining calculation methodologies and payment procedures, specifies the contribution rates and deadlines for payment.

Key Contribution Details for 2025:

• Electronic Money Institutions: Contributions are based on prior-year income from electronic money issuance and payment services. The rate is set at 0.65% of this income.
• Payment Institutions: Contributions are based on prior-year income from payment services, also set at 0.65%.

These measures ensure a standardised contribution process for financial market oversight, with clear rates and procedures for 2025.

Personal Data Protection and ICT Regulation

DORA Compliance Self-Assessment Tool Now Available for Financial Institutions

We have launched a DORA Compliance Self-Assessment Tool to assist financial institutions in preparing for the Digital Operational Resilience Act (DORA) requirements, which will take full effect in January 2025. This tool thoroughly evaluates an organisation’s compliance status and digital resilience, addressing key regulatory areas critical to operational risk management.

This is the first and essential step towards DORA compliance - through self-assessment.

Key Features of the DORA Compliance Self-Assessment Tool:

• Detailed Compliance Analysis: Covers essential DORA requirements, including ICT risk management, incident reporting, resilience testing, and third-party management.
• Comprehensive Review: With approximately 200 targeted questions, the tool facilitates a complete assessment of digital resilience and operational risk practices.

More about DORA stages of life-cycle and the tool can be found here.

To learn more and request access, book a call with us to start assessing and strengthening your organisation’s DORA readiness.

Lithuania Strengthens Cybersecurity with New Law Aligned to EU Standards

On 18 October 2024, Lithuania enacted the updated Republic of Lithuania Law on Cybersecurity ("Cybersecurity Law"), which integrates key European Union regulations, including NIS Directive 2, the Cybersecurity Act, and the EU regulations establishing the European Centre of Excellence for Cybersecurity.

The revised law introduces a robust cybersecurity governance model, mandating clear guidelines for cybersecurity entities. Entities are now required to implement rigorous cybersecurity practices, including policy approval, risk analysis, incident reporting, supply chain security, and assigning designated cybersecurity officers. The manager of each cybersecurity entity must ensure compliance with violations leading to potential sanctions by the National Cyber Security Centre, including fines up to €10 million or 2% of global turnover, temporary management dismissals, and activity suspensions.

Additionally, the Lithuanian Government has approved new measures supporting cybersecurity, including the National Cyber Incident Management Plan, methodologies for identifying cybersecurity entities, and frameworks for enforcement. Read more here.

Financial and Economic Sanctions

European Commission Enhances Guidance to Prevent Russian Sanctions Evasion in Industry

The European Commission has released updated guidance to help industries prevent Russia's evasion of export controls and sanctions. The guidance aims to equip businesses with tools to detect Russian evasion tactics, protect G7 technology from unauthorised use, and reduce reputational and legal risks. This initiative supports the effectiveness of export controls and sanctions.

Earlier this year, the G7 established the Enforcement Coordination Mechanism (ECM) to support compliance, which in September 2023 launched a Sub-Working Group on Export Control Enforcement. This group aids in improving information-sharing and developing best practices for spotting export control breaches. The guidance offers industry resources such as:

1. A list of high-risk items likely to be diverted to Russia.
2. Updated indicators of potential sanctions evasion.
3. Best practices for risk identification and management.
4. Screening tools to support thorough due diligence.

These resources are intended to bolster industry resilience against sanctions circumvention and enhance compliance with export controls. Guidance is here.

FCIS Issues Updated Guidelines on International Sanctions Compliance for Lithuanian Entities

The Financial Crimes Investigation Service (FCIS) has released updated guidelines for Lithuanian entities on meeting international sanctions compliance requirements, focusing on the UNSCR 1373 framework.

Key Obligations:

Sanctions Verification: Obliged entities must conduct financial sanctions checks against:

• EU international financial sanctions lists,
• UN Security Council resolutions on targeted sanctions, and
• FCIS maintains the UNSCR 1373 list.

Asset Freezing: Upon identifying persons or entities listed under UNSCR 1373, all related assets—including funds, financial assets, property, and economic resources—must be immediately frozen.

Reporting Requirements: Entities must report any frozen funds or financial assets to FCIS within two working days of taking action.

This guidance reinforces Lithuanian entities' role in maintaining compliance with international sanctions frameworks and enhancing the effectiveness of financial sanctions.

?sigaliojo nurodymai d?l tarptautini? sankcij? ?gyvendinimo - Finansini? nusikaltim? tyrimo tarnyba prie Lietuvos Respublikos vidaus reikal? ministerijos

Consumer Protection Regulation

New Amendment to the Consumer Rights Protection Law Enforces Transparent Debt Management Practices

Effective November 1, an amendment to Article 40 of the Law on the Protection of Consumer Rights mandates improved transparency in how consumer debt assignment and management information is communicated. This legislation focuses on the out-of-court recovery process for consumer contract debts, setting clear requirements and liabilities for companies managing consumer debts.

Key Points:

1. Enhanced Transparency: Companies must provide consumers with clear and timely information regarding debt assignment and management.
2. Compliance and Accountability: Non-compliance with the updated requirements can result in legal accountability for debt management companies.
3. Best Practices: Debt management firms should review and update information-sharing procedures to align with these new regulations. Transparent communication ensures compliance and helps build consumer trust by upholding their rights throughout the debt recovery process. https://vvtat.lrv.lt/lt/naujienos-ir-pranesimai-ziniasklaidai-377/isigalioja-vartotoju-teisiu-apsaugos-istatymo-pakeitimai/

Labour Law

Upcoming Labor Code Amendments in Lithuania: Key Changes Effective January 1, 2025

On October 17, the Seimas approved substantial amendments to the Lithuanian Labor Code, which will take effect on January 1, 2025. These changes address wage increases, employment terms, and worker protections, bringing greater clarity and fairness to various employment practices.

Key Changes:

1. Minimum Wage Increase: Starting January 1, 2025, the monthly minimum will rise to €1,038.
2. Employment Termination During Probation: Employees may request to terminate employment during the probation period, with the option to withdraw the request by the following workday.
3. Overtime Regulations:

• Overtime requires the employee's written consent, except in specific cases.
• Overtime pay is set at a minimum of 1.5 times the employee’s wage.
• Rest-day overtime, unscheduled night shifts, and public holiday work will be compensated at enhanced rates, up to 2.5 times the base salary.

4. Pre-Holiday Workday Adjustment: The workday before a public holiday will be shortened by one hour, and if the shortened hours cannot be granted, they will be compensated as overtime.

5. Anti-Violence and Harassment Protections: Definitions of violence and harassment have been refined to include any inappropriate behaviour by employers or colleagues.

6. Labor Council Elections: If elections are not completed, new Labor Council elections must take place within six months.

7. Non-Interruptible Parental Leave: The law clarifies that the 62-day non-interruptible period applies to the 2-month parental leave allocation.

Recommendations for Employers:

• Policy Updates: Adjust employment policies to reflect new wage and overtime structures and reinforce protections against harassment.
• Employee Education: Inform employees of their updated rights and ensure management is trained on compliance with new requirements.

https://ecovis.lt/key-changes-to-the-lithuanian-labour-code-from-january-1-2025/

Crypto Regulation

Bank of Lithuania Urges High-Quality Licensing Applications from Crypto-Asset Service Providers

On October 31, 2024, the Bank of Lithuania announced its preparedness to begin licensing crypto-asset service providers (CASPs) under the new Markets in Crypto-Assets (MiCA) regulation. With over 300 CASPs already active in Lithuania, the central bank emphasised that applicants must demonstrate a solid understanding of MiCA requirements and meet stringent operational standards.

Key Focus Areas for Applications:

1. Integrity of Shareholders and Management: All CASPs must ensure that their leadership and shareholders meet ethical standards and align with regulatory expectations.
2. Financial Transparency: Applicants should provide clear, accurate financial information to support operational transparency.
3. Robust Risk Management: Strong systems for managing financial, operational, and compliance risks are essential.

Next Steps for CASPs: The Bank of Lithuania encourages CASPs to begin assessing their MiCA compliance and be prepared to submit applications starting December 30, 2024. CASPs should proactively review and strengthen their processes to align with MiCA standards, ensuring full compliance before applying for licensing.

These requirements aim to ensure the integrity and sustainability of Lithuania’s crypto-asset market under the upcoming regulatory framework. Our team at ECOVIS ProventusLaw is ready to help you navigate this process efficiently, ensuring your application aligns perfectly with the regulator’s demands. Let’s discuss how these updates impact your operations and how we can help you achieve compliance with confidence. Book a free initial call with us and let's get ahead of the regulatory curve together - booking.

More detailed monthly crypto news updates are in our MICA to RegRally: The Crypto Guide newsletter. Subscribe here

Our comprehensive RegRally Insights: Regulatory Compliance Updates, October 2024 is here.

The whole 2024 library is at the bottom of this page:

https://ecovis.lt/fintech/compliance-services-regulatory-compliance-aml/

Subscribe now and get RegRally Regulatory Compliance Updates, an overview of the most significant monthly Regulatory news, and expert recommendations!

Your experienced advisor,

ECOVIS ProventusLaw.