Regulatory Compliance Update - June 2024

Dear reader,

Welcome to our all-in-one essential compliance newsletter - Regulatory Compliance Update, which you should familiarise yourself with this month.

Here's what our team of experts prepared for you in our June 2024 update. Here are some highlights:

EU Whistleblowing Directive

Important note on the EU Whistleblowing Directive: this legislation is mandatory for all financial institutions regardless of the number of employees.

ECOVIS ProventusLaw provides a whistleblowing system as an outsourced channel for companies, ensuring compliance with the EU Whistleblower Directive. Our service offers a convenient solution, as we provide secure and confidential reporting channels that meet the Directive’s standards. Read more

?

AML/CTF Regulation

·??????? The European Banking Authority (EBA) has announced a new EU framework to combat money laundering and terrorist financing, including creating the Anti-Money Laundering and Counter-Terrorist Financing Authority (AMLA). The EBA will oversee AML/CFT efforts until December 2025, after which it will collaborate with AMLA to ensure a seamless transition and maintain robust defences against financial crime.

·??????? The Bank of Lithuania's Board has approved new guidelines to increase access to financial services and enhance financial inclusion, effective January 1, 2025. These guidelines require financial institutions to manage money laundering and terrorist financing risks effectively, ensuring customers are not unjustifiably excluded from financial services. They also include detailed requirements for customer screening, information storage, and risk-based monitoring.

EMI/ PI Regulation

The Digital Operational Resilience Act (DORA), effective from January 17, 2025, aims to bolster IT security across the EU financial sector, including banks, insurance companies, and investment firms, ensuring resilience during severe operational disruptions. Ecovis ProventusLaw offers services to help entities comply with DORA by assessing security postures, identifying risks, implementing necessary security measures, providing training, assisting in incident reporting, and preparing for audits and inspections. More here

Personal Data Protection Regulation

Employers can now process criminal record data of candidates and employees based on legal obligation or legitimate interests. Key measures include conducting a documented assessment of legitimate interests, publishing prohibited convictions for specific roles on their website, and obtaining consent for processing conviction data from candidates and employees.

The article (in Lithuanian) with our expert recommendations is here.

Financial and Economic Sanctions

·??????? Lithuania has imposed financial sanctions on 11 legal persons under Council Regulation (EU) No 269/2014, freezing over €23.019 million in their accounts. Funds amounting to over €707,000 and $1.5 million in other accounts have also been frozen. Sanctions under Council Regulation (EC) No 765/2006 have frozen €23.400 million and €7.680 million in the accounts of 6 legal persons and 1 natural person, respectively, due to their involvement in Belarus's role in Russian aggression against Ukraine.

·??????? The Anti-Money Laundering Board of Lithuania's Financial Crimes Investigation Service (FCIS) released its 2023 Activity Report on May 30, 2024. The report reveals an increase in sophisticated methods used by legal and natural persons to evade or mitigate the impact of international sanctions, including through the trade of goods. Analysis of financial transactions identified instances where Lithuanian legal entities, previously trading with Russia and Belarus, established partnerships with new entities in third countries to circumvent sanctions. In 2023, the FCIS handled 12 administrative offence cases related to sanctions breaches, resulting in fines totalling EUR 15,750.

Consumer Protection Regulation

The Board of the Bank of Lithuania has unveiled new guidelines effective from next year for banks, credit unions, electronic money, and payment institutions. Aimed at enhancing user experience and promoting financial inclusion, these requirements mandate a personalised assessment of each client’s money laundering and terrorist financing risks. Automated de-risking policies are prohibited, emphasising the need for human judgment in risk mitigation. Financial institutions must document and justify decisions to terminate or refuse business relationships, ensuring transparency and accountability to the Bank of Lithuania. Measures include informing consumers promptly and clearly about complaints and suspensions, ensuring actions are taken as a last resort, and making decisions within one month.

Labour Law

Lithuania's Parliament passed stricter amendments to the Law on Employment on 20 June 2024:

1.???? Operational Requirements: Employers must have operated in Lithuania for at least 6 months without fines, debts, or penalties for false reporting.

2.???? Field-Specific Employment: Foreign workers must be employed in roles relevant to the company's activities.

3.???? Visa Restrictions: Third-country nationals, except for highly qualified workers, cannot work under visa-free arrangements or with permits from other EU countries.

4.???? Residence Permit Criteria: Applicants need relevant qualifications and one year of recent experience to qualify for a work-based residence permit. The list of restricted professions ends on 1 January 2025.

5.???? Strict Quota: A cap of 40,000 foreign workers (1.4% of the population) starts on 1 January 2025.

6.???? Employment Conditions: Employers must offer full-time positions and can engage foreign workers in multi-employer contracts with up to four entities.

From 1 January 2025, employers who do not meet wage obligations or grant unpaid leave may be banned from hiring foreigners for one year.

Crypto Regulation

·?????? EBA Guidelines Ensure Compliance for ART and EMT Issuers’ Recovery Plans: The EBA has issued guidelines mandating recovery plans for ART and EMT issuers, emphasising asset reserve requirements and governance details such as recovery options and risk indicators. Issuers must tailor plans to their risk profiles, ensuring readiness for diverse scenarios and aligning with existing regulatory frameworks like MiCAR and BRRD.

·?????? EBA Finalizes RTS for ART and EMT Reporting Methodologies: The EBA's final report on draft RTS for ART and EMT reporting under MiCAR clarifies transaction scope, limits reporting to single currency areas, and excludes non-custodial wallet transactions. These standards aim to enhance data accuracy and regulatory compliance for issuers of tokens in non-EU currencies.

?

Our comprehensive June 2024 Regulatory Compliance Update is here

?

The whole 2023 library and 2024 issues are at the bottom of this page:

https://ecovis.lt/fintech/compliance-services-regulatory-compliance-aml/

?

Subscribe now and get RegRally Regulatory Compliance Updates, an overview of the most significant monthly Regulatory news, and expert recommendations!

Your experienced advisor,

ECOVIS ProventusLaw.

?