to the point: finance l Q1/2025

Q1 of 2025 begins, bringing significant changes and challenges to the finance sector. Driven by new regulations, client expectations and technological advancements, these developments reflect the dynamic nature of the finance market on both national and international levels.

At the EU level, the European Union has introduced the Payment Services Directive 3 (PSD3) to modernise the payments market, enhance security and increase competitiveness across financial institutions. It has also provided the Consumer Credit Directive 2 (CCD2), which ensures alignment with digital transformation and financial transparency. On 17 January 2025, the obligations stemming from the Digital Operational Resilience Act (DORA) became binding for financial institutions, strengthening their resilience against cyberthreats and ensuring operational continuity during digital incidents. Furthermore, 2025 is expected to bring enhanced ESG and corporate social responsibility reporting requirements for institutions, as the EU plans to implement new regulations in this regard.

Financial institutions must stay ahead of emerging trends this year – not only to avoid penalties and adverse consequences but also to capitalise on new opportunities emerging from these changes.

Special situations investment | Hungary

Instagram insights: how social media posts by banks may shape special situation investments. Instagram posts by Banks can significantly influence special situation investments. By analysing these posts, investors can gain insights into the strategic directions banks take and the market sentiment surrounding them. Announcements on mergers, acquisitions, regulatory changes and new financial products can signal potential investment opportunities. Customer engagement and feedback provide real-time data on public perception and market impact. Consequently, such posts may affect the valuation of a certain group of companies included in the posts. Additionally, Instagram stories and live sessions offer a more personal and immediate connection with the audience, further shaping investor decisions. Therefore, posts are a valuable tool for investors seeking to capitalise on special situations.

Regulatory | EU

Changes to the Guidelines on ICT and security risk management triggered by DORA application. The European Banking Authority (EBA) has revised its Guidelines on ICT and security risk management (the "Guidelines") to align with the Digital Operational Resilience Act (DORA), effective from 17 January 2025. These changes aim to avoid duplication of the requirements and provide legal clarity. DORA introduces harmonised ICT risk management requirements for financial entities across various sectors.

The EBA has narrowed down the applicability of the Guidelines to only those entities covered by DORA (i.e. credit institutions, payment institutions, account information service providers, exempted payment institutions and exempted e-money institutions) as well as the scope of the Guidelines to the requirements on relationship management of payment service users.

The security and operational risk management requirements under the Payment Services Directive (PSD2) remain applicable to other payment service providers not covered by DORA.

The amended Guidelines will take effect two months after the publication of their translated versions.

Regulatory | Slovenia

Slovenia prepares for banking law reform. The finance committee of the Slovenian Parliament has voted in favour of proposed reforms to banking, crypto and anti-money laundering laws. The amendments will transpose, among others, MiCA, DORA and the directive on the prudential supervision of investment firms. The Bank of Slovenia and the Securities Market Agency (Agencija za trg vrednostnih papirjev) will maintain the register of service providers in connection with crypto assets. Cooperation between OLAF and the Slovenian Office for the Prevention of Money Laundering will also be strengthened to streamline the exchange of data (including bank account and transaction details) for investigations conducted by OLAF. The bill will now proceed to the Parliament for debate.

Landing | Poland

The CJEU's ruling regarding consumer credit (13 February 2025, C-472/23), issued as a result of preliminary ruling inquiries (pytania prejudycjalne) issued by the Warsaw District Court clarifies the disclosure obligations of banks and the consequences of misleading contractual provisions. The case involved an annual percentage rate inflated by including interest on a credited commission along with the credit amount.

The CJEU elaborated that a breach of information duties in a credit agreement may deprive a bank of the right to interest, in line with Article 45 of the Polish Law on Consumer Credit (the so-called "free credit sanction"). This ruling strengthens consumer protections and could impact disputes over unfair loan terms.

Regulatory | Poland

Implementation of DORA in Poland: new requirements for ICT outsourcing in banking sector. DORA has been fully enforceable since 17 January 2025, introducing new requirements for Information and Communication Technology (ICT) outsourcing in the Polish financial sector. The Polish Financial Supervision Authority (KNF) has issued guidelines to help financial institutions align with DORA regulations. Banks must assess risks associated with outsourcing ICT services, especially from critical service providers, which can pose operational and security risks. The KNF mandates that contracts with suppliers address new requirements for security protocols, audits, incident management and performance monitoring. Financial institutions must ensure that their ICT providers have continuity plans to manage disruptions or breaches. They must also have systems to identify and address emerging risks. The KNF will monitor compliance with DORA and impose sanctions for non-compliance, emphasising the need for operational resilience in the sector.

Capital Markets | Romania

Romania revamps capital raising rules for listed companies. A new law amending the current Issuers and Market Operations Law 24/2017 has been adopted by the Parliament in February 2025 and is awaiting presidential assent and publication in the Official Gazette of Romania to enter into force. The amendments aim to strengthen Romania's capital markets, providing greater protection and confidence to investors while facilitating capital access for companies. Key changes include streamlining procedures and shortening the timeframe for capital increases, while enhancing investor protection and transactions security when a shareholders' resolution approving a share capital increase is declared null and void by the court. These changes bring Romania's regulatory framework closer to the international best practices in capital-raising operations.