Financial regulation in Portugal: reflections on 2018



There were a number of regulatory milestones in Portugal in 2018. In this article we examine the three main directives which came into force during the year, the implementation of which raises regulatory challenges for financial entities operating in Portugal.

Firstly, Directive 2014/65 / EU (MiFID 2) was transposed in Portugal by Law no. 35/2018 of 20 July and entered into force on 21 August, without prejudice to the entry into force on 3 January 2017 of a number of regulations needed to get a full picture of what MiFID 2 actually entails. Among the various amendments advocated by MiFID 2, we would highlight the obligations to make information available to clients (which should be articulated with Article 44 and following Delegated Regulation (EU) 2017/565), which is particularly significant in relation to the disclosure of information on costs and associated charges. The new regime requires the disclosure, at least on an annual basis, of an aggregate, numerical and percentage value, of all costs incurred during the year, including upfront costs, regular costs, transaction costs, incidental costs and so on, and upon request of the client, entities should be in a position to provide a list of such costs with amounts separated by each heading. The fact that there is no template that exemplifies how the information should be presented has made it difficult to implement these new requirements.

There are also new obligations for the reporting of transactions under the provisions of Article 26 of Regulation (EU) no 600/2014 on markets in financial instruments, the Delegated Regulation (EU) No 2017/590 and the Portuguese Securities Market Commission (CMVM) Regulation No. 4/2017. This obligation may be delegated to other entities. However, such delegation should be duly documented and compliance with the reporting obligation should be monitored at all times.

Regarding the exercise of investment advisory activity, it is necessary to classify entities as independent or dependent consultants, and consequently to apply the necessary requirements, namely regarding the prohibition of receiving and maintaining incentives, as well as explaining to the client the range of financial instruments that may be recommended, how the service provided meets the required conditions and the factors taken into account in the selection process used for the recommendation. The new requirements, in this regard, are set out in Articles 52 and 53 of Delegated Regulation (EU) 2017/565.

In terms of knowledge and competence, training and other requirements applicable to employees, financial entities should review their internal procedures policy in order to comply with the new requirements. In this respect, there is a need to clearly define responsibilities in terms of training employees by ensuring a distinction between those providing investment advisory services and those providing information, as well as the need for internal or external review, at least once a year, to assess the regulatory requirements for training and decision making in order to comply with those requirements. This topic should be analysed in conjunction with the ‘Guidelines for the assessment of knowledge and competence’, published by ESMA on 3 January 2017 and CMVM Regulation No. 3/2018, which aims to define the minimum content to be mastered by employees of financial intermediaries who provide investment advisory services or provide investors with information on financial products and investment services.

Secondly, Directive (EU) 2015/849 (AML IV) was transposed in Portugal through Law 83/2017. In addition, on 26 September 2018, BoP issued Notice 2/2018 which regulates many aspects of the referred law and it must be taken into account by financial entities. Notice 2/2018 does not generally encumber financial institutions more with respect to the previous legal framework (Law 25/2008 and Notice 5/2013).

However, there are certain changes. First, new entities, namely payment institutions and electronic money institutions based in another Member State of the European Union, when operating in the national territory through agents or distributors, financial entities or other entities of equivalent nature operating in Portugal under the freedom to provide services, shall be covered. Second, for reporting duties under ‘Prevention of Money Laundering and Terrorism Financing Report’, the information was transmitted to BoP through two separate obligatory reports. And third, the powers of the supervisor will be strengthened. The person designated to ensure that financial institutions comply with the regulatory framework for the prevention of money laundering and terrorist financing is explicitly considering a ‘holder of key functions’.

Reference should also be made to Directive 2018/843 of 30 May 2018 which amended Directive (EU) 2015/849 and Directive 2018/1673 of 23 October 2018 on combating money laundering of capital through criminal law, both of which were published in 2018 and with deadline for transposition scheduled for 10 January and 3 December 2020, respectively.

Finally, at the end of the year, Directive 2015/2366 (PSD 2) was transposed by Decree-Law no. 91/2018 of 12 November, coming into force the day after its publication. In addition to this, financial entities must adapt contracts with clients and their internal procedures in order to implement: (i) a significant reduction in the value up to which a customer may be required to bear losses on unauthorised payment transactions resulting from the use of a lost or stolen payment instrument or misappropriation of a payment instrument, which previously stood at €150 and under the new law is €50; (ii) forecasting a maximum period of 15 days to respond to complaints presented directly to financial entities and in certain cases unrelated to entities, within a maximum period of 35 days; (iii) enhanced security authentication procedures for payment orders, in accordance with the terms of the delegated regulation (EU) 2018/389 – these will only come into force in September 2019; (iv) security of service providers’ access to account payment through application programming interfaces (APIs); and (v) appropriate mitigation measures and control mechanisms internally to manage the operational and safety risks associated with these services, and to undertake an annual assessment on these matters and provide them to BoP.


Paulo Costa Martins is a partner and Joana Carrilho is an associate at Cuatrecasas. Mr Martins can be contacted on +351 21 355 38 00 or by email: Ms Carrilho can be contacted on +351 21 355 38 00 or by email:

© Financier Worldwide


Paulo Costa Martins and Joana Carrilho


©2001-2019 Financier Worldwide Ltd. All rights reserved.