The Cyprus Securities and Exchange Commission (‘CySEC’) has recently carried out a review on whether Regulated Entities (i.e. CIFs and Management Companies[1]) are in compliance with the requirements imposed under Article 17(2) of the Investment Services, Activities and Regulated Markets Law (‘the Law’).
Based on the review, CySEC has identified certain good practices and uncovered common deficiencies and/or omissions in order to help Regulated Entities increase the effectiveness of their compliance function.
- Weaknesses/Deficiencies identified
CySEC’s key weaknesses/deficiencies have focused on three areas of concern:
- Risk Assessment, Monitoring Activities and Compliance Programme;
- Reporting Obligation (i.e. the Compliance Officer shall report to the management body at least once a year, the content of such reports, evaluation of procedures by compliance officers, etc.);
- Advisory obligations of the compliance function (e.g. staff training, participation in creating new policies and procedures, day-to-day assistance for staff, etc.).
You can refer to Circular C441, for additional information on the identified weaknesses/deficiencies.
- Good Practices identified
- Formal meetings of the senior management were held on a quarterly basis, with the physical presence of all members and the compliance officer in attendance.
- Minutes of the quarterly meetings were adequately and properly kept (i.e. they included a brief description of the issues discussed, a brief reference to the important views/suggestions expressed, as well as a satisfactory description of the handling/decision/suggestions put forward).
- Preparation of quarterly reports for core compliance areas, such as, the monitoring of the Regulated Entity’s post trading reporting obligation for the senior management’s attention.
- A good practice identified relevant to corporate governance, was the inclusion of the review conducted on the order of board meetings in the Annual Compliance Report (e.g. by evaluating and documenting that meetings were properly summoned and that the agenda and the right materials were sent to the senior management beforehand, as well as an evaluation on the interaction of the senior management with the compliance officer).
- The inclusion of the extent and frequency of training to staff in the Annual Compliance Report and documenting/justifying why trainings should be tailored on each department’s needs and activities.
- Including a training log in the Annual Compliance Report.
- The inclusion of a communication log in the Annual Compliance Report listing the communication with CySEC.
- What are the next steps to be taken by Regulated Entities?
All Regulated Entities shall consider the issues raised by CySEC and conduct a review of their policies and arrangements in order to ensure whether the Company is in compliance with the requirements imposed under the relevant legislative framework for the compliance function. If any deficiencies are identified, immediate actions shall be taken to rectify the situation and ensure compliance.
Our team at FiveComply can perform a review on your behalf and assist you in identifying any deficiencies in the Company’s policies and arrangements. We can assist you in finding suitable solutions to eliminate any deficiencies by reviewing and revisiting your current policies and procedures and provide practical results, so your Company can achieve compliance with the CySEC and European regulatory frameworks.
[1] AIFMs when providing services pursuant to section 6(6) of Law 56(I)/20013, as in force and UCITS
Management companies when providing services pursuant to section 109(4) of Law 78(I)/2012, as in force.