Seychelles has become a leading jurisdiction for investment firms seeking a Securities Dealer Licence due to its efficient regulatory framework, reasonable operational costs, and evolving tax environment. However, recent regulatory developments and international standards have shifted the focus from simple licensing structures to properly substantiated, operationally sound entities.

One of the key advantages available to Seychelles Securities Dealers is access to a preferential tax regime under the Seventh Schedule of the Business Tax Act. This may include a preferential tax rate (commonly referenced as 1.5% on gross revenue), depending on the structure and activity of the licensee. However, this benefit is not automatic and is strictly conditional upon meeting the substantial activity requirements and obtaining confirmation from the Financial Services Authority (FSA).

Where the substantial activity requirements are not met, the licensee will not be eligible for the preferential tax regime and will instead be subject to the standard Seychelles corporate tax rates, currently applied on a progressive basis as follows:

• 15% on taxable income up to SCR 1,000,000; and
• 25% on taxable income above SCR 1,000,000.

Economic Substance Requirements in Seychelles

Economic substance is no longer a procedural or administrative requirement. It is a central regulatory and tax condition applicable to licensees under the Securities Act, 2007, as amended, and the Securities (Substantial Activity Requirements) Regulations, 2018.

In line with the FSA Substantial Activity Requirements Guidelines, a licensee will only be eligible to benefit from the preferential tax regime where it can demonstrate that:

• Core income generating activities (CIGA), as defined under Regulation 4 of the Securities (Substantial Activity Requirements) Regulations, are conducted in Seychelles;
• The licensee employs a reasonably adequate number of suitably qualified persons in Seychelles; and
• The licensee incurs an adequate level of operating expenditure within Seychelles, proportionate to the nature, scale, and complexity of its business.

Importantly, the assessment of adequacy is conducted on a case-by-case basis by the Financial Services Authority (FSA), taking into consideration the size, revenue, and operational complexity of the licensee.

Critical Requirement: FSA Confirmation

A key legal requirement often overlooked is that the preferential tax treatment is only available where the licensee obtains annual written confirmation from the Financial Services Authority (FSA) that the substantial activity requirements have been met for the relevant financial year.

In practice:

• The licensee must submit a formal request to the FSA (typically by 31 January of the following year);
• This includes a self-declaration form, organisational structure, and employee establishment list; and
• The FSA will assess and issue its determination, which must be submitted to the Seychelles Revenue Commission (SRC) together with the Annual Tax Return.

Without this confirmation, the preferential tax regime does not apply, and the licensee will be subject to the standard Seychelles business tax rates.

Outsourcing and Operational Structure

The Regulations provide flexibility in structuring operations, but with clear limitations.

Core income generating activities may be outsourced to third-party service providers only where:

• The activities remain physically performed in Seychelles; and
• The licensee demonstrates adequate supervision and control over such outsourced functions.

Where core income generating activities are outsourced outside Seychelles, the substantial activity requirements will generally be considered not to have been met.

Front-Office vs Back-Office Activities

The regulatory framework recognises that certain front-office activities may be conducted outside Seychelles. However, this is subject to strict conditions.

Specifically:

• Front-office activities may be performed outside Seychelles;
• Provided that the corresponding middle-office and back-office functions relating to the same activities are undertaken in Seychelles.

This distinction is critical when structuring international brokerage operations and must be carefully assessed to ensure compliance.

Operational Presence in Seychelles

In practical terms, demonstrating substantial activity typically involves establishing a meaningful operational footprint in Seychelles.

This may include:

• Maintaining an appropriate operational presence in Seychelles (which includes office facilities);
• Ensuring active involvement of locally based personnel in core business functions;
• Demonstrating real decision-making and operational execution within the jurisdiction; and
• Maintaining adequate local expenditure aligned with the scale of operations.

It is important to note that the law does not prescribe a “one-size-fits-all” model but rather requires proportionality between the business activity and the level of substance maintained.

Not Meeting the Substantial Activity Requirements

Failure to meet the substantial activity requirements has direct tax implications.

Where a licensee does not satisfy the substance requirements and/or does not obtain FSA confirmation:

• The preferential tax regime will not apply; and
• The entity will be subject to the standard Seychelles business tax rates.

Additionally, inaccurate or misleading information provided to the FSA in relation to substance may result in enforcement action under the Financial Services Authority Act.

Conclusion

Seychelles continues to position itself as a competitive and credible jurisdiction for Securities Dealers. However, the regulatory landscape has clearly evolved from a registration-based approach to a substance-driven framework aligned with international standards (including OECD BEPS Action 5 principles).

For Securities Dealers, economic substance should not be viewed as a regulatory burden, but rather as a fundamental component of building a compliant, credible, and tax-efficient international structure.

Licensees that properly implement and evidence their substantial activity in Seychelles are able to access the available preferential tax regime, while strengthening their overall regulatory standing and operational resilience.

How FiveComply Can Assist

Navigating the substantial activity requirements and aligning operational structures with both regulatory and tax expectations, requires a careful and practical approach.

At FiveComply, we support Securities Dealers in establishing and maintaining compliant, substance-driven structures in Seychelles. Our services include:

• Advising on substance requirements and operational structuring in line with the Securities (Substantial Activity Requirements) Regulations;
• Assisting with the preparation and submission of the annual FSA substance confirmation request;
• Providing resident Compliance Officer and corporate governance support;
• Supporting the establishment of local operational presence, including coordination of office setup and staffing; and
• Ongoing regulatory and post-licensing advisory to ensure continued compliance.

Our approach is practical and tailored to each client’s business model, ensuring that regulatory requirements are met without overcomplicating operations.

For further information or to discuss your structure, feel free to reach out to our team.

 

Disclaimer

This article is provided for general informational purposes only and does not constitute legal or tax advice.

The introduction of Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA) marks a fundamental transformation in the regulatory treatment of crypto-assets within the European Union. While crypto activities were previously subject to fragmented national frameworks, MiCA establishes, for the first time, a harmonised licensing regime governing both the issuance of crypto-assets and the provision of related services.

This shift reflects a broader regulatory objective: to integrate crypto-assets into the existing financial regulatory architecture, while addressing risks related to investor protection, market integrity, and financial stability.

As with other major EU regulations, MiCA is not simply an additional layer of compliance. It introduces a new operating model, requiring firms to reassess their structure, governance, and service offering in order to continue operating within the EU.

 

A New Licensing Perimeter for Crypto Activities

MiCA introduces a clear distinction between different categories of crypto-assets and activities, each subject to specific requirements.

At its core, the regulation applies to:

• crypto-assets other than asset-referenced tokens (ARTs) and e-money tokens (EMTs),
• asset-referenced tokens (commonly referred to as stablecoins), and
• crypto-asset services provided on a professional basis.

The latter introduces the concept of Crypto-Asset Service Providers (CASPs), which now fall within a formal licensing regime under Title V of MiCA.

 

The scope of regulated services is deliberately broad and mirrors, to a significant extent, the structure of investment services under MiFID II. These include:

• custody and administration of crypto-assets
• operation of trading platforms
• exchange of crypto-assets for funds or other crypto-assets
• execution, reception and transmission of orders
• placing of crypto-assets
• portfolio management and advice and
• transfer services on behalf of clients

This alignment is not incidental. It signals a regulatory intention to treat crypto-asset services with a level of scrutiny comparable to traditional financial services.

 

Authorisation as a Precondition for Market Access

Under MiCA, the provision of crypto-asset services within the EU is conditional upon authorisation as a CASP, unless the entity already holds a licence under another EU financial services framework and opts to use the notification regime.

This represents a significant departure from existing national regimes. Entities currently registered under local crypto frameworks are required to undergo a full authorisation process in order to continue operating post-MiCA.

Although MiCA provides for a transitional period, this is limited in scope. Importantly, firms operating under transitional arrangements do not benefit from passporting rights and may face restrictions on cross-border activities.

In parallel, MiCA introduces a notification-based regime (Article 60) for already authorised entities, such as investment firms or UCITS management companies. These entities may provide crypto-asset services upon notifying their competent authority, subject to strict procedural requirements.

The notification process itself is structured and time-bound. Firms must submit the required information at least 40 working days prior to commencing services, with the competent authority conducting an initial completeness assessment within 20 working days. Any requests for additional information may temporarily suspend the process.

 

From Licensing to Substance: Governance and Operational Requirements

The MiCA authorisation process is not merely formal. It is designed to assess whether firms are capable of operating in a safe, transparent, and resilient manner.

Applicants are required to provide detailed information covering:

• their legal structure and organisational setup,
• governance arrangements and internal control mechanisms,
• safeguarding of client assets and segregation arrangements,
• risk management and compliance frameworks, and
• the suitability and integrity of management and shareholders.

In addition, MiCA introduces specific expectations in relation to operational resilience and ICT risk. CASPs must implement security measures covering access controls, system integrity, and incident management, as well as business continuity arrangements and recovery planning.

The emphasis is clear: licensing is conditional on the existence of an operationally effective framework, not merely documented policies.

 

Ongoing Obligations and Investor Protection

MiCA establishes an extensive set of ongoing obligations that extend well beyond the point of authorisation.

These include requirements relating to:

• conduct of business, including the obligation to act honestly, fairly, and professionally,
• management of conflicts of interest,
• transparent and non-misleading communications, and
• the maintenance of adequate systems and controls.

Investor protection is a central element of the framework. Where firms provide advice or portfolio management, they are required to conduct suitability assessments, taking into account the client’s knowledge, objectives, and risk tolerance. These assessments must be reviewed on an ongoing basis and supported by periodic reporting to clients.

At the same time, MiCA introduces requirements aimed at preserving market integrity, including the detection and reporting of market abuse and the disclosure of inside information.

 

Passporting and the EU Single Market

One of the most significant features of MiCA is the introduction of passporting rights for authorised CASPs.

Once authorised in one Member State, a CASP may provide services across the EU without the need for additional licences. This creates, for the first time, a truly single market for crypto-asset services.

However, this benefit is conditional upon full MiCA authorisation. Firms operating under transitional regimes or relying on national registrations do not benefit from this passporting framework, which reinforces the importance of timely authorisation.

 

Reverse Solicitation: A Narrow and Controlled Exemption

MiCA also addresses the concept of reverse solicitation, which has historically been used by firms to provide services without local authorisation.

Regulatory guidance makes clear that this exemption is interpreted narrowly. Any form of marketing or communication targeting EU clients, including through digital channels, may be considered solicitation.

In practice:

• marketing through social media, affiliates, or influencers may fall within the scope of solicitation,
• the exemption applies only to the initial client request, and
• firms cannot rely on this exemption to offer additional or different services over time.

This significantly limits the ability of non-EU firms to access the EU market without authorisation.

 

Fees and Supervisory Costs

MiCA introduces a structured fee framework, covering both authorisation and ongoing supervision.

At the authorisation stage, fees vary depending on the type of services provided. For example, operating a trading platform entails higher fees compared to execution or advisory services, reflecting the increased complexity and risk.

On an ongoing basis, CASPs are subject to annual supervisory fees comprising:

• a fixed component, determined by the services provided, and
• a variable component, based on the firm’s turnover from crypto-asset services.

The variable component applies progressively, with percentages decreasing as turnover increases, and is capped at €500,000 annually.

This structure introduces a proportional approach, aligning supervisory costs with the scale of the firm’s activities.

 

A Shift from Access to Accountability

MiCA represents more than a licensing exercise. It reflects a broader shift from a relatively open and lightly regulated environment to one characterised by accountability, governance, and operational robustness.

Firms can no longer rely on minimal structures or fragmented compliance approaches. The regulation requires:

• integration of governance, risk, and compliance functions,
• clear allocation of responsibilities at management level, and
• continuous monitoring and adaptation of operational frameworks.

In this sense, MiCA aligns crypto-asset regulation with the broader expectations applied to financial institutions.

 

FiveComply’s Perspective

From an implementation perspective, the main challenge under MiCA is not the interpretation of the regulation, but its practical application within complex and evolving business models.

Firms are often required to reassess fundamental aspects of their operations, including their service classification, outsourcing arrangements, and technological infrastructure.

In particular, the interaction between MiCA requirements and existing regulatory frameworks (such as MiFID II or AML obligations) introduces an additional layer of complexity that must be carefully managed.

Experience shows that the most effective approaches are those that focus not only on regulatory alignment, but on operational readiness, ensuring that governance, systems, and controls are capable of supporting ongoing compliance in practice.

 

Get in touch with our team to discuss your MiCA licensing strategy or CASP authorisation process:
📞 +357 25 34 00 25
📧 regulatory@fivecomply.com

The Digital Operational Resilience Act (DORA) marks a significant evolution in the European Union’s regulatory approach to ICT risk within the financial sector. While financial institutions have long been subject to requirements relating to operational risk, outsourcing, and cybersecurity, DORA introduces, for the first time, a harmonised and enforceable framework specifically focused on digital resilience.

This shift reflects a broader regulatory recognition that financial entities are no longer exposed solely to traditional operational risks, but to increasingly complex and interconnected digital vulnerabilities driven by technological dependence, third-party providers, and cross-border infrastructures.

As a result, DORA is not simply an additional compliance obligation. It represents a structural change in how firms are expected to design, operate, and oversee their ICT environment.

 

A Structural Shift in Regulatory Expectations

DORA establishes a comprehensive framework covering ICT risk management, incident reporting, operational resilience testing, and third-party risk oversight. Its objective is not limited to ensuring that firms maintain adequate policies, but to ensure that they are capable of withstanding, responding to, and recovering from ICT disruptions that may impact critical or important functions.

This reflects a transition from fragmented regulatory requirements to a unified model that places digital resilience at the core of supervisory expectations. Increasing reliance on external ICT providers, particularly cloud services, has also introduced new dimensions of systemic risk, prompting regulators to extend their focus beyond individual firms to the stability of the financial system as a whole.

In this context, DORA introduces a level of rule-based approach and operational depth that goes beyond previous frameworks, requiring firms to move from theoretical compliance to demonstrable resilience.

 

Implementation Is Not Merely Technical

Despite the clarity of its objectives, many firms continue to approach DORA as a technical or documentation-driven exercise. In practice, this approach often leads to frameworks that are formally aligned with regulatory requirements but lack operational effectiveness.

A key challenge lies in the fact that DORA is not limited to IT functions. It requires coordination across risk management, compliance, internal audit, and senior management, as well as alignment with business strategy and operational processes. Where ICT risk remains isolated from broader organisational decision-making, firms face difficulties in achieving the level of integration required by the regulation.

The implementation of DORA therefore requires a shift from isolated structures to a holistic and integrated approach, where ICT risk is embedded across all relevant functions.

 

Common Pitfalls in Practice

In practice, several recurring challenges have emerged across financial entities implementing DORA.

A primary issue is the tendency to prioritise policy development over operational capability. While firms may establish comprehensive ICT risk management frameworks on paper, these frameworks are not always supported by effective processes, tools, and controls capable of functioning under stress conditions. This disconnect between documentation and execution undermines the core objective of ensuring continuity of critical services.

Fragmentation also remains a significant concern. Many organisations continue to operate with separate frameworks for cybersecurity, IT operations, outsourcing, and business continuity, resulting in inconsistencies in how risks are identified, assessed, and managed. DORA requires these elements to be integrated into a single, coherent framework, capable of addressing risks in a consistent and comprehensive manner.

Another area frequently underestimated is the integration of ICT risk into governance structures. DORA places clear responsibility on the management body, requiring active oversight and involvement in ICT risk management. Where senior management engagement is limited, decisions relating to outsourcing, technology, and operational models may not fully reflect resilience considerations.

 

Operational Challenges: Incident Reporting and Testing

The requirements relating to ICT incident reporting introduce a level of complexity that many firms have not previously encountered. DORA requires the classification of incidents based on defined criteria, as well as the submission of initial, intermediate, and final reports within strict timelines. Implementing these requirements requires not only clear internal procedures, but also the ability to detect incidents promptly, assess their impact accurately, and ensure effective internal escalation.

Similarly, the expectations surrounding resilience testing have significantly increased. DORA requires firms to adopt a risk-based approach to testing that reflects their operational dependencies and threat landscape. This includes scenario-based testing and, for certain firms, advanced techniques such as threat-led penetration testing. Basic technical testing alone is insufficient to capture the broader operational impact of disruptions, particularly in environments characterised by interconnected systems and external dependencies.

 

Third-Party Risk: A Central Regulatory Focus

One of the most significant areas of focus under DORA is ICT third-party risk management. The growing reliance on external providers, particularly in the context of cloud computing and technology platforms, has introduced new forms of concentration and systemic risk.

DORA requires firms to maintain a detailed register of ICT third-party providers, including information on services provided, criticality, and contractual arrangements. In practice, many organisations face challenges in obtaining a complete and accurate view of their outsourcing landscape, particularly where subcontracting chains are involved.

Importantly, DORA reinforces that outsourcing does not transfer responsibility. Financial entities remain fully accountable for ensuring that outsourced services meet regulatory expectations, requiring continuous monitoring, robust contractual arrangements, and effective oversight mechanisms.

 

Assurance, Continuity, and Ongoing Compliance

The effectiveness of the ICT risk management framework must be supported by independent assurance. DORA requires regular internal audit and review processes to assess the adequacy and effectiveness of controls. This introduces additional expectations in terms of expertise, independence, and the integration of ICT risk into audit planning.

At the same time, DORA is not designed as a one-time implementation exercise. The regulation introduces a continuous obligation to monitor, review, and update frameworks in response to changes in the firm’s operations, technological environment, and threat landscape. A static approach to compliance is incompatible with the dynamic nature of ICT risk.

 

A Strategic Perspective on Digital Resilience

Beyond its technical and regulatory dimensions, DORA reflects a broader strategic shift in the financial sector. It recognises that digital resilience is not only a matter of individual firm stability, but a key component of financial system integrity.

The increasing interconnection between financial institutions and shared ICT infrastructures means that disruptions can extent rapidly across markets. As such, DORA requires firms to consider their role within a wider ecosystem, extending beyond internal risk management to the management of systemic dependencies.

Firms that approach DORA solely as a compliance obligation may achieve formal alignment with the regulation, but risk overlooking its broader implications. By contrast, those that embed digital resilience within their operating model can enhance operational robustness, improve incident response capabilities, and strengthen stakeholder confidence.

 

FiveComply’s Perspective

At FiveComply, we observe that the primary challenge in DORA implementation is not the interpretation of the regulation itself, but its practical application across complex organisational structures.

Firms increasingly recognise that achieving compliance requires more than aligning documentation with regulatory requirements. The focus has shifted towards ensuring that ICT risk frameworks are operational, integrated, and capable of supporting real-world resilience under stressed conditions.

Our experience shows that the most effective implementation approaches are those that prioritise:

• alignment between ICT risk management and business strategy,
• clear governance structures with active management body involvement,
• comprehensive mapping and oversight of ICT third-party providers, and
• the development of testing and incident response capabilities that reflect actual operational dependencies.

DORA implementation is therefore not a standalone exercise, but part of a broader process of strengthening operational resilience and regulatory positioning. Firms that approach it strategically are better positioned to adapt to ongoing regulatory developments and evolving technological risks.

 

Looking Ahead

DORA represents a fundamental transformation in how ICT risk is regulated within the European financial sector. Its implementation requires more than policy updates or procedural adjustments; it requires a reassessment of how risk is identified, managed, and integrated across the organisation.

The distinction between compliance and resilience is central. While compliance can be achieved through documentation and formal alignment, resilience requires operational capability, integration, and continuous adaptation.

As regulatory expectations continue to evolve, firms that successfully operationalise DORA will be better positioned to navigate an increasingly complex and technology-driven environment, where the ability to withstand disruption is not only a regulatory requirement, but a defining characteristic of sustainable financial institutions.

 

Get in touch with our team to discuss your DORA implementation or regulatory strategy:
📞 +357 25 34 00 25
📧 regulatory@fivecomply.com

The Seychelles Securities Dealer License continues to serve as a widely used regulatory framework for international brokerage firms offering online trading, forex, and CFD services. Regulated by the Financial Services Authority (FSA) of Seychelles, the regime has recently undergone significant legislative updates following the enactment of the Securities (Amendment) Act, 2024 and accompanying amendment regulations.

These amendments introduce several important changes affecting Securities Dealer Licensees, including strengthened corporate governance requirements, increased capital thresholds, enhanced investor protection measures, and revised licensing fees. Firms operating under the Seychelles Securities Dealer regulatory framework must ensure that their compliance systems, operational procedures, and governance structures are updated to reflect these changes.

The amendments entered into force on 30 December 2024. However, entities that were already licensed prior to the introduction of the amendments have been granted a transitional period of eighteen (18) months to comply with the new provisions, ending on 30 June 2026.

 

A.  Changes to the Licensing Framework and Corporate Governance Requirements

One of the most significant regulatory developments introduced by the amendments is the transition to a perpetual licensing regime for Securities Dealer licenses. Under the revised framework, a Seychelles Securities Dealer License will remain valid unless it is suspended, revoked, or surrendered, replacing the previous system where licenses were issued for a fixed annual period.

Despite the introduction of a perpetual license model, license holders must still meet ongoing regulatory obligations. In particular, Securities Dealer licensees are now required to pay their annual license fees and submit a compliance certificate to the Financial Services Authority by 31 January of each year.

The amendments also introduce enhanced corporate governance requirements. Securities Dealer licensees must appoint two individual directors, with at least one director required to be a resident of Seychelles. Additionally, the framework requires that there be at least two resident fit and proper individuals in Seychelles, which may include directors, compliance officers, or other managerial staff responsible for overseeing the operations of the licensed entity.

These provisions are intended to strengthen regulatory oversight and ensure that licensed brokerage firms maintain sufficient operational substance within the jurisdiction.

 

Investor Protection Measures and Operational Requirements

The amendments also introduce several important measures aimed at strengthening investor protection and operational oversight within the Seychelles securities sector.

One of the key changes relates to client classification requirements for restricted speculative investments, as per the FSA definition. Securities Dealer licensees offering leveraged products (e.g. CFDs) should now classify their clients as either retail clients or professional clients before offering access to leveraged products. Professional clients may include regulated financial institutions, institutional investors, governments, large corporate entities meeting specific financial thresholds, or high-net-worth individuals who satisfy the relevant asset and experience criteria.

Where clients are classified as retail clients, Securities Dealer licensees must conduct an appropriateness assessment to determine whether the client possesses the knowledge and experience necessary to understand the risks associated with the specific leveraged products e.g. CFDs.

The amendments also introduce negative balance protection for retail clients, meaning that the liability of a retail client trading restricted speculative investments is limited to the funds held in the client’s trading account. This provision ensures that retail investors cannot incur losses exceeding the amount deposited with the securities dealer.

Additional regulatory obligations include enhanced advertising and risk warning requirements, under which Securities Dealer licensees must ensure that promotional materials prominently display risk warnings explaining the potential losses and complexity associated with trading financial instruments such as securities, derivatives, and other leveraged products.

The amendments further strengthen oversight of outsourcing arrangements. While support functions may be outsourced to external service providers, core operational functions may only be delegated to affiliated entities and require prior approval from the Financial Services Authority.

 

Capital Requirements and Revised Licensing Fees

The updated regulatory framework also introduces an increase in the minimum capital requirement for Securities Dealer licensees. The minimum issued and paid-up share capital has been increased from USD 50,000 to USD 100,000, and this capital must be maintained at all times in a bank account with a bank licensed under the Financial Institutions Act or another equivalent jurisdiction approved by the FSA. More information on how the FSA interprets ‘equivalent jurisdictions’ can be provided from FiveComply during your next consultation session.

In addition to the increased capital threshold, the amendments introduce revised regulatory fees.

The application fee for a Securities Dealer license has increased from USD 1,500 to USD 3,000, while the annual license fee has increased from USD 3,000 to USD 6,000. The fees for the Securities Dealer Representative remain the same for both the application and ongoing maintenance of the license. Additional fees have also been introduced for matters such as additional trade names, domain names, and regulatory approvals for changes in shareholding or corporate structure.

These changes reflect the continued evolution of the Seychelles financial services regulatory framework, with a focus on strengthening governance standards and investor protection within the jurisdiction.

 

Preparing for Compliance with the New Framework

Although the amendments entered into force on 30 December 2024, existing Seychelles Securities Dealer License holders have until 30 June 2026 to fully comply with the new requirements.

During this transitional period, licensees should review their corporate governance arrangements, client onboarding procedures, capital structures, and internal policies to ensure full alignment with the revised legislative framework.

At FiveComply, we support firms operating under the Seychelles Securities Dealer License framework by assisting with regulatory compliance, policy development, and ongoing liaison with the Financial Services Authority of Seychelles. As regulatory expectations continue to evolve, maintaining a robust compliance framework is essential for firms seeking to operate successfully in the Seychelles financial services sector.

Contact us today to learn how FiveComply can support your firm with Seychelles Securities Dealer licensing, regulatory compliance, and ongoing FSA engagement.

📍 Seychelles | Mauritius | Cyprus | UAE

📞 +357 25 34 00 25

📧 info@fivecomply.com

🌐 fivecomply.com

For more than a decade, Cyprus has served as one of Europe’s primary entry points for investment firms seeking access to the European market. While the regulatory landscape has evolved significantly, authorisation by the Cyprus Securities and Exchange Commission (CySEC) continues to represent a strategically important milestone for financial institutions operating within the EU.

 However, the nature of CySEC licensing has changed. What was once viewed primarily as an entry procedure has increasingly become a process centred on operational substance, governance maturity, and long-term regulatory sustainability. 

 

A Mature Regulatory Environment:

CySEC today operates within a far more demanding European supervisory framework than in previous years. The implementation of MiFID II, the Investment Firms Regulation and Directive (IFR/IFD), enhanced AML obligations, and upcoming crypto-asset regulation under MiCA have collectively reshaped supervisory expectations.

As a result, licensing is no longer assessed solely on documentation completeness. Regulators increasingly evaluate whether applicants demonstrate realistic operational models, effective internal controls, and governance structures capable of supporting ongoing supervision. 

For firms, this means preparation begins well before submission — and extends beyond policies and procedures to the credibility of the people and ownership structure behind the firm.

In practice, one of the most decisive elements in a CySEC licensing application is the suitability of the shareholders. While applicants often focus heavily on documentation and operational setup, CySEC places significant emphasis on whether qualifying shareholders meet the regulator’s fit-and-proper requirements, including experience in a regulated environment, financial soundness, transparency of source of wealth, reputation, and the ability to support the firm’s long-term stability.

Experience shows that shareholder assessment frequently represents the most critical stage of the authorisation process.

 

The Impact of Crypto Regulation:

The emergence of crypto-asset regulation within the European Union — particularly through the Markets in Crypto-Assets Regulation (MiCA) — has become one of the primary drivers reshaping how investment firms approach CySEC licensing and regulatory strategy.has introduced an additional layer of strategic planning for investment firms.

Rather than operating crypto activities separately, many firms are now evaluating how digital-asset services interact with existing CySEC authorisations, governance structures, and compliance frameworks. This has led to increased demand for licence extensions, structural reviews, and regulatory alignment exercises ahead of MiCA implementation.

The transition highlights a broader trend: regulatory frameworks are converging, requiring firms to adopt integrated compliance approaches rather than siloed licensing strategies.

 

Licensing Is No Longer One-Dimensional:

A notable shift in recent years is the growing number of firms seeking extensions or modifications to existing authorisations rather than entirely new licences.

These include:

• expansion of investment services and activities
• introduction of new financial instruments
• restructuring of business models
• integration of crypto-related activities
• alignment with evolving EU regulatory frameworks

We have observed a clear increase in demand for licence extensions aligned with MiCA developments, as firms recognise the operational efficiency of expanding existing regulatory permissions rather than establishing separate regulatory structures.

In many cases, firms can strategically position themselves to operate both traditional financial instruments and crypto-asset activities under an aligned regulatory framework, creating operational continuity while reducing regulatory fragmentation. This approach has become increasingly attractive as European regulation moves toward convergence between traditional finance and digital assets.

Regulatory strategy has therefore become continuous rather than transactional. Firms increasingly revisit their authorisations as their business models evolve alongside market and regulatory developments.

 

Governance Expectations: What Firms Often Underestimate:

Despite CySEC’s well-established framework, applicants frequently underestimate where regulatory scrutiny is primarily focused during the licensing process.

While governance structure and documentation remain important, the assessment begins with the suitability of the Company’s shareholders. In practice, application timelines are frequently impacted not by policies or operational arrangements, but by the shareholder assessment process: CySEC places significant emphasis on qualifying shareholders meeting fit-and-proper requirements.

Beyond ownership assessment, CySEC also expects a management body capable of exercising genuine oversight and independent judgment. This includes meeting minimum structural expectations such as:

• at least two Executive Directors, actively involved in day-to-day management;
• at least two Non-Executive Independent Directors, providing independent oversight; and
• a Board composition demonstrating sufficient local substance and regulatory familiarity, with the majority of directors being Cyprus-based.

Ultimately, regulatory approval is based on the combined assessment of shareholders and directors, ensuring both sound ownership and effective governance capable of sustaining long-term regulatory compliance.

 

Common Challenges Firms Encounter:

Applicants frequently underestimate the importance of regulatory coherence — ensuring that business plans, policies, staffing arrangements, ownership structure, and governance model present a consistent and credible narrative.

Delays often arise not from regulatory rigidity, but from gaps between commercial ambition and regulatory readiness. Successful applications therefore depend on early strategic planning and alignment with CySEC expectations from the outset.

 

FiveComply’s Perspective:

At FiveComply, we have observed a clear evolution in how firms approach CySEC authorisation. Increasingly, clients seek not only assistance with initial licensing, but ongoing regulatory guidance as their activities expand across new services, instruments, and regulatory regimes — particularly in connection with MiCA-driven licence extensions.

Our experience shows that successful licensing outcomes depend less on documentation volume and more on correctly structuring:

• shareholder eligibility and transparency,
• governance composition,
• regulatory strategy, and
• operational substance from day one.

Our experience spans new CySEC authorisations, licence extensions, crypto-related regulatory structuring, and ongoing compliance implementation. In each case, the objective remains the same: aligning business growth with sustainable regulatory positioning.

 

Looking Ahead:

As European financial regulation continues to develop, CySEC remains a key gateway for firms seeking regulated access to the EU market. The regulator’s increasing supervisory maturity reflects broader European trends emphasising transparency, governance, and operational substance.

CySEC licensing is increasingly less about obtaining approval and more about building a structure capable of operating successfully under continuous supervision — where shareholder suitability, governance strength, and strategic regulatory planning play a decisive role.

With extensive experience advising firms across the CySEC regulatory framework, FiveComply supports financial institutions throughout the full licensing lifecycle — from initial authorisation and licence extensions to compliance implementation and ongoing regulatory support. 

 

Get in touch with our team to discuss your CySEC licensing or regulatory strategy:

📞 +357 25 34 00 25
📧 regulatory@fivecomply.com

 

 

 

Seychelles has established a formal regulatory regime for Virtual Asset Service Providers (VASPs) through the Virtual Asset Service Providers Act, 2024.

Under this framework, any entity operating a crypto exchange, crypto brokerage, digital asset wallet, custody platform, or virtual asset investment service in or from Seychelles must obtain a Seychelles VASP licence issued by the Financial Services Authority (FSA).

The Seychelles VASP regime is designed to position the jurisdiction as a regulated international hub for digital asset businesses, while ensuring compliance with international AML/CFT and FATF standards.

For founders launching or relocating crypto exchanges, trading platforms, custody solutions and more, regulatory success depends on three key pillars:

Scope clarity. Substance alignment. Governance integrity.

At FiveComply, our Licensing team specialises in structuring and licensing Virtual Asset Service Providers in Seychelles, ensuring applications are regulator-ready and aligned with the expectations of the Seychelles Financial Services Authority (FSA).

1. What Activities Require a Seychelles VASP Licence?

A Seychelles VASP licence is required where a company carries on virtual asset services in or from Seychelles.

The regulatory framework recognises four main licence categories:

1. Virtual Asset Exchange

Platforms facilitating the trading or exchange of digital assets, including crypto-to-crypto and crypto-to-fiat exchanges.

2. Virtual Asset Wallet / Custody Service

Businesses providing custody or safeguarding of virtual assets, including hosted wallets and custody platforms.

3. Virtual Asset Broker

Entities acting as intermediaries executing digital asset transactions on behalf of clients.

4. Virtual Asset Investment Provider

Companies offering digital asset investment management, advisory, or portfolio services.

Important Regulatory Conditions

Under the VASP Act:

• Only Seychelles-incorporated companies (domestic entities or International Business Companies – IBCs) may apply.
• Individuals cannot hold a VASP licence.
• Certain activities are expressly prohibited, including:
  • crypto mining operations
  • mixing or tumbling services designed to obscure transaction traceability.

One of the most common causes of regulatory delays is misclassification of the business model. The FSA assesses the actual operational structure, not merely the description in the licence application.

FiveComply assists clients in mapping their operational model to the correct VASP licence category, ensuring regulatory alignment from the outset.

2. Minimum Capital Requirements for a Seychelles VASP Licence

The Virtual Asset Service Providers (Capital and Other Financial Requirements) Regulations, 2024 prescribe minimum paid-up capital requirements depending on the licence category.

Minimum capital thresholds include:

• USD 150,000 — Virtual Asset Exchange
• USD 75,000 — Virtual Asset Broker
• USD 25,000 — Virtual Asset Wallet (Custody) Service Provider
• USD 50,000 — Virtual Asset Investment Provider

Where a company applies for multiple VASP licence categories, capital requirements must reflect the combined risk exposure of the activities conducted.

The required capital must:

• Be fully paid-up
• Be supported by clear source of funds documentation
• Be maintained continuously after licensing

For crypto exchanges and custody providers, capital planning must reflect asset safeguarding obligations and operational risk, not merely statutory minimums.

FiveComply supports applicants with:

• source of wealth and source of funds analysis
• regulatory-aligned financial projections
• capital structuring strategies.

A robust capital framework significantly reduces regulatory queries and licensing delays.

3. Substance Requirements for VASP Companies in Seychelles

The Seychelles VASP framework requires genuine economic presence in the jurisdiction.

Applicants must demonstrate operational substance, including:

• a physical office in Seychelles
• at least two natural person directors
• at least one resident director
• a local Compliance Officer
• adequate staffing proportionate to the scale of operations
• board and management meetings conducted in Seychelles
• records accessible from the Seychelles office
• local complaint handling oversight

FiveComply supports VASP clients with:

• resident director solutions
• local compliance officer appointments
• complaints handling officer support
• physical office arrangements
• governance and operational structuring

This ensures the business meets both licensing requirements and ongoing substance expectations.

4. Governance Requirements and Key Appointments

Strong governance is a core requirement for obtaining a Seychelles VASP licence.

Board Requirements

• Minimum two natural person directors
• At least one director resident in Seychelles
• All directors must satisfy Fit and Proper criteria

Mandatory Key Functions

The regulatory framework expects the appointment of:

• Directors
• Compliance Officer
• Principal Officer(s)
• Information Security Officer
• External Auditor (to be appointed within 30 days of licensing)

Fit and Proper Assessment

The Fit and Proper Code for VASPs evaluates:

• professional experience
• industry competence
• financial soundness
• reputation and integrity
• absence of adverse regulatory findings.

Failure to appoint qualified and experienced individuals is one of the most common reasons for licensing delays or regulatory queries.

FiveComply conducts Fit and Proper pre-assessments prior to application submission to ensure regulatory expectations are met.

5. AML/CFT and Compliance Framework Requirements

VASPs licensed in Seychelles must maintain a comprehensive AML/CFT compliance framework aligned with:

• Seychelles AML legislation
• FATF recommendations
• FSA supervisory expectations.

Generic templates are easily identifiable and often lead to multiple regulatory queries.

FiveComply develops customised regulatory frameworks tailored to each VASP applicant’s operating model.

6. Ongoing Compliance Obligations for Seychelles VASPs

Obtaining a Seychelles VASP licence is only the first step. Licensed entities must comply with ongoing regulatory obligations.

These include:

• payment of annual licence fees
• submission of annual compliance returns
• substance reporting
• annual AML reporting
• cybersecurity reporting
• audited financial statements prepared under IFRS
• maintaining records for at least seven years

The FSA may also request access to transaction records or operational data where required.

FiveComply provides post-licensing compliance support, assisting VASPs with regulatory reporting and ongoing FSA engagement.

7. Seychelles VASP Application Assessment

The FSA reviews only complete licence applications. Incomplete submissions could be rejected.

Why Work with FiveComply for Seychelles VASP Licensing?

FiveComply’s Offshore Division specialises in crypto licensing and financial regulation across offshore jurisdictions.

Our expertise includes among others:

• Seychelles VASP licensing
• Seychelles Securities Dealer licences
• governance and Fit & Proper structuring
• AML/CFT framework development
• capital planning and regulatory alignment
• resident director and substance solutions
• post-licensing compliance support.

Each project is structured based on the client’s operational model, regulatory strategy and risk exposure, ensuring applications are fully aligned with FSA expectations.

8. Start Your Seychelles VASP Licence Application

Seychelles has emerged as a regulated jurisdiction for digital asset businesses, offering a structured framework for crypto exchanges, brokers and custody providers.

However, regulatory approval requires:

• correct licence categorisation
• strong governance structures
• genuine local substance
• robust AML/CFT controls
• strategic regulatory engagement.

If you are planning to launch or relocate a crypto business in Seychelles, our team can guide you through the entire VASP licensing process, from initial structuring to regulatory approval.

Secure your Seychelles VASP licence with confidence.

📧 info@fivecomply.com
🌐 fivecomply.com

Over the past few years, the United Arab Emirates has steadily transformed into one of the most attractive regulatory destinations for financial services firms seeking international expansion. What was once viewed primarily as a regional financial centre has evolved into a jurisdiction increasingly considered alongside established global regulatory hubs.

A key driver behind this development has been the evolution of the Capital Markets Authority (CMA) (ex-SCA) — and the continued maturation of its licensing and supervisory framework.

Today, firms are no longer approaching the UAE solely for commercial presence or market visibility. Instead, they are seeking regulated status under the CMA as part of broader strategic expansion plans, often through licensing structures such as CAT-1 and CAT-5 authorisations aligned with their operational model.

 

A Shift in How Firms View UAE Regulation:

Historically, many financial institutions prioritised European licences for credibility and offshore jurisdictions for operational flexibility. The UAE now occupies a distinct middle ground: a jurisdiction offering both regulatory substance and commercial accessibility.

This balance has become particularly attractive to brokerage groups, fintech firms, investment intermediaries, and digital-asset related businesses aiming to diversify their regulatory footprint while maintaining proximity to rapidly growing investor markets across the Middle East, Africa, Europe and Asia.

Importantly, the CMA framework emphasises genuine operational presence. Licensing is increasingly focused on governance standards, compliance infrastructure, and clearly defined business models rather than purely formal registration. As a result, firms entering the UAE market are expected to demonstrate long-term commitment and regulatory readiness from the outset.

 

Increasing Regulatory Interest — and Why Now:

Recent market developments suggest a noticeable acceleration in licensing interest. Firms are reassessing jurisdictional strategy amid evolving global regulatory expectations, rising operational scrutiny in traditional markets, and the need for geographically diversified structures.

The UAE offers several advantages within this context. Its regulatory environment is internationally aligned yet commercially pragmatic. In parallel, continued government investment in financial innovation has reinforced confidence among both startups and established institutions.

In parallel with this growing interest, demand has increased for both CAT-1 and CAT-5 licenses in the UAE, reflecting different operational approaches adopted by market participants. Under the CMA licensing framework, a CAT-1 licence in the UAE typically supports firms operating a full brokerage model, enabling them to onboard and service clients directly within the UAE under a fully regulated structure. By contrast, CAT-5 licence holders in the UAE generally focus on introduction and promotion activities, referring clients to other regulated entities while maintaining a regulated presence in the region.

For many applicants, a CMA licence is no longer viewed simply as market entry into the UAE, but as a strategic regulatory anchor supporting international growth.

 

Navigating the Licensing Process:

Despite growing interest, obtaining authorisation under the CMA framework remains a structured and detail-driven process. Applicants must clearly articulate their operating model, governance arrangements, and compliance controls, while ensuring alignment between commercial objectives and regulatory permissions.

In practice, challenges often arise not from regulatory complexity itself, but from misalignment between a firm’s intended activities and the licensing structure selected at the initial stage. Early strategic planning therefore plays a decisive role in determining both application timelines and overall success.

Regulator engagement also tends to be iterative, requiring applicants to demonstrate transparency, preparedness, and a clear understanding of local regulatory expectations.

 

FiveComply’s Perspective

At FiveComply, we have observed first-hand the increasing sophistication of firms approaching UAE CMA licensing, including successful applications for both CAT-1 and CAT-5 authorisations. Applications are becoming more strategic, with organisations seeking not only approval but sustainable regulatory positioning within the region.

Our role typically extends beyond application preparation to include regulatory structuring, governance design, and ongoing compliance alignment — ensuring that licensing outcomes support long-term operational objectives rather than short-term market entry.

 Having supported clients across multiple CMA licensing categories, we continue to see the UAE emerge as a central jurisdiction within global expansion strategies for financial services businesses.

 

Looking Ahead:

As financial regulation continues to evolve globally, jurisdictions capable of combining credibility, accessibility, and regulatory clarity are likely to attract sustained industry attention. The UAE, under the CMA framework, appears increasingly positioned within this group.

For firms evaluating their next stage of international growth, establishing a regulated presence in the UAE is becoming less a question of opportunity and more one of strategic timing. Success, however, depends not only on selecting the right jurisdiction, but on approaching licensing with a clear regulatory strategy and a well-structured operational model from the outset.

Against this backdrop, firms increasingly seek advisors with practical experience navigating the CMA framework and supporting applications beyond the initial approval stage.

With an active on-the-ground presence in Dubai and extensive experience supporting firms across multiple Capital Markets Authority (CMA) licensing categories, compliance implementation, and ongoing regulatory support, FiveComply assists financial institutions in establishing and scaling their regulated presence in the UAE with confidence.

 

Get in touch with our team:

📞 +357 25 34 00 25
📧 regulatory@fivecomply.com

Analysis of the Financial Services Authority’s 2024 Annual Report: Key Regulatory Developments and Sector Insights in Seychelles

 
1. Introduction

The Financial Services Authority (“FSA”) in Seychelles has published its 2024 Annual Report, outlining a year marked by regulatory consolidation, strengthened supervisory frameworks and closer alignment with international standards. As Seychelles continued refining its financial services landscape, the 2024 report provides clarity on the jurisdiction’s direction, priorities and progress across several core areas.

The article highlights and analyses the most significant developments of the past year, based on information published in the Report.

 

2. Implementation of the VASP Framework

The Virtual Asset Service Providers Act, 2024 (“VASP Act, 2024”) together with its suite of supporting regulations, became fully operational during the year. These instruments establish requirements for licensing, cybersecurity controls, client asset protection, advertising standards and the registration of ICOs and NFTs.

This framework brings Seychelles into alignment with FATF Recommendation 15 and positions the jurisdiction among the few in the region with a complete and modern regulatory regime for virtual asset activities. According to the Report, this is intended to safeguard market integrity while enabling innovation in areas such as digital assets and fintech.

 

3. Strengthened AML/CFT Oversight and Alignment with FATF

The Report outlines continued reforms to the national AML/CFT framework, driven by the FSA, the Central Bank of Seychelles and the FIU. Notable outcomes include the upgrade of FATF Recommendation 4, which concerns the ability of a jurisdiction to freeze, seize and confiscate of crime through effective legal and operational measures, to Compliant. The ongoing implementation of the AML/CFT Act, 2020 and related Beneficial Ownership reforms and coordinated supervision across sectors further strengthened the jurisdiction’s ability to detect, prevent and respond to financial crime risks.

 

4. Removal from the EU Blacklist and Progress on Tax Transparency

The Report confirms that Seychelles was removed from the EU’s Annex I (i.e. commonly referred to as “Blacklist”) and placed on the grey list in February 2024, awaiting the results of the supplementary review in 2025. The shift followed substantive legislative updates on ownership information and the submission of a request for an OECD Global Forum supplementary review, which was scheduled for 2025.

The move to the grey list reduced reputational and operational risks for the jurisdiction, while the upcoming supplementary review underscores the need for continued improvement in information availability and exchange-of-information practices.

 

5. Advancement of International Organisation of Securities Commissions (IOSCO) Technical Assistance

During the year, the FSA finalised the ‘Terms of Reference for a Technical Assistance’ programme with IOSCO. This programme will review the legal and supervisory framework governing securities, identify deficiencies and recommend the reforms necessary for Seychelles to meet the IOSCO Multilateral Memorandum of Understanding standards.

The Report notes that this work forms the basis for Seychelles’ planned reapplication for Ordinary Membership and MMoU signatory status. Achieving these milestones would significantly strengthen cross-border regulatory cooperation and enhance the jurisdiction’s standing in global capital markets.

 

6. Continued Economic Growth Driven by Tourism and ICT

The economic section of the Report demonstrates that Seychelles recorded real GDP growth of 3 percent in 2024. Growth was supported primarily by tourism, with 352,762 visitors arriving during the year, and by the ICT sector, which expanded by 10 percent as digitalisation efforts intensified.

Although external pressures such as higher freight costs and a weaker rupee affected inflation and operating conditions, the Report highlights a stable overall economic environment, which supports the ongoing development of the non-bank financial services sector.

 

7. Strengthening Institutional Capacity and Risk Management

The Report highlights internal advancements within the FSA, particularly in governance, staff development and risk management. Key initiatives included the development of strategic risk management documents, enhancements to internal audit processes and the introduction of Strategic Planning Champions to support implementation of the 2021-2025 Strategic Plan.

 

 

8. Conclusion

The 2024 Annual Report demonstrates continued progress in strengthening Seychelles’ regulatory frameworks and institutional capacity. The developments in digital asset regulation, AML/CFT alignment, tax transparency, international cooperation and internal governance reflect a jurisdiction prioritising stability, transparency and long-term credibility.

Looking ahead, Seychelles is positioned for a pivotal year as it moves toward further FATF re-ratings, the Global Forum supplementary review and renewed engagement with IOSCO. The direction set in the 2024 Annual Report suggests continued regulatory strengthening, greater international alignment and a more structured supervisory environment for firms operating in the jurisdiction.

For business entering or operating in Seychelles, FiveComply provides streamlined licensing and compliance solutions aligned with the latest regulatory developments, from digital asset regulation to strengthened AML/CFT and transparency standards.

 

Disclaimer: This article is provided for general informational purposes only and does not constitute legal, regulatory or professional advice. Readers should seek independent advice before taking any action based on the information contained herein.

The United Arab Emirates (UAE) has rapidly emerged as a key global financial hub, attracting investors and financial firms from around the world. As the market continues to grow, the need for clear regulatory frameworks becomes increasingly important to ensure transparency, protect investors, and foster trust.

 

At the heart of this regulatory landscape is the Securities and Commodities Authority (SCA), responsible for setting standards that ensure trust, transparency, and market integrity.
One of the key authorizations under the SCA framework is the Category 5 License, designed specifically for firms engaged in arranging and advisory activities within the UAE’s financial markets.
It enables  companies to promote financial products, introduce investors to licensed regional and global entities, and offer advisory services — all while complying with the highest regulatory standards.

 

In short, a Category 5 License offers an entry point for companies aiming to connect UAE investors with global financial opportunities. It is designed for international brokers seeking to legally and transparently engage clients and promote their financial products within the UAE.

 

Understanding the scope and benefits of the Category 5 license is essential for businesses aiming to establish or expand their presence in the UAE’s financial sector. This article explores why this license matters, the opportunities it creates, and how firms can navigate the application process successfully.

 

UNDERSTANDING THE SCA CATEGORY 5 LICENSE:

The Category 5 License authorizes companies to conduct the so-called “Arranging and Advisory” activities, including:

• Promoting or marketing of financial instruments
• Introducing investors to regulated financial institutions
• Providing financial consultancy and advisory services

— all without directly managing or holding client funds!

 

Firms can facilitate connections between investors and licensed brokers, asset managers, or product issuers, while ensuring compliance with UAE’s strict conduct and marketing standards.

 

WHY OBTAIN THE SCA CATEGORY 5 LICENSE?

 1. Regulatory Credibility

Operating under an SCA license demonstrates that your firm meets all regulatory standards and maintains strong internal controls, governance, and transparency. It immediately establishes trust with both institutional partners and clients, differentiating your business from unlicensed operators and helping you avoid any potential breach of SCA regulations and decisions.

 

2. Enhanced Market Access

This authorization provides a gateway to new business opportunities and partnerships in investment promotion, brokerage introductions, and financial advisory. It also offers a clear and compliant pathway for foreign financial institutions seeking to establish a presence or expand their reach in the UAE through promotional and introduction activities. Holders of this license may introduce UAE-based investors to their regulated brokerage or investment entities abroad, ensuring that all communications and marketing efforts comply with the SCA’s standards for conduct, transparency, and fair promotion.

 

3. Investor Confidence

Licensing gives clients the assurance that all activities are supervised by a respected regulatory authority. It signals integrity, professionalism, and commitment to operating transparently, critical factors for attracting and retaining clients and business partners in the financial services industry.

 

4. Legal Protection and Operational Clarity

Obtaining an SCA license gives your business a clearly defined regulatory framework to operate within. It ensures your promotional and introduction activities are fully recognized by the regulator, protecting both your firm and your clients from the risks linked to unlicensed financial marketing. By operating under an authorized structure, you gain legal certainty and clear guidance on how to conduct compliant activities in the UAE market.

 

5. Alignment with International Standards

The SCA framework is aligned with global financial governance standards, including the OECD and FATF principles. Licensed firms benefit from being recognized as compliant with international norms which is an essential factor when expanding into regional or cross-border partnerships.

 

6. Sustainable Business Growth

 By building a regulated structure from the start, your firm can scale confidently knowing its operations meet regulatory expectations and can adapt to future compliance developments.

An SCA license lays the foundation for long-term growth, reputation, and business continuity.

 

A FINAL CONSIDERATION

 The SCA Category 5 License is more than a regulatory requirement.  It is a strategic asset that builds trust, enables growth, and enhances access to the UAE’s thriving financial markets.

 

Whether you’re an international firm entering the UAE or a local business seeking to expand,

FiveComply ensures your licensing journey is seamless, transparent, and compliant every step of the way.

 

HOW WE CAN HELP

At FiveComply, we provide end-to-end support to help firms obtain their SCA authorization smoothly and with confidence. Obtain your license with confidence through our tailored approach, which includes A-to-Z guidance throughout the licensing process, ongoing compliance support, and internal audit services to ensure continued regulatory alignment.

 

Our goal is to ensure that every licensing project is completed accurately, meets all regulatory requirements, and supports each client’s firm’s long-term operations in the UAE.

 

Book a consultation with our team today for actionable guidance and a streamlined path to securing your SCA Category 5 license.

On 5 September 2025, the Cyprus Securities and Exchange Commission (CySEC) issued Regulatory Administrative Act (RAA) 270/2025, amending its National Product Intervention Measures (NPIMs) on Contracts for Difference (CFDs). The move reflects CySEC’s ongoing focus on investor protection, market stability, and alignment with EU supervisory standards.

 

1. New CFD Leverage Restriction:

The amendment revises Annex I of Directive DI87-09 and introduces a 10% initial margin requirement (1:10 leverage) for CFDs where the underlying is:

• Any commodity, and
• Any stock index not expressly listed in the 1:20 leverage category (i.e. gold and major equity indices such as FTSE 100, DAX, S&P 500, etc.).

In practice, this ensures that all unlisted or exotic commodities and indices will now fall under the 1:10 leverage cap.

 

1. Background (2019–2025 Framework):

Since 2019, CySEC has imposed permanent limits on CFD leverage for retail clients, aligned with ESMA’s measures:

• 1:30 – Major FX pairs
• 1:20 – Non-major FX pairs, gold, and major indices
• 1:10 – Other commodities and non-major indices
• 1:5 – Individual equities and other reference values
• 1:2 – Cryptocurrencies

The new amendment closes gaps by ensuring that any product outside the 1:20 category now defaults to 1:10 leverage, reducing scope for regulatory arbitrage.

While commodities (other than gold) and non-major indices were already capped at 1:10, there was scope for interpretation regarding new or unlisted products.

 

1. Wider Regulatory Developments

Alongside the CFD amendment, CySEC continues to expand its supervisory agenda:

• Sanctions enforcement: A new framework strengthens compliance with EU and UN sanctions, including the creation of the National Sanctions Implementation Unit under the Ministry of Finance. Regulated firms must enhance monitoring, reporting, and internal controls.
• Capital adequacy: From early 2025, CySEC will apply EBA guidelines on the group capital test under the Investment Firms Regulation (IFR), clarifying requirements on capital, risk management, and governance. Low-risk firms may apply for reduced capital requirements, though CySEC retains the right to revoke permissions if conditions change.
• Forward-looking priorities: CySEC has signalled its focus on digital transformation, enforcement of upcoming MiCA (crypto-assets) and DORA (digital resilience) frameworks, and improving supervisory capacity. For 2025, its budget of €17.5 million will fund increased staffing and technology investments.

 

1. What Investment Firms Shall Do

• CFD brokers: Adjust margin settings, review product catalogues, and update client agreements, risk warnings, and marketing communications to reflect the new leverage rules.
• All regulated firms: Ensure sanctions compliance frameworks are up to date and prepare for capital adequacy changes under the EBA guidelines.
• Compliance teams: Reinforce monitoring and staff training to align with CySEC’s stricter supervisory approach.

Although the amendment does not overhaul leverage rules, it represents a tightening of scope. By closing definitional gaps, CySEC has made clear that any retail CFD product not explicitly listed under higher categories will be restricted to 1:10 leverage.

This move signals CySEC’s intent to limit regulatory arbitrage and reinforce its reputation as a regulator aligned with the EU’s strictest investor protection standards.

 

How We Can Help

If your firm requires assistance in reviewing product offerings, updating margin settings, or aligning compliance documentation with the new directive, please contact our team of experts.

 

FiveComply can support you in navigating CySEC’s evolving regulatory framework.