comply5, Author at FiveComply

30 January

ESMA’s New Consultations on MiCA: Navigating Reverse Solicitation and Crypto Asset Classification

In a pivotal move, the European Securities and Markets Authority (ESMA) has unveiled two Consultation Papers addressing crucial aspects of the Markets in Crypto Assets Regulation (MiCA). This comprehensive initiative seeks public input on guidelines related to reverse solicitation and the classification of crypto assets as financial instruments.

Consultation on Reverse Solicitation:

ESMA is actively soliciting feedback on proposed guidance for the reverse solicitation exemption. The aim is to refine conditions and supervisory practices employed by National Competent Authorities (NCAs) to prevent circumvention. ESMA reiterates that the exemption is a narrowly framed exception, emphasizing that MiCA limitations cannot be sidestepped.

Consultation on Classification of Crypto Assets:

ESMA invites stakeholders to contribute insights into establishing precise conditions and criteria for classifying crypto assets as financial instruments. This move aligns MiCA with the Markets in Financial Instruments Directive II (MiFID II), ensuring a harmonized approach across the EU.

Proposed Guidelines: The guidelines provide NCAs and market participants with structured yet flexible criteria for crypto-asset classification, striking a balance between guidance and avoiding a rigid, one-size-fits-all approach.

Next Steps:

Stakeholders have until April 29, 2024, to provide their feedback. ESMA plans to meticulously consider the received insights, with the final report anticipated in the fourth quarter of 2024. This initiative is poised to enhance clarity and contribute to global standards in crypto-asset regulation.

Explore the consultation papers https://www.esma.europa.eu/press-news/esma-news/esma-consults-reverse-solicitation-and-classification-crypto-assets-financial and actively participate in shaping the future landscape of crypto regulation.

22 January

news

EU Update on AML/CFT High-Risk Third Countries: Removal of Jordan and Cayman Islands

The European Commission via the issuance of the Commission Delegated Regulation 2024/163/EU has enacted important changes to the list of third-country jurisdictions with strategic deficiencies in their AML/CFT regimes. This update focuses on the removal of Jordan and the Cayman Islands from the high-risk category, reflecting their significant progress in strengthening AML/CFT frameworks.

Directive (EU) 2015/849 empowers the Commission to identify high-risk third countries, and Commission Delegated Regulation (EU) 2016/1675 initially identified such countries.

Recent information, including FATF statements and reports, triggered this review. The FATF’s removal of the Cayman Islands and Jordan from the ‘Jurisdictions under Increased Monitoring’ list in October 2023 prompted a comprehensive assessment by the Commission. Those countries are identified as high-risk third countries in Delegated Regulation (EU) 2016/1675 but were deleted from the FATF list of ‘Jurisdictions under Increased Monitoring’ in October 2023.

The Commission acknowledges the substantial strides made by the Cayman Islands and Jordan in addressing their strategic deficiencies. Both countries have not only strengthened their AML/CFT regimes but have also been relieved from the FATF’s monitoring process.

Considering the progress made, the Commission considered it fit to remove the Cayman Islands and Jordan from the high-risk category, amending Delegated Regulation (EU) 2016/1675 accordingly.

Full List of High-Risk Third Countries (as of 22/01/2024):

No.	High-risk third country
1	Afghanistan
2	Barbados
3	Burkina Faso
4	Cameroon
5	Democratic Republic of the Congo
6	Gibraltar
7	Haiti
8	Jamaica
9	Mali
10	Mozambique
11	Myanmar
12	Nigeria
13	Panama
14	Philippines
15	Senegal
16	South Africa
17	South Sudan
18	Syria
19	Tanzania
20	Trinidad and Tobago
21	Uganda
22	United Arab Emirates
23	Vanuatu
24	Vietnam
25	Yemen

21 December

news

Five Comply Addresses New AML/CFT Regulations for CASP Entities in Cyprus

As 2023 draws to a close, Cyprus’ regulatory landscape witnesses a transformative shift with the unveiling of Law 98(I)/2023 by the Cyprus Securities and Exchange Commission (CySEC). This amendment revisits and enhances the AML/CFT framework, placing Crypto-Asset Services Providers (CASP) squarely within its ambit. At FiveComply, we emphasize the importance of understanding and navigating these changes to ensure seamless compliance.

CASP Entities: A Refined Definition

The revamped legislation broadens the scope of CASP entities, defining them as entities that:

Are established in the Republic of Cyprus.
Are not established in Cyprus but offer services or conduct activities professionally from the Republic.
Are not established in Cyprus but offer services or conduct activities professionally to the Republic, unless they are enlisted in a Register of other Member States for services rendered to the Republic.

With this updated definition of CASP entities, it is mandatory for all such entities to enlist in the Cyprus CASP Register overseen by CySEC.

Consequences of Non-Compliance: A Regulatory Alert

In a notable departure from previous iterations, the amended law introduces penalties for non-compliance by CASP entities. Those failing to register with the Cyprus CASP Register face stringent consequences:

Potential imprisonment extending to 5 years.
Financial penalties reaching up to €350,000.
A combination of both punitive measures.

FiveComply underscores the gravity of these penalties, advocating for proactive compliance to mitigate risks and ensure business continuity.

Navigating Compliance: FiveComply’s Commitment

The evolving regulatory framework necessitates expert guidance and tailored solutions. FiveComply remains persistent in our commitment to empowering clients, offering bespoke solutions tailored to unique business needs. Our team’s expertise, coupled with a deep understanding of regulatory intricacies, positions us as your trusted partner in navigating this evolving landscape.

FiveComply stands at the intersection of regulatory expertise and industry insight, offering CASP entities continuing support in achieving compliance.

09 November

news

FIVECOMPLY’S SUMMARY OF THE UPDATED WHITE PAPER ON THE SECURITIES ACT REFORM

The Financial Services Authority (FSA) is suggesting reforms comprising changes related to licensees, provisions, and typographical errors to the Securities Act 2007 (SA).

It aims to improve how Securities Dealers operate in a controlled and well-regulated manner;
It considers emerging risks and opportunities in the sector.

The Policy Paper:

aims to inform the Securities Dealer industry about proposed changes to the regulatory framework governing Securities Dealers (SDs) and amendments to the SA and related regulations; these changes align with the FSA’s goal to create a Seychelles financial services centre that focuses on regulating meaningful and valuable licensed activities.

a) Physical Substance	FSA’S CHALLENGES/CONCERNS
a) Physical Substance	Over 97.10% licensees have minimal or no physical presence in Seychelles, with unmanned offices. – Many lack directors with a concrete understanding of the SDs’ core operations. – Limited or no records are kept in or accessible from Seychelles. – Either they have minimal or no bank accounts in Seychelles partly due to local banks’ reluctance. – Most outsource various functions, including compliance. Due to the recent technological developments the FSA has decided that the physical requirement is necessary, in relation to the operations and activities of SDs, licensed in Seychelles in order to implement enhanced monitoring and supervision of SDs
b) Licensing Requirements	The FSA has recognized some gaps regarding the licensing criteria for the process of granting an SD licence: – The Act does not specify whether company directors must be located in Seychelles or actively involved in company management. – This lack of clarity hinders accountability for licensees’ business conduct within the jurisdiction. – Existing requirements allow licensees to operate remotely without a physical presence in Seychelles. – This setup makes it challenging for the Authority to effectively regulate, monitor, and enforce actions against malpractice or non-compliance by licensees and their directors. – Establishing domestic accountability for licensees is essential to ensure compliance with the Act and responsible business conduct.
c) Inherent Risks	The SD sector like any other business bears inherently prospective risks associated with its operations like: · Liquidity risk · Market price risk · Exchange rate risk · Credit risk · Strategic risk · Operational risk · Compliance risk · Money laundering and terrorist financing risk · Legal and regulatory risk · Jurisdictional risk Due to the absence of physical substance and accountability of SDs in the jurisdiction, the aforementioned risks are greater, while the FSA is left powerless in acknowledging, observing and diminishing any risks along with controlling the required enforcement actions that can be taken concerning SDs, particularly those operational businesses outside Seychelles. Hence, it is crucial to device a risk-based supervision ‘RBS’ approach concerning the observation and regulation of entities operating beyond Seychelles enabling the FSA to keep the Seychelles’ jurisdiction intact while effectively administering the SDs. Finally, the RBS approach involves the allocation of supervisory resources based on an institution’s risk profile, following international principles like those endorsed by the FSA. It involves identifying, categorizing, evaluating, mitigating, reporting, and governing risks. RBS enhances decision-making and optimizes supervisory resource allocation.
d) General Outsourcing	Outsourcing of certain functions of a licensee is allowed, but primary functions and licensable activities must be kept in-house. International Organization of Securities Commissions (IOSCO) provides guidance on outsourcing principles, emphasizing that outsourcing should not prevent the regulator’s ability to supervise and examine regulated entities. Some jurisdictions may restrict outsourcing for tasks with unacceptable risks or critical importance. The FSA in Seychelles defines “core functions” as activities that must be performed in-house and include decision making, regulatory responsibilities and client or investor interactions. These core functions cannot be outsourced except within the same group of companies. Support functions like Human Resources, Finance, and Administration can be outsourced but not subcontracted. The regulated entity remains fully responsible and legally liable for outsourced tasks, just as if they were performed in-house.
e) Complaints handling	The FSA has observed a mounting of complaints from clients engaged in online services provided by licensed SDs. On average, seven complaints are received each month, equivalent to one to two complaints per week. These complaints encompass issues like remote access and boiler room activities, raising significant concerns about the operations of these licensed SDs.

The proposal is to review the legislative framework and suggest requirements to existing licensed SDs along with having new applicants being in compliance with the proposed requirements.

a) At least one fit and proper resident director in Seychelles.	PROPOSALS/REFORMS
	Having a resident director in Seychelles to ensure accountability for Seychelles-based companies is of crucial importance. The resident director must be knowledgeable about the company’s operations, undergo a fitness and proper test, and can be investigated or prosecuted if necessary. If the director is found unfit, they will be removed, potentially jeopardizing the company’s compliance with the requirement for two fit and proper directors and putting the company’s operations and license at risk.
b) Dual control (4‐eyes minimum criterion) by two full-time, resident, fit and proper individuals in Seychelles	The FSA will maintain the requirement to establish substance in Seychelles, as it aims to enhance compliance and believes the white paper provisions, including resident compliance officers and directors, will help meet these criteria. The services of a licensee must be conducted by at least two residents and fit and proper individuals which must be based in Seychelles on a full-time basis. The individuals can be either directors, compliance officers, representatives or any key officers of the licensee who has been determined to be “fit and proper” by the Authority.
c) Compliance function to be undertaken in Seychelles by a resident person and can still be outsourced	The FSA decided to remove the requirement and maintaining the outsourcing of compliance function to resident individuals until further notice. All FSA regulated licensees including SDs are required to appoint a compliance officer under section 23 of the FSA Act to fulfil the licensee’s compliance function. The FSA intends to amend the FSA Act, 2013 which means that the compliance officer will be required to be a resident of Seychelles.
d) Complaints handling to be conducted in Seychelles as a core function with the exemption of being conducted outside Seychelles within the same group of companies	The FSA will maintain the requirement for an internal complaint handling unit/function as per the Financial Consumer Protection Act, 2022 (FCPA Act). This unit does not need to be within the licensed entity in Seychelles and can be managed by another unit or dedicated person within the same group of companies if they are based overseas, with defined service level agreements. As complaints handling is considered a core function, where an SD forms part of a group, in which an affiliated entity is based in Seychelles, core functions may be allowed to be conducted outside of the Seychelles, subject to the FSA’s approval. The outsourcing of such function shall be contractually binding and the licensee shall have sufficient knowledge on the activity of the outsourced function.
e) Increase of paid-up capital requirements	Initial minimum paid up capital will be increased from USD50,000 to USD 100,000; to be kept with a bank at all times licensed in the Seychelles or a recognised jurisdiction to be approved by the Securities Authority. Transition period for existing licensees to meet the new paid-up capital requirements from 6 to 12 months.
f) Access to licensee records from Seychelles.	Records can be kept and shared in the cloud but is imperative for SDs and the FSA to have access to same. All records and transactions pertaining to all the operations of an SD must be stored in Seychelles or be accessed through the SD’s office, thus enabling both the licensees and the Authority to access these records at all times for compliance purposes. Sufficient contingency planning should be ensured by licensees for such access through backups, additional internet connections or remote access for the FSA, or any other means deemed as appropriate by the Authority.
g) Prohibit outsourcing of core functions with some flexibility	The FSA will maintain its position for prohibition of outsourcing of core functions to third party service providers but it will provide flexibility by allowing outsourcing within the same group of companies or to an affiliated entity, upon FSA approval.
h) Outsourcing of support services is allowed	Support services are considered ancillary services and as they do not involve direct interaction with clients can be outsourced. However, licensees are expected to submit the service level agreements to the Authority and in the event of a default on the part of the company to whom the function is outsourced, the licensee remains liable.
i) All medium of communication used with the clients shall be traceable and recorded.	Licensees shall maintain, for at least 7 years, records of all communication with the clients, whether by phone (voice recordings or transcripts), text, email or other alternative forms of communication. Note: Licensees raised specifically concerns as they felt that there is an expensive cost associated with the retention period of 7 years, especially for phone recordings. Τhe FSA has chosen to maintain its initial position, meaning the proposed requirement which aligns with the AML/CFT Act 2020. Nonetheless, transcripts will be allowed and maintained as an alternative to voice recordings by the FSA. All mediums of communication with clients must be recorded so as to ensure that transactions can be recreated.
j) Limitation on trade names and domains	Each licensee shall consider the following for its tradename/domain: 1. Prior to purchase and use, entities should seek approval for use of all trade names and domains names, during the pre-licensing and post-licensing stage, from the FSA. 2. Trade names shall be registered with the Registrar of (Domestic) Companies before being used by the licensed entity, conditional upon the FSA’s approval. 3. The FSA addressed the licensing criterion that a licensed entity must list all their trade names along with their legal name on their license and on the Financial Services Authority (FSA) website. 4. Licensees must prominently display both their trade names and legal names on their website for clients or investors to easily see. 5. A licensed entity is initially allowed to operate with one domain and trade name, and if they want more, they will need to pay extra fees. See the list of applicable fees below: (a) Application fee for each additional Domain – $500 (b) Application fee for each additional Trade name – $500 (c) Annual fee for each additional Domain – $1,000 (d) Annual fee for each additional Trade name – $1,000
k) Limitation on worldwide operations/ Target Market	In regards to approved target markets/ worldwide operations, the burden/onus is on the licensee to comply with the following requirements: (a) ensuring that countries in which they intend on providing services have clear provisions on providing financial services to their residents and/or citizens; (b) Reversing solicitation laws; Licensee must show proof to the satisfaction of the Authority that they are allowed to on-board and solicit clients in countries in which they intend on providing their services as part of the application for a license and at post-licensing stage.
l) Fees to be increased	License type	Application fee		Annual License Fee
		Current	Proposed	Current	Proposed
	Securities Dealer	USD1500	USD3000	USD3000	USD6000
	Representative	REMAINING AT USD500		REMAINING AT USD750
m) Fit and proper fee to be adopted	Introduce a fit and proper fee which shall be applicable for a change in key persons required to undergo a fit and proper determination following submission of the initial SD application or following issuance of license. Proposed fee – USD500
n) Clarity on permissible activities of Securities Dealers	SDs are allowed to generally provide investment advice on securities as part of their operations without the need of an Investment Advisor license. For clarity purposes, Section 48(4)(a) which deals with the licensing of Investment Advisors, shall be repealed.
o) Negative Balance Protection for Retail Clients trading CFD Product	A negative balance protection on a per trading account basis is being proposed with the aim of limiting a retail client’s aggregate liability/losses for all CFDs connected to a CFD trading account with a CFD provider to the funds in that CFD trading account. Consequently, an SD that has opened a trading account for a Retail Client to trade in CFD products will be unable to recover any losses from the client that go beyond the funds in the Retail Client’s trading account.
p) Risk warnings for retail clients	Another risk mitigating measure proposed by the FSA would require SDs when trading in Securities, Futures and Contract for Differences to imprint/display risk warnings for their retail clients, notably for – 1. Understanding of the complexity of the instrument and the risks that comes with it; 2. The risk of losing money rapidly due to leverage and price fluctuation. Note: The FSA has removed the requirement of advising clients of the percentage of clients that has lost money.
q) Change of licensee name	Currently, Section 61 of the Securities Act details when the FSA may mandate the name change of a licensee. Whilst changing a name requires certain administrative procedures from the authority’s side, the FSA proposes a fee to be imposed to commensurate the procedures. Proposed Name Change Fee – USD500
r) Approval of issue, transfer of disposal of shares	As of now, section 60 requires for approval of issuance, transfer or disposal of shares of a licensee. Whilst approving for issuance, transfer and disposal, the authority must undergo certain administrative procedures to give effect to such approval. The FSA’s opinion is that a fee to commensurate the procedures is essential i.e. for examination and administration processes undertaken from them. Fee for approval for insurance, transfer and disposal of shares – USD500
Role of Securities Dealer’s Representative	Whilst the original definition for Securities Dealer[1] will be maintained, its representatives would not be doing the licensees’ functions. Instead, they would be managing the activities as employees of the licensee / rather overseeing the activities as employees of the licensee. Handful Definitions: “securities dealer’s representative” means an individual in the employment of (including a director of) with a securities dealer whose principal purpose is to oversee the execution of the activities outlined within the meaning of section 45, whether he is paid a salary, wages, commission or otherwise;
s) Coming into force of the proposed amendments	Entities licensed before taking effect of the amendment in the Securities Act, Securities (Conduct of Business) Regulations, Securities (Financial Statement) Regulations and for the declaration of the Securities (Outsourcing of Functions) Regulations, shall have 18 months to comply with the provisions, unless specified otherwise. New licensees shall immediately comply with new legislative requirements. The Securities (Fees and Forms) Regulations shall come into force the moment it is put in the gazette.

[1] A Securities Dealer (SD) means a company who, in accordance with sections 2 and 45 (5) of the Act:

(a) carries on the business of dealing in securities or,
(b) holds himself out as conducting such business listed below:

(i) makes or offers to make an agreement with another person to enter into or offer to enter into an agreement, for or with a view to acquiring, disposing of, subscribing for or underwriting securities or in any way effects or causes to effect a securities transaction;
(ii) causes any sale or disposition of or other dealing or any solicitation in respect of securities for valuable consideration, whether the terms of payment be on margin, instalment or otherwise or any attempt to do any of the foregoing;
(iii) participates as a Securities Dealer in any transaction in a security occurring upon a securities exchange;
(iv) receives as a Securities Dealer an order to buy or sell a security which is executed;
or
(v) manages a portfolio of securities for another person on terms under which the first-mentioned person may hold property of the other person.

16 October

news

C603 & C604 ESMA Guidelines on MiFID II product governance requirements & ΕΒΑ Guidelines on outsourcing

In a significant move to enhance regulatory practices within Cyprus’ financial sector, the Cyprus Securities and Exchange Commission (CySEC) has recently issued two essential circulars, C603 and C604. These circulars provide detailed guidelines and directives to ensure strict adherence to international standards and foster a secure financial environment for all stakeholders.

Circular C603: ESMA Guidelines on MiFID II Product Governance Requirements

Issued on 12th October 2023, Circular C603 informs Cyprus Investment Firms (CIFs), UCITS Management Companies (UCITS MC), and Alternative Investment Fund Managers (AIFMs) about the European Securities and Markets Authority (ESMA) Guidelines on MiFID II product governance requirements. These guidelines, published on 03/08/2023, and being effective from 03/10/2023, establish consistent supervisory practices and ensure the uniform application of MiFID II requirements related to product governance. They are applicable to a wide array of financial institutions involved in the manufacturing or distribution of financial instruments and structured deposits.

Please find below the key points arising from the above mentioned ESMA Guidelines:

1. Introduction to MiFID II Product Governance Requirements:

MiFID II regulations mandate firms to define and evaluate target markets for their financial products.
Manufacturers and distributors must ensure their products meet the needs and characteristics of identified target markets.

2. Manufacturer’s Responsibilities:

Manufacturers must define a “positive target market” for each product, considering client type, knowledge, financial situation, risk tolerance, and objectives.
Manufacturers should also identify a “negative target market” for clients incompatible with the product features.
Sustainability-related objectives influence the positive target market; however, sustainability factors aren’t considered for negative target market assessments.

3. Distributor’s Obligations:

Distributors should assess the positive target market defined by the manufacturer and identify clients compatible with the product.
Distributors are required to define their “own” target market if the manufacturer hasn’t provided one, ensuring an appropriate and proportionate approach.
Firms distributing products not complying with MiFID II regulations should refrain from including them in their assortment.

4. Target Market Identification Process:

Manufacturers and distributors should consider the complexity and risk profiles of products when identifying target markets.
The negative target market indicates clients for whom the product is incompatible and sales to this group should be rare, requiring substantial justification.
Deviations from the target market should be documented, justified, and reported if relevant for the product governance process.

5. Application to Wholesale Markets and Professional Clients:

Professional clients’ assumed knowledge and experience should be considered when defining target markets.
Professional clients acting as distributors must comply with distributor obligations.
Some products may have broadly defined target markets, including both retail and professional clients, while others, especially complex products, have narrowly defined target markets.

6. Application to Pre-existing Products:

Products manufactured before January 3, 2018, should fall under MiFID II product governance requirements.
Target markets should be assigned to these products, with reviews conducted following MiFID II guidelines.

7. Conclusion and Compliance:

Firms must adhere to MiFID II regulations, ensuring products align with defined target markets and client needs.
Clear documentation, assessment, and periodic reviews are crucial for compliance.

CySEC, in its circular, emphasizes the importance of these guidelines by integrating them into its supervisory framework. Regulated Entities are urged to diligently apply the guidelines, ensuring compliance with the specified regulatory standards.

Circular C604: EBA Guidelines on Outsourcing

CySEC, on 13/10/2023, also issued Circular C604 to inform Cyprus Investment Firms (CIFs) about the Guidelines released by the European Banking Authority (EBA) on 25/02/2019 regarding outsourcing arrangements. CySEC has incorporated these Guidelines into its supervisory and regulatory practices.

These Guidelines are applicable to CIFs falling under sections 9(1), (3), and (4) of the Prudential Supervision of Investment Firms Law of 2021, specifically those with initial capital requirements of €150,000 and €750,000. They outline internal governance arrangements and risk management protocols that CIFs must follow when outsourcing functions, especially critical or important ones. The Guidelines also provide guidance on how competent authorities should review and monitor these arrangements.

In Circular C604, CySEC urges CIFs to review and adjust existing outsourcing agreements to align with the Guidelines. If the review and adjustment of critical or important function outsourcing agreements are not completed by 30/06/2024, CIFs must inform CySEC through its portal, detailing the planned measures or exit strategy.

Additionally, CySEC emphasizes that CIFs must document all existing outsourcing arrangements (excluding those with cloud service providers) in accordance with Section 11 of the Guidelines after the first renewal date of each arrangement but no later than 30/06/2024.

You can access the EBA Guidelines on outsourcing arrangements here.

For the Prudential Supervision of Investment Firms Law of 2021, please refer to this link.

The issuance of Circulars C603 and C604 underscores CySEC’s dedication to fostering transparency, consistency, and adherence to international standards within Cyprus’ financial landscape. By aligning with ESMA Guidelines on MiFID II product governance requirements and EBA Guidelines on outsourcing, CySEC aims to create a robust framework that ensures the integrity of financial operations. Regulated Entities are urged to familiarize themselves with these guidelines, ensuring swift and accurate implementation. Through these directives, CySEC continues to fortify the financial sector, promoting stability and confidence among investors and market participants alike.

13 October

news

CySEC Circular C601: Implementing EBA’s Guidelines on Remote Customer Onboarding Solutions

The Cyprus Securities and Exchange Commission (CySEC) introduced Circular C601 on October 12, 2023, marking a significant shift in client onboarding practices for various financial entities. Applicable to Cyprus Investment Firms (CIFs), Administrative Service Providers (ASPs), UCITS Management Companies, Alternative Investment Fund Managers, Crypto Asset Service Providers, and others, this Circular implements the European Banking Authority’s (EBA) Guidelines on Remote Customer Onboarding Solutions under Article 13(1) of Directive (EU) 2015/849. This article explores the key aspects of this Circular, shedding light on its practical implications for the financial industry.

1. Development of Policies and Procedures:

Obligations: Institutions must establish and maintain risk-sensitive policies and procedures in line with Article 13(1) (a) and (c) of the AMLD, ensuring compliance with remote customer onboarding obligations.
Pre-Implementation Assessment: Prior to adopting any new remote onboarding solution, institutions are mandated to conduct a pre-implementation assessment. This assessment guarantees the solution’s adequacy and adherence to regulatory standards, mitigating potential risks from the outset.

2. Identity Verification:

Reliable Verification Methods: The guidelines underscore the importance of real-time identity verification methods, including one-time passwords, biometric data collection, and direct phone interactions with customers. These methods ensure the authenticity of the customer’s identity, fortifying the onboarding process.

3. Quality Assurance Testing:

Critical Testing: Rigorous quality assurance testing is imperative to maintain the integrity of remote onboarding solutions.
Testing Methods: Institutions should employ methods such as regular automated quality reports, sample testing, and manual reviews. These methods uphold the reliability and accuracy of the onboarding process.

4. Outsourcing and Third-Party Providers:

Due Diligence: Institutions must integrate the guidelines into vendor due diligence exercises when outsourcing onboarding solutions.
Third-Party Compliance: Institutions are responsible for ensuring that third-party solutions meticulously adhere to prescribed regulations. This vigilance is paramount to maintain compliance and security.

5. Document Review Using Technology:

Algorithms and OCR: The guidelines provide explicit instructions on employing algorithms and Optical Character Recognition (OCR) methods for accurate and consistent review of Customer Due Diligence (CDD) documents.
Accuracy Measures: Institutions must ensure these tools accurately and consistently capture information to maintain the integrity of the customer onboarding process.

6. Monitoring and Reporting:

Regular Monitoring: Institutions must routinely monitor remote onboarding solutions to ensure alignment with regulatory expectations.
Ad Hoc Reviews: Ad hoc reviews are necessary in response to changes in risks, detected deficiencies, increased fraud attempts, or alterations in the legal or regulatory framework.

7. Remedial Measures and Compliance:

Prompt Actions: Institutions must establish procedures to promptly address risks and errors, including additional due diligence, transaction limits, relationship termination, reporting to FIU, etc.
Demonstrating Compliance: Clear records of assessments and actions taken are indispensable for regulatory compliance and demonstrating adherence to guidelines.

8. Security and Compliance with ICT Standards:

Secure Communication: Institutions should utilize secure communication channels, secure protocols, and cryptographic algorithms to safeguard the confidentiality, authenticity, and integrity of exchanged data.
Secure Access Points: A secure access point must be provided for initiating the remote customer onboarding process based on qualified certificates for electronic seals or website authentication.

9. Use of Trust Services and National Identification Processes:

Compliance with Solutions: Credit and financial institutions may leverage relevant trust services and electronic identification processes regulated, recognized, approved, or accepted by national authorities to comply with the guidelines. Mitigation measures are necessary to address authentication risks and potential identity frauds.

10. Storage of Customer Data:

Data Storage Measures: Institutions must ensure that only necessary customer data is collected and stored within clearly defined retention periods.
Data Access and Security: Access to stored data must be limited and registered, and appropriate security measures should be implemented to protect the stored data.

CySEC’s Circular C601 signifies a transformative phase where client onboarding evolves into a seamless, secure, and efficient process. By adhering meticulously to these guidelines, financial institutions not only fulfil regulatory mandates but also invest in a future defined by integrity and compliance. Embracing these changes, the industry establishes a new standard of excellence, ensuring a financial landscape built on trust and efficiency.

12 October

news

CySEC Circular C602 – Navigating the Latest CNMV Resolution: Ensuring Investor Protection in Spain

In light of Circular No: C602 recently issued by the Cyprus Securities and Exchange Commission (CySEC) concerning the Spanish National Securities Market Commission’s (CNMV) Resolution of 11 July 2023 on product intervention measures relating to Contracts for Differences (CFDs) and other leveraged products, it is imperative for both investors and financial service providers to grasp the newly introduced guidelines. This article aims to offer a comprehensive insight into the key aspects and implications of the CNMV’s resolution.

The CNMV’s Resolution of 11 July 2023 builds upon previous measures enacted in 2019 and focusing on concerns related to the marketing, distribution, and sale of CFDs and other leveraged products to retail investors in Spain. Despite earlier interventions, persistent aggressive marketing practices and high-risk investments have necessitated the implementation of additional protective measures.

The resolution is scheduled to become effective twenty days after its publication in the Spanish Official State Gazette. Current sponsorship or brand advertising agreements are permitted to continue until their initial expiration, within a maximum period of 12 months from the publication date.

Key Measures for CFDs:

The CNMV’s resolution introduces vital measures to ensure the safety and security of retail investors. These measures include:

Leverage Limitation: The CNMV has set limits on leverage ratios for different asset classes, such as 1/30 for relevant currencies, 1/20 for other currencies, gold, and relevant equity indices, and 1/2 for crypto assets, among others; thereby mitigating potential losses.
Close Position Protection: Implementation of close position protection to safeguard retail customers from significant losses.
Protection Against Negative Balances: Adequate protection to prevent retail investors from incurring losses exceeding their initial investment.
Prohibition of Certain Practices: Stricter regulations prohibiting the offering of excluded payments and non-monetary benefits concerning CFDs.
Mandatory Risk Warning: Inclusion of clear and comprehensive risk warnings in all marketing materials to highlight the high-risk nature of CFD investments.

Additional Measures for CFDs:

In addition to the key measures, the CNMV’s resolution includes further restrictions to ensure investor protection:

1. Prohibition of Certain Marketing Practices for CFDs:

Rewards and Remuneration Prohibition: Providers are prohibited from offering rewards or remuneration to customers, marketing networks, or third parties based on the number of clients acquired, cash deposits, or losses by clients.
Use of Call Centres: Providers are not allowed to use call centres to contact clients or potential clients to promote CFDs.
Software Restrictions: The use of software where providers’ remuneration is determined based on client deposits or losses is prohibited.
Credit Card Deposits: Acceptance of cash deposits using credit cards is prohibited.
Prohibition of Advertising Communications: The marketing, distribution, and sale of subject instruments and services by means of advertising communications aimed at retail investors in Spain, including potential clients, shall be prohibited.

Please note that marketing communications prohibited will be considered to include those:

Redirecting to a website that offers instruments or subject services;
Sending to a contact form, an application download, or any other kind of tool intending to put the client in touch with investment service providers that offer said type of instruments or services;
Offering training, technical seminars, courses, or sessions to the general public whenever such offers are related to the subject services or instruments, as well as similar training demo accounts or tools for retail investors or the general public that encourage investing in these, whether promoted or held by the regulated entities or by related or affiliated parties, regardless of whether they are free or have a token charge.

2. Scope of Application for Leveraged Instruments:

The guidelines are applicable to entities authorized to provide investment services in Spain, irrespective of their origin, regarding the marketing, distribution, and sale of CFDs and other leveraged products to retail investors in Spain. It also extends to activities by Spanish firms in other Member States, especially in the case of CFDs with crypto-assets as underlying assets.

3. Specific Measures for Other Leveraged Instruments:

For instruments beyond CFDs, such as futures and options, there are limitations on leverage and mandatory close position protection measures. These measures are designed to protect retail customers from excessive losses.

4. Periodic Review and Revocation of Measures:

The measures adopted in this resolution may be reviewed annually and revoked as per the provisions of Article 42.6 of Regulation (EU) No 600/2014 of the European Parliament and of the Council, of 15 May 2014, on markets in financial instruments.

The measures outlined in the CNMV’s resolution, effective from 3 August 2023, apply universally to all entities authorized to provide investment services in Spain. These regulations pertain to any marketing, distribution, and sale of the specified instruments and services to retail investors in Spain. It is important to note that these guidelines are applicable irrespective of the origin of the investment firm marketing and distributing such products. This includes entities operating under the freedom to provide services without a physical establishment in Spain. The CNMV’s reach encompasses both local and international entities, emphasizing a comprehensive approach to investor protection within Spain’s financial markets.

CySEC emphasizes the importance for all CIFs engaged in marketing, distributing, and selling CFDs and similar leveraged products to retail investors in Spain to promptly adopt necessary actions and strategies to comply with the CNMV’s Resolution.

The CNMV’s latest resolution marks a significant leap in ensuring investor protection within Spain’s financial markets. Through rigorous regulations on CFDs and leveraged products, the CNMV aims to minimize risks for retail investors and eliminate aggressive marketing practices.

04 October

news

EU High Risk Countries List: Delegated Regulation (EU) 2016/1675: Cameroon and Vietnam added to the list

On 28th September 2023, the European Union underscored its commitment to global financial stability by strengthening its measures against money laundering, terrorist financing, and proliferation financing. This significant step forward was achieved through the amendment of Commission Delegated Regulation (EU) 2016/1675 via Commission Delegated Regulation (EU) 2023/2070, dated 18th August 2023. This amendment, slated to be effective on the 20th day following its publication in the Official Journal of the European Union, addresses evolving challenges in the financial landscape.

A comprehensive assessment conducted by the European Commission identified Cameroon and Vietnam as third country jurisdictions with strategic deficiencies in their Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regimes. These deficiencies were recognized as significant threats to the Union’s financial system. Consequently, Cameroon and Vietnam are scheduled to be added to the table in Point I of the Annex to the Delegated Regulation (EU) 2016/1675.

The addition of Cameroon and Vietnam reaffirms the EU’s dedication to safeguarding the integrity of its financial institutions. By fortifying its anti-money laundering, terrorist financing, and proliferation financing measures, the EU aims to create a secure financial environment, both internally and globally. This development signifies the EU’s proactive approach in adapting to emerging challenges and its commitment to international collaboration in combating financial crimes.

The amendment, executed with precision and in accordance with regulatory protocols, sets a standard for regulatory bodies worldwide. It emphasizes the importance of stringent AML/CFT regimes in ensuring a stable and secure global financial ecosystem. The EU’s decision to include Cameroon and Vietnam in its regulatory framework exemplifies the Union’s commitment to fostering financial security and integrity, thereby reinforcing confidence in the international financial markets.

02 August

Careers

Career Opportunity – COMPLIANCE OFFICER (vacancy on behalf of FiveComply Client)

On behalf of our client, we are recruiting a full-time #ComplianceOfficer to join a growing Investment Dealer based in Mauritius.

Main duties:

Ensuring continued compliance with the obligations under the FIAMLA and FIAML Regulations 2018 subject to the ongoing oversight of the Board of the Company
Contributing to creating, implementing, and maintaining the Company’s compliance manual, policies and procedures, and system for combating Money Laundering and FT
Undertaking day-to-day supervision of the AML Program and compliance monitoring activities
Carrying out risk assessments
Maintain compliance registers (including PEP, Incidents and Errors, Breaches, Conflicts of Interest, etc)
Regular reporting, including reporting of non-compliance to the Board of the Company
Undertaking a review of all internal disclosures on relevant information and determining whether or not such internal disclosures have substance and require filing/reporting to be made to the FIU
Maintaining relevant records
Provide guidance to the Board and develop ongoing training programs to the staff
Any other related duties that may be required from time to time
Reviewing and evaluating suspicious activity reports and being the first contact person in regard to FIU and other regulatory reporting matters
Profound knowledge and experience in AML/FCC and Sanctions domain

Qualifications and experience:

Degree in law, finance, Accounting, or any other relevant qualification. Certification from CAMS/ACAMS will be a plus
5 years of relevant experience in the Global Business Sector
Approved Compliance Officer, appointments as MLRO/DMLRO will be a plus
Extensive knowledge of regulatory and legal frameworks relating to the business

Company summary/profile:

The Company is a leading award-winning financial services company with a global presence for over a decade. As a trusted and regulated Forex broker, the Company holds licenses from multiple jurisdictions, including a license from the Mauritius Financial Services Commission.

The Company’s commitment to excellence, compliance, and customer satisfaction has earned them numerous awards for their exceptional customer experience and innovative trading platforms.

As a progressive financial services company, the Company fosters a supportive work environment that values work-life balance and offers abundant growth opportunities.

The Company’s team of experienced professionals is committed to providing expert guidance, empowering its clients to make informed trading decisions.

Kindly be advised that the designated deadline for submission of applications for the aforementioned position is the 9^th of August, 2023.

20 July

news

ESMA: Follow-up report on the progress of NCAs – Steps of progress by CySEC

The European Securities and Markets Authority (ESMA) has released a follow-up report on the compliance function under MiFID I, assessing the progress made by National Competent Authorities (NCAs) since the previous peer review in 2017.

The follow-up report focuses on the efforts of several NCAs, namely CySEC (CY), HCMC (EL), CBI (IS), AFM (NL), and ATVP (SI). These authorities have displayed commendable progress through the implementation of stronger supervisory frameworks, conducting investigations and thematic reviews, and utilizing enforcement tools to discourage misconduct within firms.

The report acknowledges the strides made by CySEC and CBI while offering guidance on further enhancements:

CySEC: The authority is encouraged to consolidate its supervisory approach to maintain an ongoing focus on firms’ compliance functions. This consolidation will ensure continuous monitoring and evaluation of compliance activities.

CBI: In order to bolster its supervisory approach, CBI is advised to integrate all aspects of the ESMA Guidelines on the compliance function under MiFID into its framework. Additionally, increasing controls on the compliance function of non-banking investment firms is recommended.

For more information on the follow-up report and its recommendations please visit the following link provided by ESMA – https://lnkd.in/ddTPDXW4