On December 13, 2024, the Cyprus Securities and Exchange Commission (CySEC) released the Policy Statement (PS-03-2024) on the fees payable and information required for entities falling under the scope of the Markets in Crypto-Assets Regulation (MiCAR). This publication follows the consultation period where CySEC engaged with stakeholders in the crypto-asset sector, ensuring that the final approach reflects industry insights and addresses key concerns. This detailed Policy Statement establishes a clear framework for businesses operating with crypto-assets in Cyprus, especially those dealing with Asset-Referenced Tokens (ARTs), E-Money Tokens (EMTs), and other crypto-assets not falling under the ART or EMT categories.

 MiCAR, which came into force in the European Union on 31 May 2023, aims to create a harmonized legal framework for crypto-assets, enhancing regulatory clarity and reducing risks in the crypto-asset market. The regulation focuses on ensuring transparency, investor protection, and market integrity in relation to three main categories of crypto-assets:

1. Asset-Referenced Tokens (ARTs): Often referred to as stablecoins, ARTs are designed to maintain a stable value by referencing other assets, such as fiat currencies or commodities.
2. E-Money Tokens (EMTs): These are crypto-assets that maintain a stable value by referencing a single fiat currency, and they are similar to electronic money.
3. Other Crypto-Assets: This category includes all crypto-assets not classified as ARTs or EMTs, providing a residual category for diverse digital assets.

Entities engaging in the issuance, offer, or provision of services related to these crypto-assets in the EU are subject to MiCAR’s provisions. These businesses range from issuers of crypto-assets to Crypto-Asset Service Providers (CASPs), each of which is required to meet strict regulatory standards.

Key Components of the Policy Statement

1. Fee Structure for Entities under MiCAR

 The Policy Statement establishes a comprehensive fee structure for entities regulated under MiCAR, focusing on the following categories:

• Notification and Modification Fees: Entities seeking to notify CySEC of a crypto-asset white paper, or modifications to such papers, will be subject to specific fees:
  • €1,000 for the notification of a new white paper.
  • €500 for the notification of a modified white paper. These fees apply to crypto-assets other than ARTs and EMTs, and stakeholders have supported these amounts as fair and aligned with industry standards.
• Annual Fees: Entities under MiCAR, including offerors and persons seeking admission to trading of crypto-assets (excluding ARTs and EMTs), will pay an annual supervision fee of €5,000, which will be due each November 30. For entities operating less than 12 months, the fee will be prorated.
• Specialized Fees for ARTs and EMTs: Issuers of ARTs and those seeking admission to trading will face application and assessment fees, which vary depending on the type of ART and its specific requirements. For example:
  • Application for Authorisation to Offer ARTs: €15,000.
  • Assessment of Plan for ART Issuers: €10,000 (required when thresholds for ART transactions are exceeded).
  • Annual Fee for ART Issuers: €20,000 flat fee plus a variable fee based on the value of the reserve of assets held by the issuer.
• CASP Fees: Crypto-Asset Service Providers (CASPs) are subject to fees related to the application for authorisation, notifications of changes, and annual supervision. Notably, the annual supervisory fee for CASPs is based on the type of services they provide. For example:
  • Custody and administration of crypto-assets: €10,000 annually.
  • Operation of a trading platform: €20,000 annually.
  • Exchange services and portfolio management: €5,000–€8,000 annually.

Additionally, a variable component will apply based on the turnover from crypto-asset services, with a cap of €500,000 annually.

2. Reporting Requirements and Information Submission

 Alongside the fees, the Policy Statement outlines critical reporting obligations for entities under MiCAR. The reporting structure is designed to maintain transparency and ensure ongoing regulatory compliance. Notable reporting requirements include:

• Notification of Changes: Entities must notify CySEC of various changes, such as modifications to their white papers, changes to management bodies, key function holders, and any discontinuation plans. These notifications must be submitted promptly to ensure compliance with MiCAR’s governance standards.
• Annual Audits and Submissions: Issuers of ARTs and EMTs, as well as CASPs, are required to submit annual audited financial statements. These audits will form the basis for calculating certain fees, particularly the variable component for CASPs, based on their financial turnover. Additionally, ART issuers must submit an annual report on the reserve of assets they hold to ensure compliance with MiCAR’s liquidity requirements.
• Discontinuation and Recovery Plans: Issuers of ARTs are required to submit plans for the discontinuation of services or recovery plans in case of financial distress. These plans ensure that the issuer is prepared for all eventualities and that investor protection remains a priority.

3. Consultation Feedback and CySEC’s Response

CySEC’s final Policy Statement reflects the feedback received during the consultation period. In response to concerns raised by stakeholders, CySEC introduced a cap on the annual fees for CASPs, set at €500,000, providing businesses with more predictability regarding their regulatory costs. Furthermore, CySEC clarified the methodology for calculating the turnover component of the fees, which is based solely on revenue generated from crypto-asset services to avoid double-charging for services under different regulatory frameworks.

CySEC also clarified the process for entities that are currently operating under national regulations but intend to transition to MiCAR’s framework. These businesses will need to undergo full authorisation procedures to continue their operations once the MiCAR regime is fully implemented. Additionally, the MiCAR framework introduces several new definitions and obligations for CASPs, including the necessity to submit detailed assessments of the suitability of their management bodies.

4. Next Steps and Implementation Timeline

Entities affected by MiCAR are encouraged to begin their applications and submit notifications to CySEC as soon as possible. CySEC has also highlighted the importance of monitoring future publications by the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA), as these will further elaborate on the technical standards and guidelines for MiCAR’s implementation.

In particular, CySEC reminds entities that the regulation on the information accompanying transfers of funds and certain crypto-assets, which becomes applicable on December 30, 2024, must also be adhered to, particularly by CASPs operating during the grandfathering period of MiCAR’s transitional phase.

How FiveComply Can Help:

 At FiveComply, we specialize in guiding businesses through the complex regulatory landscape of the financial and crypto-asset sectors. Our team of regulatory and compliance experts is equipped with the knowledge and experience to help your company navigate the evolving MiCAR framework, ensuring full compliance with CySEC’s new policies and reporting requirements.

We can assist you with:

• MiCAR Compliance Strategy: Tailoring a compliance plan that aligns with MiCAR’s detailed regulatory requirements.
• Application and Fee Guidance: Helping you understand the fee structure and supporting you through the application process for authorizations.
• Ongoing Regulatory Support: Providing continuous guidance on reporting, notifications, and submissions to CySEC.

Book an appointment with our experts today to get personalized, actionable insights and ensure your business stays ahead of regulatory changes in the crypto-asset industry.

As the financial industry continues to evolve, staying compliant with regulations is more critical than ever. At FiveComply, we specialize in providing comprehensive compliance support tailored to your business needs. On the 6^th of August 2024, the Cyprus Securities and Exchange Commission (CySEC) issued a significant Policy Statement (PS-01-2024) aimed at enhancing the onboarding process for non-face-to-face (NFTF) customers. This new regulation highlights the importance of using innovative electronic methods to ensure robust customer due diligence (CDD).

Understanding the CySEC Policy Statement:

The newly issued Policy Statement by CySEC addresses the challenges and opportunities associated with remote customer onboarding. The policy, which takes into account the European Banking Authority (EBA) Guidelines and other regulatory frameworks, emphasizes the need for a risk-sensitive approach when adopting Remote Customer Onboarding Solutions (RCOS).

Key aspects of the policy include:

1. Technology-Neutral Approach: CySEC supports a technology-neutral approach, encouraging Obliged Entities (OEs) to incorporate RCOS without bias toward specific technologies. This allows businesses to choose the most suitable solutions that align with their compliance strategies.
2. Comprehensive Risk Assessment: Prior to implementing RCOS, entities are required to conduct a thorough risk assessment. This assessment ensures that the chosen solutions effectively mitigate risks associated with money laundering and terrorist financing.
3. Regulatory Notification: Entities must notify CySEC of their intent to integrate RCOS into their NFTF onboarding processes. This notification, along with a standardized attestation from responsible persons, demonstrates a commitment to regulatory compliances.
4. Limitations on Transactions: A risk-based approach necessitates setting explicit limits on assets and transaction sizes during remote onboarding. This helps in maintaining control over potential risks and ensuring that due diligence measures are adequately applied.
5. Identity Verification Procedures: The policy outlines stringent requirements for electronic NFTF identification, including the use of dynamic selfies or video calls. All verification must occur through a single device to enhance security and authenticity.
6. Revised electronic NFTF Customer Identification procedure: CySEC emphasizes the need for accuracy and authenticity in verifying identification documents and specifies that entities should use official sources, highlighting PRADO as a trusted and reliable database. The use of PRADO is recommended because it provides a centralized repository of authentic identity documents recognized across Europe, ensuring that investment firms can verify documents vetted and considered valid by regulatory authorities.

The Importance of Compliance in Digital Onboarding:

The shift towards digital onboarding brings both convenience and challenges. While innovative technologies offer seamless customer experiences, they also necessitate a heightened focus on compliance to prevent financial crimes. The CySEC guidelines serve as a crucial framework to guide entities in integrating effective remote onboarding solutions that adhere to regulatory standards.

How FiveComply Can Help:

At FiveComply, we offer specialized compliance support services to help your business navigate the complexities of the CySEC policy and other regulatory requirements. Our team of experienced consultants provides tailored solutions to ensure your onboarding processes are compliant, efficient, and secure.

Navigating the complexities of compliance in the digital age can be challenging. However, with the right guidance and support, your business can stay ahead of regulatory requirements and maintain a competitive edge. FiveComply is here to assist you every step of the way, ensuring that your compliance processes are both effective and efficient.

In a significant step to combat financial crime, the European Union has introduced a comprehensive set of regulations designed to enhance its anti-money laundering (AML) and counter-terrorism financing (CFT) efforts. Published on June 19, 2024, this reform package marks a turning point in the EU’s approach to tackling money laundering and terrorism financing. For financial institutions and compliance professionals, understanding these regulations and preparing for their implementation will be critical to ensuring compliance and safeguarding operations.

Overview of the New EU AML/CFT Framework:
The new AML/CFT package is designed to address the complex challenges of money laundering and terrorism financing by establishing a cohesive and unified regulatory environment across all EU member states. The package comprises three key legislative components:

1. The Sixth Anti-Money Laundering Directive (MLD6)
2. The EU “Single Rulebook” Regulation
3. The Anti-Money Laundering Authority Regulation (AMLA)

These components collectively aim to eliminate inconsistencies and loopholes in the current system, enhance transparency, and improve collaboration among EU member states.

1. The Sixth Anti-Money Laundering Directive (MLD6)

The Sixth Anti-Money Laundering Directive represents a significant advancement in the EU’s regulatory arsenal, introducing several critical features aimed at enhancing financial transparency and accountability:

• Increased Transparency: The directive mandates enhanced transparency for financial transactions by requiring financial institutions to maintain detailed records that allow for traceability and verification of all transactions. This increased transparency is expected to deter criminal activities by closing existing loopholes.
• Sector-Specific Risk Management: MLD6 implements a risk-based approach, allowing institutions to tailor their AML efforts based on the specific risk profiles of different sectors. This approach ensures that resources are allocated effectively, focusing on high-risk areas to prevent potential financial crimes.
• Technological Integration: The directive embraces technological advancements, such as blockchain and digital identities, to streamline the verification process and improve transaction tracking. By integrating these technologies, financial institutions can enhance their AML capabilities and better detect suspicious activities.
• Strengthened International Collaboration: Recognizing the global nature of financial crimes, MLD6 promotes stronger collaboration between EU member states, encouraging information sharing and joint efforts to tackle cross-border money laundering and terrorist financing activities.

2. The EU “Single Rulebook” Regulation

The EU “Single Rulebook” Regulation aims to harmonize AML/CFT regulations across the EU, ensuring that all financial institutions adhere to consistent standards. This regulation addresses several crucial areas:

• Unified Standards: By establishing a single set of rules, the regulation ensures uniformity in AML/CFT measures, reducing discrepancies and loopholes that have historically existed between member states. This harmonization is crucial for creating a level playing field across the EU.
• Enhanced Supervisory Mechanisms: The regulation enhances supervisory cooperation among national authorities, including Financial Intelligence Units (FIUs), to facilitate efficient information exchange and coordination in the fight against money laundering and terrorist financing.
• Targeted Measures for High-Risk Sectors: Specific measures are introduced to address high-risk sectors, such as crypto-assets and high-value industries, ensuring that due diligence efforts are proportionate to the risks involved.
• Inclusion of Emerging Technologies: The regulation extends its scope to include new technologies and financial products, such as crypto-assets, aligning with the Markets in Crypto-Assets (MiCA) Regulation. This inclusion ensures that AML/CFT measures are up-to-date and capable of addressing modern financial threats.

3. The Anti-Money Laundering Authority Regulation (AMLA)

The creation of the Anti-Money Laundering Authority (AMLA) marks a significant step towards centralizing and enhancing the EU’s AML/CFT efforts. Key responsibilities of the AMLA include:

• Central Coordination: AMLA will act as the central body overseeing national supervisors, ensuring that EU rules are applied uniformly and preventing regulatory gaps. This centralization aims to improve the overall effectiveness of AML/CFT measures.
• Direct Oversight: AMLA will have direct supervisory authority over high-risk financial institutions and groups, enabling it to take proactive measures in identifying and mitigating risks associated with money laundering and terrorist financing.
• Facilitation of Cross-Border Cooperation: The AMLA will enhance collaboration among FIUs and other national bodies, facilitating cross-border investigations and improving information exchange to tackle complex financial crimes.

The new AML/CFT regulations introduce significant changes for financial institutions operating within the EU, requiring strategic adjustments to ensure compliance. Institutions should begin by educating their staff on these new requirements through comprehensive training programs that clarify each employee’s role in maintaining compliance. Updating internal policies and procedures is essential, especially in areas like due diligence, transaction monitoring, and customer onboarding. Conducting a compliance gap analysis can help identify deficiencies in current practices and guide necessary improvements. Additionally, institutions should focus on developing a robust compliance framework that facilitates effective collaboration with the newly established Anti-Money Laundering Authority (AMLA) and other regulatory bodies. Embracing technological advancements, such as blockchain and digital identities, will further enhance an institution’s ability to detect and prevent financial crimes. By taking these proactive measures, financial institutions can effectively mitigate risks and navigate the complexities of the evolving regulatory landscape

The application of the new AML/CFT regulations will be gradual. The AML Regulation will become effective on July 10, 2027, while member states will have varying timeframes to transpose specific parts of the directive. The establishment of the AMLA is already underway, with full operational capabilities expected by mid-2025.

The introduction of the new EU AML/CFT package represents a significant advancement in the fight against financial crime. By creating a more cohesive and harmonized regulatory framework, the EU aims to enhance its ability to detect, prevent, and combat money laundering and terrorist financing.

Financial institutions must be proactive in adapting to these changes, ensuring that their operations align with the new regulations.

At FiveComply, we understand the complexities of navigating this evolving landscape and are committed to supporting our clients in meeting these challenges head-on. Our expert team is dedicated to helping financial institutions navigate the complexities of the new EU AML/CFT regulations.

For more information on how the new AML reforms will impact your operations and how FiveComply can assist you in preparing for these changes, please contact us. Our team is ready to support you in this new era of regulatory compliance.

In a recent announcement, the Cyprus Securities and Exchange Commission (CySEC) shared its focus areas for 2024, aiming to guide and support regulated entities through evolving regulatory landscapes. As trusted advisors, FiveComply seeks to unpack these priorities for our valued clients, including Cyprus Investment Firms (CIFs) and asset managers, offering clarity and actionable insights.

CySEC’s goals for 2024 are centered on safeguarding market integrity and protecting investor interests. Shaped by ongoing market assessments and regulatory updates, these priorities serve as a compass for regulated entities, guiding them towards compliance excellence among changing regulatory dynamics.

Key Priorities Overview:

1. Enhanced Supervision: CySEC underscores the importance of vigilant oversight, particularly for firms involved in cross-border activities with complex financial products like Contracts for Difference (CFDs). This heightened scrutiny aims to mitigate risks and ensure market stability.
2. Promoting Compliance Culture: Cultivating a culture of compliance is essential. CySEC encourages firms to strengthen governance structures and control functions, fostering a sustainable approach to regulatory compliance.
3. Proactive Risk Management: Timely identification and mitigation of risks are crucial. Regulated entities are urged to proactively address emerging threats, ensuring business resilience and investor protection.

Focus Areas for Regulated Entities:

• Investment Services: CIFs must adhere to professional conduct rules, enhance organizational arrangements, and embrace technological advancements. Additionally, robust governance frameworks and proactive risk management are emphasized.
• Asset Management: Asset managers should prioritize adherence to regulatory mandates, including sustainability requirements and effective asset valuation procedures. Thorough data analysis and oversight of derivative contracts are vital for maintaining financial stability.

Guidance for Regulated Entities: Regulated entities are encouraged to conduct comprehensive reviews of policies and procedures, aligning them with regulatory standards. Active engagement from management bodies and proactive measures to address emerging risks, including those in Information and Communications Technology (ICT), are recommended.

Next Steps: Regulated entities should anticipate ongoing collaboration with supervisory teams and take proactive steps to address identified areas for improvement. As CySEC continues to enforce regulatory standards, partnership and investment in compliance solutions are key to navigating regulatory complexities successfully.

About us: FiveComply is a trusted consultancy firm specializing in regulatory compliance and risk management solutions. With a commitment to empowering clients through tailored strategies and innovative tools, we stand ready to support our clients’ journey towards compliance excellence.

On 20 February 2024, the Council of the European Union made a significant decision to remove Bahamas, Belize, Seychelles, and Turks and Caicos Islands from the list of non-cooperative jurisdictions for tax purposes. This update brings the EU list to comprise 12 jurisdictions and reflects ongoing efforts to promote tax good governance worldwide.

The EU list of non-cooperative jurisdictions for tax purposes, established in December 2017, forms a crucial part of the EU’s external strategy on taxation. It aims to contribute to ongoing efforts to promote tax good governance worldwide. The Council’s decisions are prepared by the Council’s Code of Conduct Group, which cooperates closely with international bodies such as the OECD Forum on Harmful Tax Practices (FHTP) to achieve these goals.

The next revision of the list is scheduled for October 2024.

Reasons for Removal from the EU List:

1. Bahamas and Turks and Caicos Islands: Identified deficiencies in the enforcement of economic substance requirements led to their inclusion in October 2022. However, both jurisdictions have made significant progress, and their recommendations have been converted from “hard” to “soft” by the OECD Forum of Harmful Tax Practices (FHTP). This has allowed the Code of Conduct Group to consider these jurisdictions compliant with the standard for jurisdictions with no or only a nominal corporate income tax.
2. Belize and Seychelles: Added to the list in October 2023 due to concerns regarding the exchange of information on request. Following changes to the applicable rules in these jurisdictions, the Global Forum has granted them both a supplementary review, which will be undertaken in the near future. Pending the outcome of this review, Belize and Seychelles have been included in the relevant section of Annex II (more information below).

State of Play Document (Annex II):

In addition to the list of non-cooperative tax jurisdictions, the Council has endorsed the customary status update document (Annex II), which mirrors the continuous collaboration between the EU and its global counterparts. This document highlights the commitment of these nations to reform their legal frameworks to align with established tax governance standards. Its aim is to acknowledge the ongoing productive efforts in the realm of taxation and to commend the proactive stance adopted by cooperative jurisdictions in implementing principles of tax governance.

Removed from the State of Pay List:

– Albania and Hong Kong: Having amended their harmful tax regimes, these jurisdictions will be removed from the document.

– Aruba and Israel: Fulfilling pending commitments related to automatic exchange of financial account information.

– Botswana and Dominica: Received positive ratings from the Global Forum, resulting in the deletion of references to these jurisdictions.

In a pivotal move, the European Securities and Markets Authority (ESMA) has unveiled two Consultation Papers addressing crucial aspects of the Markets in Crypto Assets Regulation (MiCA). This comprehensive initiative seeks public input on guidelines related to reverse solicitation and the classification of crypto assets as financial instruments.

Consultation on Reverse Solicitation:

ESMA is actively soliciting feedback on proposed guidance for the reverse solicitation exemption. The aim is to refine conditions and supervisory practices employed by National Competent Authorities (NCAs) to prevent circumvention. ESMA reiterates that the exemption is a narrowly framed exception, emphasizing that MiCA limitations cannot be sidestepped.

Consultation on Classification of Crypto Assets:

ESMA invites stakeholders to contribute insights into establishing precise conditions and criteria for classifying crypto assets as financial instruments. This move aligns MiCA with the Markets in Financial Instruments Directive II (MiFID II), ensuring a harmonized approach across the EU.

Proposed Guidelines: The guidelines provide NCAs and market participants with structured yet flexible criteria for crypto-asset classification, striking a balance between guidance and avoiding a rigid, one-size-fits-all approach.

Next Steps:

Stakeholders have until April 29, 2024, to provide their feedback. ESMA plans to meticulously consider the received insights, with the final report anticipated in the fourth quarter of 2024. This initiative is poised to enhance clarity and contribute to global standards in crypto-asset regulation.

Explore the consultation papers https://www.esma.europa.eu/press-news/esma-news/esma-consults-reverse-solicitation-and-classification-crypto-assets-financial and actively participate in shaping the future landscape of crypto regulation.

The European Commission via the issuance of the Commission Delegated Regulation 2024/163/EU has enacted important changes to the list of third-country jurisdictions with strategic deficiencies in their AML/CFT regimes. This update focuses on the removal of Jordan and the Cayman Islands from the high-risk category, reflecting their significant progress in strengthening AML/CFT frameworks.

Directive (EU) 2015/849 empowers the Commission to identify high-risk third countries, and Commission Delegated Regulation (EU) 2016/1675 initially identified such countries.

Recent information, including FATF statements and reports, triggered this review. The FATF’s removal of the Cayman Islands and Jordan from the ‘Jurisdictions under Increased Monitoring’ list in October 2023 prompted a comprehensive assessment by the Commission. Those countries are identified as high-risk third countries in Delegated Regulation (EU) 2016/1675 but were deleted from the FATF list of ‘Jurisdictions under Increased Monitoring’ in October 2023.

The Commission acknowledges the substantial strides made by the Cayman Islands and Jordan in addressing their strategic deficiencies. Both countries have not only strengthened their AML/CFT regimes but have also been relieved from the FATF’s monitoring process.

Considering the progress made, the Commission considered it fit to remove the Cayman Islands and Jordan from the high-risk category, amending Delegated Regulation (EU) 2016/1675 accordingly.

Full List of High-Risk Third Countries (as of 22/01/2024):

As 2023 draws to a close, Cyprus’ regulatory landscape witnesses a transformative shift with the unveiling of Law 98(I)/2023 by the Cyprus Securities and Exchange Commission (CySEC). This amendment revisits and enhances the AML/CFT framework, placing Crypto-Asset Services Providers (CASP) squarely within its ambit. At FiveComply, we emphasize the importance of understanding and navigating these changes to ensure seamless compliance.

CASP Entities: A Refined Definition

The revamped legislation broadens the scope of CASP entities, defining them as entities that:

• Are established in the Republic of Cyprus.
• Are not established in Cyprus but offer services or conduct activities professionally from the Republic.
• Are not established in Cyprus but offer services or conduct activities professionally to the Republic, unless they are enlisted in a Register of other Member States for services rendered to the Republic.

With this updated definition of CASP entities, it is mandatory for all such entities to enlist in the Cyprus CASP Register overseen by CySEC.

Consequences of Non-Compliance: A Regulatory Alert

In a notable departure from previous iterations, the amended law introduces penalties for non-compliance by CASP entities. Those failing to register with the Cyprus CASP Register face stringent consequences:

• Potential imprisonment extending to 5 years.
• Financial penalties reaching up to €350,000.
• A combination of both punitive measures.

FiveComply underscores the gravity of these penalties, advocating for proactive compliance to mitigate risks and ensure business continuity.

Navigating Compliance: FiveComply’s Commitment

The evolving regulatory framework necessitates expert guidance and tailored solutions. FiveComply remains persistent in our commitment to empowering clients, offering bespoke solutions tailored to unique business needs. Our team’s expertise, coupled with a deep understanding of regulatory intricacies, positions us as your trusted partner in navigating this evolving landscape.

FiveComply stands at the intersection of regulatory expertise and industry insight, offering CASP entities continuing support in achieving compliance.

The Financial Services Authority (FSA) is suggesting reforms comprising changes related to licensees, provisions, and typographical errors to the Securities Act 2007 (SA).

• It aims to improve how Securities Dealers operate in a controlled and well-regulated manner;
• It considers emerging risks and opportunities in the sector.

The Policy Paper:

• aims to inform the Securities Dealer industry about proposed changes to the regulatory framework governing Securities Dealers (SDs) and amendments to the SA and related regulations; these changes align with the FSA’s goal to create a Seychelles financial services centre that focuses on regulating meaningful and valuable licensed activities.

The proposal is to review the legislative framework and suggest requirements to existing licensed SDs along with having new applicants being in compliance with the proposed requirements.

[1] A Securities Dealer (SD) means a company who, in accordance with sections 2 and 45 (5) of the Act:

(a) carries on the business of dealing in securities or,
(b) holds himself out as conducting such business listed below:

(i) makes or offers to make an agreement with another person to enter into or offer to enter into an agreement, for or with a view to acquiring, disposing of, subscribing for or underwriting securities or in any way effects or causes to effect a securities transaction;
(ii) causes any sale or disposition of or other dealing or any solicitation in respect of securities for valuable consideration, whether the terms of payment be on margin, instalment or otherwise or any attempt to do any of the foregoing;
(iii) participates as a Securities Dealer in any transaction in a security occurring upon a securities exchange;
(iv) receives as a Securities Dealer an order to buy or sell a security which is executed;
or
(v) manages a portfolio of securities for another person on terms under which the first-mentioned person may hold property of the other person.

In a significant move to enhance regulatory practices within Cyprus’ financial sector, the Cyprus Securities and Exchange Commission (CySEC) has recently issued two essential circulars, C603 and C604. These circulars provide detailed guidelines and directives to ensure strict adherence to international standards and foster a secure financial environment for all stakeholders.

Circular C603: ESMA Guidelines on MiFID II Product Governance Requirements

Issued on 12th October 2023, Circular C603 informs Cyprus Investment Firms (CIFs), UCITS Management Companies (UCITS MC), and Alternative Investment Fund Managers (AIFMs) about the European Securities and Markets Authority (ESMA) Guidelines on MiFID II product governance requirements. These guidelines, published on 03/08/2023, and being effective from 03/10/2023, establish consistent supervisory practices and ensure the uniform application of MiFID II requirements related to product governance. They are applicable to a wide array of financial institutions involved in the manufacturing or distribution of financial instruments and structured deposits.

Please find below the key points arising from the above mentioned ESMA Guidelines:

1. Introduction to MiFID II Product Governance Requirements:

• MiFID II regulations mandate firms to define and evaluate target markets for their financial products.
• Manufacturers and distributors must ensure their products meet the needs and characteristics of identified target markets.

2. Manufacturer’s Responsibilities:

• Manufacturers must define a “positive target market” for each product, considering client type, knowledge, financial situation, risk tolerance, and objectives.
• Manufacturers should also identify a “negative target market” for clients incompatible with the product features.
• Sustainability-related objectives influence the positive target market; however, sustainability factors aren’t considered for negative target market assessments.

3. Distributor’s Obligations:

• Distributors should assess the positive target market defined by the manufacturer and identify clients compatible with the product.
• Distributors are required to define their “own” target market if the manufacturer hasn’t provided one, ensuring an appropriate and proportionate approach.
• Firms distributing products not complying with MiFID II regulations should refrain from including them in their assortment.

4. Target Market Identification Process:

• Manufacturers and distributors should consider the complexity and risk profiles of products when identifying target markets.
• The negative target market indicates clients for whom the product is incompatible and sales to this group should be rare, requiring substantial justification.
• Deviations from the target market should be documented, justified, and reported if relevant for the product governance process.

5. Application to Wholesale Markets and Professional Clients:

• Professional clients’ assumed knowledge and experience should be considered when defining target markets.
• Professional clients acting as distributors must comply with distributor obligations.
• Some products may have broadly defined target markets, including both retail and professional clients, while others, especially complex products, have narrowly defined target markets.

6. Application to Pre-existing Products:

• Products manufactured before January 3, 2018, should fall under MiFID II product governance requirements.
• Target markets should be assigned to these products, with reviews conducted following MiFID II guidelines.

7. Conclusion and Compliance:

• Firms must adhere to MiFID II regulations, ensuring products align with defined target markets and client needs.
• Clear documentation, assessment, and periodic reviews are crucial for compliance.

CySEC, in its circular, emphasizes the importance of these guidelines by integrating them into its supervisory framework. Regulated Entities are urged to diligently apply the guidelines, ensuring compliance with the specified regulatory standards.

Circular C604: EBA Guidelines on Outsourcing

CySEC, on 13/10/2023, also issued Circular C604 to inform Cyprus Investment Firms (CIFs) about the Guidelines released by the European Banking Authority (EBA) on 25/02/2019 regarding outsourcing arrangements. CySEC has incorporated these Guidelines into its supervisory and regulatory practices.

These Guidelines are applicable to CIFs falling under sections 9(1), (3), and (4) of the Prudential Supervision of Investment Firms Law of 2021, specifically those with initial capital requirements of €150,000 and €750,000. They outline internal governance arrangements and risk management protocols that CIFs must follow when outsourcing functions, especially critical or important ones. The Guidelines also provide guidance on how competent authorities should review and monitor these arrangements.

In Circular C604, CySEC urges CIFs to review and adjust existing outsourcing agreements to align with the Guidelines. If the review and adjustment of critical or important function outsourcing agreements are not completed by 30/06/2024, CIFs must inform CySEC through its portal, detailing the planned measures or exit strategy.

Additionally, CySEC emphasizes that CIFs must document all existing outsourcing arrangements (excluding those with cloud service providers) in accordance with Section 11 of the Guidelines after the first renewal date of each arrangement but no later than 30/06/2024.

You can access the EBA Guidelines on outsourcing arrangements here.

For the Prudential Supervision of Investment Firms Law of 2021, please refer to this link.

The issuance of Circulars C603 and C604 underscores CySEC’s dedication to fostering transparency, consistency, and adherence to international standards within Cyprus’ financial landscape. By aligning with ESMA Guidelines on MiFID II product governance requirements and EBA Guidelines on outsourcing, CySEC aims to create a robust framework that ensures the integrity of financial operations. Regulated Entities are urged to familiarize themselves with these guidelines, ensuring swift and accurate implementation. Through these directives, CySEC continues to fortify the financial sector, promoting stability and confidence among investors and market participants alike.