CySEC issued Circular C462 to inform the CIFs that is amending Circular C417 regarding the prudential treatment of crypto assets. Therefore, the prudential treatment of crypto assets will be as follows:

A. Calculation of own funds and capital adequacy ratio (Pillar I)
 

1. Direct investment in crypto assets on a non-speculative basis (banking book exposure)
   When a CIF invests directly in crypto assets on a non- speculative basis (banking book exposure), it should deduct this from its own funds.
2. Direct investment in crypto assets on a speculative basis (trading book exposure)
   When a CIF invests directly in crypto assets on a speculative basis, it should treat these as investments in a derivative product subject to both of the following risks:
   i. Counterparty Credit Risk (“CCR”) calculated in accordance with Section 1 ‘Trading counterparty default’ of the IFR and the CIF should apply a 32% potential future exposure percentage (PFCE) per Art. 29(7) of IFR
   ii. Market Commodity Risk is calculated according to Articles 355 to 361 of the CRR.
3. Direct investment of CIFs’ clients in crypto assets and/or in financial instruments relating to crypto assets with the CIF acting as the counterparty to these transactions

When a CIF acts as the counterparty to its clients’ trades by taking the opposite position to each client’s transaction in crypto assets, and/or in financial instruments on crypto assets, the CIF is subject to Counterparty Credit risk and Market Commodity Risk, in accordance with the methodologies set out in point 2 above, as the CIF is acting as a market maker for its clients.

B. Internal Capital Adequacy Assessment Process (‘ICAAP’) (Pillar II)

CIFs should assess the risks emanated from trading in crypto assets, and/or in financial instruments relating to crypto assets, for their own account or for their clients within the Internal Capital Adequacy Assessment Process (ICAAP). The assessment and discussion of the risks associated with the activity in crypto assets should be included together with a sensitivity analysis that shows how the risks identified affect the CIFs’ projections. In addition, any mitigations should also be discussed, stating any additional capital that should be held in relation to the identified risks.

C. Pillar III disclosures

CIFs should disclose within their Pillar III disclosures any material crypto-asset holdings and include information on:

• the exposure amounts of different crypto-asset exposures,
• the capital requirement for such exposures and
• the accounting treatment of such exposures

D. Enhancement of risks management procedures associated with crypto assets

CIFs, which trade in crypto assets, and/or in financial instruments relating to crypto assets, should revisit their risk management procedures and strategies and ensure that all risks associated with this product are duly taken into consideration.

We can help our clients set up and develop their business model in the most cost efficient and compliant way thus minimizing expenses and achieving the best compliance results.

Get in touch with us to come closer to the compliance results of your desire!

Crypto asset service providers is a new concept that was introduced in Cyprus with the transposition of the Fifth Anti-Money Laundering Directive into national legislation. The amended AML legislation was introduced on 25 June 2021 and regulates the digital registry of crypto asset service providers. The Cyprus Securities and Exchange Commission (CySEC) that is the financial regulator in Cyprus, will be regulating the operation and supervision of the crypto-registry as well.

How is this new legislation important for cryptos?

This recent regulatory development is considered of paramount importance because, licensed crypto-asset providers will be able to provide amongst others, regulated cryptocurrency exchange services. This is a very positive step for Cyprus in becoming a key jurisdiction for crypto service providers. We believe that, this development will attract crypto service providers from all over the world, as registered crypto-providers in Cyprus will be considered credible institutions.

So far in Cyprus and in Europe in general, the lack of regulations and guidelines in the crypto-field has imposed legal and regulatory risks for investors, due to inadequate AML/CFT policies adopted in relation to cryptos. The regulation of cryptos marks the beginning of a new era towards the acceptance of digital cryptocurrencies in Cyprus. This will play a critical role on the way Cyprus banks treat cryptos as well.

What are the requirements to apply for a crypto-asset licence?

Initially, to apply for the crypto-licence you need to have an entity incorporated in Cyprus.  In addition, four directors will be required; two of them acting as executive and two as non-executive directors. At least three of them must be Cyprus residents. CySEC will perform an assessment of their knowledgment and experience in order to evaluate whether they satisfy the ‘fit and proper’ test. It is further required for the crypto-provider to have a fully operational office located in Cyprus where local resident staff members need to be hired on a full-time basis to fulfil the key functions of the company. There is a minimum number of personnel that needs to be hired, based on the type of licence selected.

The application to become a crypto-asset service provider is expected to take approximately 6 months and there are currently two options of licences based on different capital requirements; the €125,000 licence and the €150,000 licence.

Based on the €125,000 licence, the crypto provider will be able to provide (a) Reception & Transmission; (b) Execution of orders on behalf of clients; (c) Portfolio management; (d) Investment advice; (e) Exchange between cryptocurrencies and fiat money; (f) Cryptocurrency asset exchange; (g) Participation and / or provision of financial services on distribution, supply and / or sale of cryptocurrencies, including the initial offering; (h) Placing of crypto-assets without a firm commitment basis.

With the €150,000 licence, the crypto provider will be able to offer all the above along with (i) management, transfer, retention, and / or safekeeping, including the depositary of cryptocurrency assets or cryptographic keys or means that allow control over cryptocurrencies; (j) Underwriting and/or placing of crypto-assets on a firm commitment basis; (k) operation of a multilateral trading facility in which interested parties for buying and selling crypto assets may interact in a way that results in a transaction.

We can see that CySEC has provided different options in order for the crypto-provider to be able to choose according to his business model.

Can you currently apply to become a crypto-asset provider?

CySEC is yet to announce the official procedure for applying to become a licensed Crypto Asset Provider but based on CySEC’s press release in March regarding the Cyprus Capital Market, this is expected within 2021.

What do crypto-asset providers need to have in mind in terms of legislative obligations, once they register?

We need to remember that, the rationale of the competent authorities for including cryptos under the European AML framework is to mitigate and prevent the risks that arise from cryptocurrencies, especially in relation to ML. Hence, the crypto-registry will oblige the crypto-providers to adhere to the AML rules and procedures that apply to traditional financial institutions i.e. apply due diligence procedures, monitor and report suspicious transactions, provide ownership transparency, etc.

What do you believe about the future of cryptocurrencies and blockchain technology?

In my opinion cryptos are here to stay. As a technology — blockchain and its lubricating cryptocurrencies will transform finance and the internet towards centralisation. Blockchain and cryptocurrency will be a major platform of innovative disruption in the upcoming decades.

However, the valuations in the crypto market are determined by demand and supply and if any overreaction in the market occurs, will be corrected in the long term.

Whatever the case, its acceptance by the government authorities is implied among others, by the issuance of relevants laws and by the fact that several countries have already launched their own cryptocurrencies.

How can FiveComply assist crypto-service providers?

Our team can provide you with full support, guidance and assistance in applying for a crypto-licence. As this is a newly-established regulatory area, we believe that our expertise and knowledge in the field can play an important role in yielding positive results with your CySEC application. We can also provide continuous support after acquisition of your licence, in order for your firm to remain compliant and up-to-date according to the latest legislative and regulatory provisions.

We understand that questions might be raised concerning the crypto-field and we are more than happy to discuss with interested parties about their options and any questions they might have about the crypto-licences. We always aim to give priority to each client’s individuality and needs by providing tailored-made advice.

FiveComply has attended today CySEC’s digital event “CySEC 25 Years: The Past, Present and Future of Financial Development and Innovation” which discussed various interesting topics relating to the growth and expansion of CySEC and the evolvement of the financial industry in Cyprus throughout the years.

One of the most important remarks of today’s event, was the Chairwoman’s, Ms. Demetra’s Kalogerou statement relating to crypto asset service providers and the fact that, CySEC will prepare the relevant applications for registration by September 2021.

As always, our team will keep you updated!

Following its June 2021 plenary meeting, the Financial Action Task Force (‘FATF’) has confirmed that an onsite inspection will be conducted in Mauritius in order to assess the implemented AML/CFT measures / reforms and the progress made in order to decide whether Mauritius shall be removed from the FATF Grey list. When FATF places a jurisdiction under increased monitoring (i.e. on the FATF Grey list), it means that this country is committed to resolve any identified strategic deficiencies within an agreed timeframe.

The FATF announcement is considered as a very positive step towards the removal of Mauritius from the FATF Grey list, as the on-site inspection is considered as one of the final stages taken by FATF in its decision-making process.

For Mauritius, the removal from the FATF list, means the initiation of the procedure to exit the European Commission high-risk third countries’ list for AML/CFT, as well. If successful, Mauritius bank account opening will be made easier and credibility for financial institutions and companies will be regained.

Our team at FiveComply will keep you updated and remains at your disposal for any matters you would like to discuss.

Further to the issuance of Circular C451, the Cyprus Securities and Exchange Commission (‘CySEC’) wishes to inform CIFs that, a new version of the Form RBSF-CIF Version 4 (‘the Form’) needs to be completed for the annual collection of various statistical information. The Form must be successfully submitted electronically via the CySEC’s Transaction Reporting System (‘TRS’) by 15:00 hrs, Friday, June 18, 2021, at the latest.

The Form must be completed, and successfully submitted to CySEC, by all CIFs that were authorised by December 31, 2020. In this respect, CIFs that were authorised by December 31, 2020, but have not made use of their authorisation must also submit the Form.

In summary, Form RBSF-CIF Version 4 requires additional information, as per the following sections:

• Section F – Governance and Ownership (two additional questions have been added under points 7.1 and 7.2);
• Section K – Products, Services and Transactions (amendments in Questions 1.1, 1.2, 2.1 – 2.4 and 3.1 and Questions 2.5 and 2.6);
• Section L – Countries and Geographical Areas (amendments in Questions 1.1 – 1.4);
• Section M – Customer Analysis (this is an entirely new section);
• Section N – Internal Policies and Procedures (this is an entirely new section);
• Section O – Geographical Analysis (this is an entirely new section).

In addition, CIFs should have in mind the following, when completing and submitting the Form:

• The Form should be named in the following format ‘Username_yyyymmdd_RBSF-CIF’. The username to be used is the CIF’s TRS credentials. The yyyymmdd in this case, will be 20201231. Future forms will have different reporting periods.
• CIFs are required to report data in Euro, rounded to the nearest unit.
• Before submitting the Form, please ensure that all validation tests that are contained in the Form (Sections A, B, C, D, E, F, G, H, I, J, K, L, M, N, O) at the bottom of the page and Validation Tests Worksheet) are TRUE (Green Colour).
• Please use the latest version of the Form i.e. Version 4.
• Instructions on the completion of the Form can be found in the ‘Instructions’ Worksheet of the Form.

Our Team at FiveComply remains at your disposal for any assistance that you may require in relation to the above.

The Cyprus Securities and Exchange Commission (‘CySEC’) has issued Circular C445 to inform CIFs that, due to the COVID-19 situation, the deadlines for submission of the following to CYSEC are extended:

In regards to Pillar III Disclosures, CySEC stated that, in case their publication is delayed, the CIF needs to inform the market participants for that delay, the reasons of delay and, to the extent possible, their estimated publication date.

Our Team remains at your disposal for any assistance you may require in regards to the above.

CySEC has conducted an annual assessment of all the Compliance Officers’ Annual Reports (‘CO Reports’) and Internal Audit Reports (‘IA Reports’) for the year 2019 along with their Board of Directors minutes (‘BoD minutes’), as these were submitted to CySEC during 2020. CySEC during this annual review, assessed the compliance of Regulated Entities with their obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Law (‘the Law’) and the CySEC’s Directive for the Prevention of Money Laundering and Terrorist Financing (the ‘Directive’).

1. What shall be noted?

In summary, CySEC has found common and recurring weaknesses/deficiencies concerning the content of the CO and IA Reports and their BoD minutes, based on which Regulated Entities should ensure that the following obligations are upheld in accordance with the Law and the Directive:

• The Compliance Officer’s obligation for the correct preparation of the Annual CO Report and the sufficient assessment of the level of compliance of the Regulated Entity in relation to the prevention of money laundering and terrorist financing.
• The Internal Auditor’s obligation for the correct preparation of the IA Report and the sufficient review and evaluation of the appropriateness, effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms applied by the Regulated Entity for the prevention of money laundering and terrorist financing.
• The Regulated Entity’s BoD obligation for the sufficient assessment and approval of the Annual Report and the Internal Audit Report and taking all appropriate measures for the correction of any weaknesses and/or deficiencies identified, as well as the implementation timeframe of these measures.
• The Regulated Entity’s BoD obligation to ensure the overall implementation of all requirements of the Law and the Directive, as well as to ensure that appropriate, effective and sufficient systems and controls are introduced for achieving the abovementioned requirement.

More detailed information on the weaknesses/deficiencies identified by CySEC can be found here.

1. Next steps towards?

CySEC in its Circular has informed Regulated Entities that the weaknesses and deficiencies that were identified in the said annual assessment will be the subject of subsequent compliance checks by CySEC.

In addition, CySEC expects that Regulated Entities will prepare the Annual Reports for the year 2021 and onwards based on the CySEC findings.

Thus, if you need any help in assessing compliance of your Company with the regulatory framework and the preparation of the Reports, please let us know.

Our team of experts, can help you stay compliant by offering solutions tailored to your Company’s needs!

The Cyprus Securities and Exchange Commission (‘CySEC’) has recently carried out a review on whether Regulated Entities (i.e. CIFs and Management Companies[1]) are in compliance with the requirements imposed under Article 17(2) of the Investment Services, Activities and Regulated Markets Law (‘the Law’).

Based on the review, CySEC has identified certain good practices and uncovered common deficiencies and/or omissions in order to help Regulated Entities increase the effectiveness of their compliance function.

1. Weaknesses/Deficiencies identified

CySEC’s key weaknesses/deficiencies have focused on three areas of concern:

1. Risk Assessment, Monitoring Activities and Compliance Programme;
2. Reporting Obligation (i.e. the Compliance Officer shall report to the management body at least once a year, the content of such reports, evaluation of procedures by compliance officers, etc.);

• Advisory obligations of the compliance function (e.g. staff training, participation in creating new policies and procedures, day-to-day assistance for staff, etc.).

You can refer to Circular C441, for additional information on the identified weaknesses/deficiencies.

1. Good Practices identified

1. Formal meetings of the senior management were held on a quarterly basis, with the physical presence of all members and the compliance officer in attendance.
2. Minutes of the quarterly meetings were adequately and properly kept (i.e. they included a brief description of the issues discussed, a brief reference to the important views/suggestions expressed, as well as a satisfactory description of the handling/decision/suggestions put forward).
3. Preparation of quarterly reports for core compliance areas, such as, the monitoring of the Regulated Entity’s post trading reporting obligation for the senior management’s attention.
4. A good practice identified relevant to corporate governance, was the inclusion of the review conducted on the order of board meetings in the Annual Compliance Report (e.g. by evaluating and documenting that meetings were properly summoned and that the agenda and the right materials were sent to the senior management beforehand, as well as an evaluation on the interaction of the senior management with the compliance officer).
5. The inclusion of the extent and frequency of training to staff in the Annual Compliance Report and documenting/justifying why trainings should be tailored on each department’s needs and activities.
6. Including a training log in the Annual Compliance Report.
7. The inclusion of a communication log in the Annual Compliance Report listing the communication with CySEC.

1. What are the next steps to be taken by Regulated Entities?

All Regulated Entities shall consider the issues raised by CySEC and conduct a review of their policies and arrangements in order to ensure whether the Company is in compliance with the requirements imposed under the relevant legislative framework for the compliance function. If any deficiencies are identified, immediate actions shall be taken to rectify the situation and ensure compliance.

Our team at FiveComply can perform a review on your behalf and assist you in identifying any deficiencies in the Company’s policies and arrangements. We can assist you in finding suitable solutions to eliminate any deficiencies by reviewing and revisiting your current policies and procedures and provide practical results, so your Company can achieve compliance with the CySEC and European regulatory frameworks.

[1] AIFMs when providing services pursuant to section 6(6) of Law 56(I)/20013, as in force and UCITS

Management companies when providing services pursuant to section 109(4) of Law 78(I)/2012, as in force.

On behalf of our client, we are recruiting a Compliance Officer to join a growing Forex company based in Limassol. The successful candidate will have experience in a Compliance role within a CIF and be up to date with rules and regulations.

• Review, enhance and design policies and procedures
• Preparation of annual and other reports.
• Cooperate with various departments ensuring that procedures are in line with regulatory requirements.
• Managing the legal framework upon which the Company will operate, ensuring compliance with the relevant law.
• Create all necessary terms and conditions, agreements, risk warnings and any other legal document needed.
• Reviewing existing and new applicable regulations, advise how these are affecting the office’s operations and make necessary recommendations to the Senior Management.
• Do suitability and viability analysis for the department.
• Review and approve website and other marketing content.
• Overseeing compliance procedures and advise on risk management.
• Dealing with client complaints and legal matters related to compliance.
• Provide assistance on training and educating staff regarding compliance functions and obligations.
• Set up and manage relationships with external vendors required for the product’s operations.
• Evaluating third-party agreements.
• Performing day-to-day reviews and inspections to evaluate compliance of the Company with its legal and regulatory obligations.
• Reviewing the effectiveness of internal policies and procedures.

• Previous experience in the Forex Industry/CIF is a MUST
• Bachelor degree from a reputable University in Law/ Finance/ Economics/ Business or related field.
• Holding of CySEC Advanced Certificate will be considered as a great advantage.
• Minimum 18 months experience in Forex compliance matters, as well as strong knowledge of relevant regulations.
• Excellent research skills.
• Computer literate; MS Office.

• Competitive remuneration package.
• Friendly working environment.
• Personal development opportunities.
• And much more.

This is an excellent opportunity to work in a growing FX Trading company, in a challenging and demanding working environment which offers career prospects and rewards to thriving members of the team. Employment Conditions: Full Time

Location: Limassol – Cyprus

Apply by sending an email to hr@fivecomply.com attaching your CV