CySEC has conducted an annual assessment of all the Compliance Officers’ Annual Reports (‘CO Reports’) and Internal Audit Reports (‘IA Reports’) for the year 2019 along with their Board of Directors minutes (‘BoD minutes’), as these were submitted to CySEC during 2020. CySEC during this annual review, assessed the compliance of Regulated Entities with their obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Law (‘the Law’) and the CySEC’s Directive for the Prevention of Money Laundering and Terrorist Financing (the ‘Directive’).

1. What shall be noted?

In summary, CySEC has found common and recurring weaknesses/deficiencies concerning the content of the CO and IA Reports and their BoD minutes, based on which Regulated Entities should ensure that the following obligations are upheld in accordance with the Law and the Directive:

• The Compliance Officer’s obligation for the correct preparation of the Annual CO Report and the sufficient assessment of the level of compliance of the Regulated Entity in relation to the prevention of money laundering and terrorist financing.
• The Internal Auditor’s obligation for the correct preparation of the IA Report and the sufficient review and evaluation of the appropriateness, effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms applied by the Regulated Entity for the prevention of money laundering and terrorist financing.
• The Regulated Entity’s BoD obligation for the sufficient assessment and approval of the Annual Report and the Internal Audit Report and taking all appropriate measures for the correction of any weaknesses and/or deficiencies identified, as well as the implementation timeframe of these measures.
• The Regulated Entity’s BoD obligation to ensure the overall implementation of all requirements of the Law and the Directive, as well as to ensure that appropriate, effective and sufficient systems and controls are introduced for achieving the abovementioned requirement.

More detailed information on the weaknesses/deficiencies identified by CySEC can be found here.

1. Next steps towards?

CySEC in its Circular has informed Regulated Entities that the weaknesses and deficiencies that were identified in the said annual assessment will be the subject of subsequent compliance checks by CySEC.

In addition, CySEC expects that Regulated Entities will prepare the Annual Reports for the year 2021 and onwards based on the CySEC findings.

Thus, if you need any help in assessing compliance of your Company with the regulatory framework and the preparation of the Reports, please let us know.

Our team of experts, can help you stay compliant by offering solutions tailored to your Company’s needs!

The Cyprus Securities and Exchange Commission (‘CySEC’) has recently carried out a review on whether Regulated Entities (i.e. CIFs and Management Companies[1]) are in compliance with the requirements imposed under Article 17(2) of the Investment Services, Activities and Regulated Markets Law (‘the Law’).

Based on the review, CySEC has identified certain good practices and uncovered common deficiencies and/or omissions in order to help Regulated Entities increase the effectiveness of their compliance function.

1. Weaknesses/Deficiencies identified

CySEC’s key weaknesses/deficiencies have focused on three areas of concern:

1. Risk Assessment, Monitoring Activities and Compliance Programme;
2. Reporting Obligation (i.e. the Compliance Officer shall report to the management body at least once a year, the content of such reports, evaluation of procedures by compliance officers, etc.);

• Advisory obligations of the compliance function (e.g. staff training, participation in creating new policies and procedures, day-to-day assistance for staff, etc.).

You can refer to Circular C441, for additional information on the identified weaknesses/deficiencies.

1. Good Practices identified

1. Formal meetings of the senior management were held on a quarterly basis, with the physical presence of all members and the compliance officer in attendance.
2. Minutes of the quarterly meetings were adequately and properly kept (i.e. they included a brief description of the issues discussed, a brief reference to the important views/suggestions expressed, as well as a satisfactory description of the handling/decision/suggestions put forward).
3. Preparation of quarterly reports for core compliance areas, such as, the monitoring of the Regulated Entity’s post trading reporting obligation for the senior management’s attention.
4. A good practice identified relevant to corporate governance, was the inclusion of the review conducted on the order of board meetings in the Annual Compliance Report (e.g. by evaluating and documenting that meetings were properly summoned and that the agenda and the right materials were sent to the senior management beforehand, as well as an evaluation on the interaction of the senior management with the compliance officer).
5. The inclusion of the extent and frequency of training to staff in the Annual Compliance Report and documenting/justifying why trainings should be tailored on each department’s needs and activities.
6. Including a training log in the Annual Compliance Report.
7. The inclusion of a communication log in the Annual Compliance Report listing the communication with CySEC.

1. What are the next steps to be taken by Regulated Entities?

All Regulated Entities shall consider the issues raised by CySEC and conduct a review of their policies and arrangements in order to ensure whether the Company is in compliance with the requirements imposed under the relevant legislative framework for the compliance function. If any deficiencies are identified, immediate actions shall be taken to rectify the situation and ensure compliance.

Our team at FiveComply can perform a review on your behalf and assist you in identifying any deficiencies in the Company’s policies and arrangements. We can assist you in finding suitable solutions to eliminate any deficiencies by reviewing and revisiting your current policies and procedures and provide practical results, so your Company can achieve compliance with the CySEC and European regulatory frameworks.

[1] AIFMs when providing services pursuant to section 6(6) of Law 56(I)/20013, as in force and UCITS

Management companies when providing services pursuant to section 109(4) of Law 78(I)/2012, as in force.

On behalf of our client, we are recruiting a Compliance Officer to join a growing Forex company based in Limassol. The successful candidate will have experience in a Compliance role within a CIF and be up to date with rules and regulations.

• Review, enhance and design policies and procedures
• Preparation of annual and other reports.
• Cooperate with various departments ensuring that procedures are in line with regulatory requirements.
• Managing the legal framework upon which the Company will operate, ensuring compliance with the relevant law.
• Create all necessary terms and conditions, agreements, risk warnings and any other legal document needed.
• Reviewing existing and new applicable regulations, advise how these are affecting the office’s operations and make necessary recommendations to the Senior Management.
• Do suitability and viability analysis for the department.
• Review and approve website and other marketing content.
• Overseeing compliance procedures and advise on risk management.
• Dealing with client complaints and legal matters related to compliance.
• Provide assistance on training and educating staff regarding compliance functions and obligations.
• Set up and manage relationships with external vendors required for the product’s operations.
• Evaluating third-party agreements.
• Performing day-to-day reviews and inspections to evaluate compliance of the Company with its legal and regulatory obligations.
• Reviewing the effectiveness of internal policies and procedures.

• Previous experience in the Forex Industry/CIF is a MUST
• Bachelor degree from a reputable University in Law/ Finance/ Economics/ Business or related field.
• Holding of CySEC Advanced Certificate will be considered as a great advantage.
• Minimum 18 months experience in Forex compliance matters, as well as strong knowledge of relevant regulations.
• Excellent research skills.
• Computer literate; MS Office.

• Competitive remuneration package.
• Friendly working environment.
• Personal development opportunities.
• And much more.

This is an excellent opportunity to work in a growing FX Trading company, in a challenging and demanding working environment which offers career prospects and rewards to thriving members of the team. Employment Conditions: Full Time

Location: Limassol – Cyprus

Apply by sending an email to hr@fivecomply.com attaching your CV

Recent amendments to the serial 2 and 4 of the Third Schedule of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2020 (“AML/CFT Act”) now require reporting entities under the AML/CFT Act to file Cash Transaction Threshold Reporting (“CTTR”) and Wire Transfer Transaction Reporting (“WTTR”) with the Financial Intelligence Unit Seychelles (“FIU”), as per the following:

1. REPORTING THRESHOLD APPLICABLE TO WIRE TRANSFERS

“Every financial institution that sends domestically or cross-border or receives cross-border wire transfers, including electronic fund transfers, shall report all wire transfers of SCR50,000 or more of the equivalent money in the currency of other countries.”

1. REPORTING THRESHOLD APPLICABLE TO BUREAU DE CHANGE

“Every Bureau de Change, including banks acting as Bureau de Change for forex trading in respect of persons who are not their customers shall report all transactions of its customers involving SCR 5,000 or more or the equivalent money in the currency of other countries.”

Revised FIU Guidelines and Reporting Templates

Further to the above legislative amendments, the FIU has revised its guidelines and reporting templates in relation to both WTTR and CTTR. The revised guidelines and reporting templates can be accessed here.

Submissions to the FIU

The submissions based on the amended provisions of the AML/CFT Act shall commence on 1 May 2021.  All submissions shall be made using the revised Forms, which shall include retrospective cash transactions or wire transfers, that have been effected on or after 5 March 2021.

Please note that Threshold Reporting is not a new obligation. Therefore, all reporting entities which are currently submitting Threshold Reports to the FIU are required to continue with their submissions, as per the current established procedures, until 30 April 2021.

What is a Threshold Report?

A Threshold Report is a report that reporting entities are required to file with the FIU for executing cash transactions or wire transfers above the prescribed threshold limit.

The threshold reporting obligation is clearly defined in the AML/ CFT Act 2020, Section 5 of the AML/ CFT Act creates the obligation on reporting entities to file CTTR and WTTR with the FIU in the manner prescribed by the FIU.

Our Team at FiveComply can assist you comply with the abovementioned obligations. Do not hesitate to contact us.

CySEC has issued Circular C435 in order to inform Cyprus Investment Firms (‘CIFs’) which intend to provide investment and/or ancillary services and/or perform investment activities in the territory of Czech Republic, to CNB’s regulatory rules regarding the persons that are allowed to provide such services.

On 24 March 2020, the Czech Parliament adopted the Act No. 119/2020 Coll., which amended Act No. 256/2004 Coll., (hereinafter the “Amended Act”), being the Czech national law transposing MiFID II. Under Section 25 of the Amended Act, investment firms established in other EEA Member States providing cross-border services to retail clients and professional clients on request under MiFID II passport are allowed to provide services under the freedom to provide services (i.e. without establishing a branch), with respect to Article 57 TFEU, only on a temporary or occasional basis.

Pursuant to Section 25 of the Amended Act, if non-Czech investment firms are presumed to provide investment services to retail and professional on request clients on a permanent basis, such firms will be under a strict obligation to establish a branch in the Czech Republic, and may only provide investment services under Article 35 of MiFID II (establishment of branch). The requirement for the establishment of a branch does not apply for investment services provided to professional clients by default (as per Section 2a of the Amended Act).

Section 25(1) of the Amended Act provides as follows:

“A foreign person authorised by the supervisory authority of another EU member state to provide investment services may provide investment services, for which it has such authorisations of its supervisory authority of the home state, in the Czech Republic without location of a branch in the Czech Republic in compliance with the EU legislation, temporarily or occasionally, if it is not investment services provided to professional clients pursuant to Section 2a, to whom investment services can be provided in this way even permanently. The CNB shall inform this person without undue delay that it has received data from the supervisory authority of the home state concerning the intended provision of investment services by this person in the Czech Republic.”

Our team at FiveComply remains at your disposal and can help you comply with the abovementioned obligations.

Directive (EU) 2021/338 of 16 February 2021 was introduced to amend Directive 2014/65/EU (‘MiFID II’), as regards information requirements, product governance and position limits, and Directives 2013/36/EU and (EU) 2019/878 as regards their application to investment firms, to help the recovery from the COVID-19 crisis.

One of the most important amendments introduced was the temporary suspension of the RTS 27 reporting requirements, as they were deemed “not to enable investors and other users to make any meaningful comparisons on the basis of the information they contain” (Recital 9 of the Directive (EU) 2021/338).

Thus, in Article 27(3) of the MiFID II, the following subparagraph has been added:

“The periodic reporting requirement to the public laid down in this paragraph shall not apply until 28 February 2023. The Commission shall comprehensively review the adequacy of the reporting requirements laid down in this paragraph and submit a report to the European Parliament and the Council by 28 February 2022”.

The Directive (EU) 2021/338 has entered into force on 27 February 2021. 

It remains to be seen how CySEC will implement those amendments on a national level, as EU Directives are not directly effective but need to be enacted by national legislation. However, it is expected that all EU regulators will adopt this.

Our team of experts at FiveComply will keep you posted on any updates.

Reporting Entities under the First Schedule of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2020 (‘AML/CFT Act’) have an obligation until 1 April 2021 to register with the Seychelles Financial Intelligence Unit (‘FIU’) registration system, GoAML.

Pursuant to Section 31 of the AML/CFT Act and Regulation 7 of the Anti-Money Laundering and Countering the Financing of Terrorism Regulations 2020 (‘AML/CFT Regulations’), all Reporting Entities have an obligation to register with the Financial Intelligence Unit (‘FIU’) within 60 days of the coming into force of the AML/CFT Regulations or commencement of its business (i.e. 1 April 2021).

The link to access the online GoAML platform can be found here; it includes guidelines on the registration process and other relevant details/information on how to register.

Our team at FiveComply may help you with your registration and to stay compliant with the regulatory requirements imposed by the Financial Services Authority Seychelles.

On the 18^th of February 2021, the House of Representatives in Cyprus has voted in favour of the transposition of the 5^th AML Directive (‘AMLD5’) into national legislation. As a result, on the 23^rd of February 2021, Law 13(I)/2021 was published in the Official Government Gazette, amending the current AML legislative scheme in Cyprus (‘the AML Law’).

This is considered as a huge step towards the recognition of crypto-assets which have been approached with caution due to the lack of a clear legislative approach within the EU.

In summary, the implementation of the AMLD5 into national legislation will affect the approach taken towards cryptocurrencies, due to the following regulatory developments:

• The scope of the crypto-asset activity is now defined.
• Crypto-asset service providers dealing with exchanges between crypto assets or exchanges between crypto assets and fiat currencies, custodian wallet providers and other financial services related to crypto-assets are now considered ‘obliged entities’ and are subject to the AML Law. This will enable monitoring and consequently a higher degree of transparency.
• Initiation of a Public Registry relating to crypto-asset service providers that will be operated and kept by the Cyprus Securities and Exchange Commission (‘CySEC’). Relevant service provides shall file an application with CySEC, as per the applicable requirements.
• Registered crypto-asset providers will be able to offer their services in Cyprus and/or from Cyprus.
• To combat the risks related to the anonymity, Financial Intelligence Units (FIUs like MOKAS) should be able to obtain information allowing them to associate cryptocurrency addresses to the identity of the owner of cryptocurrencies.

The introduction of the abovementioned legislative provisions will also have an impact on the way banks treat crypto-assets within Cyprus and in general, within the EU. Until now, most of the EU credit institutions had policies of rejecting crypto-asset service providers with the latter being deprived of access to the bank system.

However, this is about to change, as crypto-asset service providers shall now be treated as ‘obliged entities’ under the AML Law, and therefore, merely the fact that, crypto-asset activities are being offered, does not constitute a reason for rejection anymore. The notion will be that, each case will be assessed on a case-by-case basis with crypto-assets service providers to be able to access the bank system, once they show compliance with the AML legislation.

Certified persons that are registered in the CySEC Public register should renew their registration for 2021, until 28 February 2021.

The renewal procedure must be performed online through the CySEC website, by completing the Renewal application and paying to CySEC the annual renewal fee of eighty euro (€80).

Certified persons must confirm on the renewal application, that they have completed by the end of 2020, continued professional training seminars that relate directly to their duties of:

1. ten (10) hours for persons registered in the Public register for the basic examination;
2. fifteen (15) hours for persons registered in the Public register for the advanced examination;
3. ten (10) hours for persons registered in the public register for AML compliance officers.

For the persons that are registered both in the public register for the basic examination and the AML compliance officers’ register, they must confirm that they have completed by the end of 2020, seminars of a duration of five (5) hours for persons registered in the public register for the basic examination, plus ten (10) hours for persons registered in the public register for AML compliance officers – being a total of fifteen (15) hours for both renewals.

For the persons that are registered both in the public register for the advanced examination and the AML compliance officers register, they must confirm that they have completed by the end of 2020, seminars of a duration of ten (10) hours for persons registered in the public register for the advanced examination plus ten (10) hours for persons registered in the public register for AML compliance officers – being a total of twenty (20) hours for both renewals.