ESMA: Follow-up report on the progress of NCAs – Steps of progress by CySEC

The European Securities and Markets Authority (ESMA) has released a follow-up report on the compliance function under MiFID I, assessing the progress made by National Competent Authorities (NCAs) since the previous peer review in 2017.

The follow-up report focuses on the efforts of several NCAs, namely CySEC (CY), HCMC (EL), CBI (IS), AFM (NL), and ATVP (SI). These authorities have displayed commendable progress through the implementation of stronger supervisory frameworks, conducting investigations and thematic reviews, and utilizing enforcement tools to discourage misconduct within firms.

The report acknowledges the strides made by CySEC and CBI while offering guidance on further enhancements:

CySEC: The authority is encouraged to consolidate its supervisory approach to maintain an ongoing focus on firms’ compliance functions. This consolidation will ensure continuous monitoring and evaluation of compliance activities.

CBI: In order to bolster its supervisory approach, CBI is advised to integrate all aspects of the ESMA Guidelines on the compliance function under MiFID into its framework. Additionally, increasing controls on the compliance function of non-banking investment firms is recommended.

For more information on the follow-up report and its recommendations please visit the following link provided by ESMA –

FSA – Seychelles: First Submission of Consumer Protection Report postponed to 15 January 2024

The Financial Services Authority (FSA) of Seychelles via Circular No. 5 of 2023 has informed financial services providers that, given that the guidelines regarding consumer protection have not yet been finalised from the FSA, shall be exempting all financial services providers from the obligation to submit a report due on the 15th of July 2023.

Therefore, any financial service providers who fail to submit their reports by the 15th of July 2023, will NOT incur the penalty provided under the FCPA.

However, financial service providers who have prepared their reports and wish to submit them, may do so, by the July 15th of 2023.

It should be noted, however, that all financial service providers will be required to submit the report for the reporting period of July to December 2023, by the 15th of January 2024.

ESMA: MiCA first consultation paper is now available for comments

In line with the MiCA roadmap announced last month, ESMA published yesterday its first consultation package related to the authorisation, identification and management of conflicts of interests of crypto-asset service providers (CASPs) and also how CASPs should address complaints.

ESMA invites comments from stakeholders by 20 September 2023, expecting insights with regards to stakeholders current and planned activities.

ESMA expects to publish a final report and submit the draft technical standards to the European Commission for endorsement by 30 June 2024 at the latest.

In the meantime, as per the MiCA roadmap the second consultation package is expected to be published in October 2023.


FATF: Updated list of FATF grey list: Cameroon, Croatia, and Vietnam added to the list

On 23rd of June 2023, the Global anti-money laundering watchdog FATF added Cameroon, Croatia and Vietnam to its “grey list” of countries for failing to combat money laundering and terrorism financing. Although no countries have been removed from the grey list, the plenary has approved onsite visits to Albania, the Cayman Islands, Jordan, and Panama, who have concluded their respective action plans.

Additionally, the link below provides the full details regarding the Jurisdictions under Increased Monitoring as of 23 June 2023.

European Securities and Markets Authority (ESMA): MiCA Roadmap and Timelines

Following the publication of the EU MiCA Regulation in the Official Journal of the European Union (OJEU) on Friday 9th of June, we now have a clear roadmap about the developments of the crypto asset market and its service providers in the EU.

MiCA will enter into force on 29 June 2023. However, its provisions will become applicable on June 30th 2024 and on December 30th 2024.

In the meantime, ESMA will publish three consultation packages (the first one to cover the Level 2 and 3 measures with authorisation, governance, conflicts of interest, and complaint handling procedures).

Please see below the main timelines about the MiCA Regulation.
·        MiCA Publication in the Official Journal – June 9th, 2023
·        MiCA Enter into force – June 29th, 2023
·        first consultation package – July 2023
·        second consultation package – October 2023
·        third (and final) consultation package, including the MiCA mandates – Q1/2024
·        rules on E-Money tokens and Asset-Referenced tokens become applicable – June 30th, 2024
·        rules on remaining provisions of MiCA – December 30th, 2024

FiveComply team will provide more details about the development of the EU Crypto Asset Market very soon. Stay tuned!

CySEC adoption of the EBA Guidelines regarding remuneration practices and the gender pay gap and data collection for high earners


CySEC adopts EBA Guidelines regarding remuneration practices and the gender pay gap in accordance with Directive (EU) 2019/2034 (EBA/GL/2022/07). In addition, the provision of relevant data regarding high earners, i.e. staff member(s) earning a remuneration of at least EUR 1 million in the reported financial year should be submitted to the Commission.

The Guidelines on benchmarking exercises on remuneration practices and the gender pay gap, and the Guidelines on data collection exercises regarding high earners apply to €150.000 and €750.000 CIFs.

CIFs regarding remuneration data, should by 15 June of each calendar year, submit to CySEC:

  • information on the remuneration of all staff as set out in Annex I of the Guidelines on benchmarking exercises on remuneration practices and the gender pay gap,
  • additional information on remuneration for identified staff as set out in Annex II and Annex III of the Guidelines on benchmarking exercises on remuneration practices and the gender pay gap, and
  • information on derogations, as specified in Annex IV of the Guidelines on benchmarking exercises on remuneration, practices, and the gender pay gap.

The remuneration data, i.e. Annex I to IV, as mentioned above, of the Guidelines on benchmarking exercises on remuneration practices and the gender pay gap, for the financial year ending in 2022, should be submitted by CIFs to CySEC by 31 August 2023.

CIFs, regarding gender pay data, should by 15 June every three years, starting from 2024, submit to CySEC, with regard to the financial year 2023, the information set out in Annex V of the Guidelines on benchmarking exercises on remuneration practices and the gender pay gap.

The aforementioned Annexes can be found in the Directive (EU) 2019/2034 (EBA/GL/2022/07).

Regarding high earner’s data collection, CIFs should submit to CySEC, the Annexes of Directive (EU) 2019/2034 (EBA/GL/2022/08), each year for any given financial year by 15 June of the next calendar year. CySEC highlights that the high-earners data for the financial year ending in 2022 should be submitted by CIFs by 31 August 2023.

However, where a CIF does not have high earners to report, it is not necessary to submit this information, unless explicitly required by CySEC.

Finally, the benchmarking data, gender pay gap data, and high-earners data should be submitted to CySEC through CySEC’s Xbrl Portal only.

European Commission: Updated list of the high-risk third-country jurisdictions with strategic deficiencies in their AML/ CFT regimes

On May 17th, 2023, the European Commission made important updates to the list of high-risk third-country jurisdictions with strategic deficiencies in their anti-money laundering/countering the financing of terrorism (AML/CFT) regimes.

The updated list from the European Commission takes into consideration the latest Financial Action Task Force (FATF) list. The list now includes Nigeria and South Africa, while Cambodia and Morocco have been removed.

Lastly, to ensure compliance, European financial institutions must exercise enhanced vigilance when dealing with transactions involving high-risk third-country jurisdictions. These transactions require the application of ‘enhanced customer due diligence requirements’.

CySEC: Common weaknesses/ deficiencies and good practices identified during the onsite inspections

The Cyprus Securities and Exchange Commission (CySEC) issued Circular C550, informing the regulated entities of the outcome of its onsite inspections conducted during 2021 and 2022.

Findings from these inspections evidenced some examples of good practices, although CySEC also observed some common weaknesses/deficiencies across the Regulated Entities.

Based on this Circular, CySEC outlines the good practices which have been identified and expects the Regulated Entities to perform the same. In addition, CySEC takes this opportunity to present to the Regulated Entities, the areas in which they should pay close attention to and to assist in formulating an environment of compliance with their AML/CFT obligations. Among others, CySEC warns Regulated Entities of their obligation to verify the identity and economic profile of their customers by requesting the appropriate documents and other information, as well as to monitor their transactions on a continuous basis.

European Parliament: Final Approval to the EU MiCA Crypto Legislation

The European Union (EU) has voted in favor of the MiCA crypto legislation, making it the first major jurisdiction to introduce a comprehensive crypto law.

The legislation aims to protect consumers, safeguard financial stability and market integrity, and provide regulatory clarity for the crypto-asset industry.

In addition, the Transfer of Funds regulation was also approved, requiring crypto operators to identify their customers to prevent money laundering.

Finally, the EU’s actions will come into effect next year.

CySEC: CIFs Risk Based Supervision Framework (the “RBS-F”) Submission for 2022

Cyprus Securities & Exchange Commission (the ‘CySEC’) has issued Circular C563 regarding the Risk Based Supervision Framework (the ‘RBS-F’) – Electronic submission of information for the year 2022 (Form RBSF-CIF) related to the Cyprus Investment Firms.

In this respect, CySEC has developed Form RBSF-CIF (the ‘Form’), Version 7, which is due to be submitted on the 26th of May 2023.

It shall be noted that the RBSF Form must be completed and successfully submitted to CySEC, by all CIFs that were authorised by December 31, 2022.