In a significant move to enhance regulatory practices within Cyprus’ financial sector, the Cyprus Securities and Exchange Commission (CySEC) has recently issued two essential circulars, C603 and C604. These circulars provide detailed guidelines and directives to ensure strict adherence to international standards and foster a secure financial environment for all stakeholders.

Circular C603: ESMA Guidelines on MiFID II Product Governance Requirements

Issued on 12th October 2023, Circular C603 informs Cyprus Investment Firms (CIFs), UCITS Management Companies (UCITS MC), and Alternative Investment Fund Managers (AIFMs) about the European Securities and Markets Authority (ESMA) Guidelines on MiFID II product governance requirements. These guidelines, published on 03/08/2023, and being effective from 03/10/2023, establish consistent supervisory practices and ensure the uniform application of MiFID II requirements related to product governance. They are applicable to a wide array of financial institutions involved in the manufacturing or distribution of financial instruments and structured deposits.

Please find below the key points arising from the above mentioned ESMA Guidelines:

1. Introduction to MiFID II Product Governance Requirements:

• MiFID II regulations mandate firms to define and evaluate target markets for their financial products.
• Manufacturers and distributors must ensure their products meet the needs and characteristics of identified target markets.

2. Manufacturer’s Responsibilities:

• Manufacturers must define a “positive target market” for each product, considering client type, knowledge, financial situation, risk tolerance, and objectives.
• Manufacturers should also identify a “negative target market” for clients incompatible with the product features.
• Sustainability-related objectives influence the positive target market; however, sustainability factors aren’t considered for negative target market assessments.

3. Distributor’s Obligations:

• Distributors should assess the positive target market defined by the manufacturer and identify clients compatible with the product.
• Distributors are required to define their “own” target market if the manufacturer hasn’t provided one, ensuring an appropriate and proportionate approach.
• Firms distributing products not complying with MiFID II regulations should refrain from including them in their assortment.

4. Target Market Identification Process:

• Manufacturers and distributors should consider the complexity and risk profiles of products when identifying target markets.
• The negative target market indicates clients for whom the product is incompatible and sales to this group should be rare, requiring substantial justification.
• Deviations from the target market should be documented, justified, and reported if relevant for the product governance process.

5. Application to Wholesale Markets and Professional Clients:

• Professional clients’ assumed knowledge and experience should be considered when defining target markets.
• Professional clients acting as distributors must comply with distributor obligations.
• Some products may have broadly defined target markets, including both retail and professional clients, while others, especially complex products, have narrowly defined target markets.

6. Application to Pre-existing Products:

• Products manufactured before January 3, 2018, should fall under MiFID II product governance requirements.
• Target markets should be assigned to these products, with reviews conducted following MiFID II guidelines.

7. Conclusion and Compliance:

• Firms must adhere to MiFID II regulations, ensuring products align with defined target markets and client needs.
• Clear documentation, assessment, and periodic reviews are crucial for compliance.

CySEC, in its circular, emphasizes the importance of these guidelines by integrating them into its supervisory framework. Regulated Entities are urged to diligently apply the guidelines, ensuring compliance with the specified regulatory standards.

Circular C604: EBA Guidelines on Outsourcing

CySEC, on 13/10/2023, also issued Circular C604 to inform Cyprus Investment Firms (CIFs) about the Guidelines released by the European Banking Authority (EBA) on 25/02/2019 regarding outsourcing arrangements. CySEC has incorporated these Guidelines into its supervisory and regulatory practices.

These Guidelines are applicable to CIFs falling under sections 9(1), (3), and (4) of the Prudential Supervision of Investment Firms Law of 2021, specifically those with initial capital requirements of €150,000 and €750,000. They outline internal governance arrangements and risk management protocols that CIFs must follow when outsourcing functions, especially critical or important ones. The Guidelines also provide guidance on how competent authorities should review and monitor these arrangements.

In Circular C604, CySEC urges CIFs to review and adjust existing outsourcing agreements to align with the Guidelines. If the review and adjustment of critical or important function outsourcing agreements are not completed by 30/06/2024, CIFs must inform CySEC through its portal, detailing the planned measures or exit strategy.

Additionally, CySEC emphasizes that CIFs must document all existing outsourcing arrangements (excluding those with cloud service providers) in accordance with Section 11 of the Guidelines after the first renewal date of each arrangement but no later than 30/06/2024.

You can access the EBA Guidelines on outsourcing arrangements here.

For the Prudential Supervision of Investment Firms Law of 2021, please refer to this link.

The issuance of Circulars C603 and C604 underscores CySEC’s dedication to fostering transparency, consistency, and adherence to international standards within Cyprus’ financial landscape. By aligning with ESMA Guidelines on MiFID II product governance requirements and EBA Guidelines on outsourcing, CySEC aims to create a robust framework that ensures the integrity of financial operations. Regulated Entities are urged to familiarize themselves with these guidelines, ensuring swift and accurate implementation. Through these directives, CySEC continues to fortify the financial sector, promoting stability and confidence among investors and market participants alike.

The Cyprus Securities and Exchange Commission (CySEC) introduced Circular C601 on October 12, 2023, marking a significant shift in client onboarding practices for various financial entities. Applicable to Cyprus Investment Firms (CIFs), Administrative Service Providers (ASPs), UCITS Management Companies, Alternative Investment Fund Managers, Crypto Asset Service Providers, and others, this Circular implements the European Banking Authority’s (EBA) Guidelines on Remote Customer Onboarding Solutions under Article 13(1) of Directive (EU) 2015/849. This article explores the key aspects of this Circular, shedding light on its practical implications for the financial industry.

1. Development of Policies and Procedures:

• Obligations: Institutions must establish and maintain risk-sensitive policies and procedures in line with Article 13(1) (a) and (c) of the AMLD, ensuring compliance with remote customer onboarding obligations.
• Pre-Implementation Assessment: Prior to adopting any new remote onboarding solution, institutions are mandated to conduct a pre-implementation assessment. This assessment guarantees the solution’s adequacy and adherence to regulatory standards, mitigating potential risks from the outset.

2. Identity Verification:

• Reliable Verification Methods: The guidelines underscore the importance of real-time identity verification methods, including one-time passwords, biometric data collection, and direct phone interactions with customers. These methods ensure the authenticity of the customer’s identity, fortifying the onboarding process.

3. Quality Assurance Testing:

• Critical Testing: Rigorous quality assurance testing is imperative to maintain the integrity of remote onboarding solutions.
• Testing Methods: Institutions should employ methods such as regular automated quality reports, sample testing, and manual reviews. These methods uphold the reliability and accuracy of the onboarding process.

4. Outsourcing and Third-Party Providers:

• Due Diligence: Institutions must integrate the guidelines into vendor due diligence exercises when outsourcing onboarding solutions.
• Third-Party Compliance: Institutions are responsible for ensuring that third-party solutions meticulously adhere to prescribed regulations. This vigilance is paramount to maintain compliance and security.

5. Document Review Using Technology:

• Algorithms and OCR: The guidelines provide explicit instructions on employing algorithms and Optical Character Recognition (OCR) methods for accurate and consistent review of Customer Due Diligence (CDD) documents.
• Accuracy Measures: Institutions must ensure these tools accurately and consistently capture information to maintain the integrity of the customer onboarding process.

6. Monitoring and Reporting:

• Regular Monitoring: Institutions must routinely monitor remote onboarding solutions to ensure alignment with regulatory expectations.
• Ad Hoc Reviews: Ad hoc reviews are necessary in response to changes in risks, detected deficiencies, increased fraud attempts, or alterations in the legal or regulatory framework.

7. Remedial Measures and Compliance:

• Prompt Actions: Institutions must establish procedures to promptly address risks and errors, including additional due diligence, transaction limits, relationship termination, reporting to FIU, etc.
• Demonstrating Compliance: Clear records of assessments and actions taken are indispensable for regulatory compliance and demonstrating adherence to guidelines.

8. Security and Compliance with ICT Standards:

• Secure Communication: Institutions should utilize secure communication channels, secure protocols, and cryptographic algorithms to safeguard the confidentiality, authenticity, and integrity of exchanged data.
• Secure Access Points: A secure access point must be provided for initiating the remote customer onboarding process based on qualified certificates for electronic seals or website authentication.

9. Use of Trust Services and National Identification Processes:

• Compliance with Solutions: Credit and financial institutions may leverage relevant trust services and electronic identification processes regulated, recognized, approved, or accepted by national authorities to comply with the guidelines. Mitigation measures are necessary to address authentication risks and potential identity frauds.

10. Storage of Customer Data:

• Data Storage Measures: Institutions must ensure that only necessary customer data is collected and stored within clearly defined retention periods.
• Data Access and Security: Access to stored data must be limited and registered, and appropriate security measures should be implemented to protect the stored data.

CySEC’s Circular C601 signifies a transformative phase where client onboarding evolves into a seamless, secure, and efficient process. By adhering meticulously to these guidelines, financial institutions not only fulfil regulatory mandates but also invest in a future defined by integrity and compliance. Embracing these changes, the industry establishes a new standard of excellence, ensuring a financial landscape built on trust and efficiency.

In light of Circular No: C602 recently issued by the Cyprus Securities and Exchange Commission (CySEC) concerning the Spanish National Securities Market Commission’s (CNMV) Resolution of 11 July 2023 on product intervention measures relating to Contracts for Differences (CFDs) and other leveraged products, it is imperative for both investors and financial service providers to grasp the newly introduced guidelines. This article aims to offer a comprehensive insight into the key aspects and implications of the CNMV’s resolution.

The CNMV’s Resolution of 11 July 2023 builds upon previous measures enacted in 2019 and focusing on concerns related to the marketing, distribution, and sale of CFDs and other leveraged products to retail investors in Spain. Despite earlier interventions, persistent aggressive marketing practices and high-risk investments have necessitated the implementation of additional protective measures.

The resolution is scheduled to become effective twenty days after its publication in the Spanish Official State Gazette. Current sponsorship or brand advertising agreements are permitted to continue until their initial expiration, within a maximum period of 12 months from the publication date.

Key Measures for CFDs:

The CNMV’s resolution introduces vital measures to ensure the safety and security of retail investors. These measures include:

1. Leverage Limitation: The CNMV has set limits on leverage ratios for different asset classes, such as 1/30 for relevant currencies, 1/20 for other currencies, gold, and relevant equity indices, and 1/2 for crypto assets, among others; thereby mitigating potential losses.
2. Close Position Protection: Implementation of close position protection to safeguard retail customers from significant losses.
3. Protection Against Negative Balances: Adequate protection to prevent retail investors from incurring losses exceeding their initial investment.
4. Prohibition of Certain Practices: Stricter regulations prohibiting the offering of excluded payments and non-monetary benefits concerning CFDs.
5. Mandatory Risk Warning: Inclusion of clear and comprehensive risk warnings in all marketing materials to highlight the high-risk nature of CFD investments.

Additional Measures for CFDs:

In addition to the key measures, the CNMV’s resolution includes further restrictions to ensure investor protection:

1. Prohibition of Certain Marketing Practices for CFDs:

• Rewards and Remuneration Prohibition: Providers are prohibited from offering rewards or remuneration to customers, marketing networks, or third parties based on the number of clients acquired, cash deposits, or losses by clients.
• Use of Call Centres: Providers are not allowed to use call centres to contact clients or potential clients to promote CFDs.
• Software Restrictions: The use of software where providers’ remuneration is determined based on client deposits or losses is prohibited.
• Credit Card Deposits: Acceptance of cash deposits using credit cards is prohibited.
• Prohibition of Advertising Communications: The marketing, distribution, and sale of subject instruments and services by means of advertising communications aimed at retail investors in Spain, including potential clients, shall be prohibited.

Please note that marketing communications prohibited will be considered to include those:

• Redirecting to a website that offers instruments or subject services;
• Sending to a contact form, an application download, or any other kind of tool intending to put the client in touch with investment service providers that offer said type of instruments or services;
• Offering training, technical seminars, courses, or sessions to the general public whenever such offers are related to the subject services or instruments, as well as similar training demo accounts or tools for retail investors or the general public that encourage investing in these, whether promoted or held by the regulated entities or by related or affiliated parties, regardless of whether they are free or have a token charge.

2. Scope of Application for Leveraged Instruments:

• The guidelines are applicable to entities authorized to provide investment services in Spain, irrespective of their origin, regarding the marketing, distribution, and sale of CFDs and other leveraged products to retail investors in Spain. It also extends to activities by Spanish firms in other Member States, especially in the case of CFDs with crypto-assets as underlying assets.

3. Specific Measures for Other Leveraged Instruments:

• For instruments beyond CFDs, such as futures and options, there are limitations on leverage and mandatory close position protection measures. These measures are designed to protect retail customers from excessive losses.

4. Periodic Review and Revocation of Measures:

• The measures adopted in this resolution may be reviewed annually and revoked as per the provisions of Article 42.6 of Regulation (EU) No 600/2014 of the European Parliament and of the Council, of 15 May 2014, on markets in financial instruments.

The measures outlined in the CNMV’s resolution, effective from 3 August 2023, apply universally to all entities authorized to provide investment services in Spain. These regulations pertain to any marketing, distribution, and sale of the specified instruments and services to retail investors in Spain. It is important to note that these guidelines are applicable irrespective of the origin of the investment firm marketing and distributing such products. This includes entities operating under the freedom to provide services without a physical establishment in Spain. The CNMV’s reach encompasses both local and international entities, emphasizing a comprehensive approach to investor protection within Spain’s financial markets.

CySEC emphasizes the importance for all CIFs engaged in marketing, distributing, and selling CFDs and similar leveraged products to retail investors in Spain to promptly adopt necessary actions and strategies to comply with the CNMV’s Resolution.

The CNMV’s latest resolution marks a significant leap in ensuring investor protection within Spain’s financial markets. Through rigorous regulations on CFDs and leveraged products, the CNMV aims to minimize risks for retail investors and eliminate aggressive marketing practices.

On 28th September 2023, the European Union underscored its commitment to global financial stability by strengthening its measures against money laundering, terrorist financing, and proliferation financing. This significant step forward was achieved through the amendment of Commission Delegated Regulation (EU) 2016/1675 via Commission Delegated Regulation (EU) 2023/2070, dated 18th August 2023. This amendment, slated to be effective on the 20th day following its publication in the Official Journal of the European Union, addresses evolving challenges in the financial landscape.

A comprehensive assessment conducted by the European Commission identified Cameroon and Vietnam as third country jurisdictions with strategic deficiencies in their Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regimes. These deficiencies were recognized as significant threats to the Union’s financial system. Consequently, Cameroon and Vietnam are scheduled to be added to the table in Point I of the Annex to the Delegated Regulation (EU) 2016/1675.

The addition of Cameroon and Vietnam reaffirms the EU’s dedication to safeguarding the integrity of its financial institutions. By fortifying its anti-money laundering, terrorist financing, and proliferation financing measures, the EU aims to create a secure financial environment, both internally and globally. This development signifies the EU’s proactive approach in adapting to emerging challenges and its commitment to international collaboration in combating financial crimes.

The amendment, executed with precision and in accordance with regulatory protocols, sets a standard for regulatory bodies worldwide. It emphasizes the importance of stringent AML/CFT regimes in ensuring a stable and secure global financial ecosystem. The EU’s decision to include Cameroon and Vietnam in its regulatory framework exemplifies the Union’s commitment to fostering financial security and integrity, thereby reinforcing confidence in the international financial markets.

The European Securities and Markets Authority (ESMA) has released a follow-up report on the compliance function under MiFID I, assessing the progress made by National Competent Authorities (NCAs) since the previous peer review in 2017.

The follow-up report focuses on the efforts of several NCAs, namely CySEC (CY), HCMC (EL), CBI (IS), AFM (NL), and ATVP (SI). These authorities have displayed commendable progress through the implementation of stronger supervisory frameworks, conducting investigations and thematic reviews, and utilizing enforcement tools to discourage misconduct within firms.

The report acknowledges the strides made by CySEC and CBI while offering guidance on further enhancements:

CySEC: The authority is encouraged to consolidate its supervisory approach to maintain an ongoing focus on firms’ compliance functions. This consolidation will ensure continuous monitoring and evaluation of compliance activities.

CBI: In order to bolster its supervisory approach, CBI is advised to integrate all aspects of the ESMA Guidelines on the compliance function under MiFID into its framework. Additionally, increasing controls on the compliance function of non-banking investment firms is recommended.

For more information on the follow-up report and its recommendations please visit the following link provided by ESMA – https://lnkd.in/ddTPDXW4

The Financial Services Authority (FSA) of Seychelles via Circular No. 5 of 2023 has informed financial services providers that, given that the guidelines regarding consumer protection have not yet been finalised from the FSA, shall be exempting all financial services providers from the obligation to submit a report due on the 15th of July 2023.

Therefore, any financial service providers who fail to submit their reports by the 15th of July 2023, will NOT incur the penalty provided under the FCPA.

However, financial service providers who have prepared their reports and wish to submit them, may do so, by the July 15th of 2023.

It should be noted, however, that all financial service providers will be required to submit the report for the reporting period of July to December 2023, by the 15th of January 2024.

In line with the MiCA roadmap announced last month, ESMA published yesterday its first consultation package related to the authorisation, identification and management of conflicts of interests of crypto-asset service providers (CASPs) and also how CASPs should address complaints.

ESMA invites comments from stakeholders by 20 September 2023, expecting insights with regards to stakeholders current and planned activities.

ESMA expects to publish a final report and submit the draft technical standards to the European Commission for endorsement by 30 June 2024 at the latest.

In the meantime, as per the MiCA roadmap the second consultation package is expected to be published in October 2023.

On 23rd of June 2023, the Global anti-money laundering watchdog FATF added Cameroon, Croatia and Vietnam to its “grey list” of countries for failing to combat money laundering and terrorism financing. Although no countries have been removed from the grey list, the plenary has approved onsite visits to Albania, the Cayman Islands, Jordan, and Panama, who have concluded their respective action plans.

Additionally, the link below provides the full details regarding the Jurisdictions under Increased Monitoring as of 23 June 2023.
https://lnkd.in/esug5Ak8

Following the publication of the EU MiCA Regulation in the Official Journal of the European Union (OJEU) on Friday 9th of June, we now have a clear roadmap about the developments of the crypto asset market and its service providers in the EU.

MiCA will enter into force on 29 June 2023. However, its provisions will become applicable on June 30th 2024 and on December 30th 2024.

In the meantime, ESMA will publish three consultation packages (the first one to cover the Level 2 and 3 measures with authorisation, governance, conflicts of interest, and complaint handling procedures).

Please see below the main timelines about the MiCA Regulation.
·        MiCA Publication in the Official Journal – June 9th, 2023
·        MiCA Enter into force – June 29th, 2023
·        first consultation package – July 2023
·        second consultation package – October 2023
·        third (and final) consultation package, including the MiCA mandates – Q1/2024
·        rules on E-Money tokens and Asset-Referenced tokens become applicable – June 30th, 2024
·        rules on remaining provisions of MiCA – December 30th, 2024

FiveComply team will provide more details about the development of the EU Crypto Asset Market very soon. Stay tuned!

CySEC adopts EBA Guidelines regarding remuneration practices and the gender pay gap in accordance with Directive (EU) 2019/2034 (EBA/GL/2022/07). In addition, the provision of relevant data regarding high earners, i.e. staff member(s) earning a remuneration of at least EUR 1 million in the reported financial year should be submitted to the Commission.

The Guidelines on benchmarking exercises on remuneration practices and the gender pay gap, and the Guidelines on data collection exercises regarding high earners apply to €150.000 and €750.000 CIFs.

CIFs regarding remuneration data, should by 15 June of each calendar year, submit to CySEC:

• information on the remuneration of all staff as set out in Annex I of the Guidelines on benchmarking exercises on remuneration practices and the gender pay gap,
• additional information on remuneration for identified staff as set out in Annex II and Annex III of the Guidelines on benchmarking exercises on remuneration practices and the gender pay gap, and
• information on derogations, as specified in Annex IV of the Guidelines on benchmarking exercises on remuneration, practices, and the gender pay gap.

The remuneration data, i.e. Annex I to IV, as mentioned above, of the Guidelines on benchmarking exercises on remuneration practices and the gender pay gap, for the financial year ending in 2022, should be submitted by CIFs to CySEC by 31 August 2023.

CIFs, regarding gender pay data, should by 15 June every three years, starting from 2024, submit to CySEC, with regard to the financial year 2023, the information set out in Annex V of the Guidelines on benchmarking exercises on remuneration practices and the gender pay gap.

The aforementioned Annexes can be found in the Directive (EU) 2019/2034 (EBA/GL/2022/07).

Regarding high earner’s data collection, CIFs should submit to CySEC, the Annexes of Directive (EU) 2019/2034 (EBA/GL/2022/08), each year for any given financial year by 15 June of the next calendar year. CySEC highlights that the high-earners data for the financial year ending in 2022 should be submitted by CIFs by 31 August 2023.

However, where a CIF does not have high earners to report, it is not necessary to submit this information, unless explicitly required by CySEC.

Finally, the benchmarking data, gender pay gap data, and high-earners data should be submitted to CySEC through CySEC’s Xbrl Portal only.