EU Proposed Regulation on Markets in Crypto Assets

On 24 September 2020, the European Commission published its proposal on the Regulation on Markets in Crypto Assets (‘MiCA Regulation’), which shall form part of a wider set of publications on Europe’s Digital Finance Strategy. On 24 November 2021, the European Council published a significantly expanded proposed MiCA Regulation (available here).

The objectives of MiCA Regulation are the following: 

  • To provide legal certainty for crypto-assets not covered by existing EU financial services legislation;
  • To establish uniform rules for crypto-asset service providers and issuers at an EU level; and
  • To establish specific rules for the so-called ‘stablecoins’, including when these are e-money.

The proposed MiCA Regulation aims to enhance consumer protection, transparency and governance standards, given the fact that, the AML risks related to cryptos were addressed with the introduction of the 5th EU Anti-Money Laundering Directive.

It is expected that, the MiCA Regulation will be formalised within 2022 and EU competent authorities shall need to comply with the provisions of the Regulation which shall be directly applicable in all EU Member States.

Our FiveComply team is always vigilant to provide you with the latest updates on the matter.

FiveComply attends CySEC Digital Event

FiveComply has attended today CySEC’s digital event “CySEC 25 Years: The Past, Present and Future of Financial Development and Innovation” which discussed various interesting topics relating to the growth and expansion of CySEC and the evolvement of the financial industry in Cyprus throughout the years.

One of the most important remarks of today’s event, was the Chairwoman’s, Ms. Demetra’s Kalogerou statement relating to crypto asset service providers and the fact that, CySEC will prepare the relevant applications for registration by September 2021.

As always, our team will keep you updated!

Extension of CySEC Deadlines

The Cyprus Securities and Exchange Commission (‘CySEC’) has issued Circular C445 to inform CIFs that, due to the COVID-19 situation, the deadlines for submission of the following to CYSEC are extended:

Reporting Obligations Previous deadline New deadline
1.      Annual Compliance Function Report for the year 2020 30 April 2021 30 June 2021
2.      Annual Risk Management Report for the year 2020 30 April 2021 30 June 2021
3.      Annual Internal Audit Report for the year 2020 30 April 2021 30 June 2021
4.      Annual Audited Financial Statements for the year 2020 30 April 2021 30 June 2021
5.      Annual Auditors’ Suitability Report for the year 2020 30 April 2021 30 June 2021
6.      Pillar III Disclosures for the year ending 31 December 2020  30 April 2021 30 June 2021
7.      COREP forms based on the audited financial statements of 2020 31 May 2021 30 June 2021
8.      External Auditors’ verification report on Pillar III Disclosures 31 May 2021 1 June 2021 – 31 August 2021
9.      Disclosures made in Form 144-14-11 (Prudential Supervision Information) 30 June 2021 31 July 2021

In regards to Pillar III Disclosures, CySEC stated that, in case their publication is delayed, the CIF needs to inform the market participants for that delay, the reasons of delay and, to the extent possible, their estimated publication date.

Our Team remains at your disposal for any assistance you may require in regards to the above.

Circular C436: Findings of the assessment of Compliance Officers’ Annual Reports and the Internal Audit Reports on the prevention of money laundering and terrorist financing

CySEC has conducted an annual assessment of all the Compliance Officers’ Annual Reports (‘CO Reports’) and Internal Audit Reports (‘IA Reports’) for the year 2019 along with their Board of Directors minutes (‘BoD minutes’), as these were submitted to CySEC during 2020. CySEC during this annual review, assessed the compliance of Regulated Entities with their obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Law (‘the Law’) and the CySEC’s Directive for the Prevention of Money Laundering and Terrorist Financing (the ‘Directive’).

  1. What shall be noted?

In summary, CySEC has found common and recurring weaknesses/deficiencies concerning the content of the CO and IA Reports and their BoD minutes, based on which Regulated Entities should ensure that the following obligations are upheld in accordance with the Law and the Directive:

  • The Compliance Officer’s obligation for the correct preparation of the Annual CO Report and the sufficient assessment of the level of compliance of the Regulated Entity in relation to the prevention of money laundering and terrorist financing.
  • The Internal Auditor’s obligation for the correct preparation of the IA Report and the sufficient review and evaluation of the appropriateness, effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms applied by the Regulated Entity for the prevention of money laundering and terrorist financing.
  • The Regulated Entity’s BoD obligation for the sufficient assessment and approval of the Annual Report and the Internal Audit Report and taking all appropriate measures for the correction of any weaknesses and/or deficiencies identified, as well as the implementation timeframe of these measures.
  • The Regulated Entity’s BoD obligation to ensure the overall implementation of all requirements of the Law and the Directive, as well as to ensure that appropriate, effective and sufficient systems and controls are introduced for achieving the abovementioned requirement.

More detailed information on the weaknesses/deficiencies identified by CySEC can be found here.

  1. Next steps towards?

CySEC in its Circular has informed Regulated Entities that the weaknesses and deficiencies that were identified in the said annual assessment will be the subject of subsequent compliance checks by CySEC.

In addition, CySEC expects that Regulated Entities will prepare the Annual Reports for the year 2021 and onwards based on the CySEC findings.

Thus, if you need any help in assessing compliance of your Company with the regulatory framework and the preparation of the Reports, please let us know.

Our team of experts, can help you stay compliant by offering solutions tailored to your Company’s needs!

Circular C441: CySEC Review on Common Deficiencies and Good Practices of Certain Aspects of the Compliance Function

The Cyprus Securities and Exchange Commission (‘CySEC’) has recently carried out a review on whether Regulated Entities (i.e. CIFs and Management Companies[1]) are in compliance with the requirements imposed under Article 17(2) of the Investment Services, Activities and Regulated Markets Law (‘the Law’).

Based on the review, CySEC has identified certain good practices and uncovered common deficiencies and/or omissions in order to help Regulated Entities increase the effectiveness of their compliance function.

  1. Weaknesses/Deficiencies identified

CySEC’s key weaknesses/deficiencies have focused on three areas of concern:

  1. Risk Assessment, Monitoring Activities and Compliance Programme;
  2. Reporting Obligation (i.e. the Compliance Officer shall report to the management body at least once a year, the content of such reports, evaluation of procedures by compliance officers, etc.);
  • Advisory obligations of the compliance function (e.g. staff training, participation in creating new policies and procedures, day-to-day assistance for staff, etc.).

You can refer to Circular C441, for additional information on the identified weaknesses/deficiencies.

  1. Good Practices identified


  1. Formal meetings of the senior management were held on a quarterly basis, with the physical presence of all members and the compliance officer in attendance.
  2. Minutes of the quarterly meetings were adequately and properly kept (i.e. they included a brief description of the issues discussed, a brief reference to the important views/suggestions expressed, as well as a satisfactory description of the handling/decision/suggestions put forward).
  3. Preparation of quarterly reports for core compliance areas, such as, the monitoring of the Regulated Entity’s post trading reporting obligation for the senior management’s attention.
  4. A good practice identified relevant to corporate governance, was the inclusion of the review conducted on the order of board meetings in the Annual Compliance Report (e.g. by evaluating and documenting that meetings were properly summoned and that the agenda and the right materials were sent to the senior management beforehand, as well as an evaluation on the interaction of the senior management with the compliance officer).
  5. The inclusion of the extent and frequency of training to staff in the Annual Compliance Report and documenting/justifying why trainings should be tailored on each department’s needs and activities.
  6. Including a training log in the Annual Compliance Report.
  7. The inclusion of a communication log in the Annual Compliance Report listing the communication with CySEC.
  1. What are the next steps to be taken by Regulated Entities?


All Regulated Entities shall consider the issues raised by CySEC and conduct a review of their policies and arrangements in order to ensure whether the Company is in compliance with the requirements imposed under the relevant legislative framework for the compliance function. If any deficiencies are identified, immediate actions shall be taken to rectify the situation and ensure compliance.

Our team at FiveComply can perform a review on your behalf and assist you in identifying any deficiencies in the Company’s policies and arrangements. We can assist you in finding suitable solutions to eliminate any deficiencies by reviewing and revisiting your current policies and procedures and provide practical results, so your Company can achieve compliance with the CySEC and European regulatory frameworks.

[1] AIFMs when providing services pursuant to section 6(6) of Law 56(I)/20013, as in force and UCITS

Management companies when providing services pursuant to section 109(4) of Law 78(I)/2012, as in force.

FSA Seychelles: Transaction Threshold Reporting

Recent amendments to the serial 2 and 4 of the Third Schedule of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2020 (“AML/CFT Act”) now require reporting entities under the AML/CFT Act to file Cash Transaction Threshold Reporting (“CTTR”) and Wire Transfer Transaction Reporting (“WTTR”) with the Financial Intelligence Unit Seychelles (“FIU”), as per the following:


“Every financial institution that sends domestically or cross-border or receives cross-border wire transfers, including electronic fund transfers, shall report all wire transfers of SCR50,000 or more of the equivalent money in the currency of other countries.”


“Every Bureau de Change, including banks acting as Bureau de Change for forex trading in respect of persons who are not their customers shall report all transactions of its customers involving SCR 5,000 or more or the equivalent money in the currency of other countries.”

Revised FIU Guidelines and Reporting Templates

Further to the above legislative amendments, the FIU has revised its guidelines and reporting templates in relation to both WTTR and CTTR. The revised guidelines and reporting templates can be accessed here.

Submissions to the FIU

The submissions based on the amended provisions of the AML/CFT Act shall commence on 1 May 2021.  All submissions shall be made using the revised Forms, which shall include retrospective cash transactions or wire transfers, that have been effected on or after 5 March 2021.

Please note that Threshold Reporting is not a new obligation. Therefore, all reporting entities which are currently submitting Threshold Reports to the FIU are required to continue with their submissions, as per the current established procedures, until 30 April 2021.

What is a Threshold Report?

A Threshold Report is a report that reporting entities are required to file with the FIU for executing cash transactions or wire transfers above the prescribed threshold limit.

The threshold reporting obligation is clearly defined in the AML/ CFT Act 2020, Section 5 of the AML/ CFT Act creates the obligation on reporting entities to file CTTR and WTTR with the FIU in the manner prescribed by the FIU.

Our Team at FiveComply can assist you comply with the abovementioned obligations. Do not hesitate to contact us.

Circular C435: Requirements of the Czech National Bank (the ‘CNB’) for the establishment of a branch regarding the provision of investment services and/or the performance of investment activities in the territory of Czech Republic.

CySEC has issued Circular C435 in order to inform Cyprus Investment Firms (‘CIFs’) which intend to provide investment and/or ancillary services and/or perform investment activities in the territory of Czech Republic, to CNB’s regulatory rules regarding the persons that are allowed to provide such services.

On 24 March 2020, the Czech Parliament adopted the Act No. 119/2020 Coll., which amended Act No. 256/2004 Coll., (hereinafter the “Amended Act”), being the Czech national law transposing MiFID II. Under Section 25 of the Amended Act, investment firms established in other EEA Member States providing cross-border services to retail clients and professional clients on request under MiFID II passport are allowed to provide services under the freedom to provide services (i.e. without establishing a branch), with respect to Article 57 TFEU, only on a temporary or occasional basis.

Pursuant to Section 25 of the Amended Act, if non-Czech investment firms are presumed to provide investment services to retail and professional on request clients on a permanent basis, such firms will be under a strict obligation to establish a branch in the Czech Republic, and may only provide investment services under Article 35 of MiFID II (establishment of branch). The requirement for the establishment of a branch does not apply for investment services provided to professional clients by default (as per Section 2a of the Amended Act).

Section 25(1) of the Amended Act provides as follows:

“A foreign person authorised by the supervisory authority of another EU member state to provide investment services may provide investment services, for which it has such authorisations of its supervisory authority of the home state, in the Czech Republic without location of a branch in the Czech Republic in compliance with the EU legislation, temporarily or occasionally, if it is not investment services provided to professional clients pursuant to Section 2a, to whom investment services can be provided in this way even permanently. The CNB shall inform this person without undue delay that it has received data from the supervisory authority of the home state concerning the intended provision of investment services by this person in the Czech Republic.”

Our team at FiveComply remains at your disposal and can help you comply with the abovementioned obligations.

Temporary Suspension of RTS 27

Directive (EU) 2021/338 of 16 February 2021 was introduced to amend Directive 2014/65/EU (‘MiFID II’), as regards information requirements, product governance and position limits, and Directives 2013/36/EU and (EU) 2019/878 as regards their application to investment firms, to help the recovery from the COVID-19 crisis.

One of the most important amendments introduced was the temporary suspension of the RTS 27 reporting requirements, as they were deemed “not to enable investors and other users to make any meaningful comparisons on the basis of the information they contain” (Recital 9 of the Directive (EU) 2021/338).

Thus, in Article 27(3) of the MiFID II, the following subparagraph has been added:

“The periodic reporting requirement to the public laid down in this paragraph shall not apply until 28 February 2023. The Commission shall comprehensively review the adequacy of the reporting requirements laid down in this paragraph and submit a report to the European Parliament and the Council by 28 February 2022”.

The Directive (EU) 2021/338 has entered into force on 27 February 2021. 

It remains to be seen how CySEC will implement those amendments on a national level, as EU Directives are not directly effective but need to be enacted by national legislation. However, it is expected that all EU regulators will adopt this.

Our team of experts at FiveComply will keep you posted on any updates.

Deadline for the GoAML Registration of Reporting Entities with the FIU Seychelles

Reporting Entities under the First Schedule of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2020 (‘AML/CFT Act’) have an obligation until 1 April 2021 to register with the Seychelles Financial Intelligence Unit (‘FIU’) registration system, GoAML.

Pursuant to Section 31 of the AML/CFT Act and Regulation 7 of the Anti-Money Laundering and Countering the Financing of Terrorism Regulations 2020 (‘AML/CFT Regulations’), all Reporting Entities have an obligation to register with the Financial Intelligence Unit (‘FIU’) within 60 days of the coming into force of the AML/CFT Regulations or commencement of its business (i.e. 1 April 2021).

The link to access the online GoAML platform can be found here; it includes guidelines on the registration process and other relevant details/information on how to register.

Our team at FiveComply may help you with your registration and to stay compliant with the regulatory requirements imposed by the Financial Services Authority Seychelles.

Circular C430: Requirements of the Portuguese Securities and Exchange Commission (‘the CMVM’) regarding the promotion, distribution and marketing of PRIIPs in the territory of Portugal

The Cyprus Securities and Exchange Commission (‘CySEC’) with Circular C430, wishes to inform CIFs as to the current revised CMVM’s regulatory framework applicable with regards to promoting, distributing, marketing and/or making packaged retail investment and insurance products (the “PRIIPs”) available in Portugal and/or to investors in Portugal. The new regulatory framework introducing four Regulations, was published on 10 November 2020 by the CMVM and reduces the duties of regular reporting of information to the CMVM; the simplified reporting obligations will take effect, as of 1st of July 2021. With regards to the obligation to provide investors with key information documents (KIDs) and the obligations of PRIIPs marketing communications, the following CMVM requirements shall apply:

  1. CIFs must proceed with the prior submission of the relevant KID(s) to the CMVM, at least two days in advance of the date in which the KID(s) and/or PRIIPs are intended to be made available in Portugal and/or investors in Portugal;
  2. The obligation under point 1 above, is also applicable for KIDs produced and/or prepared and/or reviewed before the date of entry into force of the CMVM Regulation No.8/2018 (i.e. 10 December 2020);
  3. The submission of KIDs to the CMVM should be completed through CMVM’s Extranet subject to the CMVM Regulation No 3/2016 and articles 5(6) and 8(3) of the CMVM Regulation No. 8/2018. At this point it shall be noted that, the forms of reporting/upload of information are changed (CMVM Regulation No. 6/2020) and will take effect from 1 July 2021. In the event that the submission is made through alternative means (e.g. email), CIFs must provide an explanation and, as soon as possible, to successfully complete the submission through the Extranet (as per article 10(2) of CMVM Regulation 3/2016). Therefore, CIFs are required to be connected to the Extranet by filling the appropriate request form and by sending the request form to the CMVM (as per article 6(3) and Annex of the CMVM Regulation No. 3/2016).

  4. B. PRIIPS (Marketing Communications)
  5. CIFs are required to comply with the legal and regulatory framework applicable to marketing communications, promoting or advertising materials.
    Relevant for compliance with the above are, Article 9 of the Regulation (EU) No. 1286/2014, Article 4 of the Portuguese Law No. 35/2018 of 20 July, article 7(4) and 292 of the Portuguese Securities Code and articles 14-17 of CMVM Regulation No.8/2018, regarding requirements for information sources and expression of restricted use in marketing communications, minimum content, marketing communications with links to other websites and electronic trading platforms.
  6. Advertising messages and/or marketing communications related to PRIIPs are subject to prior approval by the CMVM, which will decide within seven working days after receiving the fully instructed request;
  7. The advertising approval request of point 5 above, must be accompanied by the following, in accordance with article 4 of the Portuguese Law No. 35/2018, of 20 July:
    1. Application to request prior approval of advertising relating to PRIIPs (can be accessed through the link here);
    2. The draft advertising message;
    3. The material elements related to the media through which the advertising message is expected to be disseminated;
    4. The fundamental information document related to the PRIIP to be advertised, except when it has been previously notified;
  8. The advertising message can be used within six months after the date of its approval.
CySEC expects all CIFs that promote, distribute, market and/or make PRIIPs available in Portugal and/or to investors in Portugal to take, where necessary, appropriate actions and measures to adhere to the aforementioned requirements of the CMVM.