On 24 September 2020, the European Commission published its proposal on the Regulation on Markets in Crypto Assets (‘MiCA Regulation’), which shall form part of a wider set of publications on Europe’s Digital Finance Strategy. On 24 November 2021, the European Council published a significantly expanded proposed MiCA Regulation (available here).

The objectives of MiCA Regulation are the following: 

• To provide legal certainty for crypto-assets not covered by existing EU financial services legislation;
• To establish uniform rules for crypto-asset service providers and issuers at an EU level; and
• To establish specific rules for the so-called ‘stablecoins’, including when these are e-money.

The proposed MiCA Regulation aims to enhance consumer protection, transparency and governance standards, given the fact that, the AML risks related to cryptos were addressed with the introduction of the 5^th EU Anti-Money Laundering Directive.

It is expected that, the MiCA Regulation will be formalised within 2022 and EU competent authorities shall need to comply with the provisions of the Regulation which shall be directly applicable in all EU Member States.

Our FiveComply team is always vigilant to provide you with the latest updates on the matter.

FiveComply has attended today CySEC’s digital event “CySEC 25 Years: The Past, Present and Future of Financial Development and Innovation” which discussed various interesting topics relating to the growth and expansion of CySEC and the evolvement of the financial industry in Cyprus throughout the years.

One of the most important remarks of today’s event, was the Chairwoman’s, Ms. Demetra’s Kalogerou statement relating to crypto asset service providers and the fact that, CySEC will prepare the relevant applications for registration by September 2021.

As always, our team will keep you updated!

The Cyprus Securities and Exchange Commission (‘CySEC’) has issued Circular C445 to inform CIFs that, due to the COVID-19 situation, the deadlines for submission of the following to CYSEC are extended:

In regards to Pillar III Disclosures, CySEC stated that, in case their publication is delayed, the CIF needs to inform the market participants for that delay, the reasons of delay and, to the extent possible, their estimated publication date.

Our Team remains at your disposal for any assistance you may require in regards to the above.

CySEC has conducted an annual assessment of all the Compliance Officers’ Annual Reports (‘CO Reports’) and Internal Audit Reports (‘IA Reports’) for the year 2019 along with their Board of Directors minutes (‘BoD minutes’), as these were submitted to CySEC during 2020. CySEC during this annual review, assessed the compliance of Regulated Entities with their obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Law (‘the Law’) and the CySEC’s Directive for the Prevention of Money Laundering and Terrorist Financing (the ‘Directive’).

1. What shall be noted?

In summary, CySEC has found common and recurring weaknesses/deficiencies concerning the content of the CO and IA Reports and their BoD minutes, based on which Regulated Entities should ensure that the following obligations are upheld in accordance with the Law and the Directive:

• The Compliance Officer’s obligation for the correct preparation of the Annual CO Report and the sufficient assessment of the level of compliance of the Regulated Entity in relation to the prevention of money laundering and terrorist financing.
• The Internal Auditor’s obligation for the correct preparation of the IA Report and the sufficient review and evaluation of the appropriateness, effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms applied by the Regulated Entity for the prevention of money laundering and terrorist financing.
• The Regulated Entity’s BoD obligation for the sufficient assessment and approval of the Annual Report and the Internal Audit Report and taking all appropriate measures for the correction of any weaknesses and/or deficiencies identified, as well as the implementation timeframe of these measures.
• The Regulated Entity’s BoD obligation to ensure the overall implementation of all requirements of the Law and the Directive, as well as to ensure that appropriate, effective and sufficient systems and controls are introduced for achieving the abovementioned requirement.

More detailed information on the weaknesses/deficiencies identified by CySEC can be found here.

1. Next steps towards?

CySEC in its Circular has informed Regulated Entities that the weaknesses and deficiencies that were identified in the said annual assessment will be the subject of subsequent compliance checks by CySEC.

In addition, CySEC expects that Regulated Entities will prepare the Annual Reports for the year 2021 and onwards based on the CySEC findings.

Thus, if you need any help in assessing compliance of your Company with the regulatory framework and the preparation of the Reports, please let us know.

Our team of experts, can help you stay compliant by offering solutions tailored to your Company’s needs!

The Cyprus Securities and Exchange Commission (‘CySEC’) has recently carried out a review on whether Regulated Entities (i.e. CIFs and Management Companies[1]) are in compliance with the requirements imposed under Article 17(2) of the Investment Services, Activities and Regulated Markets Law (‘the Law’).

Based on the review, CySEC has identified certain good practices and uncovered common deficiencies and/or omissions in order to help Regulated Entities increase the effectiveness of their compliance function.

1. Weaknesses/Deficiencies identified

CySEC’s key weaknesses/deficiencies have focused on three areas of concern:

1. Risk Assessment, Monitoring Activities and Compliance Programme;
2. Reporting Obligation (i.e. the Compliance Officer shall report to the management body at least once a year, the content of such reports, evaluation of procedures by compliance officers, etc.);

• Advisory obligations of the compliance function (e.g. staff training, participation in creating new policies and procedures, day-to-day assistance for staff, etc.).

You can refer to Circular C441, for additional information on the identified weaknesses/deficiencies.

1. Good Practices identified

1. Formal meetings of the senior management were held on a quarterly basis, with the physical presence of all members and the compliance officer in attendance.
2. Minutes of the quarterly meetings were adequately and properly kept (i.e. they included a brief description of the issues discussed, a brief reference to the important views/suggestions expressed, as well as a satisfactory description of the handling/decision/suggestions put forward).
3. Preparation of quarterly reports for core compliance areas, such as, the monitoring of the Regulated Entity’s post trading reporting obligation for the senior management’s attention.
4. A good practice identified relevant to corporate governance, was the inclusion of the review conducted on the order of board meetings in the Annual Compliance Report (e.g. by evaluating and documenting that meetings were properly summoned and that the agenda and the right materials were sent to the senior management beforehand, as well as an evaluation on the interaction of the senior management with the compliance officer).
5. The inclusion of the extent and frequency of training to staff in the Annual Compliance Report and documenting/justifying why trainings should be tailored on each department’s needs and activities.
6. Including a training log in the Annual Compliance Report.
7. The inclusion of a communication log in the Annual Compliance Report listing the communication with CySEC.

1. What are the next steps to be taken by Regulated Entities?

All Regulated Entities shall consider the issues raised by CySEC and conduct a review of their policies and arrangements in order to ensure whether the Company is in compliance with the requirements imposed under the relevant legislative framework for the compliance function. If any deficiencies are identified, immediate actions shall be taken to rectify the situation and ensure compliance.

Our team at FiveComply can perform a review on your behalf and assist you in identifying any deficiencies in the Company’s policies and arrangements. We can assist you in finding suitable solutions to eliminate any deficiencies by reviewing and revisiting your current policies and procedures and provide practical results, so your Company can achieve compliance with the CySEC and European regulatory frameworks.

[1] AIFMs when providing services pursuant to section 6(6) of Law 56(I)/20013, as in force and UCITS

Management companies when providing services pursuant to section 109(4) of Law 78(I)/2012, as in force.

Recent amendments to the serial 2 and 4 of the Third Schedule of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2020 (“AML/CFT Act”) now require reporting entities under the AML/CFT Act to file Cash Transaction Threshold Reporting (“CTTR”) and Wire Transfer Transaction Reporting (“WTTR”) with the Financial Intelligence Unit Seychelles (“FIU”), as per the following:

1. REPORTING THRESHOLD APPLICABLE TO WIRE TRANSFERS

“Every financial institution that sends domestically or cross-border or receives cross-border wire transfers, including electronic fund transfers, shall report all wire transfers of SCR50,000 or more of the equivalent money in the currency of other countries.”

1. REPORTING THRESHOLD APPLICABLE TO BUREAU DE CHANGE

“Every Bureau de Change, including banks acting as Bureau de Change for forex trading in respect of persons who are not their customers shall report all transactions of its customers involving SCR 5,000 or more or the equivalent money in the currency of other countries.”

Revised FIU Guidelines and Reporting Templates

Further to the above legislative amendments, the FIU has revised its guidelines and reporting templates in relation to both WTTR and CTTR. The revised guidelines and reporting templates can be accessed here.

Submissions to the FIU

The submissions based on the amended provisions of the AML/CFT Act shall commence on 1 May 2021.  All submissions shall be made using the revised Forms, which shall include retrospective cash transactions or wire transfers, that have been effected on or after 5 March 2021.

Please note that Threshold Reporting is not a new obligation. Therefore, all reporting entities which are currently submitting Threshold Reports to the FIU are required to continue with their submissions, as per the current established procedures, until 30 April 2021.

What is a Threshold Report?

A Threshold Report is a report that reporting entities are required to file with the FIU for executing cash transactions or wire transfers above the prescribed threshold limit.

The threshold reporting obligation is clearly defined in the AML/ CFT Act 2020, Section 5 of the AML/ CFT Act creates the obligation on reporting entities to file CTTR and WTTR with the FIU in the manner prescribed by the FIU.

Our Team at FiveComply can assist you comply with the abovementioned obligations. Do not hesitate to contact us.

CySEC has issued Circular C435 in order to inform Cyprus Investment Firms (‘CIFs’) which intend to provide investment and/or ancillary services and/or perform investment activities in the territory of Czech Republic, to CNB’s regulatory rules regarding the persons that are allowed to provide such services.

On 24 March 2020, the Czech Parliament adopted the Act No. 119/2020 Coll., which amended Act No. 256/2004 Coll., (hereinafter the “Amended Act”), being the Czech national law transposing MiFID II. Under Section 25 of the Amended Act, investment firms established in other EEA Member States providing cross-border services to retail clients and professional clients on request under MiFID II passport are allowed to provide services under the freedom to provide services (i.e. without establishing a branch), with respect to Article 57 TFEU, only on a temporary or occasional basis.

Pursuant to Section 25 of the Amended Act, if non-Czech investment firms are presumed to provide investment services to retail and professional on request clients on a permanent basis, such firms will be under a strict obligation to establish a branch in the Czech Republic, and may only provide investment services under Article 35 of MiFID II (establishment of branch). The requirement for the establishment of a branch does not apply for investment services provided to professional clients by default (as per Section 2a of the Amended Act).

Section 25(1) of the Amended Act provides as follows:

“A foreign person authorised by the supervisory authority of another EU member state to provide investment services may provide investment services, for which it has such authorisations of its supervisory authority of the home state, in the Czech Republic without location of a branch in the Czech Republic in compliance with the EU legislation, temporarily or occasionally, if it is not investment services provided to professional clients pursuant to Section 2a, to whom investment services can be provided in this way even permanently. The CNB shall inform this person without undue delay that it has received data from the supervisory authority of the home state concerning the intended provision of investment services by this person in the Czech Republic.”

Our team at FiveComply remains at your disposal and can help you comply with the abovementioned obligations.

Directive (EU) 2021/338 of 16 February 2021 was introduced to amend Directive 2014/65/EU (‘MiFID II’), as regards information requirements, product governance and position limits, and Directives 2013/36/EU and (EU) 2019/878 as regards their application to investment firms, to help the recovery from the COVID-19 crisis.

One of the most important amendments introduced was the temporary suspension of the RTS 27 reporting requirements, as they were deemed “not to enable investors and other users to make any meaningful comparisons on the basis of the information they contain” (Recital 9 of the Directive (EU) 2021/338).

Thus, in Article 27(3) of the MiFID II, the following subparagraph has been added:

“The periodic reporting requirement to the public laid down in this paragraph shall not apply until 28 February 2023. The Commission shall comprehensively review the adequacy of the reporting requirements laid down in this paragraph and submit a report to the European Parliament and the Council by 28 February 2022”.

The Directive (EU) 2021/338 has entered into force on 27 February 2021. 

It remains to be seen how CySEC will implement those amendments on a national level, as EU Directives are not directly effective but need to be enacted by national legislation. However, it is expected that all EU regulators will adopt this.

Our team of experts at FiveComply will keep you posted on any updates.

Reporting Entities under the First Schedule of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2020 (‘AML/CFT Act’) have an obligation until 1 April 2021 to register with the Seychelles Financial Intelligence Unit (‘FIU’) registration system, GoAML.

Pursuant to Section 31 of the AML/CFT Act and Regulation 7 of the Anti-Money Laundering and Countering the Financing of Terrorism Regulations 2020 (‘AML/CFT Regulations’), all Reporting Entities have an obligation to register with the Financial Intelligence Unit (‘FIU’) within 60 days of the coming into force of the AML/CFT Regulations or commencement of its business (i.e. 1 April 2021).

The link to access the online GoAML platform can be found here; it includes guidelines on the registration process and other relevant details/information on how to register.

Our team at FiveComply may help you with your registration and to stay compliant with the regulatory requirements imposed by the Financial Services Authority Seychelles.