Professional Documents
Culture Documents
English Advanced Workbook
English Advanced Workbook
Advanced Examination
Edition B.Ad.1 / EN, November 2020
Page 2 of 334
Financial Services Regulatory Framework:
Advanced Examination
Preface
Welcome to the Cyprus Securities and Exchange Commission’s Financial Services Regulatory
Framework study material for the Advanced Examination.
This workbook has been written to prepare you for the Advanced Examination of the Cyprus
Securities and Exchange Commission’s Financial Services Regulatory Framework.
Published for:
All information provided in this workbook is presented for educational purposes only. Cyprus
Securities and Exchange Commission accepts no responsibility for persons undertaking
trading or investments in whatever form.
While every effort has been made to ensure its accuracy, no responsibility for loss occasioned
to any person acting or refraining from action as a result of the information provided in this
workbook can be accepted by the publisher or authors.
All rights reserved. No part of this workbook may be reproduced, stored in a retrieval system,
or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or
otherwise without the prior permission of the copyright owner.
Warning: any unauthorised act in relation to all or any part of the material in this workbook may
result in both a civil claim for damages and criminal prosecution.
A learning map, which contains the full syllabus, appears at the end of this workbook. Please note
that the examination is based upon the syllabus.
The questions included in this workbook are designed as an aid to revision of the different
areas of the syllabus as well as to help you consolidate your learning chapter by chapter.
Page 3 of 334
Edition B.Ad.1 / EN
Foreword
The Cyprus Securities and Exchange Commission (CySEC) is an independent public supervisory
authority responsible for the overall supervision of the securities market in the Republic of Cyprus
By putting high standards of investor protection at the core of its supervision, CySEC’s aim is to
safeguard the integrity, fairness and transparency of the securities market, and consequently, to
facilitate the steady, sound development of the securities sector.
Since 2012, CySEC has been responsible conducting the examinations for the certification of persons
employed by investment firms, credit institutions, management companies, variable capital
investment companies and alternative investment fund managers that are engaged in the provision
of investment services and the performance of specific functions, as specified in the new framework
set up by CySEC.
The aim of the examinations is to ensure that candidates have an appropriate level of knowledge,
understanding and appreciation of the regulatory framework that underpins the financial services
sector in Cyprus. This ensures we are taking every step to creating a compliance-first culture across
the firms in our financial sector, as well as helping the individuals in the performance of their duties.
The Basic Examination concerns individuals who wish to be certified only for the investment services
of receiving, transmitting and executing orders and for the marketing of collective investment
schemes. The Advanced Examination concerns individuals who wish to be certified for all the
investment services/activities found in paragraph 4 of Directive 44/2019, found on CySEC’s website.
This workbook has been designed to ensure that candidates gain a comprehensive understanding
of the examination content. The workbook provides thorough preparation for the examination
and is compulsory preparation work.
Demetra Kalogerou
Page 4 of 334
Financial Services Regulatory Framework:
Advanced Examination
Contents
4. OFFENCES .................................................................................................................................................. 27
1. AUTHORISATION ......................................................................................................................................... 29
Page 5 of 334
Edition B.Ad.1 / EN
7. DATAREPORTINGSERVICEPROVIDERS(DRSPS ) ............................................................................................. 56
6. SUITABILITY ................................................................................................................................................ 80
CHAPTER 4 OPEN-ENDED UNDERTAKINGS FOR COLLECTIVE INVESTMENT (UCI) LAWS 2012–2019 ............... 88
Page 6 of 334
Financial Services Regulatory Framework:
Advanced Examination
1. GENERAL.................................................................................................................................................. 145
Page 7 of 334
Edition B.Ad.1 / EN
2. CAPITAL.................................................................................................................................................... 151
1. SPECIAL PROVISIONS IN RESPECT OF FINANCIAL AND OTHER BUSINESS ACTIVITIES .......................................... 155
1.2. Simplified and Enhanced Customer Due Diligence (CDD) ............................................................. 159
.................................................................................................................................................................. 170
1. SPECIAL PROVISIONS IN RESPECT OF FINANCIAL AND OTHER BUSINESS ACTIVITIES ................................................... 170
4. DERIVATIVES............................................................................................................................................. 181
Page 8 of 334
Financial Services Regulatory Framework:
Advanced Examination
.................................................................................................................................................................. 184
5. THE PURPOSE OF THE INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP) ..................................... 210
.................................................................................................................................................................. 221
Page 9 of 334
Edition B.Ad.1 / EN
2.2. Reporting Obligations under EMIR Refit and Amendments to CCP Regime ................................. 224
2.5. Large Exposures and Exposures to Transfer Credit Risk ................................................................ 226
.................................................................................................................................................................. 230
4. RESOLUTION.............................................................................................................................................. 236
.................................................................................................................................................................. 241
3.1. General Provisions for the Drawing Up of the Prospectus ............................................................ 246
Page 10 of 334
Financial Services Regulatory Framework:
Advanced Examination
.................................................................................................................................................................. 256
.................................................................................................................................................................. 267
Page 11 of 334
Edition B.Ad.1 / EN
Page 12 of 334
Financial Services Regulatory Framework:
Advanced Examination
Chapter 1
Investment Services Law 2017:
Scope/Powers/Offences
Learning Objectives
Law 87(I) of 2017 was enacted to transpose European Union (EU) directive 2014/65, the Markets
in Financial Instruments Directive (MiFID), and the subsequent update, EU/2017/565, MiFID II, into
Cypriot law. L
Learning Objective
Ø Know the scope and application of the law (Article 3)
Ø Know the provision of investment services by third country firms (R.A.D. 5/2018)
Ø Know the exemptions from the scope and application of the law (Article 4)
Page 13 of 334
Edition B.Ad.1 / EN
Law 87(I)/2017 applies to Cypriot investment firms (CIFs), market operators, data reporting service
providers (DRSP), and third-country firms providing investment services or activities through the
establishment of a branch in the Republic. The Law regulates:
1. the authorisation conditions for CIFs and operating conditions for investment firms (IFs)
The following specific provisions also apply to credit institutions undertaking investment
services or activities covered by the authorisation granted to them by the competent
authority of another EU member state:
• Governance arrangements.
• Organisational requirements.
• Algorithmic trading.
• Rights of IFs and credit institutions (except the provision of services, and the
establishment of branches, in member states).
Page 14 of 334
Financial Services Regulatory Framework:
Advanced Examination
In addition, the following also apply to authorised credit institutions that sell or advise clients in
relation to structured products:
• Governance arrangements.
• Organisational requirements.
• Conflicts of interest.
• Investor protection.
Algorithmic trading requirements also apply to members or participants of regulated markets and
MTFs that are not required to be regulated.
All multilateral systems in financial instruments need to operate either in accordance with the
authorisation and operating conditions for CIFs, or with the conditions for regulated markets
of the Republic. When executing client orders outside a regulated market, an MTF or OTF needs
to operate in accordance with the transparency requirements for systematic internalisers and
investment firms trading over-the-counter (OTC).
In cases where third-country firms wish to provide their services in the Republic to eligible
counterparties and professional customers without the establishment of a branch, their registration
in the register of third-country firms maintained by the European Securities and Markets Authority
(ESMA) is required. ESMA shall enter in the register a third-country firm which has applied for the
provision of investment services or activities in the Union if:
Page 15 of 334
Edition B.Ad.1 / EN
• The European Commission has issued a decision for a third country in which it is stated that
the legal and supervisory arrangements of that third country ensure an equivalent effect to
the requirements set out in the legal framework of the European Union.
• The firm is licensed in the third country in which the headquarters are located, to provide
investment services or to carry out activities which will be provided or carried out in the
European Union and it is subject to effective supervision and control of its compliance
obligations.
• Cooperation arrangements have been established between ESMA and the relevant third-
country competent authorities concerning at least (a) the information exchange mechanism
between ESMA and the relevant competent authorities, (b) the immediate notification
mechanism to ESMA, in cases where the competent authority of a third country considers
that a third-country firm violates the terms of its license or other legislation which it is
required to comply with and (c) the procedures concerning the coordination of supervisory
activities, including, when necessary, on-site inspections.
A third-country firm that does not satisfy the legal requirements based on the Law and Regulation
(EU) 600/2014, and intends to provide investment services or perform investment activities with or
without ancillary services to eligible counterparties and professional clients in the Republic must:
- Receive authorisation in the third country where its head offices are established for the
provision of the aforementioned services and activities in the EU.
- Comply with the requirements of the Law.
- Establish a branch in the Republic, which will be supervised by CySEC or the Central Bank.
The third-country firm must not market otherwise than through the branch in the Republic any new
categories of investment products or investment services to eligible counterparties or professional
clients which at their own exclusive initiative, initiated the provision of investment services or the
performance of investment activities.
In the event where the third-party firm received authorisation of a branch in the Republic, and the EU
adopts a decision which results to the third-country firm satisfying the legal conditions, the third-party
firm may continue the operation of its branch or be registered in the third-country register of ESMA.
The final decision must be communicated to CySEC.
1.3. Exemptions
There are a number of organisations that are exempt from Law 87(I)/2017 (as listed below).
However, for each of these, the requirements in relation to position limits and position
management controls in commodity derivatives and reporting remain applicable.
Organisations carrying out the following are exempt from Law 87(I)/2017:
Page 16 of 334
Financial Services Regulatory Framework:
Advanced Examination
4. Dealing on own account in financial instruments other than commodity derivatives or emission
allowances or their derivatives, and that do not provide any other investment activities unless
they are:
a. market makers, or
5. Operators that need to comply with the establishment of a greenhouse gas emission
trading scheme law that do not execute client orders, do not provide investment services
other than dealing on own account, and do not apply a high-frequency algorithmic trading
technique.
7. Members of the European System of Central Banks (ESCB) or an equivalent national body.
8. Collective investment undertakings and pension funds and their depositaries and managers.
c. they annually notify the Cyprus Securities and Exchange Commission (CySEC) of the
exemption.
Page 17 of 334
Edition B.Ad.1 / EN
10. Providing investment advice in the course of providing another professional activity.
11. Associates of Danish and Finnish pension funds set up to manage assets of the pension funds.
12. ‘Agenti di cambio’ governed by article 201 of Italian legislative degree 58 (24 February 1998).
13. Transmission system operators for the sale of natural gas in relation to investment services
related to commodity derivatives to carry out their activities, but not in secondary markets.
Page 18 of 334
Financial Services Regulatory Framework:
Advanced Examination
Learning Objective
Ø Know the competent authorities in the Republic: Cyprus Securities and Exchange
Commission (the Commission); Central Bank of Cyprus (the Central Bank); obligation of
cooperation with other member states and the Commission’s right to refuse
The Cyprus Securities and Exchange Commission (CySEC) operates on the basis of the CySEC
Law (establishment and responsibilities) and is the supervisory authority of investment firms (IFs).
In this context, it is the responsibility of CySEC to establish, maintain and regularly update a public
register of all persons acting on behalf of a CIF or an IF of another EU member state. CySEC
ensures that these individuals need to be of sufficiently good repute and possess appropriate
general, commercial and professional knowledge.
The powers of the Central Bank of Cyprus (CBC) are laid down in the Central Bank of Cyprus Law,
and in banking law. In relation to CySEC, the CBC also has the powers to:
• demand information from any person and, if necessary, summon and question them
• demand cessation of any practice that is contrary to the provisions of the law
• adopt any measure to ensure persons under their supervision continue to comply with the
requirements of the law and any associated directives
Each of the two supervisory authorities, CySEC and the CBC, is responsible for supervision under
EU directives and regulations, including the exchange of any information that is essential or
relevant to the exercise of their functions and competencies. In addition, they also cooperate
with every other competent authority in the Republic responsible for the supervision of pension
funds, insurance and reinsurance intermediaries and insurance undertakings.
CySEC is the designated contact point for the facilitation and acceleration of cooperation and for
Page 19 of 334
Edition B.Ad.1 / EN
The supervisory authorities can exercise their powers either directly, by collaborating among
themselves or with other authorities, or by application to the competent courts. Any
confidential information received by the supervisory authorities may only be used in the
performance of their duties and for the exercise of their functions. Any confidential information
is subject to the conditions of professional secrecy.
CySEC needs to cooperate with the competent authorities of other member states, as well as
the European Securities and Markets Authority (ESMA) when this is necessary for the purpose
of carrying out its duties.
Learning Objective
Ø Know the responsibilities of the Cyprus Securities and Exchange Commission (the
Commission)
Ø Know how the Commission cooperates with other competent authorities: eligible authorities;
conducting investigations on behalf of other authorities; exchanging information;
circumstances where inside information may be shared
Ø Know the extent of the Commission’s power to collect information and carry out inspections
and investigations
Ø Know the extent of the Commission’s power to impose sanctions for non-compliance with a
request from the Commission to: submit information; cooperate in an onsite inspection/
investigation
CySEC authorises and supervises CIFs, investment firms, and regulated markets to operate in the
Republic. It is the responsibility of CySEC to ensure that CIFs that are authorised and established
in the Republic comply with all requirements, that all CIFs are maintained in a publicly accessible
register, and that all CIF authorisations, rejections and revocations are communicated to ESMA.
When authorising the provision of investment services and/or the performance of investment
activities, CySEC makes sure that it knows the identities of all (in)direct shareholders. CySEC may
revoke or, wholly or partially, suspend a CIF authorisation. As part of the authorisation process
and during the period thereafter, CySEC is responsible for ensuring the sound and prudent
management of a CIF.
Page 20 of 334
Financial Services Regulatory Framework:
Advanced Examination
CySEC shall review the arrangements, strategies, processes and mechanisms implemented by
CIFs to meet supervisory requirements and evaluate the risks that the CIFs may be exposed to.
The frequency and intensity of the reviews will be established based on size, systemic importance,
nature, scale and complexity of the activities, taking into account the principle of proportionality;
reviews will take place at least annually.
CySEC will provide assistance to other competent authorities, particularly in relation to the
exchange of information, cooperation in investigations, and inspections of supervisory activity. If
CySEC has reason to believe that an entity which is not subject to its supervision is carrying
out an act contrary to EC regulation in another member state, it shall notify the competent
authority in that member state as well as ESMA, in as much detail as possible. In the event that
CySEC receives such a notification from another member state, it will take the appropriate action
and inform the competent authority and ESMA of the outcome of the actions and, if possible, of
any significant interim developments.
CySEC will provide ESMA with all necessary information upon request without delay. In addition,
on an annual basis, CySEC will provide consolidated information concerning all administrative
penalties imposed. CySEC will report any complaints and the relevant remedial procedures to
ESMA.
In supervisory activities, inspections and investigations, CySEC can cooperate with the competent
authorities of other member states. In the event that a CIF is a remote member of a regulated
market that is authorised in another member state, the competent authority of the regulated
market may address the CIF directly. In this case, the authority will inform CySEC accordingly.
Similarly, when CySEC decides to address an IF authorised in another member state which is a
remote member of a regulated market authorised in the Republic, CySEC will inform the competent
authority of the IF’s home member state.
ESMA’s staff may participate in the supervisory activities of CySEC, including on-site inspections
carried out jointly by two or more competent authorities. Similarly, to competent authorities in
other member states, CySEC is designated as the contact point that will immediately supply the
other contact points with the information needed to carry out their functions. Some of the
information CySEC shares or receives is confidential, and should be treated as such; however, the
fact that information is confidential does not prevent CySEC from transmitting it to ESMA, the
European Systemic Risk Board (ESRB), the CBC, other central banks of member states, or the
European Central Bank (ECB) on the understanding that it is to be treated confidentially.
Page 21 of 334
Edition B.Ad.1 / EN
Under certain circumstances, CySEC may refuse to provide information or cooperate with an
investigation. This could, for instance, occur when:
• judicial proceedings have already been initiated in respect of the same actions and the same
persons before a court
• final court judgment has already been delivered in the Republic in respect of the same
persons and the same actions.
If CySEC refuses to provide information or to cooperate, they shall inform the competent authority
of the requesting member state, as well as ESMA. In addition, CySEC will inform ESMA and the
EC in the event that measures taken by the home member state in this respect have proven to be
inadequate.
Learning Objectives
Ø Know the objective and the members of the ICF
Ø Know the funds and resources
Ø Understand the compensation procedure
CySEC issued Directives R.A.D. 76/2019 and R.A.D. 154/2020 for regulating the provisions concerning
the operation of the Investor Compensation Fund (ICF).
The purpose of the ICF is to secure the claims of covered customers against the members of the ICF,
by paying compensation.
Page 22 of 334
Financial Services Regulatory Framework:
Advanced Examination
(a) CIFs
(b) Branches of IFs of Member States can voluntarily participate in the ICF in order to supplement
the coverage that is already available to the investors due to the IFs participation in the
investor compensation scheme of its home Member State;
(d) Managers of Alternative Investment agencies given that they provide portfolio management
services and ancillary investment advisory services, custody and management of units of
collective investment undertakings and the receipt and transmission of financial instrument
orders
(e) Management companies if they provide investment management services and ancillary
services of investment consulting, custody and management of units of collective investment
undertakings.
The above companies must, as soon as requested by CySEC, submit immediately an application to
participate in the ICF as they and cannot provide any investment services or activities if they are not
members of the ICF.
In the event that a member of the ICF loses for any reason its operating license, the member is also
removed from the ICF. The covered clients maintain their rights for compensation(s) until the member
is removed from the ICF.
Available Funds: The ICF funds are available to compensate covered clients. The funds derive from:
- initial contributions of its members during the acquisition of membership based on the
investment operations for which the respective member applied to CySEC
- Following the decision of CySEC, where necessary, additional contributions when the
member receives written and justified information from the ICF notifying that the funds
available are insufficient
Page 23 of 334
Edition B.Ad.1 / EN
- fees paid by its members, to cover administrative and/or other expenses arising from
the operation of the ICF
- funds transferred to the ICF under the procedure for suspension and withdrawal of
operating license, which become the ICF’s resources after three years from the date of
their transfer
The Management Committee of the ICF, if it deems that the funds available are not sufficient for the
payment of the due or probable expenses or compensations, may, with the consent of CySEC, receive
loans and other credits with banks in the Republic or abroad. It is also possible, with the consent of
CySEC, to proceed with an insurance policy for the insurance coverage of the obligations of the ICF, in
whole or in part, towards the covered clients.
The contributions and fees paid to the ICF are not an asset of the members and therefore, no amount
can be refunded to members at any stage, except (a) in the event of a miscalculation of a contribution
paid during the current year, and (b) in the case where despite the application for participation in the
ICF, CySEC rejects the application for an operating license to a potential member.
Investment Policy: The ICF in the context of the investment policy of funds ensures that at least:
- 10% of the total assets are to be placed in interest-bearing current accounts in banks operating
in the Republic.
Unsolicited customer funds: A member of the ICF may choose to pay the ICF with funds held by and
owned by a client, without violating any provisions relating to the protection of customer funds, in
cases where:
- the member held the amount for at least six years from the date on which the last
transaction in that account took place, including deposits and withdrawals, but excluding
any interest or fee payments or charges and related transactions
- the member is able to demonstrate that it has taken reasonable steps to identify the
customer and reimburse the amount
- the member commits to return to the client an amount equal to the funds of the client
that the member paid to the ICF, in case the client (or his legal heir) claims the funds at
any time in the future
Page 24 of 334
Financial Services Regulatory Framework:
Advanced Examination
3.3. Compensation
Customer Information: The members of the ICF must inform their customers about the provided
coverage, which customers are covered, the maximum amount of compensation and the conditions
and formalities of the payment of compensation. Investment firms that provide investment services
or activities in the Republic and are exempted from the obligation to participate in the ICF, shall inform
their clients in writing about their exception status.
Payment of Compensation: The ICF proceeds with the process of payment of compensation followed
by CySEC’s approval when it determines that a member of the ICF is not capable of fulfilling its
obligations arising from customer claims, for reasons directly related to its financial situation, and is
not expected to become able in the near future. The procedure can also be enabled in the event that
a court in the Republic, based on reasons directly related to the financial situation of a member, has
issued a decision, which has the effect of suspending the ability of covered customers to submit claims
against of that member.
Covered Claims: The ICF covers claims that arise due to the inability of a member (a) to repay to
covered customers the funds owed to them or owned by them and were held on their behalf in
connection with investment operations or (b) to return to covered clients any financial instruments
that belong to them and which it holds, manages or manages on their behalf, in relation to investment
operations. The amount of the claim of a covered customer is calculated according to:
- the legal and contractual conditions applicable to the valuation of the amount of capital
or value
- the funds or instruments the ICF member is unable to repay or return, respectively
Application procedure: When the compensation payment process is activated, the ICF publishes as
soon as possible, in at least two newspapers widely circulating in Cyprus, a request for compensation,
setting out the relevant application process, the deadline for their submission and their content.
Amount of compensation and conditions for payment of compensation: The ICF provides coverage
for all the claims of the covered client against a member of the ICF but cannot exceed €20,000 or 90%
of the cumulative covered claims of the covered client whichever of the two amounts is smaller. The
payment of compensation by the ICF presupposes the following:
- the existence of a valid claim of a covered client against a member of the ICF, arising
from investment activities
- submitting an application
Page 25 of 334
Edition B.Ad.1 / EN
- that the claims do not result from transactions for which a criminal conviction has been
issued for money laundering
- no criminal proceedings are pending against the covered client for money laundering
- the right of the covered customer is not statute-barred under the Law on limitation of
offenses
The ICF, after issuing a decision that includes the determination of the amount of compensation and
the beneficiaries, is obliged to pay within three months from the notification of its decision to the
covered client the compensation due to it.
Uncovered Customers: The ICF does not cover the following categories of investors:
6. Shareholders of the member, who hold directly or indirectly at least 5% of its share capital,
or its partners who are personally responsible for the obligations of the member, as well as
persons responsible for carrying out the financial audit of the member, such as its approved
auditors
8. Relatives up to the second degree and spouses of the persons listed in points (5), (6) and (7),
as well as third parties acting on behalf of these persons
9. Investors-clients of a member, who are responsible for events concerning the member and
have caused its financial difficulties or have contributed to the deterioration of its financial
situation or who have benefited from these events
Investors in the form of a company, which due to its size, are not allowed to prepare a summary
balance sheet in accordance with the Companies Law or a corresponding law of a Member State
Page 26 of 334
Financial Services Regulatory Framework:
Advanced Examination
4. Offences
Learning Objective
Ø Know which violation constitutes both a criminal and an administrative offence (Article 94)
Any person to whom Law 87(I)/2017 applies must ensure the correctness, completeness and
accuracy of any information that needs to be:
- made public, or
- public announced.
Providing false or misleading information, data, documents, or forms, is not permitted, neither is
withholding material information from any application or notification submitted to CySEC or the
CBC.
Any person who fails to comply with this is guilty of a criminal offence. In the event of a conviction,
this is punishable by imprisonment of up to five years and/or a fine of up to €700.000.
In the event an offence is committed by a legal person, the following may also be criminally liable:
However, they are only liable if it is established that they have consented to, or are party to, the
offence. They are liable together with the legal person and/or separately for any damage caused
to third parties by the act or the omission comprising the offence.
Page 27 of 334
Edition B.Ad.1 / EN
Page 28 of 334
Financial Services Regulatory Framework:
Advanced Examination
Chapter 2
Cypriot Investment Firms (CIFs)
Learning Objectives
1. Authorisation
2. Conduct of Business Obligations
3. General CIF Obligations
4. Restrictions on CFDs and Binary Options
5. SME Growth Markets
6. Regulated Markets
7. Data Reporting Service Providers (DRSPs)
Cypriot investment firms (CIFs) are firms that provide investment services on a professional basis to
parties inside and outside of the Republic. Law 87(I)/2017 provides specific provisions regarding
capital requirements, the establishment of branches and authorisation. This chapter outlines the
authorisation and supervision of the CIFs in the Republic.
1. Authorisation
The obligations of a CIF do not stop once the initial approval has been obtained. The firm must
ensure it meets the requirements on a continuing basis so as not to lose its authorisation.
Learning Objective
Ø Know the conditions and procedures for granting CIF authorisation (Articles 5 and 6)
A CIF is not allowed to provide professional investment services without prior authorisation from
CySEC. Similarly, market operators are allowed to operate a multilateral trading facility (MTF) as
Page 29 of 334
Edition B.Ad.1 / EN
long as CySEC has ascertained in advance that it complies with the authorisation provisions.
In order to obtain authorisation, the applicant needs to provide all necessary information to
satisfy CySEC. CySEC will inform the applicant within six months of their application whether it
is successful. Once approved by CySEC, the authorisation is valid in all EU member states. As
a result, the CIF can provide all services and activities for which it has been authorised in all
member states either through the establishment of a branch or directly. The authorisation
specifically states the services and activities the CIF is entitled to undertake. No authorisation
will be provided solely for the provision of ancillary services. Similarly, investment firms
authorised in other member states may freely operate in the Republic.
A CIF may not undertake any services or activities outside its authorisation unless it directly
benefits another service it is authorised to undertake or it has received specific permission from
CySEC, which is granted in exceptional circumstances.
All CIF authorisations are registered, maintained and updated in a register which is freely
accessible to the public containing the CIF’s name and number of authorisation, the date of
authorisation, the investment and ancillary services which the CIF is authorised to provide, the
investment activities which it is authorised to carry out, as well as any other information CySEC
may deem necessary. CySEC communicates all CIF authorisations to ESMA.
It is the obligation of the CIF to publish their authorisation number as well as the fact that they
are supervised and authorised by CySEC on any official documents. Moreover, a CIF must maintain
a website, which should clearly state that it is authorised by CySEC as well as contain its
number and content of authorisation.
When authorising a CIF for a subsidiary of an institution authorised in another member state, CySEC
will request the opinion of the competent authorities in the member state and will exchange any
information necessary in relation to the application. CySEC and the competent authorities in the
member state will liaise with each other in the assessment of the suitability of the shareholders
and management as well as the ongoing compliance with the relevant rules and regulations.
Learning Objective
Ø Know the continuous CIF obligations: regular internal review (Article 28); conflicts of
interest (Article 24)
Page 30 of 334
Financial Services Regulatory Framework:
Advanced Examination
During its operational lifecycle, a Cypriot investment firm (CIF) must at all times comply with
the rules governing its authorisation. On a regular basis, a CIF needs to undertake an internal
review to ensure that the rules and conditions governing its authorisation remain appropriate,
effective, comprehensive, and proportionate to the nature, scale, and complexity of its business.
CySEC monitors the activities of CIFs to assess compliance with operating conditions specific in
the Law and may request for specific information to be provided to them.
One of the main concerns from a regulatory perspective is associated with the management of
conflicts of interest between the CIF (including its manager, employees, tied agents, and other
relevant persons) and its clients or between two clients. The arrangements put in place by the
CIF must be sufficient to ensure it can prevent any risk of damage to clients’ interests. If the
arrangements are deemed to be insufficient, the CIF must clearly disclose the general nature
and/or sources of conflicts of interest to the client prior to undertaking any business on the client’s
behalf.
CySEC may define the steps CIFs are expected to take to identify, prevent, manage or/and
disclose conflicts of interest, and the appropriate criteria for determining the types of conflict of
interest whose existence may damage the interests of the clients or potential clients of a CIF.
The rules and conditions governing CIF authorisation cover organisational requirements,
ongoing capital requirements and outsourcing.
Learning Objective
Ø Know the circumstances under which CIF authorisation may be withdrawn (Article 8);
suspended (Article 71); and their procedures (R.A.D. 204/2018)
A CIF’s authorisation may be suspended by CySEC in the context of administrative sanctions and
measures arising from the violation of the legal requirements of Law 87(I)/2017, the Prevention and
Suppression of Money Laundering and Terrorist Financing Law of 2007 – 2019, Regulation (EU)
600/2014 including the relevant issued Acts, CySEC Directives and Acts harmonised under Directive
2014/65/EU.
CySEC may decide the total or partial suspension of the authorisation of a CIF (including third-party
firms with a branch in Cyprus). The CIF must, within a certain period of time, inform CySEC of its
compliance with the provisions of the relevant rules and regulations. In the event that the CIF fails to
comply within the deadline, CySEC will withdraw its operating licence without any additional notice
or procedure.
Page 31 of 334
Edition B.Ad.1 / EN
During the suspension period, the CIF is not allowed to provide investment services or perform
investment activities, enter into a business relationship with any person, accept any new customers
and advertise itself and the related services, unless otherwise specified by CySEC. The CIF must also
publish a relevant announcement on its website(s).
• have not used their authorisation within 12 months of the date it was granted
• have not provided investment services or performed investment activities for a period of six
months
• have an operational licence which is regulated by other laws in the Republic and are irrelevant
to the investment services laws
In the event that a CIF (including a third-country firm with a branch in the Republic) renounces its
authorisation for any reason, they must notify CySEC in writing. The notification must include the
original authorisation, its intention towards renouncing the authorisation, the related reasons, and
the proposed timetable for the implementation of its actions.
• publish on its website(s) a public announcement informing about its intention to renounce its
authorisation and the procedure its clients must follow
• inform each client individually about the relevant process
• return all funds and financial instruments owned by or are accounted for their clients,
including any profits
• settle all its obligations, including any debts to CySEC
• examine and resolve all customer complaints or grievances
• not provide any investment and ancillary services other than those that are strictly necessary
for the completion of pending transactions
• maintain their offices and have the necessary staff, including at least one board member
and/or senior manager
The aforementioned obligations also apply in cases where CySEC withdraws an authorisation. In such
event, the CIF must immediately, and without delay, return all the original licences.
Page 32 of 334
Financial Services Regulatory Framework:
Advanced Examination
During the process of authorisation renouncement or withdrawal, the CIF remains under the
supervision of CySEC until all related provisions of the legislation have been satisfied.
Once CySEC is satisfied with the actions taken and revokes the authorisation of a CIF, CySEC will
update the public register and notify ESMA. Once the authorisation has been revoked, and without
delay, the CIF must ensure that any public information, online and offline, related to its former
provisions of investment services and performance of investment activities, has been deleted. CySEC
reserves its right to submit an application to the Court for liquidation and for the appointment of a
liquidator or temporary liquidator, in accordance with the provisions of the Companies Law.
In the event that, during the process of renouncement or withdrawal of authorisation, CySEC
considers that the clients’ interests are at stake, it may require the creation of an escrow account and
the appointment of a person to return all the funds owned by or are allocated to the clients, including
any profits. In cases where the funds are not sufficient to cover all liabilities to customers, the CIF
must cover any additional amount from its own funds. CySEC may also require the payment, in the
escrow account, of any additional funds by the CIF for the purpose of covering future customer claims.
In cases where it was not possible to return all client funds, the remaining amount will be deposited
by the CIF in a bank account in the Investor Compensation Fund (ICF).
Learning Objective
Ø Know requirements relating to: management body (Article 9); governance arrangements
(Article 10); responsibility of senior management (Article 25 of EU 565/2017)
Members of the board of directors are the persons who effectively direct the business of the CIF.
They need to be of sufficiently good repute and possess sufficient knowledge, skills and experience
to perform their duties. The overall composition of the board of directors needs to reflect an
adequately broad range of experiences. All members of the board of directors need to commit
sufficient time to perform their duties in the CIF. The board of directors shall collectively possess
adequate knowledge, skills and experience to be able to understand the CIFs activities and
principal risks.
Page 33 of 334
Edition B.Ad.1 / EN
The number of directorships which may be held by a member of the board of directors at the
same time shall take into account individual circumstances and the nature, scale and complexity
of the CIF’s activities. Unless representing the Republic, members of the board of directors of a CIF
that is significant in terms of its size, internal organisation and the nature, scope and complexity
of its activity, shall not hold more than one of the following combinations of directorships at the
same time:
Each member of the board of directors shall act with honesty, integrity and independence of
mind to effectively assess and challenge senior management decision and to effectively oversee
and monitor the decision-making process.
The CIF will need to devote adequate human and financial resources to the induction and training of
members of the board of directors. When recruiting members for the board of directors, it is
the responsibility of the CIF to ensure a broad set of qualities and competencies exists. In this
light, the CIF will have a policy in place promoting diversification of the board of directors.
CySEC shall collect the required information to benchmark their diversity practices and will provide
this information to ESMA.
CySEC may reject an application for authorisation of a CIF if they consider the directors are
not of sufficiently good repute or experience, or if CySEC believes that these directors pose a
threat to the CIF’s sound and prudent management and to the adequate consideration of the
interest of their clients and the integrity of the market. At least two members of the management
of a CIF need to be classed as directors. A CIF must inform CySEC of all members of their board
of directors and of any changes in its composition, along with all information required to assess
whether the CIF complies with the requirements of the laws and regulations.
Page 34 of 334
Financial Services Regulatory Framework:
Advanced Examination
2.2. Governance
The board of directors defines, oversees, and is accountable for the implementation of
governance arrangements that ensure effective and prudent management of a CIF, including
the segregation of duties in the organisation and the prevention of conflicts of interest. The
governance arrangements have to comply with the following principles.
• have overall responsibility for the CIF and approve and oversee the implementation of
the CIF’s strategic objectives, risk prevention strategy and internal governance
• ensure the integrity of the accounting and financial reporting systems, including
financial and operational controls and compliance with the law and relevant standards
The chairman of the board of directors of the CIF cannot also be the chief executive officer (CEO)
of the same CIF, unless justified by the CIF and approved by CySEC.
In addition, the governance arrangements need to ensure that the management body defines,
approves, and oversees:
• the organisation of the CIF for the provision of investment services and activities and ancillary
services, including the skills, knowledge and expertise required by personnel, resources,
procedures and arrangements, taking into consideration the nature, scale and complexity
of the business
• policies related to services, activities, products, and operations offered or provided in line
with the risk tolerance of the CIF, and the characteristics and needs of the clients to
whom they will be offered/provided, including carrying out stress testing (where
appropriate), and
• the remuneration policy for persons involved in the provision of services to clients aiming
to encourage responsible conduct, fair treatment of clients, as well as avoiding conflict
of interest in the relationship with clients.
Periodically, the board of directors need to monitor and assess the effectiveness of the CIF’s
governance arrangements and, when necessary, take appropriate steps to address any
deficiencies. Members of the board of directors will have adequate access to information and
documents which are needed to oversee and monitor management decision-making.
A CIF which is significant in terms of its size, internal organisation and the nature, scope and
Page 35 of 334
Edition B.Ad.1 / EN
complexity of its activities, needs to appoint a nomination committee composed of members of the
board of directors who do not perform any executive function in the CIF. This does not apply
where, under the laws of Cyprus, the board of directors does not have any competence in the
process of selection and appointment of any of its members. The nomination committee has the
following duties:
• Identify and recommend, for the approval of the board of directors, or for approval of the
general meeting, candidates to fill vacancies in the board of directors, evaluate the balance
of knowledge, skills, diversity and experience of the board of directors and prepare a
description of the roles and capabilities for a particular appointment, and assess the time
commitment expected.
• Decide on a target for the representation of the underrepresented gender in the board of
directors and prepare a policy on how to increase the number of the underrepresented
gender in the board of directors in order to meet that target. The target, policy and their
implementation shall be made public.
• Periodically (and at least annually) assess the structure, size, composition and performance
of the board of directors and make recommendations to the board of directors with regard
to any changes.
• Periodically (and at least annually) assess the knowledge, skills and experience of members
of the board of directors individually, and of the board of directors collectively, and report to
the board of directors accordingly.
• Periodically review the policy of the board of directors for selection and appointment of
senior management and make recommendations to the board of directors.
• In performing its duties, take into consideration, to the extent possible and on an ongoing
basis, the need to ensure that the board of directors’ decision making is not dominated by
any one individual or a small group of individuals in a manner that is detrimental to the
interests of the CIF as a whole.
• Be able to use any forms of resources that it considers to be appropriate, including external
advisors, and shall receive appropriate funding to that effect.
When allocating functions internally, investment firms need to ensure that senior management
and, if applicable, the supervisory function, are responsible for ensuring the firm complies with
the obligations under MiFID. In particular, they need to assess and periodically review the
effectiveness of the policies, arrangements and procedures put in place to comply with the
obligations and take appropriate measures to address any deficiencies. The allocation of
Page 36 of 334
Financial Services Regulatory Framework:
Advanced Examination
significant functions among senior managers need to clearly establish who is responsible for
overseeing and maintaining the firm’s organisational requirements. All records of the allocation
of significant functions need to be kept up to date.
It is the responsibility of the firm to ensure that senior management periodically (at a minimum
annually) receive written reports covering:
• compliance
• internal audit.
The reports need to specifically mention whether appropriate remedial measures have been
taken in the event of any deficiencies. In the event the firm has a supervisory function, the firm
needs to ensure they also receive periodic reports on these subjects.
In this context, the supervisory function is the function that provides oversight over the firm’s
senior management.
Learning Objective
Ø Understand the obligations relating to the appointment and use of tied agents (Article 30):
public register; responsibility and monitoring
Ø Know the rules relating to eligible counterparties (Article 31): relevance of conduct of
business obligations; scope; express confirmation
Ø Know the conditions and requirements regarding the provision of participatory financial
services (crowdfunding) in securities through crowdfunding platforms (R.A.D. 12/2020)
A tied agent means a person established in a member state, who is acting under the full and
unconditional responsibility of only one IF of a member state, on whose behalf it acts, promotes
investment or/and ancillary services, attracts clients or prospective clients, receives and transmits
client orders in respect to investment services or financial instruments, places financial
Page 37 of 334
Edition B.Ad.1 / EN
instruments or/and provides advice to clients or prospective clients in respect of those financial
instruments or services.
Tied agents need to be registered in the public register of the Republic, or the equivalent register
of a member state. The CIF remains fully and unconditionally responsible for any action or
omission on the part of the tied agent when he acts on behalf of the CIF. In addition, it is the
responsibility of the CIF to ensure that a tied agent discloses the capacity in which he is acting
and the CIF he is representing. A CIF that appoints tied agents must make sure it has adequate
measures in place to avoid a situation in which activities undertaken by tied agents outside the
scope of the Law have a negative impact on the activities they undertake on behalf of the CIF.
• need to be of sufficiently good repute and possess the appropriate general, commercial
and professional knowledge and competence to undertake their service and accurately
communicate all relevant information regarding the service to the (potential) client.
A CIF that intends to use a tied agent established in the Republic must notify CySEC by submitting a
notification of registration and appointment. An IF of another Member State which intends to use a
tied agent established in the Republic must either notify CySEC of its intention to register and appoint
a tied agent, or notify the competent authority of the Member State and will be subject to the
corresponding provisions that may exist under the applicable law of the host Member State. The CIFs
or IFs are known as principals.
The principals must notify CySEC prior to the use of a tied agent and the tied agent shall represent the
principal only after the successful registration and appointment.
In cases where the tied agent is already registered in the register and appointed by a principal, and
he/she wishes to change the principal, the tied agent shall notify CySEC of the termination of
cooperation with the existing principal. The new proposed principal shall notify CySEC only of their
intention to appoint the tied agent, by proportionally complete and submit to CySEC the notification
of registration and appointment.
CySEC approves the appointment of the tied agent within 1 month. In the event that CySEC does not
allow the appointment of a tied agent, they may delete the tied agent from the register, if CySEC
considers that the legal conditions are no longer met.
A principal shall ensure that the tied agent will act solely on behalf of the represented principal.
In case where the cooperation between a principal and a tied agent is terminated, the principal must
inform CySEC immediately. The register will be updated within three (3) working days, except in the
case of a replacement with a new principal. After the termination of their cooperation, the principal
Page 38 of 334
Financial Services Regulatory Framework:
Advanced Examination
shall, without any delay, publish on their website in a clear and visible way, the termination and the
date of the termination of the cooperation.
Eligible counterparties are CIFs, IFs, credit institutions, insurance undertakings, Undertakings for
Collective Investment in Transferable Securities (UCITS) and their management companies,
pension funds and their management companies and other financial institutions authorised by a
member state or regulated under community legislation or the national law of a member state,
national governments, central banks and supranational organisations. In addition, CySEC
recognises as eligible counterparties member state undertakings meeting predetermined criteria
and third country entities with equivalent status. CIFs must act honestly, fairly and professionally,
and communicate in a way which is fair, clear, and not misleading, taking into consideration the
nature of the eligible counterparty and its business.
When dealing with eligible counterparties, the CIF obtains express confirmation from the
counterparty that it agrees to be treated as an eligible counterparty. This can be obtained either
as a general agreement or on a transaction by transaction basis.
3.3. Crowdfunding
For the provision of crowdfunding services by a CIF, the prior consent of CySEC is required. The CIF
must maintain a website owned and used exclusively, through which the crowdfunding platform will
operate, from which the crowdfunding services will be offered, without the possibility for any other
person to operate through the said website.
CIFs that act as crowdfunding service providers are subject to rules related to investor protection and
include provisions in relation to the following:
Page 39 of 334
Edition B.Ad.1 / EN
1. Avoiding conflicts of interest: (i) CIFs are subject to restrictions that make them independent
intermediaries, (ii) CIFs are not allowed to receive fees to execute investor orders on specific
projects on their platform (instead of others) or on another platform , (iii) CIFs are not allowed
to acquire securities in relation to the projects offered through their platform or to allow
specific persons (who are defined as involved persons) to act as project owners.
2. Due diligence checks: CIFs should carry out additional audits on participants and the funded
projects, including credit risk, authentication and AML checks on both final investors and
project owners.
3. Transparency obligations: In order for CIFs to accept a crowdfunding project on their platform,
the project owner must issue a Key Investment Information Sheet (“KIIS”) and apply
procedures for identifying and correcting errors or omissions. CIFs should ensure that the
content of the KIIS is complete, accurate and understandable before making an offer available
on their platform. Furthermore, the marketing communications should be clear, non-
misleading and consistent with the content of the KIIS.
4. Protection of investors' funds and financial instruments: CIFs should transfer the money
raised to the project owner only after the successful completion of the offer (i.e. only when
the goal set for the collection of capital is achieved). Also, funds and securities will be subject
to safe custody through custodians. CIFs should hand over the money collected to the project
owner only after their securities have been delivered in person or in case they cannot be
delivered in person, after the project owner provides sufficient evidence that the ownership
of the securities has been transferred to investors depending on the amounts they have paid.
5. Exit opportunities from the investment: The CIFs can operate a bulletin board, through which
their customers who acquired securities through crowdfunding offers, can express their
interest to buy or sell (depending where applicable) securities. The bulletin board may allow
investors to communicate with each other with a view to trading, but it may not act as a
trading system. Therefore, the bulletin board should only function as a means of
communication in relation to the interest of buying or selling, without allowing the assignment
of orders or the conclusion of agreements. When such a board allows binding prices to be
posted on it, it will act as a trading venue, rather than simply as a point of contact for
investment interest. When a bulletin board acts not only as a point of contact for investment
interest, but also as a place where investment interest is matched by concluding a transaction
or contract, then it will meet the definition of the "trading venue" of the Law and the CIF must
be licensed for the operation of such a trading venue.
Page 40 of 334
Financial Services Regulatory Framework:
Advanced Examination
4. Specific Restrictions
Learning Objective
Ø Know the marketing, purchase, distribution and selling restrictions on binary options (R.A.D.
223/2019) and CFDs (R.A.D. 323/2019)
CySEC exercises its powers under Article 42 of Regulation (EU) 600/2014 to impose restrictions that
prevent CIFs and investment firms of member states and third countries with investment activities in
the Republic, from marketing, purchasing, distribution and selling binary options and CFDs to private
clients whose residence is in the Republic. In the case of CFDs, private clients residing in a member
state without similar national law and in third countries are also included.
o the lower of the predetermined fixed amounts is at least equal to the total lowest price paid
by the private client for the binary option
o the binary option’s validity period (issue to expiry) is at least 90 days
o a public prospectus is available to the public, which is developed and approved based on the
related national law or the legislation of another member state which aims to harmonise
Directive 2003/71/EC, and
o the binary option provider is not exposed to market risk during the validity period of the
binary option and the provider is not making any profit or loss from the binary option except
the related commission, payment or charges that are announced in advance.
The restrictions on CFDs are not applicable when the CFD provider meets the below conditions:
Page 41 of 334
Edition B.Ad.1 / EN
Learning Objective
Ø Know regulations relating to the operation of SME growth markets: qualification (Article
77 of EU 565/2017); registration (Article 78 of EU 565/2017); deregistration (Article 79 of EU
565/2017)
Issuers whose shares have been admitted to trading for less than three years are deemed to be an
SME providing their market capitalisation is below €200 million on the basis of either of the
following:
Issuers without listed equity will be deemed an SME if, according to their last annual or
consolidated accounts, they meet at least two of the following three criteria:
1. The average number of employees during the financial year is less than 250.
A market may apply to be an SME growth market if at least 50% of the issuers admitted to trading
are SMEs. In order to assess whether at least 50% of the issuers are SMEs, CySEC will calculate the
average ratio of SMEs over the total number of issuers whose financial instruments are admitted
to trading on that market. The average ratio shall be calculated on 31 December of the previous
calendar year as the average of the 12 end-of-month ratios of that calendar year.
Applicants with no previous operating history will be registered as an SME growth market. Once
three calendar years have elapsed, CySEC will verify that the MTF complies with the minimum
proportion of SMEs. CySEC will not register the MTF as an SME growth market unless it is satisfied
that the MTF:
1. establishes and applies rules providing for objective and transparent criteria for the initial
and ongoing admission to trading of issuers on its venue
2. has an operating model which is appropriate for the performance of its functions and
Page 42 of 334
Financial Services Regulatory Framework:
Advanced Examination
ensures the maintenance of fair and orderly trading in the financial instruments admitted
to trading on its venue
3. has established and applies rules that require an issuer seeking admission of its financial
instruments to trading on the MTF, to publish, an appropriate admission document,
drawn up under the responsibility of the issuer and clearly stating whether or not it has
been approved or reviewed and by whom
4. has established and applies rules that define the minimum content of the admission
document referred to under point (c), in such a way that sufficient information is
provided to investors to enable them to make an informed assessment of the financial
position and prospects of the issuer, and the rights attaching to its securities
5. requires the issuer to state, in the admission document referred to under point (c), whether
or not, in its opinion, its working capital is sufficient for its present requirements or, if not,
how it proposes to provide the additional working capital needed
6. has made arrangements for the admission document referred to under point (c) to be
subject to an appropriate review of its completeness, consistency and comprehensibility
7. requires the issuers whose securities are traded on its venue to publish annual financial
reports within six months after the end of each financial year, and half yearly financial
reports within four months after the end of the first 6 months of each financial year
9. ensures that the regulatory information referred to under point (h) and direct links remain
available on its website for a period of at least five years.
An SME growth market shall only be deregistered by CySEC where the proportion of SMEs falls
below 50% for three consecutive calendar years.
Page 43 of 334
Edition B.Ad.1 / EN
6. Regulated Markets
6.1. Application and Authorisation Requirements
Learning Objective
Ø Know how the obligations apply to regulated markets: application and authorisation
process (Article 45); senior management requirements (Article 47); organisational
requirements (Article 48); obligations (Articles 80–82 of EU 565/2017)
Authorisations for regulated markets are granted by CySEC providing that both the market operator
and its systems meet CySEC’s requirements and the regulated markets’ home member state is the
Republic. How the obligations are divided between the regulated market and the market operator
is established by CySEC by means of directives. The authorisation document includes the name of
the regulated market, its operator, the number and date of the issue of its authorisation and any
other details.
An application for regulated market authorisation is made by the market operator and submitted
to CySEC, and must include all necessary background information. During the assessment process,
CySEC may request additional information which must be provided. The market operator is
responsible for correctness, completeness, and accuracy of the application and the additional
documentation provided. The market operator signs the application and confirms that they have
exercised due diligence in ensuring that the information included in the application, as well as
the details and documents that accompany it are correct, complete and truthful. CySEC must
inform the market operator of its decision within six months from the submission of a duly
completed application.
The market operator needs to ensure the regulated market complies with the regulations and is
entitled to exercise the rights of the regulated market it manages.
Persons who effectively direct the business and the operation of a regulated market must be of
sufficiently good repute and sufficiently experienced as to ensure the sound and prudent
management and operation of the regulated market. In the event that CySEC finds these persons
are not suitable, it may reject the application. Ownership of the regulated market and/or the
operator must be reported to CySEC, with a specific focus on the identity and scale of interest of
any person in a position to exercise significant influence over the management and operation of
the regulated market. Any changes in the ownership levels of persons with significant influence
must be reported to CySEC prior to the transfer of ownership, after which CySEC will notify the
regulated market of its decision to permit or prohibit the share transfer within one month.
The regulated market must have arrangements in place to enable it to identify and manage any
potential adverse consequences for its operation, its members, participants, owners and
Page 44 of 334
Financial Services Regulatory Framework:
Advanced Examination
operators, and to be able to manage any conflict of interest. In addition, the organisational
requirements for a regulated market include:
• transparent and non-discretionary rules and procedures to ensure fair and orderly trading
• sufficient financial resources to facilitate its orderly functioning, given the nature and extent
of the transactions concluded on the market and the range and degree of risk to which it is
exposed.
• does not make use of its authorisation within 12 months from the date of issue of the relevant
authorisation
• has submitted false or misleading information as part of the application or has generally
provided false or misleading information, details or documents
• falls within any of the cases provided in other Cypriot legislation which provides for
withdrawal of authorisation.
Page 45 of 334
Edition B.Ad.1 / EN
a. it would create s systemic risk undermining financial stability such as where the need exists
to unwind a dominant market position or where settlement obligations would not be
met in a significant volume
1. relevance of the market in terms of liquidity where the consequences of the actions are
likely to be more significant where those markets are more relevant in terms of liquidity
than in other markets
2. nature of the envisaged action where actions with a sustained or lasting impact on the
ability of investors to trade a financial instrument on trading venues, such as removals,
are likely to have a greater impact on investors than other actions
4. effects of a suspension on the interests of market end users who are not financial
counterparties, such as entities trading in financial instruments to hedge commercial risks.
These factors also need to be taken into consideration when the decision is made not to suspend
or remove a financial instrument on the basis of circumstances not covered under points a–c
mentioned above.
When assessing whether CySEC needs to be informed of any significant infringements of the rules
of the trading venue, disorderly trading conditions, or system disruptions in relation to a financial
instrument, operators of trading venues shall consider the following signals:
Page 46 of 334
Financial Services Regulatory Framework:
Advanced Examination
Type Signal
Page 47 of 334
Edition B.Ad.1 / EN
Information is only required in cases of significant events which have the potential to jeopardise the
role and function of trading venues as part of the financial market infrastructure.
When assessing whether the requirement to immediately inform their competent authorities of
conduct that may indicate behaviour that is prohibited under MiFID applies, operators of trading
venues shall consider the signals listed in the table below:
Type Signal
Page 48 of 334
Financial Services Regulatory Framework:
Advanced Examination
Page 49 of 334
Edition B.Ad.1 / EN
Page 50 of 334
Financial Services Regulatory Framework:
Advanced Examination
Page 51 of 334
Edition B.Ad.1 / EN
Prior to informing CySEC, the operator of the trading venue(s) where a financial instrument
and/or related financial instrument are traded needs to apply a proportionate approach and
exercise judgment on the signals triggered, including any relevant signals not specifically included
in the table above. In doing so, they need to take into account deviations from the usual trading
pattern of the financial instruments admitted to trading or traded on its trading venue; and the
information available or accessible to the operator, whether that be internally as part of the
operations of the trading venue or publicly available.
The operator needs to take into account front running behaviours (trading for own account ahead
of clients) by using the order book data required to be recorded by the trading venue, in particular
those relating to the way the member or participant conducts its trading activity.
Page 52 of 334
Financial Services Regulatory Framework:
Advanced Examination
Learning Objective
Ø Know obligations relating to: direct electronic access (Article 49(7); algorithmic trading
systems (Article 49(6), (9), and (10))
A regulated market that permits direct electronic access must have effective systems, procedures,
and arrangements in place to ensure that:
1. members or participants are only permitted to provide these services if they are
authorised IFs
2. appropriate criteria are in place and applied in relation to the suitability of persons to
whom access may be provided, and
3. the member or participant remains responsible for orders and trades executed via this
way.
In addition, appropriate risk controls and thresholds for trading need to be in place. The regulated
market need to be able to distinguish and, if necessary, stop orders or trading by a person using
direct electronic access separately from other orders or trading. Processes need to be in place to
suspend or terminate direct access in case on non-compliance.
A regulated market needs to ensure their systems, procedures, and arrangements are effective for
carrying out appropriate testing so that they can ensure that algorithmic trading systems cannot
create or contribute to disorderly trading conditions. In addition, they need to be able to manage
any disorderly trading conditions that may arise by, for example, limiting the ratio of unexecuted
transactions that may be entered into the system by a market participant, slowing down the flow
of orders, or limit and enforce minimum tick size.
A regulated market may impose a higher fee on operators of a high-frequency algorithmic trading
technique. In addition, they must be able to identify orders generated in this way, the different
algorithms used and the persons initiating these orders. This information needs to be made
available to CySEC on request.
Page 53 of 334
Edition B.Ad.1 / EN
Learning Objective
Ø Understand rules relating to the admission of financial instruments to trading (Article 52)
The rules in relation to the admission of financial instruments must be clear and transparent and
are in place to ensure that the instruments can be traded in a fair, orderly and efficient manner.
In addition, transferable securities must be freely negotiable. The rules further ensure that the
design of derivative contracts allow for their orderly pricing and the existence of effective
settlement conditions for these types of instruments.
The regulated market must ensure that issuers of transferable securities that are admitted to its
market comply with all regulations including initial, ongoing and ad hoc disclosure obligations.
The regulated market is responsible for the establishment of arrangements that facilitate access
to information for its members or participants.
On a regular basis, the regulated market must ensure compliance with the admission requirements
of the instruments it admits to trading.
Financial instruments can be admitted to trading on multiple regulated markets, even without the
consent of the issuer. In this case, it is sufficient for the regulated market to inform the issuer
that its instruments have been admitted to trading. The issuer has no obligation to provide
information directly to any regulated market that trades its instruments without its consent.
The operator of the regulated market may suspend or remove from trading a financial instrument
that no longer complies with the rules of the regulated market, unless such a step would be likely
to cause significant damage to the investors’ interests or the orderly functioning of the market.
Irrespective of the possibility for the operators of regulated markets to directly inform the
operators of other regulated markets, an operator of a regulated market that suspends or
removes from trading a financial instrument shall make public its decision and immediately
communicate the relevant information to the Commission. The Commission shall immediately
inform the competent authorities of the other member states.
Page 54 of 334
Financial Services Regulatory Framework:
Advanced Examination
Learning Objective
Ø Understand the obligation of a regulated market to maintain transparent and non-
discriminatory rules (Article 54)
The rule for obtaining access to membership of the regulated market must be based on
transparent, non-discriminatory rules which are based on objective criteria. The rules have to
specify all obligations for the members arising from:
Regulated market members can be participant CIFs, other IFs, credit institutions and other persons
that are of sufficient good repute, have a sufficient level of trading ability and competence, have
adequate organisational arrangements (if applicable) and have sufficient resources for the role
they are going to perform.
Access to membership can be either direct or via remote participation from other member states.
Any regulated market shall communicate to CySEC if it intends to provide remote participation
from other member states.
A list of all members needs to be reported to CySEC on a regular basis and, in addition, to
competent authorities in other member states on their request.
Learning Objective
Ø Know how regulated markets monitor compliance (Article 55)
Ø Know how transparency requirements apply to regulated markets
A regulated market must, on a regular basis, monitor compliance with its rules by its members.
Individual transactions are monitored in order to identify breaches of the rules, disorderly trading
Page 55 of 334
Edition B.Ad.1 / EN
conditions or market abuse. Any violations must be reported immediately by the market operator
to CySEC. CySEC will immediately inform ESMA and the competent authorities of the other
member state. In the event CySEC is investigating and prosecuting market abuse, the market
operator must supply the relevant information without delay and provide full assistance to CySEC.
CIFs and market operators must establish and maintain effective arrangements and procedures for
the regular monitoring of the compliance by its members, participants or users. They will monitor
the orders sent (including cancellations) and the transactions undertaken by their members,
participants or users of their systems, in order to identify infringements of the rules, disorderly
trading conditions, conduct that may indicate behaviour that is prohibited under the MiFID
regulations or system disruptions in relation to a financial instrument and shall deploy the resource
necessary to ensure that such monitoring is effective.
• conduct that may indicate behaviour prohibited under the MiFID rules, or
CySEC will communicate this information to ESMA and, where applicable, the authorities of any
other member state. However, prior to reporting conduct prohibited under MiFID CySEC will need
to ensure this behaviour has actually been carried out. CIFs and market operators need to provide
full assistance to CySEC in their investigation and prosecution of market abuse occurring on or
through its systems.
Learning Objective
Ø Know requirements for DRSPs (Article 60): approved publication arrangements (APAs),
approved reporting mechanisms (ARMs), consolidated tape providers (CTPs); obligations
for data reporting service providers (Articles 84–89 of EU 565/2017)
All data reporting service providers (DRSPs) for whom the Republic is the home state need to be
authorised by CySEC. A market operator may operate the data reporting services of an approved
publication arrangement (APA), approved reporting mechanism (APM) or consolidated tape
provider (CTP), providing it is included in their authorisation. All DSRPs are maintained by CySEC
in a publicly available register that includes information on the services for which they are
Page 56 of 334
Financial Services Regulatory Framework:
Advanced Examination
authorised. The register will be updated on a regular basis and all changes (including
withdrawals) will be reported to ESMA. CySEC regularly reviews and monitors the compliance
of DRSPs with the conditions of their authorisation.
The members of the board of directors of a DSRP need to have adequate collective knowledge,
skills and experience to be able to understand the activities. DRSPs need to have adequate policies
and procedures in place to make public any information required as close to real time as
possible on a reasonable commercial basis. DRSPs need to maintain effective processes and
procedures to prevent conflicts of interest and have sound security mechanisms in place.
APAs and CTPs will need to make at least the following information public as near to real time as
possible:
7. code of the trading venue including the indicator SI for Systemic Internalisers or OTC for
others
In addition, within 15 minutes after publication, CTPs will need to make the information available
free of charge including whether a computer algorithm was responsible for the investment
decision and whether the transaction was subject to any waivers. All data made available by a
CTP needs to be consolidated from all regulated markets, MTFs, OTFs and APAs.
ARMs need to report all transaction information as soon as reasonably practicable but at the
latest by the close of the next business day. In addition to systems to prevent conflict of interest
and sound security systems, ARMs must have systems in place that can effectively check
transaction reports for completeness, identify omissions and obvious errors caused by the CIF.
Any errors and omissions need to be reported to the CIF and reports will need to be retransmitted.
In order to make market data available to the public on a reasonable commercial basis, approved
publication arrangements (APAs) and CTPs must apply the following:
1. Provision of market data on the basis of cost – the price of market data must be based on
Page 57 of 334
Edition B.Ad.1 / EN
the cost of production and disseminating the data and may include a reasonable
margin. An appropriate share of joint cost for other service provided by APAs and CTPs
may be included.
a. the scope and scale of the market data, including number of financial instruments
covered and trading volume
b. the way it is used by the customer, including whether it is used for own trading
activities, resale or data aggregation.
Scalable capacities need to be in place to ensure customers can obtain timely access to market
data at all times on a non-discriminatory basis.
3. Per user fees – the charge for market data shall be on the basis of the use made by
individual end- users. Arrangements must be in place to ensure each individual use is
charged only once. Where a per-user fee is deemed disproportionate the APA or CTP may
decide not to make the data available on this basis and will publish their grounds for
refusal on their website.
4. Unbundling and disaggregating market share – market data shall not be bundled with
other services. Prices for market data shall be charged on the basis of the level of
market data disaggregation.
5. Transparency obligation – price and other terms and conditions for the provision of the
market data must be disclosed and easily available to the public. Disclosure will include:
a. current price list including fees per display user; non-display fees; discount policies;
fees associated with licence conditions; fees for pre- and post-trade market data;
fees for other information subsets; and other contractual terms and conditions
c. information on the content of the market data including the number of instruments
covered; the total turnover of instruments covered; pre- and post-trade market
data ratio; information on any data provided in addition to market data; and the
date of the last licence fee adaption for market data provided
d. revenue obtained from making market data available and the proportion of that
revenue compared to total revenue of the APA or CTP
e. information on how the price was set, including the cost accounting
Page 58 of 334
Financial Services Regulatory Framework:
Advanced Examination
The above do not apply to APAs and CTPs that make data available free of charge. However, when
the data is made available free of charge it will need to be provided on a non-discriminatory basis
and may not be bundled with other services.
Page 59 of 334
Edition B.Ad.1 / EN
Chapter 3
Cypriot Investment Firms
(CIFs) and Banks
Learning Objectives
1. Organisational Requirements
2. Specific Requirements
3. Conflicts of Interest
4. Provision to Ensure Investor Protection
5. Investment Advice
6. Suitability
7. Best Execution
Similar to all other regulators in the EU, Cyprus has implemented the EU regulations including
2017/565, most commonly known as MiFID II.
1. Organisational Requirements
Learning Objective
Ø Know the general organisational requirements for CIFs and banks (Article 21)
Investment firms must comply with the following organisational requirements to:
• ensure their relevant persons are aware of the procedures which must be followed for
the proper discharge of their responsibilities
• employ personnel with the skills, knowledge and expertise necessary for the discharge of
the responsibilities allocated to them
• maintain adequate and orderly records of their business and internal organisation
• ensure that the performance of multiple functions by their relevant persons does not
and is not likely to prevent those persons from discharging any particular function soundly,
honestly, and professionally.
When complying with these requirements, investment firms need to take into account the nature,
scale and complexity of the business of the firm, and the nature and range of investment services
and activities.
1. safeguard the security, integrity and confidentiality of information, taking into account the
nature of the information
2. ensure, in the case of an interruption to their systems and procedures, the preservation of
essential data and functions, and the maintenance of investment services and activities, or,
where that is not possible, the timely recovery of such data and functions and the timely
resumption of their investment services and activities
3. deliver, in a timely manner to the competent authority financial, reports which reflect a true
and fair view of their financial position and which comply with all applicable accounting
standards and rules.
Firms shall monitor and, on a regular basis, evaluate the adequacy and effectiveness of their
systems, internal control mechanisms and arrangements and take appropriate measures to
address any deficiencies.
Page 61 of 334
Edition B.Ad.1 / EN
2. Specific Requirements
Learning Objective
Ø Know the requirements relating to compliance (Article 22)
Ø Understand the requirements relating to telephone recordings and electronic
communications (Article 76)
Ø Understand the requirements regarding outsourcing: scope of critical and important
operational functions (Article 30); outsourcing critical or important operational functions
(Article 31); service providers located in third countries (Article 32)
Ø Know the requirements regarding the safeguarding of client assets: information requirements
(Article 49)
Ø Know requirements relating to: risk management (Article 23); internal audit (Article 24)
2.1. Compliance
CIFs and banks need to establish, implement and maintain adequate policies and procedures
designed to detect any risk of failure by the firm to comply with their obligations under MiFID
as well as the associated risks, and put in place adequate measures and procedures designed
to minimise such risk and to enable the competent authorities to exercise their powers effectively.
Investment firms shall take into account the nature, scale and complexity of the business of the
firm, and the nature and range of investment services and activities undertaken in the course of
that business. They need to establish and maintain a permanent and effective compliance
function which operates independently and has the following responsibilities to:
a. monitor on a permanent basis and to assess, on a regular basis, the adequacy and
effectiveness of the measures, policies and procedures put in place, and the actions taken
to address any deficiencies in the firm’s compliance with its obligations
b. advise and assist the relevant persons responsible for carrying out investment services and
activities to comply with the firm’s obligations under MiFID
Page 62 of 334
Financial Services Regulatory Framework:
Advanced Examination
function shall conduct an assessment on the basis of which it shall establish a risk-based
monitoring programme that takes into consideration all areas of the investment firm’s
investment services, activities and any relevant ancillary services, including relevant
information gathered in relation to the monitoring of complaints handling. The
monitoring programme shall establish priorities determined by the compliance risk
assessment ensuring that compliance risk is comprehensively monitored.
In order to enable the compliance function to discharge its responsibilities properly and
independently, investment firms shall ensure that the following conditions are satisfied:
1. The compliance function has the necessary authority, resources, expertise and access to
all relevant information.
3. The compliance function reports on an ad-hoc basis directly to the management body where
it detects a significant risk of failure by the firm to comply with its obligations.
4. The relevant persons involved in the compliance function are not involved in the
performance of services or activities they monitor.
5. The method of determining the remuneration of the relevant persons involved in the
compliance function does not compromise their objectivity and is not likely to do so.
An investment firm does not have to comply with points 4 or 5 above if they can demonstrate
that in view of the nature, scale and complexity of its business, and the nature and range of
investment services and activities, these requirements are not proportionate and that its
compliance function continues to be effective. In that case, the investment firm shall periodically
assess whether the effectiveness of the compliance function is compromised.
Investment firms need to establish, implement and maintain an effective recording of telephone
conversations and electronic communications policy, set out in writing, and appropriate to the size
and organisation of the firm, and the nature, scale and complexity of its business. The policy
needs to include the following:
Page 63 of 334
Edition B.Ad.1 / EN
Investment firms need to ensure that the management body has effective oversight and control
over these policies and procedures. Arrangements need to comply with recording requirements and
are technology-neutral. The effectiveness of the firm’s policies and procedures needs to be
evaluated on a periodic basis. Any alternative or additional measures and procedures as are
necessary and appropriate need to be identified. At a minimum, the adoption of alternative or
additional measures shall occur when a new medium of communication is accepted or permitted
for use by the firm.
The firm will need to keep and regularly update a record of individuals that have firm devices or
privately owned devices that have been approved for use by the firm. All employees need to
be educated and trained about electronic communications and the recording of telephone
conversations. On a periodic basis, the firm will periodically monitor the records of transactions
and orders subject to the electronic monitoring requirements including relevant conversations
to ensure they comply with the recording and record-keeping requirements. All monitoring
needs to be risk based and proportionate. Policies, procedures and management oversight will
be made available to CySEC on request.
Firms need to inform new and existing clients that their conversations and communications
are recorded and that a copy will be made available on request for up to five years. If requested
by CySEC, the information may be retained for up to seven years. The firm needs to inform
the client prior to providing investment services and activities relating to receipt, transmission,
and execution of orders. The information needs to be provided in the same language as other
investment services.
All relevant information related to relevant face-to-face conversations with clients need to be
recorded on a durable medium and include, at a minimum:
• location of meetings
• relevant information about the client order including the price, volume, type of order
and when it shall be transmitted or executed.
The information needs to be stored on a durable medium which can be replayed or copied. It
must be retained in a format that does not allow the original to be altered or deleted. The
Page 64 of 334
Financial Services Regulatory Framework:
Advanced Examination
information needs to be stored in such a way that it is readily accessible and available to clients
on request. Firms shall ensure the quality, accuracy and completeness of the records of all
telephone recordings and electronic communications. The period of time for the retention of a
record starts on the date the record is created.
2.3. Outsourcing
• Provision of advisory services and other services which do not form part of the investment
business of the firm, including the provision of legal advice, training of personnel,
billing services and the security of the firm’s premises and personnel.
When outsourcing critical or important operational functions, the firm remains fully responsible for
discharging of all of their obligations and shall comply with the following conditions:
a. The outsourcing does not result in the delegation by senior management of its
responsibility.
b. The relationship and obligations of the investment firm towards its clients is not altered.
c. The conditions with which the investment firm must comply in order to be and remain
authorised are not undermined.
d. None of the other conditions subject to which the firm’s authorisation was granted is
removed or modified.
Firms shall exercise due skill, care and diligence when entering into, managing or terminating any
arrangement for outsourcing critical or important operational functions. They need to take the
necessary steps to ensure that the following conditions are satisfied:
e. The service provider has the ability, capacity, sufficient resources, appropriate
organisational structure supporting the performance of the outsourced functions, and
any authorisation required by law to perform the outsourced functions, reliably and
professionally.
Page 65 of 334
Edition B.Ad.1 / EN
f. The service provider carries out the outsourced services effectively and in compliance
with applicable law and regulatory requirements, and to this end the firm has
established methods and procedures for assessing the standard of performance of the
service provider and for reviewing on an ongoing basis the services provided by the
service provider.
g. The service provider properly supervises the carrying out of the outsourced functions,
and adequately manage the risks associated with the outsourcing.
h. Appropriate action is taken where it appears that the service provider may not be
carrying out the functions effectively or in compliance with applicable laws and
regulatory requirements.
i. The investment firm effectively supervises the outsourced functions or services and
manage the risks associated with the outsourcing and to this end the firm retains the
necessary expertise and resources to supervise the outsourced functions effectively and
manage those risks;
j. The service provider has disclosed to the investment firm any development that may
have a material impact on its ability to carry out the outsourced functions effectively
and in compliance with applicable laws and regulatory requirements.
k. The investment firm is able to terminate the arrangement for outsourcing where
necessary, with immediate effect when this is in the interests of its clients, without
detriment to the continuity and quality of its provision of services to clients.
l. The service provider cooperates with the competent authorities of the investment firm
in connection with the outsourced functions.
m. The investment firm, its auditors and the relevant competent authorities have effective
access to data related to the outsourced functions, as well as to the relevant business
premises of the service provider, where necessary for the purpose of effective oversight
in accordance with this article, and the competent authorities are able to exercise those
rights of access.
n. The service provider protects any confidential information relating to the investment
firm and its clients.
o. The investment firm and the service provider have established, implemented and
maintained a contingency plan for disaster recovery and periodic testing of backup
facilities, where that is necessary having regard to the function, service or activity that
has been outsourced.
p. The investment firm has ensured that the continuity and quality of the outsourced
functions or services are maintained also in the event of termination of the outsourcing
either by transferring the outsourced functions or services to another third party or by
Page 66 of 334
Financial Services Regulatory Framework:
Advanced Examination
The outsourcing agreement needs to be drawn up in writing and clearly state the allocated rights
and obligations of the investment firms and the service provider. In particular, the investment
firm shall keep its instruction and termination rights, its rights of information, and its right to
inspections and access to books and premises. The agreement shall ensure that outsourcing by
the service provider only takes place with the consent of the investment firm which needs to be
in writing.
In case the investment firm and the service provider are members of the same group, the
investment firm may take into account the extent to which the firm controls the service provider
or has the ability to influence its actions. Investment firms need to make available on request
to CySEC all information necessary to enable them to supervise the compliance of the
performance of the outsourced functions.
Where an investment firm outsources functions related to the investment service of portfolio
management provided to clients to a service provider located in a third country, that investment
firm ensures that the following conditions are satisfied:
1. The service provider is authorised or registered in its home country to provide that
service and is effectively supervised by a competent authority in that third country.
The cooperation agreement referred needs to ensure that the competent authorities of the
investment firm are able, at least, to:
a. obtain on request the information necessary to carry out their supervisory tasks
b. obtain access to the documents relevant for the performance of their supervisory duties
maintained in the third country
c. receive information from the supervisory authority in the third country as soon as
possible for the purpose of investigating apparent breaches of the requirements
d. cooperate with regard to enforcement, in accordance with the national and international
law applicable to the supervisory authority of the third country and the competent
authorities in the Union in cases of breach of the requirements and its implementing
measures and relevant national law.
CySEC will publish on their website a list of the supervisory authorities in third countries with which
they have a cooperation agreement.
Page 67 of 334
Edition B.Ad.1 / EN
Firms that hold client assets need to provide (potential) clients with the following information
(where relevant):
1. When the funds may be held by a third party – the responsibilities of the investment
firm under applicable national law for any acts or omissions of the third party and the
consequences for the client of the insolvency of the third party.
2. When funds may be held in an omnibus account by a third party – client will be informed
of this including a warning of the risks.
3. Where it is not possible for client assets to be held by third parties to be identified
separately from the instruments of the third party or other clients – client will be informed
of the risks.
4. Any instances in which the client will be subject to the law of a jurisdiction other than
that of a Member State, including the rights of the (potential) client relating to those
financial instruments or funds may differ accordingly.
5. Existence and the terms of any security interest or lien which the firm has or may have
over the client’s financial instruments or funds, or any right of set-off it holds in relation
to those instruments or funds. Where applicable, it shall also inform the client of the
fact that a depository may have a security interest or lien over, or right of set-off in
relation to those instruments or funds.
Before entering into securities financing transactions in relation to financial instruments held by it
on behalf of a client, or before using such financial instruments for its own account or the account
of another client, the firm must inform the (potential) client including the terms for restitutions
and risks involved. Any information provided to on a durable medium, with clear, full and
accurate information on the obligations and responsibilities of the investment firm.
In relation to risk management, investment firms need to establish, implement and maintain
adequate risk management policies and procedures which identify the risks relating to the firm’s
activities, processes and systems and, where appropriate, set the level of risk tolerated by the
firm. They need to adopt effective arrangements, processes and mechanisms to manage the risks
relating to the firm’s activities, processes and systems, in light of that level of risk tolerance. Firms
need to monitor:
1. the adequacy and effectiveness of their risk management policies and procedures
Page 68 of 334
Financial Services Regulatory Framework:
Advanced Examination
2. the level of compliance by the firm and its relevant persons with the arrangements,
processes and mechanisms
3. the adequacy and effectiveness of measures taken to address any deficiencies in those
policies, procedures, arrangements, processes and mechanisms, including failures by the
relevant persons to comply with such arrangements, processes and mechanisms or follow
such policies and procedures.
here appropriate and proportionate in view of the nature, scale and complexity of their business
and the nature and range of the investment services and activities undertaken in the course of that
business, firms shall establish and maintain a risk management function that operates
independently. The risk management function implements the policy and procedures and provides
reports and advice to senior management. Investment firms that do not establish and maintain
a risk management function need to be able to demonstrate upon request that the policies and
procedures which it is has adopted the requirements of a risk management function.
Where appropriate and proportionate in view of the nature, scale and complexity of their business
and the nature and range of investment services and activities undertaken in the course of that
business, firms need to establish and maintain an internal audit function which is separate and
independent from the other functions and activities of the investment firm. The internal audit
function has the following responsibilities to:
a. establish, implement and maintain an audit plan to examine and evaluate the adequacy and
effectiveness of the investment firm’s systems, internal control mechanisms and
arrangements
b. issue recommendations based on the result of work carried out in accordance with
point (a) and verify compliance with those recommendations
3. Conflicts of Interest
Learning Objective
Ø Know examples where a conflict of interest may occur (Article 33)
Ø Know the requirements relating to conflicts of interest: conflict of interest policy (Article
34); record of services or activities (Article 35); investment research and marketing
communications (Article 36)
Conflicts of interest may arise in the course of providing investment and/or ancillary services, and
may damage the interest of a client. Firms shall, at a minimum, take into account whether the
investment firm, a relevant person, or a person (in)directly linked by control to the firm:
Page 69 of 334
Edition B.Ad.1 / EN
1. Is likely to make a financial gain, or avoid a financial loss, at the expense of the client.
2. Has an interest in the outcome of a service provided to the client or of a transaction carried
out on behalf of the client, which is distinct from the client’s interest in that outcome.
3. Has a financial or other incentive to favour the interest of another client or group of clients
over the interests of the client.
5. Receives or will receive from a person other than the client an inducement in relation to
a service provided to the client, in the form of monetary or non-monetary benefits or
services.
Firms need to establish, implement and maintain an effective conflicts of interest policy set out in
writing and appropriate to the size and organisation of the firm and the nature, scale and
complexity of its business. Where the firm is a member of a group, the policy shall also take
into account any circumstances, of which the firm is or should be aware, which may give rise
to a conflict of interest arising as a result of the structure and business activities of other
members of the group. The conflicts of interest policy must identify, with reference to the
specific investment services and activities and ancillary services carried out by or on behalf of
the investment firm, the circumstances which constitute or may give rise to a conflict of interest
entailing a risk of damage to the interests of one or more clients. In addition, the policy must
specify procedures to be followed and measures to be adopted in order to prevent or manage
such conflicts. These procedures and measures referred shall be designed to ensure that relevant
persons engaged in different business activities involving a conflict of interest carry on those
activities at a level of independence appropriate to the size and activities of the investment firm
and of the group to which it belongs, and to the risk of damage to the interests of clients. The
procedures to be followed and measures to be adopted shall include at least those items in the
following list that are necessary for the firm to ensure the requisite degree of independence:
b. The separate supervision of relevant persons whose principal functions involve carrying
out activities on behalf of, or providing services to, clients whose interests may conflict,
or who otherwise represent different interests that may conflict, including those of the
firm.
c. The removal of any direct link between the remuneration of relevant persons principally
engaged in one activity and the remuneration of, or revenues generated by, different
relevant persons principally engaged in another activity, where a conflict of interest may
arise in relation to those activities.
Page 70 of 334
Financial Services Regulatory Framework:
Advanced Examination
d. Measures to prevent or limit any person from exercising inappropriate influence over the
way in which a relevant person carries out investment or ancillary services or activities.
Investment firms need to ensure that disclosure to clients is a measure of last resort that shall be
used only where the effective organisational and administrative arrangements established by the
investment firm to prevent or manage its conflicts of interest are not sufficient to ensure, with
reasonable confidence, that risks of damage to the interests of the client will be prevented.
The disclosure shall clearly state that the organisational and administrative arrangements
established by the investment firm to prevent or manage that conflict are not sufficient to
ensure, with reasonable confidence, that the risks of damage to the interests of the client will be
prevented. The disclosure shall include specific description of the conflicts of interest that arise in
the provision of investment and/or ancillary services, taking into account the nature of the client
to whom the disclosure is being made. The description needs to explain the general nature and
sources of conflicts of interest, as well as the risks to the client that arise as a result of the
conflicts of interest and the steps undertaken to mitigate these risks, in sufficient detail to
enable that client to take an informed decision with respect to the investment or ancillary
service in the context of which the conflicts of interest arise.
Periodically the firm shall review, on an at least annual basis, the conflicts of interest policy and
shall take all appropriate measures to address any deficiencies. Over-reliance on disclosure of
conflicts of interest shall be considered a deficiency in the investment firm’s conflicts of interest
policy.
Investment firms need to keep and regularly update a record of the kinds of activities and advice
carried out by them or on their behalf in which a conflict of interest has arisen or may arise
entailing a risk of damage to the interests of one or more clients. On a regular basis, and at least
annually, senior management shall receive written reports on situations in which conflicts of
interest have arisen.
Page 71 of 334
Edition B.Ad.1 / EN
requirements designed to promote the independence of investment research, and that it is not
subject to any prohibition on dealing ahead of the dissemination of investment research.
Learning Objective
Ø Know the general principles regarding information to clients: fair, clear and not misleading
information requirements (Article 44 2017/565); information about the CIF; information
about the client; client categorisation and professional clients (including Article 58
2017/565)
Ø Know the requirements regarding information about financial instruments (Article 48 EU
2017/565)
Ø Know the information requirements relating to: costs and associated charges (Article 50
EU 2017/565)
If the information compares investments, services, financial instruments, or persons the comparison
has to be meaningful and presented in a fair and balanced way. Sources used, key facts and
assumptions need to be clearly specified.
Any indications of past performance may not be the most prominent feature, and must include
the appropriate performance information covering at least the preceding five years. If the
instrument or index has not yet existed for five years, the whole period the financial instrument
or index has existed. All performance information must be based on complete 12-month periods.
The reference period and source of information needs to be clearly stated. A prominent warning
needs to be included to state the figures refer to pat performance and are not a reliable indicator
of further results. If the information is in a currency other that euro this needs to be clearly stated
together with a warning that the return may vary as a result of currency fluctuations. Any effects
Page 72 of 334
Financial Services Regulatory Framework:
Advanced Examination
of gross performance, the effect of commissions, fees or other charges need disclosed. Any use of
simulated past performance needs to be based on the actual past performance of one or more
financial instruments or financial indices which are (substantially) the same as the financial
instrument concerned and needs to satisfy the same conditions as any actual performance
information, and include a prominent warning. Any indications of future performance may not
be based on or refer to simulated past performance; and needs to be based on reasonable
assumptions supported by objective data. In the event the information is based on gross
performance, the effect of commissions, fees or other charges needs to be clearly disclosed.
Future performance needs to be based on negative and positive performance scenarios in
different market conditions, and reflect the nature and risks of the specific types of instruments
included in the analysis. A prominent warning needs to be included forecasts are not a reliable
indicator of future performance.
Any particular tax treatments need to be clearly specified including a statement that the tax
treatment depends on the individual circumstances of each client and may be subject to change
in the future. The name of any competent authority may not be used in such a way that would
indicate or suggest endorsement or approval by that authority of the products or services of the
investment firm.
• execution venues
The information needs to be transparent so that it allows the client to make informed investment
decisions.
A firm needs to obtain a record with sufficient information to understand the (potential) client’s
levels of knowledge and experience regarding the products or services it is offering the (potential)
client, his financial situation and investment objectives. This will assist the firm to be able to
recommend the most suitable investments to the client.
In the event the firm considers that a particular investment or financial product is not appropriate
for a (potential) client, they will send a warning to the client. The warning may be in a
standardised format. If the (potential) client elects not to provide any information, the firm must
inform the (potential) client that they will not be allowed to determine whether a product or
Page 73 of 334
Edition B.Ad.1 / EN
service is appropriate. When the only service a firm provides solely consists of receiving and
executing client orders, the firm does not need to assess the client’s knowledge and expertise
as long as the transaction is related to shares, is undertaken on the client’s request, and the
client has been informed the form does not need to assess the appropriateness of the investment.
A firm needs to maintain client files including documentation outlining the rights and obligations of
the client and the firm, as well as any legal documentation. The firm needs to provide clients
with regular, adequate reports on the products and services including, when applicable, cost.
A professional client is a client who possesses the experience, knowledge and expertise to make
its own investment decisions and properly assess the risk it incurs. In order to be considered a
professional client, the client must comply with the following criteria:
3. national and regional governments, public bodies managing public debt, central banks,
international and supranational institutions and other similar international organisations
Although these clients are considered to be professional clients, they must be allowed to request
non- professional treatment and higher levels of protection.
When a client is a professional client, the CIF must inform the client prior to undertaking any services
that he will be treated as a professional client, unless otherwise agreed between the parties. In
addition, the CIF must inform the client that he can request to be treated as non-professional,
and thus be subject to a higher level of protection. It is the client’s responsibility to request to be
treated as a non-professional.
Firms need to enter into a written agreement with a client in order to provide any of the following:
2. Granting credits or loans to an investor to allow him to carry out a transaction in one
or more financial instruments, where the firm granting the credit or loan is involved in
the transaction.
3. Advice to undertakings on capital structure, industrial strategy and related matters and
advice and services relating to mergers and the purchase of undertakings.
4. Foreign exchange services where these are connected to the provision of investment
services.
7. Investment services and activities as well as ancillary services of the type included under
Section A or B of Annex 1 related to the underlying of the derivatives included under points
(5), (6), (7) and (10) of Section C where these are connected to the provision of investment
or ancillary services.
The agreement has to on paper or another durable medium, setting out the essential rights and
obligations of the firm and the client. A periodic assessment of the suitability of the financial
instruments or services recommended needs to be performed. The written agreement shall set
out the essential rights and obligations of the parties, and shall include the following:
a. a description of the services, and where relevant the nature and extent of the investment
advice, to be provided
b. in case of portfolio management services, the types of financial instruments that may be
purchased and sold and the types of transactions that may be undertaken on behalf of
the client, as well as any instruments or transactions prohibited, and
c. a description of the main features of any services mentioned in the above list to be
provided, including where applicable the role of the firm with respect to corporate
actions relating to client instruments and the terms on which securities financing
transactions involving client securities will generate a return for the client.
Page 75 of 334
Edition B.Ad.1 / EN
Before providing investment services to (potential) clients, they need to be given a general
description of the nature and risks of financial instruments, taking into account, in particular,
the client’s categorisation as either a retail client, professional client or eligible counterparty. The
description needs to explain the nature of the specific type of instrument concerned, the
functioning and performance of the financial instrument in different (both positive and negative)
market conditions as well as the risks particular to that specific type of instrument in sufficient
detail to enable the client to take investment decisions on an informed basis.
The description of risks shall include, where relevant to the specific type of instrument concerned
and the status and level of knowledge of the client, the following elements:
a. the risks associated with that type of financial instrument including an explanation of
leverage and its effects and the risk of losing the entire investment including the risks
associated with insolvency of the issuer or related events, such as bail in
b. the volatility of the price of such instruments and any limitations on the available market
for such instruments
d. the fact that an investor might assume, as a result of transactions in such instruments,
financial commitments and other additional obligations, including contingent liabilities,
additional to the cost of acquiring the instruments
If the information is related to a financial instrument that is the subject of a current offer to the
public and a prospectus has been published this will be communicated to the clients. In case
the financial instrument is composed of two or more different financial instruments or
services, the firm shall provide an adequate description of the legal nature of the financial
instrument, the components of that instrument and the way in which the interaction between
the components affects the risks of the investment. For financial instruments that incorporate a
guarantee or capital protection, the investment firm shall provide a client or a potential client
with information about the scope and nature of such guarantee or capital protection. When the
guarantee is provided by a third party, information about the guarantee shall include sufficient
detail about the guarantor and the guarantee to enable the client or potential client to make a
fair assessment of the guarantee.
Page 76 of 334
Financial Services Regulatory Framework:
Advanced Examination
Firms providing investment services to professional clients or eligible counterparties have the
right to agree to a limited application of the detailed requirements on costs and charges, unless
derivatives are involved.
For ex-ante and ex-post disclosure of information on costs and charges to clients, investment firms
shall aggregate the following:
a. all costs and associated charges charged by the investment firm or other parties where the
client has been directed to such other parties, for the investment services(s) and/or
ancillary services provided to the client, and
b. all costs and associated charges associated with the manufacturing and managing of the
financial instruments.
For the purposes of the costs in point (a) above, third party payments received by investment
firms in connection with the investment service provided to a client shall be itemised separately
and the aggregated costs and charges shall be totalled and expressed both as a cash amount and as
a percentage.
If any of the cost are in a foreign currency the applicable conversion rate and costs needs to be
included.
Firms need to arrangements for payment or other performance. Firms shall calculate and disclose
product costs and charges that are not included in the UCITS KIID.
Full ex-ante disclosure will need to be provided about the aggregated costs and charges related to
the financial instrument and to the investment or ancillary service provided where the investment
firm recommends or markets financial instruments to clients; or provides any investment services
via a UCITS KIID or PRIIPs KID in relation to the relevant financial instruments, in accordance with
relevant EU legislation.
Investment firms that do not recommend or market a financial instrument to the client or are
not obliged to provide the client with a KID/KIID.
If the client uses more than one investment firm, each firm will provide the client with the cost
and charges of the services they provide. Firms that recommend or market the services provided
by another firm, shall aggregate the cost and charges of its services together with the cost
and charges of the services provided by the other firm.
A firm need to take into account the costs and charges associated to the provision of services of
other firms they have directed the client to.
When calculating costs on an ex-ante basis, the firm will use actual incurred costs as a proxy for
Page 77 of 334
Edition B.Ad.1 / EN
expected costs and charges. In the event actual costs are not available, the firm will make a
reasonable estimation. Assumptions will be assessed on the basis of ex-post experience and will
make adjustments o their assumptions as required.
On an annual basis, firms will provide ex-post information about all costs and charges related
to instruments and services they have recommended or marketed to the client, where they have
provided the client with the KID/KIID, where they had an ongoing relationship with the client
during the year. This information needs to be based on costs incurred and shall be provided
on a personalised basis. Investment firms may choose to provide such aggregated information
on costs and charges of the investment services and the financial instruments together with
any existing periodic reporting to clients.
Investment firms shall provide their clients with an illustration showing the cumulative effect of
costs on return when providing investment services. Such an illustration shall be provided both on
an ex-ante and ex-post basis and needs show the effect of the overall costs and charges on
the return of the investment; any anticipated spikes or fluctuations in the costs; and be
accompanied by a description.
5. Investment Advice
Learning Objective
Ø Know the requirements regarding investment advice: information about investment advice
(Article 52); investment advice on an independent basis (Article 53)
Firms need to explain in a clear and concise way whether and why investment advice qualifies as
independent or non-independent and the type and nature of the restrictions that apply. In the event
the firm provides advice to the same client on an independent and non-independent basis the firm
needs to explain the scope of both services to allow investors to understand the differences between
the types of advice and to make sure they do not present themselves as an independent investment
adviser for the overall activity. Firms shall not give undue prominence to their independent
investment advice services over the non-independent advice.
Firms shall explain the range of financial services that may recommended including the
relationship with the issuer. A description will be provided of all types of financial instruments
considered, the range of financial instruments and providers analysed per type of instrument
according to the scope of the service, and, how the service provided satisfies the conditions for
the provision of independent investment advice (if applicable). The information will include the
considerations used in the selection process used to recommend financial instruments such as
risks, costs, and complexity of the instrument. The firm will highlight any own financial instruments
included in the investment advice.
Page 78 of 334
Financial Services Regulatory Framework:
Advanced Examination
The suitability of recommendations will be assessed periodically and the firm will disclose the
frequency and extent of the periodic suitability assessment including (where relevant) conditions
that trigger an assessment, the extent to which the information previously collected will be
subject to reassessment, and the way in which an updated recommendation will be
communicated to the client.
Firms that provide independent investment advice need to define and implement a selection
process to assess and compare a sufficient range of financial instruments available in the market.
The selection process needs to include:
a. the number and variety of instruments considered is proportionate to the scope of the
investment advice offered
c. the quantity of financial instruments issued by the firm or a closely linked entity is
proportionate to the instruments available in the market
d. the criteria for selecting financial instruments shall include all relevant aspects such as
risks, costs and complexity, characteristics of the client, and ensure he advice is not
biased.
In the event the firm cannot make these comparisons they will not present themselves as
independent.
Firms that provide independent investment advice focussed on a specified range or category of
financial instruments needs to make sure that they market themselves in a way that is intended
only to attract clients with a preference for those categories or range of financial instruments. In
addition, the firm shall require clients to indicate that they are only interested in investing in the
specified category or range of financial instruments; and prior to the provision of the service, the
firm shall ensure that its service is appropriate for each new client on the basis that its business
model matches the client’s needs and objectives, and the range of financial instruments that are
suitable for the client. If this is not the case, the firm shall not provide such a service to the client.
Investment firms offering both independent and non-independent investment advice need to
comply with the following obligations:
1. in good time before the provision of its services, the investment firm has informed its
clients, on a durable medium, whether the advice is independent or non-independent and the
relevant implementing measures
2. the investment firm has presented itself as independent for the services for which it provides
investment advice on an independent basis
Page 79 of 334
Edition B.Ad.1 / EN
3. the investment firms have adequate organisational requirements and controls in place to
ensure that both types of advice services and advisers are clearly separated from each
other and that clients are not likely to be confused about the type of advice that they are
receiving and are given the type of advice that is appropriate for them. The investment
firm shall not allow a natural person to provide both independent and non-independent
advice.
6. Suitability
Learning Objective
Ø Know the suitability requirements: assessment of suitability and suitability reports (Article
54); common assessment provisions (Article 55); assessment of appropriateness and
related record keeping obligations (Article 56)
Ø Know the obligations for CIFs who provide services through the medium of another IF
(Article 27, law 87)
Firms need to make sure they do not create any ambiguity or confusion about their
responsibilities in the process when assessing the suitability of investment services or financial
instruments. When undertaking the suitability assessment, the firm shall inform (potential) clients,
clearly and simply, that the reason for assessing suitability is to enable the firm to act in the
client’s best interest. Where investment advice or portfolio management services are provided in
whole or in part through an automated or semi-automated system, the responsibility to undertake
the suitability assessment remains with the investment firm and is not reduced by the use of an
electronic system.
Firms need to determine the extent of the information to be collected from clients in light of
all the features of the investment advice or portfolio management services to be provided to
those clients. Firms shall obtain all information necessary to understand the essential facts
about the client and to have a reasonable basis for determining the best investment advice taking
into consideration the nature and extent of the service provided meets the investment objectives
of the client in question, including client’s risk tolerance; can financially be borne by the client;
and the client has the necessary experience and knowledge in order to understand the risks
involved in the transaction or in the management of his portfolio.
When investment services are provided to professional clients, the firm may assume that the client
has the necessary level of experience and knowledge of the transactions and instruments
Page 80 of 334
Financial Services Regulatory Framework:
Advanced Examination
recommended, and that they are financially able to bear any risk.
The client’s financial information need to include, where relevant, information on the source and
extent of his regular income, his assets, including liquid assets, investments and real property,
and his regular financial commitments. The information regarding the client’s investment
objectives shall include, where relevant, information on the length of time for which the client
wishes to hold the investment, his preferences regarding risk taking, his risk profile, and the
purposes of the investment.
When a client is a legal person or a group of natural persons the investment policy will record
who should be assessed for suitability and how this assessment will be done in practice, including
from whom information about knowledge and experience, financial situation and investment
objectives should be collected. In case a natural person is represented by another natural
person, or where a legal person having requested treatment as professional client is to be
considered for the suitability assessment, the financial situation and investment objectives shall
be those of the legal person or the underlying client. The knowledge and experience shall be that
of the representative of the natural person or the person authorised to carry out transactions on
behalf of the underlying client.
Investment firms shall take reasonable steps to ensure that the information collected about their
clients or potential clients is reliable. This shall include, but shall not be limited to:
1. ensuring clients are aware of the importance of providing accurate and up-to-date
information
2. ensuring all tools, such as risk assessment profiling tools or tools to assess a client’s
knowledge and experience, employed in the suitability assessment process are fit-for-
purpose and are appropriately designed for use with their clients, with any limitations
identified and actively mitigated through the suitability assessment process
3. ensuring questions used in the process are likely to be understood by clients, capture
an accurate reflection of the client’s objectives and needs, and the information necessary
to undertake the suitability assessment, and
In the event the firm does not manage to obtain sufficient information on the (potential) client,
they shall not recommend investment services or financial instruments to them.
Investment firms shall have, and be able to demonstrate, adequate policies and procedures in
Page 81 of 334
Edition B.Ad.1 / EN
place to ensure that they understand the nature, features, including costs and risks of investment
services and financial instruments selected for their clients and that they assess, while taking into
account cost and complexity, whether equivalent investment services or financial instruments can
meet their client’s profile.
Firms shall not recommend or decide to trade where none of the services or instruments are suitable
for the client. When the advice includes switching investments, either by selling an instrument
and buying another or by exercising a right to make a change in regard to an existing instrument,
investment firms shall collect the necessary information on the client’s existing investments and
the recommended new investments and shall undertake an analysis of the costs and benefits of
the switch so that they will be reasonably able to demonstrate that the benefits of switching are
greater than the cost.
Retail clients will be provided with a report including an outline of the advice given and how the
recommendation provided is suitable for the retail client, including how it meets the client’s
objectives and personal circumstances with reference to the investment term required, client’s
knowledge and experience and client’s attitude to risk and capacity for loss. The firm will draw
the attention of the client to information on whether the recommended services or instruments
are likely to require them to seek a periodic review of their arrangements. Where an investment
firm provides a service that involves periodic suitability assessments and reports, the subsequent
reports after the initial service is established may only cover changes in the services or instruments
involved and/or the circumstances of the client and may not need to repeat all the details of the
first report.
If a periodic suitability assessment review is provided, the review shall be undertaken at least
annually. The frequency of this assessment shall be increased depending on the risk profile of
the client and the type of financial instruments recommended.
Firms need to ensure Investment that the information regarding a (potential) client’s knowledge
and experience in the investment field includes the following information, to the extent appropriate
to the nature of the client, the nature and extent of the service to be provided and the type of
product or transaction envisaged, including their complexity and the risks involved:
• the types of service, transaction and financial instrument with which the client is familiar
• the nature, volume, and frequency of the client’s transactions in financial instruments and
the period over which they have been carried out
• the level of education, and profession or relevant former profession of the client or
potential client.
Firms shall not discourage a (potential) client from providing information required for the purposes
of money laundering and compliance and will be entitled to rely on the information provided by
its clients or potential clients unless it is aware or ought to be aware that the information is
manifestly out of date, inaccurate or incomplete.
Page 82 of 334
Financial Services Regulatory Framework:
Advanced Examination
Firms will determine whether a client has the necessary experience and knowledge in order to
understand the risks involved in relation to the product or investment service offered or
demanded when assessing whether an investment service is appropriate for a client. An
investment firm shall be entitled to assume that a professional client has the necessary
experience and knowledge in order to understand the risks involved in relation to those particular
investment services or transactions, or types of transaction or product, for which the client is
classified as a professional client.
Firms need to maintain records of the appropriateness assessments undertaken which include the
result of the appropriateness assessment; any warning given to the client in relation to potentially
inappropriate investments and where the client proceeded with the investment; any warning given
to the client where the client did not provide sufficient information to enable the firm to
undertake an appropriateness assessment, whether the client asked to proceed with the
transaction despite this warning and, where applicable, whether the firm accepted the client’s
request to proceed with the transaction.
In the event a firm receives an instruction to provide investment services on behalf of a client
through another firm, they may rely on client information provided by the instructing firm. The
instructing firm remains responsible for the completeness and accuracy of the information. The
receiving firm may also rely on any recommendations in relation to the service or transactions
that have been provided by another firm. The instructing firm will remain responsible for the
suitability of the recommendations or advice provided to the client. The receiving firm will be
responsible for concluding the service or transactions in line with the information and/or
recommendations received.
7. Best Execution
Learning Objective
Ø Understand best execution criteria (Article 64)
Ø Know the obligations regarding best execution (Article 66)
Ø Understand how client order handling rules are applied: general principles (Article 67);
aggregation and allocation of orders (Article 68); aggregation and allocation for own
account (Article 69); prompt, fair and expeditious execution and publication of unexecuted
limit orders (Article 70)
When executing client orders, the firm needs to take into account the characteristics of the client
including the categorisation of the client as retail or professional; the characteristics of the client
order, including where the order involves a securities financing transaction (SFT); the characteristics
Page 83 of 334
Edition B.Ad.1 / EN
of financial instruments that are the subject of that order; and the characteristics of the execution
venues to which that order can be directed. Execution venues include a regulated market, an
MTF, an OTF, a systematic internaliser, or a market maker or other liquidity provider or an entity
that performs a similar function in a third country to the functions performed by any of those.
Firms need to take all sufficient steps to obtain the best possible result for a client to the extent
that it executes an order or a specific aspect of an order following specific instructions from the
client relating to the order or the specific aspect of the order. Investment firms shall not structure
or charge their commissions in such a way as to discriminate unfairly between execution venues.
When executing orders or taking decision to deal in OTC products including bespoke products,
the investment firm shall check the fairness of the price proposed to the client, by gathering
market data used in the estimation of the price of such product and, where possible, by comparing
with similar or comparable products.
The execution policy and order execution arrangements need to be reviewed at least annually. In
addition, they will also be when a material change occurs that affects the firm’s ability to continue
to obtain the best possible result for the execution of its client orders on a consistent basis using
the venues included in its execution policy. An investment firm shall assess whether the change
was material and consider making changes to the relative importance of the best execution
factors. The execution policy will be customised to cater for the class of financial instrument and
type of the service provided. Firms will provide clients with the following details on their execution
policy:
b. a list of the execution venues on which the firm places significant reliance
c. a list of factors used to select an execution venue, including qualitative factors such as:
clearing schemes, circuit breakers, scheduled actions, or any other relevant consideration,
and the relative importance of each factor
d. the information about the factors used to select an execution venue for execution shall be
consistent with the controls used by the firm to demonstrate to clients that best execution
has been achieved in a consistent basis when reviewing the adequacy of its policy and
arrangements
e. how the execution factors of price costs, speed, likelihood of execution and any other
relevant factors are considered as part of all sufficient steps to obtain the best possible
result for the client
f. where applicable, information that the firm executes orders outside a trading venue,
the consequences, for example counterparty risk arising from execution outside a trading
venue, and upon client request, additional information about the consequences of this
means of execution
g. a clear and prominent warning that any specific instructions from a client may prevent
Page 84 of 334
Financial Services Regulatory Framework:
Advanced Examination
the firm from taking the steps that it has designed and implemented in its execution
policy to obtain the best possible result for the execution of those orders in respect of
the elements covered by those instructions
h. a summary of the selection process for execution venues, execution strategies employed,
the procedures and process used to analyse the quality of execution obtained and how the
firms monitor and verify that the best possible results were obtained for clients.
The information shall be provided in a durable medium, or by means of a website (where that
does not constitute a durable medium. If a frim applies different fees depending on the
execution venue, the firm shall explain these differences in sufficient detail in order to allow
the client to understand the advantages and the disadvantages of the choice of a single
execution venue. If the firm invites clients to choose an execution venue, fair, clear and not
misleading information shall be provided to prevent the client from choosing one execution
venue rather than another on the sole basis of the price policy applied by the firm. Firms shall
inform clients about the inducements that the firm may receive from the execution venues.
The information shall specify the fees charged by the investment firm to all counterparties
involved in the transaction, and where the fees vary depending on the client, the information
shall indicate the maximum fees or range of the fees that may be payable. Where an investment
firm charges more than one participant in a transaction, the firm shall inform its clients of the
value of any monetary or non-monetary benefits received by the firm. Where a client makes
reasonable and proportionate requests for information about its policies or arrangements and how
they are reviewed to an investment firm, that investment firm shall answer clearly and within a
reasonable time. Where an investment firm executes orders for retail clients, it shall provide
those clients with a summary of the relevant policy, focused on the total costs they incur. The
summary shall also provide a link to the most recent execution quality data for each execution
venue listed by the investment firm in its execution policy.
When firms carry out client orders they need to satisfy the following conditions:
1. ensure that orders executed on behalf of clients are promptly and accurately recorded and
allocated
2. carry out otherwise comparable client orders sequentially and promptly unless the
characteristics of the order or prevailing market conditions make this impracticable, or
the interests of the client require otherwise
3. inform a retail client about any material difficulty relevant to the proper carrying out
of orders promptly upon becoming aware of the difficulty.
If the firm is responsible for overseeing or arranging the settlement of an executed order, it shall
take all reasonable steps to ensure that any client financial instruments or client funds received
in settlement of that order are promptly and correctly delivered to the account of the client.
Page 85 of 334
Edition B.Ad.1 / EN
Firms shall not misuse information relating to pending client orders, and shall take all reasonable
steps to prevent the misuse of such information by any of its relevant persons.
A firm may not carry out a client order or a transaction for own account in aggregation with
another client order unless it is unlikely that the aggregation will work to the disadvantage of any
client involved, the aggregation is disclosed to all clients involved, and an order allocation
policy is established and implemented to ensure fair allocation of aggregated orders and
transactions. The allocation policy needs to include how the volume and price of orders
determines the allocation and the treatment of partial executions or an order. Firms that have
aggregated transactions for own account with one or more client orders shall not allocate the
related trades in a way that is detrimental to a client and in case of partially executed orders
the client transactions will be given priority over the firm’s. If the firm is able to demonstrate on
reasonable grounds that without the combination it would not have been able to carry out the
order on such advantageous terms, or at all, it may allocate the partially executed transaction for
own account proportionally in accordance with its order allocation policy.
A firm need to have procedures in place designed to prevent reallocation of transactions for own
account in a way that is detrimental to the client.
A client limit order in respect of shares admitted to trading on a regulated market or traded
on a trading venue which have not been immediately executed under prevailing market conditions
shall be considered available to the public when the investment firm has submitted the order for
execution to a regulated market or a MTF or the order has been published by a data reporting
services provider located in one Member State and can be easily executed as soon as market
conditions allow. Regulated markets and MTFs shall be prioritised according to the firm’s
execution policy to ensure execution as soon as market conditions allow.
Page 86 of 334
Financial Services Regulatory Framework:
Advanced Examination
Page 87 of 334
Edition B.Ad.1 / EN
Chapter 4
Open-Ended Undertakings for Collective
Investment (UCI) Laws 2012–2019
Learning Objectives
The Open-Ended Undertakings for Collective Investment (UCI) Law of 2012 (L.78(I)/2012), as
amended by L.88(I)/2015, L. 52(I)/2016 and L.134(I)/2019, regulates the operation and supervision
of open-ended undertakings for collective investment in transferable securities (UCITS) and of
management companies, as well as of the taxation regime of open-ended UCITS.
a. Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on
the coordination of laws, regulations and administrative provisions relating to UCITS.
b. Articles 11 and 13 of Directive 2010/78/EU of the European Parliament and of the Council
of 24 November 2010 for amending Directives 1998/26/EC, 2002/87/EC, 2003/6/EC,
2003/41/EC, 2003/71/EC, 2004/39/EC, 2004/109/EC, 2005/60/EC, 2006/48/EC, 2006/49/EC,
and 2009/65/EC in respect of the powers of the European Supervisory Authority (European
Banking Authority (EBA)), the European Supervisory Authority (European Insurance and
Occupational Pensions Authority (EIOPA)) and the European Supervisory Authority
(European Securities and Markets Authority (ESMA)).
c. Articles 2 and 4 of Directive 2013/14/EU of the European Parliament and of the Council
of 21 May 2013 for amending Directive 2003/41/EC related to the activities and
Page 88 of 334
Financial Services Regulatory Framework:
Advanced Examination
d. Article 1(6) of Directive 2014/91/EU of the European Parliament and Council of 23 July 2014,
for amending Directive 2009/65/EC on the coordination of laws, regulations and
administrative provisions relating to UCITS as regards to depository functions, remuneration
policies and sanctions.
e. Directive 2014/91/EE of the European Parliament and of the Council of 23 July 2014, for
amending Directive 2009/65/EC on the coordination of laws, regulations and administrative
provisions relating to UCITS as regards to depository functions, remuneration policies and
sanctions.
f. Articles 2(1)(a), 5(2), 23(1), 49, 98(1) and 98 (2) of Directive 2009/65/EC of the European
Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and
administrative provisions relating to UCITS, as amended by the aforementioned Directive
2014/91/EE of the European Parliament and of the Council of 23 July 2014.
g. Article 50(a) of Directive 2009/65/EC of the European Parliament and of the Council of 13 July
2009 on the coordination of laws, regulations and administrating provisions relating to UCITS,
as amended by Article 38 of Regulation (EU) 2017/2402 of the European Parliament and of
the Council of 12 December 2017 laying down a general framework for securitisation and
creating a specific framework for simple, transparent and standardised securitisation, and
amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU and Regulations (EC) No
1060/2009 and (EU) No 648/2012.
purpose of notification, and procedures for on-the-spot verifications and investigations and
the exchange of information between competent authorities.
Page 89 of 334
Edition B.Ad.1 / EN
Learning Objective
Ø Know the definition and types of UCITS (Article 4)
• whose sole object is the collective investment in transferable securities and/or other
liquid financial instruments referred to in subsection (1) of section 40 of UCI Laws 2012 to
2019, of capital raised from the public
• which its units can be redeemed or repurchased, directly or indirectly, out of the
undertaking’s assets, at the request of the investor.
A UCITS fund may only be constituted in accordance with the UCI Laws and can take the form of
a common fund managed by a management company or a variable capital investment
company (VCIC). A common fund is a type of open-ended fund of no legal personality as the
unit holders are represented by the Management Company, whereas a VCIC is a limited liability
company with shares. More information about common funds and VCICs is provided in section
1.1. UCITS funds may not transform themselves by any means into an undertaking which does not
meet the definition of an undertaking.
The following shall not be regarded as UCITS for the implementation of the UCI Laws:
b. Undertakings for collective investment which raise capital without promoting the sale of
their units to the public within the EU or any part of it.
c. Undertakings for collective investment the units of which, under their regulation or their
instruments of incorporation may be sold only to the public in third countries.
d. Undertakings for collective investment whose investment and borrowing policies, with
regard to the legislation of their home member state, do not comply with the conditions
of Chapter VII and Article 83 of Directive 2009/65/EC.
Investments in a UCITS can only comprise of one or more of the instruments listed in section 2.1.
Page 90 of 334
Financial Services Regulatory Framework:
Advanced Examination
Learning Objective
Ø Know the provisions applicable to specific types of UCITS: common funds and variable
capital investment companies (Articles 5–6)
A common fund is a pool of assets which belong jointly and severely to the unitholders. The
assets are deposited with a depositary and constitute a collective portfolio managed by the
management company in the interest of the unitholders. A common fund does not have a legal
personality; the management company represents the unitholders in relation to the fund and the
assets. When representing the fund and its unitholders, the management company acts in its own
name, albeit on behalf of the unitholders, and it exercises all rights deriving from the assets in the
common fund.
Unitholders shall not be responsible for any actions or omissions of the management company
or o f the depositary in the exercise of their duties. A common fund is not responsible for the
obligations of the management company or the depositary.
A VCIC has the legal form of a limited liability company with shares and must fulfil all the following
conditions:
1. Its sole purpose is the collective management of its portfolio by investing in transferable
securities or other financial instruments (as outlined in section 1 of this chapter), to the
interest of its shareholders.
4. Its shares are (directly or indirectly redeemed or repurchased by its assets on request of
the shareholders. Its capital is increased or decreased by the issue of new shares or the
redemption or repurchase of old ones without resorting to a capital increase or decrease
under Company Law.
Any actions taken by the company that do not result in a significant variation of the stock
exchange value of its shares from the net asset value of its assets, are regarded as the equivalent
of a redemption or repurchase, as mentioned in point 4.
Page 91 of 334
Edition B.Ad.1 / EN
1.2. Depositaries
Learning Objective
Ø Know the duties and requirements applicable to Depositaries (Article 10-15)
A management company needs to appoint a single depositary for each of the UCITS it manages.
The depositary needs to be a credit institution with a registered office in the Republic or another
EU member state. In the event that the depositary is registered in another EU member state,
it needs to have a branch in the Republic and be licensed to provide depositary services. The
depositary can be any other type of legal entity, with either a registered office in the Republic or in
another EU member state with a branch in the Republic authorised by the competent authority
(CySEC, if based in the Republic, or the competent authority in other EU member states) to carry
out depositary activities in accordance with the provision of UCI Laws or the law of another member
state which harmonises Directive 2009/65/EC and meets the appropriate capital adequacy
requirements. Such a legal entity is subject to prudential regulation and ongoing supervision, and
needs to meet the following minimum requirements:
• Establish appropriate policies and other procedures to ensure compliance of the entity, its
directors and employees with the obligations under UCI laws.
• Keep records of all services, activities and transactions it undertakes that will be sufficient
to enable CySEC to fulfil its supervisory tasks and to perform the enforcement actions
provided for under the UCI laws.
• Take reasonable steps to ensure continuity and regularity in the performance of its
depositary functions by employing appropriate and proportionate systems, resources
and procedures, including being able to perform its depositary activities.
• Ensure that all members of its board of directors and senior management are, at all times, of
sufficiently good repute, and possess sufficient knowledge, skills and experience.
Page 92 of 334
Financial Services Regulatory Framework:
Advanced Examination
• Ensure that its management body possesses adequate collective knowledge, skills and
experience to be able to understand the depositary’s activities, including the main risks.
• Ensure that each member of its board of directors and senior management acts with
honesty and integrity.
The aforementioned requirements also apply to depositaries which VCICs or Management Companies
appointed before 18 March 2016.
The appointment of the depositary is evidenced by a written contract which needs to regulate the
flow of information necessary to allow the depositary to perform its functions under UCI Laws, in
Directives issued pursuant to UCI Laws and in other relevant legislation.
• Ensure that the sale, issue, redemption, repurchase, cancellation and valuation of units is
carried out in accordance with the appropriate rules and regulations.
• Execute the orders of the management company or the VCIC, unless they conflict with the
rules and regulations.
• Ensure that profits are distributed in line with the applicable legislation and the UCITS rules
or instruments of incorporation.
The depositary needs to ensure that the cash flows of UCITS funds are properly monitored, that
payments made to (or on behalf of) investors have been received, and that all cash has been
booked in cash accounts that are opened in the name of the UCITS, the management company,
or the depositary in an approved institution, and maintained in accordance with the appropriate
regulations. Investor funds may not be commingled with funds that belong to the depositary
or the institution where the account is opened.
The assets of the UCITS must be entrusted to the depositary for safekeeping. For financial
instruments held in custody, the depositary shall hold those instruments that may be registered in
a financial instruments account in their books and all financial instruments that can be physically
delivered to the depositary. The depositary must ensure that all such financial instruments are
registered in segregated accounts in line with the regulations. For other assets, the depositary
must verify their ownership by the UCITS or its management company, and will maintain
appropriate records. On a regular basis, the depositary must provide a full inventory of those
assets. These functions may be delegated to a third party, only when:
a. they are not delegated with the intention of avoiding the requirements laid down in the
Page 93 of 334
Edition B.Ad.1 / EN
UCI Laws
b. the depositary can demonstrate that there is an objective reason for the delegation
c. the depositary has exercised all due skill, care and diligence in the selection and
appointment of any third party to whom it intends to delegate parts of its tasks, and
continues to exercise all due skill, care and diligence in the periodic review and ongoing
monitoring of any third party to which it has delegated parts of its tasks and of the
arrangements of the third party in respect of the matters delegated to it.
d. the third party, at all times during the performance of the delegated tasks:
• has adequate structures and expertise related to the nature and complexity of the
assets
• complies with the effective prudential regulation and meets the minimum capital
requirements
• segregates the assets of the depositary’s clients in order distinguish those from its
own or the depositary’s assets
• ensures that in case of the third party’s insolvency, the assets held in custody are
unavailable for distribution among, or for the benefit of, the creditors of the third
party
e. the depositary and the third party comply with the related obligations and prohibitions of
the UCI Laws
The third party may sub-delegate certain functions, subject to the provisions of the UCI Laws. In the
event of delegation or sub-delegation, the depositary remains liable to the UCITS and the unit holders.
Sections 1.2.3 and 1.2.4 of this workbook provide more information on delegation and liabilities.
A company may not be both the management company or internally managed VCIC and the
depositary. The management company and the depositary need to act honestly, fairly,
professionally, independently and solely in the interest of the UCITS, and the investors of the UCITS
in exercising their duties.
The depositary shall not carry out any activities that cause a conflict of interest between the
UCITS, the investors, the management company/internally managed VCIC, and itself unless the
activities are functionally and hierarchically separated so that they cannot purposely cause any
conflict of interest, and that any potential conflicts of interest are properly identified, managed,
monitored and disclosed to the investors of the UCITS.
Page 94 of 334
Financial Services Regulatory Framework:
Advanced Examination
In the event that a depositary of the UCITS intends to resign from its duties, it must inform the
4
management company or the UCITS itself, of its intention in writing, and at least three months
before the resignation. The management company, or the UCITS itself, will immediately report
this to CySEC and recommend a replacement. In the event that the recommendation is
unjustifiably delayed, a recommendation must be submitted by the resigning depositary. CySEC
will either approve the recommendation or will request for a new proposal.
Once the new depositary has been appointed, the resigning depositary will hand over the UCITS
assets into the safekeeping of the new depositary as well as any other relevant documents and
information for it to exercise its duties. The resigning depositary shall continue to exercise its
duties until the new depositary has fully taken over. The resignation and replacement of the
depositary shall entail amendment of the UCITS rules or instruments of incorporation.
In the event of serious violations of the depositary’s obligations, or to protect the unitholders
when the depositary does not exercise its duties in the interest of all unitholders, CySEC may request
the replacement of the UCITS depositary. In these cases, the CySEC will approve the selection of the
new depositary. The management company or internally managed VCIC may also submit an
application for the replacement of the depositary. In this case, the management company or
internally managed VCIC must recommend a new depositary, and inform the depositary to be
replaced.
The depositary may delegate the safekeeping of the assets to a third party providing that the
UCITS regulation or instruments of incorporation allow for this. The safekeeping of foreign or local
transferable securities and other liquid financial instruments may be delegated to an officially
authorised foreign depositary, provided that the instruments are listed on a regulated market.
Any delegation of safekeeping needs to be reported to the UCITS or its management company. At
any time, the delegation of safekeeping may be revoked by the depositary. The monitoring of the
activities of the management company, and the operation of the UCITS, may not be outsourced
to a third party.
At all times during the performance of the delegated tasks, the third party has to maintain structures
and expertise that are adequate and proportionate to the nature and complexity of the assets of
the UCITS, or the management company acting on behalf of the UCITS, which have been entrusted
Page 95 of 334
Edition B.Ad.1 / EN
to it. The third- party needs to be subject to effective prudential regulation, including minimum
capital requirements and supervision in their jurisdiction, and is periodically audited to ensure
that the financial instruments are in their possession. At all times, the assets of the clients of
the depositary need to be segregated from their own assets and from the assets of the depositary
in such a way that they can, at any time, be clearly identified as belonging to clients of a particular
depositary. In addition, the third party needs to take all necessary steps to ensure that, in the
event of their insolvency the assets held in custody are unavailable for distribution among, or
realisation for the benefit of, creditors of the third party, and that they comply with the general
obligations and prohibitions related to UCITS assets. In the event that the law of a third country
requires that certain financial instruments are held in custody by a local entity, and when no
local entities satisfy the delegation requirements stated, the depositary may delegate its functions
to such a local entity as long as they meet the requirements of the law in that country, and only
where:
a. the investors of the relevant UCITS are duly informed, prior to their investment, of the fact
that such a delegation is required due to legal constraints in the law of the third country,
of the circumstances justifying the delegation and of the risks involved in such a
delegation
b. the internally managed VCIC, or the management company on behalf of the UCITS, has
instructed the depositary to delegate the custody of such financial instruments to such a
local entity.
The third party may, in turn, sub-delegate these functions as long as any other party meets the
appropriate regulatory requirements.
Any assets held in custody may not be used for the depositary’s own account, or for the account
of a third party to whom the custody of the assets is delegated. Assets may be reused in the
following circumstances:
3. For the benefit of the UCITS and in the interest of the unitholders.
4. The transaction is covered by high-quality and liquid collateral received by the UCITS
under a title transfer arrangement:
The market value of the collateral shall, at all times, amount to at least the market value of the
reused assets plus a premium.
In the event of insolvency of the depositary, and/or any third party located in the EU to which
custody of UCITS assets has been delegated, the UCITS assets held in custody are unavailable
for distribution among, or realisation for the benefit of, creditors of such a depositary and/or such
a third party.
Page 96 of 334
Financial Services Regulatory Framework:
Advanced Examination
On the request of CySEC or the competent authority, the depositary needs to make available all
information received during the exercise of its duties. CySEC, providing that t is the competent
authority of the depositary, transmits the information received without delay to the competent
authorities of the UCITS and the management company.
The depositary is liable to the UCITS, and to the unitholders of the UCITS, for any loss suffered as a
result of negligence or intentional failure of the depositary, or that of the third party to whom
the custody of financial instruments is delegated, to properly fulfil its obligations pursuant to the
UCI Laws. Unitholders of the UCITS have the individual right to take legal action against the
depositary either directly or indirectly via the management company or the internally managed
VCIC. Even when safekeeping of assets has been outsourced to a third party, the depositary
remains fully liable for any losses caused.
2. Obligations of UCITS
UCITS have a number of obligations regarding their investment policies, borrowing, valuations, the
distribution of profits, investor information and the marketing of units in foreign jurisdictions.
Learning Objective
Ø Know the obligations of UCITS: investment policy (Articles 40–49); standing obligations
(Articles 50–54); investor information (Articles 55–66)
1. Transferable securities and money market instruments admitted to, or dealt on, a
regulated market of the Republic or another EU member state, for which the respective
regulated market operates regularly, and is recognized and open to the public.
Page 97 of 334
Edition B.Ad.1 / EN
2. Transferable securities and money market instruments listed on the stock exchanges or
on another regulated market in a third country that is included in the approved markets
by the Ministry of Finance or is included in the fund regulation or instruments of
incorporation.
3. Recently issued transferable securities provided that they are listed on a regulated
market within one year of issue.
5. Deposits payable on demand, or with a maturity date shorter than 12 months with an
authorised credit institution.
6. Financial derivative instruments or OTC derivatives provided that the underlying of such
derivatives consists of indices, interest rates, foreign exchange rates or currencies, provided
that the counterparties to the OTC derivative transactions are institutions subject to
prudential supervision and belong to the categories approved by CySEC, and p r o v i d e d
that the OTC derivatives are subject to reliable and verifiable daily valuations and can
be sold, liquidated or closed by an offsetting transaction at any time at fair value.
7. Money market instruments not dealt on a regulated market, but for which the issue or
issuer is regulated for the purpose of protecting both investors and savings.
A UCITS fund may not invest more than 10% of its assets in transferable securities, except for
those mentioned under points 1–7 above, and may not acquire precious metals, or certificates
representing them. A UCITS may hold ancillary liquid assets; an internally managed VCIC may
acquire (movable or immovable property essential for the direct pursuit of its business.
A management company or internally managed VCIC that is subject to securitization and does not
meet the requirements set out in Regulation (EU) 2017/2402, if deemed necessary, must act and take
corrective actions to ensure the benefits and general interest of the unitholders.
A UCITS, internally managed VCIC or its management company needs to have a risk management
process in place which enables it to monitor and measure at any time the risk of the positions and
their contribution to the overall risk profile of the portfolio. In particular, they shall not exclusively or
mechanically rely on credit ability assessments issued by credit rating agencies. The risk management
policy needs to include a process for the accurate and independent assessment of the value of OTC
derivatives, and needs to report to CySEC the types of derivatives, associated risks, quantitative limits
Page 98 of 334
Financial Services Regulatory Framework:
Advanced Examination
and methods to estimate risks associated with transactions in derivative instruments regarding each
UCITS. Under CySEC’s related conditions and limits, as well as the investment objectives, UCITS may
use techniques and instruments relating to transferable securities and money market instruments,
including the use of derivatives, for the purpose of efficient portfolio management. The global
exposure of derivatives may not exceed the total net value of the portfolio. The exposure calculation
includes the current value of the underlying, counterparty risk, potential future market movements
and the time available to liquidate positions. The risk for the underlying assets may not exceed, in
aggregate, the investment limits. CySEC may define the criteria for assessing the adequacy of the risk
management process, rules regarding the accurate and independent assessment of the value of OTC
derivatives, reporting requirements, and conditions and provisions related to the use of derivative
instruments.
Limit Asset
The aggregate value of the transferable securities or the money market instruments of issuing
40%
bodies in which the UCITS individually invests more than 5%.
Units of other UCITS, or other collective investment undertakings with no more than 20% in
30%
the units of any single UCITS or collective investment undertaking.
20%
Investment in transferable securities or money market instruments, deposits made with that
body, and exposures arising from OTC derivatives with a single body.
Limit Asset
Transferable securities or money market instruments issued by the same body.
May be raised to 35% if the securities are issued or guaranteed by a member state, its local
authorities, a third country, or a public international body to which one or more member
states belong. Under specific circumstances this may be increased to 100% provided that
the assets are issued or guaranteed by a member state, one or more of its local authorities,
10% a third country, or a public international body to which one or more member states, and all
of the following preconditions, are complied with:
Page 99 of 334
Edition B.Ad.1 / EN
A predominant statement must be included in the prospectus and key investor information
document.
May be raised to 25% when bonds are issued by a regulated and supervised credit institution
in a member state.
May be raised to 20% when the UCITS objective is to replicate the composition of a certain
stock or debt securities index provided that the following preconditions are met:
May be raised to 35% for a single issuer under exceptional market circumstances in which
certain issues are highly dominant.
5% Exposure in an OTC derivative transaction when the counterparty is not a credit institution.
The above-mentioned limits may not be combined, and therefore, the total that can be invested
with a single body (whether securities or OTC) is 35%; this includes any consolidated parts of a
group. The cumulative investment in transferable securities and money market instruments within
the same group is permitted up to 20%.
The units of a UCITS replicating an index, which has been granted an operation licence, can be
listed on a market for exchange-traded UCITS operating in the Republic or another member state,
provided that the composition of the index is sufficiently diversified; the index represents an
adequate bench mark; and it is published in an appropriate manner.
2. the UCITS has been authorised to trade the units, not the exchange
3. at least one market maker has been designated who ensures that the value of the units
does not significantly differ from their net asset value, and
4. the particulars of the units have been submitted to the depositary prior to the start of
trading.
Units of common funds may be admitted to a stock exchange without trading on the Republic,
another member state, or a third country with whom a memorandum of cooperation is in place.
When a UCITS invests in other UCITS or collective investment schemes (CISs) that are managed
by the same management company, they will not be charged any subscription, redemption, or
repurchase fees. A UCITS that invests a substantial proportion of its assets in other UCITS and
collective investment undertakings needs to disclose the maximum level of management fees
that may be charged to the UCITS itself and to the UCITS or collective investment undertaking
in which it intends to invest. The actual levels of management fees will be reported in the annual
report.
UCITS may guarantee the amount invested and its performance by means of a guarantee provided
by a credit institution established in the Republic or another member state. When the guarantee
is provided by a credit institution from another member state, the institution needs to have a
branch in the Republic. The guarantee cannot be provided by the depositary of the UCITS, or a
credit institution that also provides depositary services to the UCITS. The nature of the guarantee
must be reported in the key investor information document and the prospectus.
Internally managed VCICs and management companies connected to a common fund will not
purchase any shares carrying voting rights that would enable them to exercise significant
influence over the management of an issuing body. A UCITS may not obtain more than:
• 10% of the money market instruments of a single issuing body. The limits do not apply to:
• shares held by a UCITS in the capital of a company incorporated in a third country investing
its assets mainly in the securities of issuing bodies having their registered offices in that
country, and when this is the only way to invest in the securities of issuing bodies in that
country
• shares held by one or more VCICs in the capital of a subsidiary company pursuing,
exclusively on its or their behalf, only the business of management, advice or marketing
in the country where the subsidiary is established, within regard to the redemption of
shares at shareholders’ request.
A UCITS does not violate an investment limit in the event that one is breached when exercising
subscription rights attached to transferable securities or money market instruments that are part
of its assets. In addition, a recently authorised UCITS may deviate from the investment limits for a
period of six months from the granting of the licence as long as the principles of risk spreading
are observed. When an investment limit is breached for reasons outside the control of the UCITS
or as a result of the exercise of subscription rights, the management company has to remedy this
situation as soon as possible, taking into consideration the interests of the unitholders.
Internally managed VCICs and management companies or depositaries acting on behalf of a UCITS
may generally not borrow funds, but may acquire foreign currency by means of a back-to-back loan
provided that the loan is contracted in the foreign currency for the acquisition of securities of foreign
issuers. Although generally borrowing is prohibited, internally managed VCICs, and management
companies or depositaries acting on behalf of a UCITS, may borrow on a temporary basis an amount
not exceeding 10% of the net asset value (NAV) of the UCITS. Internally managed VCICs may borrow
up to 10% of its net asset value, to acquire immovable property mandatory to its business. When a
VCICs borrows for both purposes, the borrowing must not exceed 15% of its net asset value.
Management companies may borrow up to 15% of its own funds for the acquisition of immovable
property mandatory to its business.
Any income from interest, dividends and profits resulting from the lottery of debentures at par
has to be distributed on an annual basis, net of all expenses incurred during the financial year.
Profits from the sale of transferable securities, or other liquid financial instruments after the
deduction of any capital losses may be distributed to unitholders or reinvested at the discretion
of the internally managed VCIC, the UCITS or the management company. Provided that the
regulation or the instruments of incorporation allow for it, these profits may be distributed
during the financial year as an interim dividend.
The internally managed VCIC or a management company and the depositary acting on behalf of a
UCITS may not grant loans or act as a guarantor on behalf of third parties. The UCITS may
purchase transferable securities, money market instruments and other financial instruments
which are not fully paid for. However, neither entity may undertake uncovered sales of these
instruments.
A UCITS unit may only be issued if the equivalent of the net issue price is paid to the UCITS. Units
may be distributed free of charge.
The management company and the VCIC has to submit to CySEC and make available to the
investors in all selling points of units a prospectus, an annual report for each financial year, a
half-yearly report covering the first six months of the financial year, and quarterly summarized
statements of the assets and expenses. The last quarter’s statement must include a profit and
loss account and the distribution of profits for the whole financial year. These reports and statements
should be submitted in accordance with the following schedule:
Summarised statement of assets and First, second and third Within 15 days of the end of the period
expenses quarter they refer to
The aforementioned prospectus, reports and statements must be written in Greek or English, or in
both languages.
For UCITS that comprise multiple investment compartments, the aforementioned prospectus, reports
and statements should be provided for each single compartment. The financial year of a UCITS has
the duration of a calendar year which ends on 31 December, irrespective of the operation start date.
The UCITS prospectus must include all information necessary for investors to be able to make
an informed investment decision, including data on risks. A clear and easy-to-understand
description of the fund’s risk profile needs to be included. All essential elements of the prospectus
must be kept up to date. In addition to the essential elements that must be included in
the prospectus, it has to also include the following:
• When a UCITS mainly invests in other UCITS or collective investment undertakings, deposits
payable on demand, financial derivative instruments or OTC derivatives, the prospectus
needs to draw specific attention to the investment policy.
• When the net asset value (NAV) of a UCITS is likely to have high volatility due to its
portfolio composition or portfolio management techniques, the prospectus needs to
include a statement drawing attention to this possibility.
• Details of the up to date remuneration policy, or a summary referring to the policy that can
be made available on request.
The prospectus must expressly and clearly indicate that it is available to investors at all selling
points of the units as well as the management company’s website. The regulations or instruments
of incorporation are an integral part of the prospectus and either need to be attached to the
prospectus, made available on request or kept in a place where they can be accessed by investors.
The management company is responsible for all losses suffered by investors as a result of false or
misleading information, or because of the failure to mention any information in the prospectus. A
copy of the prospectus and any amendments will be submitted to CySEC at least 15 days before the
new prospectus is made available to the investors. In the event that a UCITS is established in Cyprus
but is managed by a management company of another member state, the management company
must submit the prospectus to CySEC and, upon request, to the competent authorities of the related
member state. After submitting the prospectus and any amendments, CySEC will ensure that it
complies with all requirements. The prospectus may be published on a website or any other durable
medium. Hard copies will be made available to investors, on request and free of charge. Upon the
request of an investor, the management company will also provide supplementary information
relating to the quantitative limits that apply to the risk management of the UCITS, the risk
management methods and the most recent evaluation of the main risks and yields of the investment
instrument categories.
The NAV, number of units, the unit NAV, and the subscription, redemption or purchase price of a
UCITS must be calculated on the first working day of each fortnight and published on the
following business day on the management company’s website. For tradable units, this
information needs to be calculated on a daily basis and made available the next working day.
The unit NAV is determined by dividing the total NAV by the number of units. Subscription and
redemption/repurchase prices may differ from the NAV by the amount of commission of the
management company.
The annual report will include a balance sheet or a statement of asset and liabilities, detailed income
and expenditure account, a report on the activities of the financial year and any other significant
information that will enable investors to make an informed judgement. The accounting
information will be audited, and the auditor’s report including any reservations, will be included in
full in the annual report. In addition, the annual report will also include:
a. the total amount of remuneration, split into fixed and variable, paid to staff and the number
of beneficiaries, and where applicable, any amounts paid directly by the UCITS
including any performance fee
The half-yearly report includes an interim financial statement at the end of the first semester
of the calendar year. Information regarding interim dividends (if any) needs to be included. The
results will be reported after the deduction of tax, charges, and other rights or expenses. Annual and
half-yearly reports need to be made available to all investors.
The key investor information document needs to be marked as such and must include appropriate
information about the essential characteristics of the UCITS in a clear and transparent way so that
investors are reasonably able to assess the nature and risk of the investment. The information needs
to be fair, clear and not misleading, and the content needs to be consistent with the prospectus. The
key investor information document needs to include an identification of the UCITS, the competent
authority of the UCITS, a short description of the investment objectives and investment policy, past-
performance or performance scenarios, costs and associated charges, and the risk/reward profile of
the investment. In addition, a clear statement must be made as to where and how to obtain additional
information, and a warning that a person does not incur any civil liability solely on the basis of the key
investor information. Furthermore, a clear statement on the most recent remuneration policy. The
key investor information document will be made available on the website and also on paper when
requested. The key investor information document will be provided to CySEC and will need to be
available in Greek or English, or in both. It is the responsibility of the management to ensure that
investors, or persons acting on their behalf, are provided with this information, free of charge, in a
timely manner and in a non-technical language that is comprehensible.
All communications need to be fair, clear and not misleading, and marketing information needs
to clearly be marked as such. Information contained in marketing communications may not
contradict any key investor information. All communications must include a statement that
investment in the units of a UCITS has no guaranteed return, and that past performance is no
guarantee of future performance.
Learning Objective
Ø Know the special provisions applicable to UCITS that market their units abroad: UCITS
established in the Republic marketing units to other member states (Articles 67–68); UCITS
from other member states marketing units in the Republic (Articles 69–72)
A UCITS authorised in the Republic that wants to market units in other EU member states must
submit a notification letter to CySEC prior to doing so. This letter includes the arrangements in
the host member state for the marketing of the units and, if applicable, the categories of units
and whether they are marketed by the management company in the content of its cross-border
business. The regulation or instruments of incorporation, the prospectus, the latest annual and
half-yearly report and key investor information must also be included with the notification letter.
CySEC will verify the completeness of the information, send it to the competent authorities in
the member state within ten w o r k i n g days of receipt, and notify the UCITS. Once the
notification letter has been sent to the competent authorities in the member state, the UCITS
may start marketing its units. CySEC will ensure that the competent authorities of the host
member state have electronic access to the documentation and/or any translations, and that
the UCITS keeps the documents up to date.
The competent authorities will be notified by the UCITS of any amendment in the documentation.
Any changes in the documentation shall thereafter be provided to the competent authorities of the
host member state by the means of a written notification prior implementation. Investors in the
UCITS based in the host member state will be provided with all information that investors in the
Republic are provided with. This information will be provided in the way prescribed by the
legislation in the host member state. Key investor information has to be translated into the official
language of the member state, or into another approved language. Any other information may
be translated at the choice of the UCITS itself, which will remain responsible for the translation.
The frequency of publication of the information will be in accordance with the regulations in the
Republic.
An authorised UCITS from another member state may market its units in the Republic after CySEC
has received a notification letter from the competent authorities in the member state. The
notification letter includes the arrangements for the marketing of the units, and, if applicable, the
categories of units and whether they are marketed by the management company in the content
of its cross-border business. The regulation or instruments of incorporation, the prospectus, the
latest and half-yearly reports and key investor information must also be included with the
notification letter.
CySEC will not request any additional information from the competent authorities in the member
state, and will ensure that the electronic transmission and filing is possible.
The UCITS will notify CySEC of any change to its regulation, instrument of incorporation,
prospectus, latest annual and semi-annual reports and key investor information, and will indicate
where these documents can be obtained in electronic form.
During the marketing of its units, an authorised UCITS in a member state other than the Republic, is
obliged to indicate a credit institution in the Republic where it can receive and make payments to
unitholders. All information that must be provided to investors in its home member state must also
be provided to investors in the Republic. The information will be provided as prescribed by the
legislation in the Republic. Key investor information needs to be translated into the official language
of the Republic, or into English. Any other information may be translated at the choice of the UCITS.
The frequency of the publication of the issue, sale, and redemption or repurchase price of the units
in the Republic is subject to the legislation of the UCITS home member state. A UCITS authorised in
another member state may use the same reference to its legal form, such as investment company,
or common fund, in its designation in the Republic as it uses it in its home state.
3. UCITS Structures
Learning Objective
Ø Know the main obligations that apply to master-feeder UCITS structures: investment
policy (Article 73); general operating obligations Article 75); specific obligations of the
feeder UCITS (Article 80); specific obligations of the master UCITS (Article 81)
A feeder UCITS is a UCITS, or an investment compartment of a UCITS, that has been approved to
invest at least 85% of its total net assets in other UCITS or other collective investment funds. Up to
15% of its assets may be invested in ancillary liquid assets, and financial derivatives for hedging
purposes. In addition, VCICs may invest in movable or immovable property which is essential
for the direct pursuit of its business.
A master UCITS is a UCITS, or an investment compartment of a UCITS, which has at least one
feeder UCITS under its unitholders, is not itself a feeder UCITS, and does not hold units of a feeder
UCITS.
For a feeder UCITS, the global exposure in financial derivatives is the combination of its own
direct exposure plus either:
A master UCITS that has at least two feeder UCITS has the choice of also raising capital from
other investors. If the master UCITS does not raise capital from the public in a member state
other than the one it is established in, but has one or more feeder UCITS established in that
member state, it does not have to provide a notification to market its investments in the other
member state.
The master UCITS needs to provide the feeder UCITS with all documents and information for the
feeder UCITS to meet its legal obligations. The agreement between the feeder and the master
UCITS must be made available to unitholders of both the feeder and the master UCITS on their
request. In the event that the master and the feeder UCITS are managed by the same management
company, the agreement can be replaced by an internal conduct of business rule governing the
relationship. Until such a time that the agreement is effective, the feeder UCITS must not invest
more than 20% of its assets in the master UCITS. The master and feeder UCITS will co-ordinate
the calculation and publication of the NAV in order to prevent any possibility of arbitrage.
The feeder UCITS needs to effectively monitor the activity of the master UCITS, and in doing so
may rely on information and documents received from the master UCITS or its management
company, depositary or auditor unless it has reason to believe that the information may not be
accurate.
Any distribution fees, commission or other financial benefits received by the feeder UCITS or its
management company will be paid into the assets of the feeder UCITS.
A master UCITS established in the Republic needs to inform CySEC immediately of the identity of
each feeder UCITS. In the event that the feeder UCITS is based in another EU member state, CySEC
will report this to the competent authorities of the feeder UCITS home member state.
Master UCITS may not charge subscription, redemption or repurchase fees for the purchase or
transfer of its units from the feeder UCITS. The master UCITS is responsible for the timely availability
of all information that it is to provide in accordance with the laws and regulations.
4. Management Companies
Learning Objective
Ø Know the obligations that apply to the operation of management companies:
permitted activities (Article 109); share capital (Article 110); conditions for granting
an operation licence (Article 111); conditions for the exercise of activities (Article
112); financial submissions (Article 114); delegation arrangements (Article 115);
changes to the management company including revocation of operating licence
(Article 119); code of conduct (Article 123); complaints handling (Article 124)
Ø Know the obligations that apply to the cross-border provision of services by a
management company (Articles 128–133)
A management company is a limited company that is governed by company law, and which has its
registered offices and central administration in the Republic. Its main objective is to manage one or
more UCITS. Management companies need to apply for an operating licence with CySEC, which will
be valid in all member states.
The management of the UCITS includes investment management, advertising and administration of
the UCITS including:
• valuation of the portfolio and pricing of the units including taxation issues
• distribution of profits
• record keeping.
In addition to managing one or more UCITS, a management company may also undertake related
services provided that it has been authorised by CySEC. These activities include servicing of
management of portfolios of investment, providing investment advice, and safekeeping and
administrating in relation to units of undertakings for collective investment.
The management company must have a fully paid up initial capital of at least €125.000,00. In the
event that the management company provides other services, in addition to managing one or more
UCITS, the capital needs to be higher to reflect this, and capital must never fall below the initial capital.
In the event that the value of the portfolio of the management company exceeds €250.000.000,00
the capital of the management company needs to be increased by 0.02% of the additional portfolio
value (ie, the amount of the portfolio value exceeding €250.000.000,00), with a maximum increase of
own funds to
€10.000.000,00. Up to 50% of the additional capital may be provided in the form of a guarantee from
a credit institution operating in the Republic or one of the other member states.
The portfolio value consists of the common funds managed by the management company, common
funds for which the management has been delegated to a third-party service provider, investment
companies for which the management company is the designated management company, and other
collective investment undertakings managed by the management company.
The own funds of the management company may never be less than 25% of its overheads of
the preceding year, or the projected overheads for a company that has been in business for less
than one year.
An operation licence may be granted when the management company meets the following
conditions:
6 The directors are of sufficiently good repute and are appropriately experience for their
role.
9 The registered office and central administration are established within the territory of
the Republic.
In the event that the management company has close links with other natural or legal persons, the
authorisation will only be granted as long as those links do not prevent effective supervision.
In the event that the management company is a subsidiary, or a sister company, of another
management company, investment firm, credit institution or insurance undertaking authorised in
another member state, or controlled by the same natural or legal person in another member state,
CySEC must ask the competent authority of that member state for its opinion.
CySEC must notify the management company of its decision within six months after a full application
has been submitted. In the event of a rejection, CySEC must justify its decision with appropriate
reasoning. The management company can start operating as soon as a licence has been granted.
The management company needs to have sound administrative and accounting procedures and
arrangements to control and safeguard electronic data processing, and adequate internal control
mechanisms. These need to include rules for dealing on own account by staff members, and controls
to enable the assessment of the origin, parties, nature, and time and place of execution of each
transaction. The management company needs to be able to ensure that all transactions are in line
with the rules and regulations. It also needs to be able to manage the risks associated with conflicts
of interest between it and its clients, and between clients and other clients.
As part of its ongoing operation, the management company needs to maintain a webpage.
Management companies that also provide portfolio management services may not invest all or part
of the investors’ portfolio in the collective investment undertakings that they manage, unless they
have obtained prior approval from the clients in writing. In addition, the management company will,
in this case, be obliged to be a member of the investor compensation fund for customers of
investment funds.
CySEC is responsible for the supervision of cross-border activity related to other member states as
well as other third countries.
Page 112 of 334
Financial Services Regulatory Framework:
Advanced Examination
Annual and semi-annual reports must be submitted to CySEC, of which only annual reports have
to be audited. The submission dates, from the date of the end of the period, are as:
When a management company wants to outsource some of its tasks and functions to a third party, it
may do so provided that the third party is qualified and capable to undertake the activity. A written
agreement needs to be in place between the management company and the third party to enable the
management company to monitor the activities at any time. The outsourcing agreement may not
hinder effective supervision of the management company. The management company remains
ultimately responsible for the outsourced tasks and functions, and may provide further instructions
to the third party if needed. The management company may not outsource all of its activities.
The management company must inform CySEC of the outsourcing arrangements, who, if applicable,
will inform the competent authorities in the home member state of the UCITS.
The portfolio management activity may only be outsourced to third parties authorised to manage
collective investment funds, or authorised fund managers subject to prudential supervision. In the
latter case, the management company has to seek prior approval from CySEC. In the event that the
third party is based in a third country (ie, a non-member state), effective cooperation needs to be in
place between CySEC and the competent authority of the third party. The third party needs to manage
the portfolio as defined in the investment mandate and investment allocation criteria. Portfolio
management may not be outsourced to the depositary of the UCITS. The management company and
the depositary remain liable even if functions may have been delegated to a third party.
A management company cannot resign from managing the UCITS, or another collective investment
undertaking unless it has obtained permission from CySEC or, if applicable, the competent authority
of the home member state. CySEC will only allow the resignation of the management company if this
does not violate the interests of unitholders and only if a new management has been assigned.
The depositary may request CySEC to replace the management company, if it is of the opinion that
the management company does not work in the best interest of the UCITS and its unitholders, or does
not fulfil its legal obligations. Unitholders cannot request the replacement of the management
company. In case of a VCIC, the replacement of the management company may be requested by the
board of directors who also suggest a new management company. In case of a replacement, the
withdrawing management company remains fully liable, in parallel with the new one, until the new
management company fully undertakes its duties. CySEC may impose any measure or term for the
safeguarding of the interest of unitholders.
The regulation, or the instruments of incorporation, of the UCITS must be amended to reflect the
change in management company.
1 the licence has not been used within 12 months of it being granted
3 the company has ceased the activity for which the licence was granted for more than
six months
4 the licence was granted on the basis of false statements or by other irregular means
If the amount of the management company’s own funds falls below the minimum capital
requirements, CySEC may set a deadline for the management company to rectify the situation.
If the management company does not increase its capital within the given time frame, CySEC
will revoke the operating licence.
In the event that the licence is fully revoked, CySEC may apply to the courts for the liquidation
of the management company and the appointment of a liquidator.
CySEC will ensure that the operations of the UCITS or collective investment undertaking are not
disrupted.
For VCICs that need to have a management company, CySEC will appoint a new one. In the event
that this is not feasible, CySEC will revoke the operating licence of the VCIC, appoint a liquidator,
nd apply to the courts for the liquidation of the VCIC.
The code of conduct issued by CySEC applies to both management companies authorised in
the Republic and to their personnel. The purpose of the code of conduct is to ensure that
management companies:
1 act fairly, lawfully, and with due care and diligence when performing their activities
2 act in the best interests of the UCITS or other collective investment undertaking they
manage and of the integrity and smooth operation of the market
The VCIC or the management company need to implement appropriate measures to ensure
that all complaints made against them are assessed and the appropriate action is taken.
Cross-border services are provided by a company in a country that is not their home country. This
can be undertaken via the establishment of a branch, or by directly offering services in a different
jurisdiction. Different rules apply to member states and third countries.
Management companies authorised in the Republic may establish a branch in another EU member
state, but they must notify CySEC. The notification needs to include the following information:
• Business plan.
• Organisational structure.
• Names of the staff members responsible for the management of the branch.
Provided that CySEC has no objection, it will inform both the competent authorities in the member
state and the management company of its approval within two months of receiving all required
information. The management company may start its business immediately thereafter. In the
event CySEC does not approve the operations in the member state, it will inform the
management company of its refusal, including the underlying reasons, within two months of
receiving all required information. Similarly, a management company authorised in another
member state may start a branch in the Republic two months after CySEC has received the
required information from the competent authority in the member state.
The management company will comply with all rules of the host member state, and will be
supervised by the host member states competent authorities. The management company will
notify both CySEC and the competent authorities in the host member state of any changes in its
business plan, organisational structure, risk management procedures, address and staff
members one month prior to the changes being effected.
A management company authorised in the Republic may establish and manage a UCITS in
another member state. Equally, a management company authorised in another member state
may establish and manage a UCITS in the Republic.
When a branch is being established, it subject to the rules of conduct in the member state where
it is established.
Prior to offering services in another member state for the first time, a management company
must notify CySEC of its intentions. The notification must include the following information:
CySEC will inform both the competent authorities of the host member state and the management
company within one month of receiving all required information, and will include details of the
investor compensation fund for clients of investment firms. On request, CySEC will provide any
clarification and information regarding the documentation and attestation provided as well as its
opinion as to whether the specific type of UCITS falls within the activities the management
company may exercise according to its authorisation. In this case CySEC shall provide its opinion
for a matter falling within its competences to the competent authorities of the UCITS home
member state within ten working days of the submission of the relevant request from the
competent authorities of the UCITS home member state.
Upon receipt of the notification from CySEC, the management company may immediately start
providing its services. Similarly, two months after CySEC has received a notification from a
competent authority in another member state, a management company authorised in that member
state may provide services in the Republic as long it is authorised to undertake these services.
Any change in the activities, and services, risk management procedures or any other relevant
processes or procedures must be communicated to both CySEC and to competent authorities of
the host member state prior to implementing the change. The management company needs to
provide the competent authorities in the host member state with all the information they
require. Failure to do so will be reported to CySEC as a whole.
Under the freedom to provide services, the management company follows the rules of conduct
of its home member state. However, the marketing of UCITS units will be in accordance with
the rules and regulations of the EU.
When offering collective portfolio management services on a cross-border basis, the management
company will be subject to the supervision of the competent authorities of the UCITS home
member state and will apply their rules regarding:
7 valuation of assets
8 accounting rules
The competent authorities in the management company’s home member state will be responsible
for ensuring the adequacy of the organisation of the management company and the application
of the appropriate procedures and arrangements to comply with the UCITS regulations.
The management company must take all necessary actions to ensure that it meets all requirements
as they apply in both the home and host member state as applicable to the management
company and the UCITS.
CySEC may reject the request of a management company to undertake the management of a
UCITS authorised in the Republic if the management company:
2 is not authorised by the competent authorities in its home member state to manage
the type of UCITS it has applied for, or
4.2.5. Reporting
In the event that a management company that providing cross-border services in the Republic
from another member state breaches one or more rules of the Republic, CySEC will request that the
management company rectifies the situation, and will inform the competent authority in the
management company’s home member state.
In the event that a management company refuses to submit any required information to CySEC, or
fails to take appropriate steps to comply with its rules and regulations, the competent authority of
the home member state will be requested to take the necessary steps to ensure that the
management company provides the required information and complies with the rules and
regulations. In the event that the measures taken by the home member state are inadequate,
or are not applied by the management company, CySEC may, after having informed the competent
authorities in the home member state, stop the management company from undertaking any
other activity within the Republic. If the management company manages a UCITS in the Republic,
CySEC may stop it from managing the UCITS. In the event that the competent authority of the
home member state of the management company does not take the appropriate action, CySEC
may refer the issue to ESMA. At any time during these proceedings CySEC may, in exceptional
circumstances, take any precautionary measures to protect investors and other parties. In this
event, CySEC will inform the management company, the EC, ESMA and the competent authority
in the home member state.
CySEC will inform the EC and ESMA of any instances in which it has refused authorisation for
cross- border services.
In the event that CySEC decides to withdraw the operating licence of a management company,
it will inform the competent authorities of the home member state of any UCITS managed by the
management company. The competent authorities in the home member state of the UCITS may
take any appropriate action to protect the unitholders including preventing the management
company from undertaking any further activity.
Prior to the withdrawal of the authorisation of a management company in the home member state
of a UCITS it manages, CySEC will consult with the competent authorities of the home member
state.
4.2.8. Licencing
Learning Objectives
The Alternative Investment Fund Managers (AIFMs) Law 2013 (L. 56(I)/2013) as amended by L.
8(I)/2015, L. 97(I)/2015 and L. 133(I)/2019 aims to align the rules and regulations in the Republic
with various European Union (EU) regulations on alternative investment managers (AIMs), and
for the regulation of the tax regime of AIMs.
The Law harmonises the Act of Directive 2011/61/ΕU of the European Parliament and of the Council
of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/ΕC and
2009/65/ ΕC, and Regulations (EC) No 1060/2009 and (ΕU) No 1095/2010 excluding Articles
62 and 63 of this Directive. The Law implements the EU act titled Commission Delegated
Regulation (EU) No 231/2012 of 19 December 2012 supplementing Directive 2011/61/EU of the
European Parliament and of the Council with regard to exemptions, general operating conditions,
depositaries, leverage, transparency and supervision.
With the amendment of L. 56(I)/2013 with L. 8(I)/2015, the Law harmonised Articles 3 and 4 of the
Act of Directive 2013/14/EU of the European Parliament and of the Council of 21 May 2013 amending
Directive 2003/41/EU on the activities and supervision of institutions of occupational retirements
provision, Directive 2009/65/EC on the coordination of laws, regulations and administrative
provisions relating to undertakings for collective investment in transferable securities (UCITS) and
Directive 2011/61/EU on Alternative Investment Fund Managers in respect of over-reliance on credit
ratings. Also, to better apply Articles 6(2), 13(1), 21(4)(b) and (13), 24(1), 29(1) and (2)(c), 30(3)(c)
and 66(4) of the Act of Directive 2011/61/EU of the European Parliament and of the Council of 8 June
Financial Services Regulatory Framework:
Advanced Examination
2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and
2009/65/EC and Regulations (EC) 1060/2009 and (EU) 1095/2010 as amended by the
aforementioned Directive 2013/14/EU. Furthermore, to exercise the discretion provided by Article
28(1), 2nd subsection, of Directive 2011/61/EE.
With the amendments by L. 97(I)/2015, the Law harmonised Article 92 of the Act of Directive
2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial
instruments and amended Directives 2002/92/EC and 2011/61/EU. Moreover, it harmonised Article
33, paragraph 4, 4th intend of the Act of the Directive 2011/61/EU of the European Parliament and
of the Council of 8 June 2011 on Alternative Investment Fund Managers and amended Directives
2003/41/EC and 2009/65/EC, and Regulations (EC) 1060/2009 and (EU) 1095/2010.
Finally, with the amendments by L. 133(I)/2019, the Law harmonises Article 17 of the Act of the
Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative
Investment Fund Managers and the amended Directives 2003/41/EC and 2009/65/EC, and
Regulations (EC) 1060/2009 and (EU) 1095/2010.
• raises funds from a number of investors, for the purpose of investing the funds in accordance
with the defined investment policy for the benefit of the investors, and
• does not have a UCITS operating licence in force under the provisions of Article 9 of the
Undertakings for Collective Investments Law or the provisions of the legislation of another
Member State which harmonizes Article 5 of Directive 2009
AIFs can be formed in one of the following legal forms:
• Mutual company
• Investment company
• Limited partnership
There are two types of AIFs; those that do internal management themselves (given that they have
been established as an investment company) and AIFs that appoint an external manager.
There are several common provisions that apply to AIFs that operate in the Republic including
authorisation, remuneration, conflicts of interest, risk management, liquidity management and
transparency. The regulations related to AIFs are outlined in the Alternative Investment Funds
Law of 2018 (L. 124(I)/2018).
Learning Objective
The obligation to maintain an initial capital applies only to AIF with internal management and amounts
to €125,000.
The obligation for the retention of minimum assets applies to all AIFs and must be at least €500,000,
and may consist of cash or assets that relate to the investment policy of the AIF. Any assets need
to be free from any kind of charge; and any non-cash components of the capital need to be
valued at the time of payment by an independent valuer.
For AIFs that constitute multiple investment compartments, also known as umbrella AIF, each
of these compartments needs to meet the minimum capital requirements with regards to retaining
the minimum assets.
Unlike UCITS, whose investment policy is limited to securities under the European Directive
2009/65/EC, AIFs can invest in both securities and non-securities.
The investment policy of an AIF may be restricted by CySEC by special directive. Restrictions
may be based on the nature of the assets in which the AIF invests and the investors that the
AIF targets. In addition, CySEC restricts specific categories of AIFs in terms of their investment
strategy and the structure of their investments.
In the event that the AIF invests in other collective investment schemes of any type managed
by a connected external manager, or the same manager, the manager of the AIF selling the
units will not receive any remuneration or redemption fees that it would otherwise receive.
The governing body of the internally managed AIF consists of at least four natural persons, of which
at least two perform executive duties. The management and operations of an AIF need to be
undertaken by at least two natural persons, both of whom needs to be sufficiently experienced and
specialised. The persons directing the business of the external manager of the AIF or the internally
managed AIF, must not be part of the governing body or senior management of the AIF’s depositary,
and vice versa. In the event of an externally managed AIF, the members of the governing body and
the persons who conduct the business of the external manager must disclose to the external manager
any information which may result to conflicts of interest related to their duties or positions.
1.5. Valuation
The AIF needs to establish and maintain appropriate and consistent procedures to have a proper and
independent valuation of its assets. The rules to the valuation of assess and the calculation of the
net asset value (NAV) per unit are determined by the relevant legislation for the investment
company, provided that it does not conflict with this Law or the instruments of incorporation. In the
event of a common fund, the valuation is determined by its fund rules. The unit NAV must be
calculated at least once a year. Assets of an AIF need to be valued at a fair price at least:
a. on the dates at which marketing and redemption or repurchase of its units takes
place, and
b. on the dates mentioned in the AIF’s annual and half-yearly reports, respectively,
as the reference dates for the illustrative data.
1.6. Transactions
All transactions need to be undertaken in accordance with the AIF rules and its articles of
incorporation. Any transaction between an AIF and its external manager, its depositary, its
investment adviser, its partner, its unitholders, or any other related person, will require the
assets to be valued by an independent expert, who shall be nominated by the depositary. If the
depositary is a party to the transaction, or in the event that a depositary is not appointed, the
external manager shall nominate an independent expert.
In the event that this is not practicable, the depositary or the external manager of the AIF will certify
that the valuation is appropriate.
An AIF’s annual and half-yearly reports need to include all necessary information regarding the
transactions conducted in the reference period, sorted by category and by counterparty of the
AIF, and should disclose any remuneration or commissions paid to the counterparties of the AIF
for each transaction separately.
The scope of the AIFM Law includes AIFMs that manage AIF portfolios whose assets:
2.1. Authorisation
Learning Objective
Ø Know the conditions and process of authorisation for alternative investment fund
managers (AIFMs) (Articles 6–12)
AIFMs in the Republic must be limited liability companies with shares, which are covered by the
provisions of the Law, and by those of Company Law with a registered office and central
management in the Republic. An AIFM may manage AIFs only if they are authorised by CySEC to
do so and meet the conditions for authorisation.
Each AIF, which is included in the scope of this Law, has only one AIFM which is responsible for
compliance with the provisions of this Law.
• an external administrator, who is the legal entity appointed by the AIF or on behalf of
the AIF, and through this appointment is responsible for the management of the AIF (the
“external AIFM”), or
• if the legal form of the AIF allows internal management and if the governing body of the
AIF chooses not to appoint an external AIFM, the AIF itself obtains, in this case, an
authorisation as an AIFM (the “internally managed AIFM”)
AIFMs that are not of the Republic may only manage AIFs if they are duly authorised according
to national laws or regulation which harmonise Directive 2011/61/EU, and they meet the
conditions for authorisation established in the Directive at all times. In addition to the activities
listed below, external AIFMs may also manage UCITS as long as they have been duly authorised in
accordance with the
Undertakings for Collective Investments Laws or in accordance with the national law of another
EU member state which harmonises the Directive 2009/65/ΕC. Internally managed AIFMs cannot
manage UCITS.
Every AIFM, must at least engage in portfolio management and risk management when
managing an AIF. In addition, they may perform any of the following functions in the course
of the collective management of an AIF:
1. Administration:
a. legal and fund management accounting services
b. customer inquiries
c. valuation and pricing, including tax returns
d. regulatory compliance monitoring
e. maintenance of the unit/shareholder register
f. distribution of income
g. unit/share issues and redemptions
h. contract settlements, including a certificate dispatch
i. recordkeeping.
2. Marketing.
3. Activities related to the assets of the AIF, namely services necessary to meet the fiduciary
duties of the AIFM, facilities management, real estate administration activities, advice to
undertakings on capital structure, industrial strategy, advice and services relating to mergers
and the purchase of undertakings, and other services connected to the management of the
AIF, and the companies and other assets in which it has invested.
In addition, external AIFMs may be authorised to provide any of the following services:
(1) only the services mentioned in (a) and (b) above, and/or
(2) non-core services referred to in paragraph (b) above, without also being
authorised to provide the services referred to in paragraph (a) above, and/or
AIFMs of the Republic shall provide CySEC with the information it requires to monitor compliance
with the relevant rules and regulations at all times.
Investment firms authorised in accordance with the Investment Services and Activities and
Regulated Markets Law and credit institutions authorised in accordance with the Banking Law,
shall not be required to obtain an authorisation under their respective Law in order to provide
investment services, such as individual portfolio management in respect of AIFs. However,
investment firms shall (in)directly offer units or shares of AIFs to, or place such units or shares
with, investors in the EU, only to the extent that the units or shares can be marketed in accordance
with the Law.
In order to be duly authorised, an AIFM of the Republic, must submit an application for
authorisation to CySEC accompanied by the following:
c. a programme of activity setting out the organisational structure of the AIFM, including
information on how the AIFM intends to comply with its obligations
a. Information about the investment strategies, including the types of underlying funds if the
AIF is a fund of funds, and the AIFM’s policy with regard to the use of leverage, the risk profiles
and other characteristics of the AIFs it manages or intends to manage, including information
about the member states or third countries in which such AIFs are established or are expected
to be established.
b. Information on where the master AIF is established, if the AIF is a feeder AIF.
c. The rules or instruments of incorporation of each AIF that the AIFM intends to manage.
d. Information on the arrangements made for the appointment of the depositary for each AIF
that the AIFM intends to manage.
e. Any additional information required by the Law for each AIF that the AIFM intends to manage.
CySEC will inform ESMA of the authorisations that are granted or withdrawn on a quarterly basis.
• has shareholders with qualifying holdings that are suitable to ensure sound and
prudent management, and
In the event that the AIFM is a subsidiary of an institution that is authorised in another member
state, or is controlled by the same natural or legal person that controls another institution authorised
in another member state, CySEC will consult with the competent authorities in the other member
state before granting authorisation. Authorisation will be refused if the effective exercise of
supervision is prevented by close links with other natural or legal persons or the rules and
regulations in their country of authorisation.
CySEC can grant either full or partial authorisation, with particular restrictions to the investment
strategies of the AIF that the AIFM is allowed to manage.
Within three months of receiving the completed application, CySEC will inform the applicant of
its decision in writing. This period may be extended for another three months, if necessary, and
after informing the AIFM accordingly. The AIFM may start managing AIFs in accordance with its
authorisation as soon as it has been granted, but not earlier than one month of submitting
information in relation to the services it is going to provide.
Type of AIFM Portfolio < €250 million Portfolio > €250 million
The total portfolio value does not include AIF portfolios managed by the AIFM under delegation.
Up to 50% of the capital may be provided in the form of a guarantee from a credit institution or
insurance undertaking with a registered office in a member state or in a third country with
equivalent prudential rules and regulations.
To cover any potential professional liability resulting from their activities, both internally managed
AIFs and external AIFMs must either have additional own funds to cover the risk or hold
professional indemnity insurance.
The own funds of an AIFM will be invested in liquid assets or in assets that can readily be converted
to cash at short notice. Own funds may not be invested in speculative instruments.
Before implementing any material changes to the conditions for initial authorisation, an AIFM
needs to notify CySEC. In case CySEC rejects the changes, or imposes restrictions to the
application of the changes the AIFM will be notified within one month of receipt of the
CySEC may fully or partially suspend the authorisation of an AIFM at its own discretion if it is
deemed that continuation of its activities may jeopardise the interests of the AIFs that it manages,
its clients or the investors or, in general, the smooth operation or the integrity of the market:
a. in connection with the procedure of withdrawal of authorisation of the AIFM, for the
time period until a decision regarding the withdrawal is taken, or
b. upon decision of the Chairman or the Vice-Chairman of CySEC, who will notify the board
of CySEC during its upcoming session, when there are suspicions of possible infringement
of the Law or of another legal provision that regulates the provision of services by the
AIFM or of a provision of the relevant legislation, for the time period during which it is
assessed that the above interests are jeopardised. In this case CySEC may set the AIFM a
reasonable deadline to remedy the situation; this deadline may not exceed one month
from the date that the AIFM has been notified of the decision to suspend its license.
In the case of a partial suspension that is related to the management of portfolios, CySEC will
also suspend the non-core services.
In the event that a deadline is set (as noted in point (b) above), the AIFM will inform CySEC of the
remedy within one month. In the event that CySEC judges that the reasons for the suspension of
authorisation no longer exist, it will revoke the suspension and will communicate the fact to the
AIFM. However, in the event that the AIFM omits to notify CySEC within the one month
deadline, or if the Commission judges that the remedy is not sufficient, the suspension period
will be extended, and CySEC will initiate the procedure for the withdrawal of authorisation. The
suspension applies until the decision for the withdrawal of authorisation is taken.
While suspended, the AIFM may not provide those services or perform the activities for which
the authorisation is suspended. In case of an infringement committed by the AIFM, CySEC may
impose an administrative fine of up to €350,000.
a. The AIFM does not make use of the authorisation within 12 months, expressly renounces
the authorisation, or has ceased the activity covered by the Law for the preceding six
months.
b. The AIFM has obtained authorisation by making false statements, or by any irregular means.
The authorisation of an AIFM may also be withdrawn (although not necessarily) if the AIFM no
longer meets the conditions under which authorisation was granted, or if they no longer comply
with the relevant capital adequacy requirements for investment firms (for AIFMs undertaking
discretionary portfolio management), or if the AIFM has seriously or systematically infringed
the provisions of the Law; or in cases where the national law that the AIFM is subject to
provides for the withdrawal of authorisation.
In the event that the own funds of the AIFM are reduced below the minimum limits, or where
they no longer comply with the capital adequacy requirements, CySEC may impose a deadline
within which the AIFM needs to remedy the issue. In case the AIFM fails to remediate the issue,
CySEC shall withdraw the license.
Learning Objective
AIFMs have to act honestly, fairly and with due skill, care and diligence when conducting their
activities. They need to act both in the best interests of their investors and for the integrity of the
market. To this end, they need to ensure that they employ effective resources and procedures
necessary for the performance of their business activities. AIFMs need to take all reasonable steps to
avoid or, if they cannot be avoided, to manage any conflicts of interest. If necessary, conflicts of
interest need to be disclosed in order to prevent them from adversely affecting the interests of the
AIFMs and their investors, and to ensure the fair treatment of the AIFs under their management.
An AIFM needs to comply with all relevant rules and regulations when conducting its business and
must treat all AIF investors fairly. Investors may not be given preferential treatment, unless such
treatment is disclosed in the AIF’s rules or instruments of incorporation.
An AIFM that is also authorised to undertake discretionary portfolio management services must
not invest all or part of a client’s portfolio in units of AIFs that it manages, unless the client has
provided prior general approval.
2.3. Remuneration
Learning Objective
1. They must be consistent with, and promote, sound and effective risk management.
2. They must not encourage risk taking that is inconsistent with the risk profiles, rules or
instruments of incorporation of the AIFs that it manages.
3. They must apply to those categories of staff whose professional activities have a material
impact on the risk profiles of the AIFM or the AIFs that it manages.
a. In addition, the remuneration policy must also comply with the following principles
in a way and to the extent that is appropriate to the AIFM size, internal organisation
and the nature, scope and complexity of its activities: be in line with the business
strategy, objectives and values
e. the remuneration of senior risk and compliance officers is directly overseen by the
remuneration committee
l. be subject to the legal structure of the AIF and its rules or instruments of
incorporation, up to 50% of any variable remuneration may consist of shares in
the AIF or similar instruments, unless the management of the AIFs accounts for
less than 50% of the portfolio managed by the AIFM
a period appropriate in view of the life cycle and redemption policy of the AIF
o. pension policies need to be in line with the business strategy, objectives, values
and long-term interests of the AIFM and the AIFs that it manages
q. variable remuneration is not paid through vehicles or methods that facilitate the
avoidance of the rules and requirements of the AIFM Law.
Large firms must establish a remuneration committee that is both competent and independent.
The committee will be responsible for the preparation of decisions regarding remuneration,
including those with implications for the risk and risk management of the AIFM or the AIF. The
committee members and chair must be members of the management body but without executive
functions.
Learning Objective
AIFMs are responsible for taking reasonable steps to identify conflicts of interest between the
following parties:
Party I Party II
An AIFM, its managers, employees or any person An AIF managed by an AIFM or its investors
(in)directly linked to the AIFM by control
The AIFM needs to establish, maintain and operate effective organisational and administrative
arrangements to ensure that it can take all necessary steps to identify, prevent, manage and
monitor any conflicts of interest, and to prevent them from adversely affecting the interests of
the AIFs that it manages and their investors. One of the ways to achieve this is by segregating
tasks and responsibilities which may be regarded as incompatible, and which may potentially
generate systematic conflicts of interest. Any other material conflicts of interest will be disclosed
to the investors of the AIFs.
The general nature and source of any remaining conflicts of interest must be clearly disclosed
by the AIFM to the investors prior to undertaking any business on their behalf, and it must develop
appropriate policies and procedures to overcome or manage such conflicts.
If the AIFM uses the services of a prime broker on behalf of an AIF, the agreement with the prime
broker will define the terms of their cooperation, and will provide for any possible transfer or reuse
of the AIF’s assets and the rules that apply; the depositary must be informed of the contract. The
AIFM must exercise due skill, care and diligence in the selection and appointment of prime brokers.
Learning Objective
The risk management department of an AIFM needs to be functionally segregated from the
operating units. CySEC will review the segregation, taking into consideration the size of the AIFM
and its operations. The AIFM needs to be able to demonstrate that it has procedures in place
to allow the independent performance of its risk management activities, and that the risk
management process satisfies all requirements.
Adequate risk management systems need to be in place to identify, measure, manage and monitor
all risks relevant to each AIF investment strategy and to which each AIF is, or may be, exposed.
The risk management systems will be reviewed at least annually, and amended as and when
required.
The AIFM must implement appropriate, documented and regularly updated due diligence processes
when investing on behalf of an AIF, and which are in line with its investment strategy, objectives
and risk profile.
The AIFM is responsible for ensuring that the risks associated with each investment position of the
AIFs and their overall effect on the portfolio, can be identified, measured, managed and
monitored on an ongoing basis and that the appropriate stress-testing procedures are in place.
In addition, they need to ensure that the risk profile of an AIF corresponds with its size, portfolio
structure, and investment strategies and objectives.
The maximum level of leverage, and the extent of the right to use collateral or guarantees that
may be employed on behalf of each AIF, will be set and monitored by the AIFM, taking into
consideration the type, investment strategy and leverage of each AIF. The need to limit the
exposure to a single counterparty, the extent to which the leverage is collateralised, the asset-
liability ratio, and the scale, nature and extent of the activity of the AIFM are also taken into
consideration when determining the use of leverage and collateral.
Learning Objective
Ø Know the AIFM requirements regarding liquidity management and securitization (Article
17 and 17A)
For each AIF that it manages, with the exception of unleveraged closed-ended AIFs, the AIFM will
employ an adequate liquidity management system and procedures to be able to monitor the
liquidity risk of each AIF, and to ensure that the profiles of the AIF’s investments comply with
its underlying obligations. The AIFM will conduct regular stress tests applying normal and
exceptional liquidity conditions to be able to assess and monitor an AIF’s liquidity risk.
The AIFM will ensure that the investment strategies, liquidity profiles and redemption policies are
consistent for each AIF that it manages.
An AIFM that is subject to securitization and does not meet the requirements set out in Regulation (EU)
2017/2402, if deemed necessary, must act and take corrective actions towards the benefits and general interest
of the AIF investors.
2.7. Transparency
Learning Objective
The transparency requirements for AIFMs or their branches authorised in the Republic are related
to information that needs to be provided to investors as well as annual reports and information
requirements from CySEC.
Annual Report
For each of the EU AIFs that the AIFM manages, as well as for each AIF that it markets in the EU, it
must prepare an annual report, for each financial year, within six months following the end of
the financial year. The annual report must be provided to CySEC and, if applicable, to the
competent authorities of the home member state of the AIF. The annual report will be made
available to investors on request. When an AIF is required to make an annual financial report
public, in accordance with the transparency requirements or the national legislation of another
member state, only the following additional information has to be made available to investors on
request, either separately or as a part of the annual financial report:
5. The total amount of variable and fixed remuneration paid to the AIFM’s staff, the number
of beneficiaries and, if relevant, the carried interest paid.
When the above are included in a publicly available annual report, the report will be made
available within four months of the end of the financial year.
The accounting information in the annual report is compiled in accordance with the accounting
standards of the home member state, or the third country where the AIF is based, and the
accounting rules established in the rules or instruments of incorporation of the AIF. The
accounting information must be audited and the auditor’s report included in the annual report.
The annual report of non-EU AIFs will be subject to audit standards in force in the countries
where the AIFs have their registered offices.
Disclosures to Investors
For each of the EU AIFs that it manages, as well as for each AIF AIFs haves their it markets in the
EU, the AIFM needs to disclose the following information prior to investing in the AIF:
1. A description of the investment strategy and objectives, the jurisdiction where any master
AIF and any underlying funds are established, a description of the type of assets, risk
management techniques, any applicable investment restrictions, and rules relating to the
use of leverage, collateral, and guarantees.
2. Procedures for the changing of the investment strategy and/or the investment policy.
3. Main legal implications of the contractual agreement between the AIF and investors.
4. The identity of the AIFM, the depositary, the auditor and any other service providers,
including a description of their duties and the investor’s rights.
7. The valuation procedure and pricing methodology for valuing assets including methods
to value hard-to-value assets.
9. Fees, charges, and expenses directly borne by investors and their maximum amounts.
10. Ensuring the fair treatment of investors, when investors obtain preferential treatment, the
right to preferential treatment, and, if applicable, the legal or economic links with the AIF
or the AIFM.
12. The procedure and conditions for the issue and sale of units.
13. The latest net asset value of the AIF, or the latest market price of a unit.
15. The identity of the prime broker, any material arrangements with the prime broker, and how
potential conflicts of interests are met.
The AIFM will inform investors, prior to their investing in an AIF, of any arrangements by the
depositary to contractually discharge itself from any liability. It will also inform investors of any
changes with respect to depositary liability without delay.
If the AIF is required to publish a prospectus, it must contain all the above-mentioned information.
If this information is not already included in the prospectus, then it needs to be published
separately, or as an addendum to the prospectus.
For each EU AIF, and for each AIF marketed in the EU, the AIFM must periodically disclose to investors
the percentage of the AIF’s assets which is subject to special arrangements arising from their
illiquid nature, any new arrangements for managing liquidity, and the current risk profile and risk
management systems.
When the AIFM manages an EU AIF, or an AIF that markets units of the AIF in the EU, then it
must periodically disclose any changes to the maximum level of leverage that the AIFM may employ
on behalf of the AIF, as well as any right to reuse collateral or any guarantees, and the total amount
of leverage by the AIF.
AIFMs regulated in the Republic must regularly report to CySEC on the principal markets and
instruments in which they trade on behalf of the AIFs that they manage. These reports will include
the main instruments in which they are trading on behalf of the AIF, the markets of which they are
a member or where they actively trade, and the principal exposures and concentrations.
For each of the EU AIFs that it manages and for each of the AIFs that it markets in the EU, the AIFM
needs to provide the following information to CySEC:
1. The percentage of the AIF’s assets that are subject to special arrangements arising from their
illiquid nature.
3. The current risk profile, and the risk management systems in place to manage market,
liquidity, counterparty, operational and other risks.
- An annual report for each EU AIF and each AIF marketed in the Union, for each financial
year
- Quarterly lists of all AIFs which the AIFM manages
AIFMs employing leverage on a substantial basis need to provide CySEC with the following
information:
2. A breakdown between leverage arising from the borrowing of cash or securities, and leverage
embedded in financial derivatives.
3. The extent to which the AIF’s assets have been reused under leveraging arrangements.
4. The identity of the five largest sources of borrowed cash or securities per AIF and the amounts
of leverage received per source.
A non-EU AIFM with a branch in the Republic only has to report this information for the EU AIFs
that it manages and the non-EU AIFs that it markets in the EU.
CySEC may request additional information that it considers necessary for the effective monitoring
of systemic risk.
3. Organisational Requirements
Learning Objective
Ø Know the procedures, arrangements and mechanisms that AIFM must implement (Article
18)
The AIFM will, at all times, employ adequate and appropriate human and technical resources
that are necessary for the proper management of the AIFs that it manages. This includes, but is
not restricted to, sound administrative and accounting procedures, control and safeguarding
arrangements for electronic data processing, and adequate internal control mechanisms. Internal
control procedures need to specifically cover the rules for personal transactions by its employees,
and the holding and management of investment for the AIFM’s own account, ensuring at least:
1. that each transaction involving the AIFs may be reconstructed according to its origin, the
parties to it, its nature, and the time and place that the transaction was executed
2. that the assets of the AIFs managed by the AIFM are invested in accordance with the
AIF rules or instruments of incorporation and the legal provisions in force.
AIFMs need to have robust governance procedures in place and should be managed and organised
so as to minimise conflicts of interest. AIFMs should have a well-documented organisational
structure that clearly assigns responsibilities, defines control mechanisms and ensures a good flow
of information between all parties involved. AIFMs should also establish systems to safeguard
information and ensure business continuity. When establishing those procedures and structures,
AIFMs should take into account the principle of proportionality. This allows procedures,
mechanisms and organisational structures to be calibrated to the nature, scale and complexity
of the AIFM’s business and to the nature and range of activities carried out in the course of its
business.
The AIFM is required to establish a permanent and effective compliance function irrespective
of the size and complexity of its business. However, details of the technical and personnel
organisation of the compliance function should be calibrated to the nature, scale and complexity
of the AIFM’s business, and to the nature and range of its services and activities. The AIFM
should not have to establish an independent compliance unit if such a requirement would be
disproportionate in view of the size of the AIFM, or the nature, scale and complexity of its business.
The AIFM shall, when appropriate and proportionate in view of the nature, scale and complexity
of their business and the nature and range of collective portfolio management activities
undertaken in the course of that business, establish and maintain an internal audit function
which is separate and independent from the other its functions and activities. The internal audit
function shall:
a. establish, implement and maintain an audit plan to examine and evaluate the adequacy and
effectiveness of the AIFM’s systems, internal control mechanisms and arrangements
3.1. Valuation
For each AIF that an AIFM manages, it needs to ensure that there are appropriate and consistent
procedures for the valuation of assets in accordance with the rules and regulations, applicable law,
and the AIF rules or instruments of incorporation. Asset valuation, and the calculation of the net
asset value per unit, is determined by the law of the country where the AIF is established, and/or
in the AIF rules or instruments of incorporation. The valuation procedures must ensure that
assets are valued, and that the net asset value per unit is calculated at least once a year. Investors
will be informed of the valuations and calculations as set out in the AIF rules or instruments of
incorporation. For open-ended AIFs, the valuation and calculation must also be carried out at a
frequency appropriate for the assets held, and its issuance and redemption frequency. For
closed-ended AIFs, the valuation and calculation must also be carried out in the event of an
increase or decrease of the capital by the relevant AIF.
The AIFM must ensure that the valuations are either performed by an independent external
valuer, or by the AIFM itself, providing that the valuation task is functionally independent from
the portfolio management and the remuneration policy, and that conflicts of interest are
mitigated.
The valuation must not be undertaken by the depositary unless it has functionally and
hierarchically separated the performance of its depositary functions from its tasks as external
valuer, and that any potential conflicts of interest are properly identified, managed, monitored
and disclosed to investors of the AIF.
The external valuer needs to be subject to the mandatory professional registration recognised by
law, regulatory provisions or rules of professional conduct. An external valuer needs to be able
to provide sufficient professional guarantees to be able to perform its function effectively. Any
appointment of a valuer needs to comply with the appropriate rules and regulations.
An appointed external valuer must not delegate its responsibility to a third party. AIFMs must
notify CySEC of the appointment of an external valuer. In the event that CySEC does not approve
of the valuer appointed, it may require another to be engaged.
Valuations will be performed with due skill, care, diligence, and impartiality. If the valuation is
undertaken by the AIFM, CySEC may require to have the valuation procedures and/or valuations
to be verified by an external valuer or, if appropriate, an auditor. Even when an external valuer
is appointed, the AIFM is ultimately responsible for the proper valuation of the AIF’s assets, and
the calculation and publication of the net asset value. However, an external valuer will be liable
for any losses suffered by the AIFM as a result of its negligence or the intentional failure to perform
its tasks.
4. Investors
4.1. Marketing of AIFs to Retail Investors in the Republic
Learning Objective
Ø Understand the rules regarding the marketing of AIFs to retail investors in the Republic
(Article 45)
Regulatory requirements apply in different ways to, for example, leveraged AIFs, AIFs acquiring
control of non-listed companies and issuers, and the marketing of EU AIFs in the EU.
CySEC may allow the AIFM to market units of any type of AIF to retail investors in the Republic once
it is authorised to do so. CySEC may impose additional obligations on the AIFM or AIF, although
these may not be stricter than the EU rules and regulations.
CySEC needs to report the types of AIF that may be marketed to retail investors in the Republic,
and the additional requirements they have imposed. CySEC will inform the EC and ESMA of any
changes in the requirements.
Chapter 6
The Business of Credit
Institutions Laws of 1997–2016
Learning Objectives
1. General
2. Capital
3. Returns and Accounts
The Business of Credit Institutions Laws of 1997–2016 are a consolidated set of laws issued during
this period to regulate the banking sector in Cyprus. It handles, among other things, licensing, the
allowable use of the word bank, as well as defining deposits, supervision, capital adequacy and the
reporting obligations of banks in the Republic.
1. General
Learning Objective
Ø Understand how the Central Bank of Cyprus supervises banks: ownership and management
(Articles 16–17); supervision and inspection (Article 26); disclosure of information (Article
26A); cooperation with other competent authorities (Article 27); powers of the Central
Bank of Cyprus (Articles 30–32)
Supervision of authorised credit institutions (ACIs) in Cyprus is the responsibility of the Central
Bank of Cyprus (CBC), and includes the execution of regulations regarding the ownership and
management of banks, supervision, disclosure and cooperation with other competent authorities.
ACIs incorporated in the Republic may not dispose of any part of their business by means of a
sale or merger, unless they have prior written approval from the CBC. This also applies to the
operations in the Republic of ACIs incorporated in other jurisdictions.
Prior to acquiring or increasing a controlling stake in an ACI established in the Republic so that
their voting rights reach or exceed the minimum limits of 20%, 30%, 50% or so that the ACI
would become a subsidiary, the person making the acquisition (the acquirer) needs to notify
the CBC of their intent in writing, and needs to obtain its approval. The CBC will confirm the
receipt of the notification and, if applicable, any subsequent information that the CBC may request,
within two working days of receipt of the information. The CBC shall make its decision concerning
he permissibility of the acquisition within 60 working days after it has acknowledged, in writing,
that it has received all information requested. Up until 50 working days into the assessment
period, the CBC may request further information. If, at any time during the assessment, the CBC
requests further information, the assessment period is interrupted until the information is
received, with a maximum interruption of 20 working days. The period of interruption may be
extended to 30 days in the event that the acquirer is situated or regulated outside the Community,
and is a natural or legal person not subject to supervision.
In the event that the CBC decides to oppose the proposed acquisition, it will inform the acquirer
within two working days of reaching the decision, and in any case prior to the end of the
assessment period. The notification will include the reasons for the decision; a statement to this
effect, including the reasons, may be made public. The acquisition is deemed to be approved if
the CBC does not oppose the proposed acquisition within the assessment period.
The acquirer can be an individual person, or it can make the acquisition in combination
with an associate, which for natural persons includes:
• any other person(s) whose interests are interdependent of the person holding shares.
If the acquirer is a company, any director or person with control over the company, subsidiaries,
or any directors of subsidiaries are considered to be associates.
If the acquirer fails to notify the CBC of its intent prior to the acquisition, or in the event that an
acquisition is made against a decision of the CBC, the CBC may impose an administrative fine. In
addition, the CBC may take one or more of the following actions:
• Prohibit any payments by the ACI relating to the transaction, except in the case of winding
up the ACI.
In the event that the acquirer is a legal person, the fine may be imposed on those members of the
board of directors and/or managers who were responsible, negligent or who failed to act.
As the competent authority in the Republic, one of the responsibilities of the CBC is prudential
supervision. As such, the CBC also has to work together with the competent authorities in other
member states, participate in the activities of the European Banking Authority (EBA), and follow the
EBA guidelines and recommendations or provide reasons for not doing so.
In the exercise of its duties, the CBC will always consider the potential impact of its decisions
on the financial stability of the financial system in the Republic and other member states and, in
particular, in emergency situations, based on the information available at the relevant time.
On the request of the CBC, ACIs need to make their liquid and other assets, books, records, accounts
and other documents available for examination. Any CBC official may be assisted by a duly
qualified person appointed by the CBC who shall be bound to the same confidentiality
requirements.
The CBC is authorised to request ACIs to pay it fees in relation to expenses incurred for supervision
and inspection activities.
Any information obtained as part of supervision activities will be kept secret and only used for
the purposes of the CBC Law, or of the Business of Credit Institutions Laws of 1997–2016. The
information may, however, be used to compile and publish statistical aggregates.
As part of the supervision process, the CBC will review the arrangements, strategies, processes
and mechanisms that the ACIs have implemented to comply with the regulatory requirements,
and ensure that they are sufficient to guarantee sound management and the coverage of their risks.
The CBC determines the frequency and intensity of the review taking into consideration the size,
systemic importance, nature, scale and complexity of the activities of the ACI. The reviews and
evaluation must be undertaken at least annually, and will include the ACI’s interest rate
exposures from non-trading book activities.
In case an ACI’s economic value declines by more than 20% of its own capital, as a result of a sudden
and unexpected change in interest rates, the CBC must put special measures in place which will
apply to all ACIs incorporated in the Republic.
The CBC may request, verify and compile information, enter offices and business premises of ACIs
subject to its control, and inspect files, books, accounts and other documents and records. The CBC
has no access to the personal correspondence of employees and/or associates of ACIs.
The CBC will disclose the text of laws and regulations, directives and other rules, how it has exercised
its options in EC regulation, the general criteria and methodologies used for the review of its
supervision, and aggregate statistical data on key aspects of the prudential framework in the
Republic.
All information must be accessible in a single electronic location, and must be updated regularly.
The CBC may cooperate and exchange information, with competent supervisory authorities in the
Republic or third countries for the purpose of supervision, and to support the conduct of their
duties.
When the CBC receives a request for verification of information concerning a specific institution,
it will either carry out the verification itself, or it will allow the verification to be carried out by
the requesting competent authority, an auditor or an expert.
Competent supervisory authorities may carry out inspections of branches of institutions of which
the head office is established in their jurisdiction. Prior to carrying out inspections, they need to
inform the CBC and obtain their consent.
The CBC may agree a cooperation agreement with the EBA providing for the exchange of
information with the competent authorities of third countries, as long as the agreement
guarantees professional secrecy, and that the information is solely used for the undertaking of
supervisory duties.
Information that has originated in another member state will not be disclosed without permission
from the authority in the member state which has disclosed it.
When the CBC undertakes the supervision on a consolidated basis of an EU parent institution,
it is responsible for:
When either one of the competent authorities does not cooperate, the matter may be referred
to the EBA.
If a bank fails to comply with the rules and regulations, the CBC is of the opinion that the liquidity
and assets have been impaired, that there is a risk that the bank is not in a position to promptly
meet its obligations, or that it is necessary to safeguard the interests of depositors, then the CBC
may:
• require the ACI to take necessary actions to rectify the matter, or restrict its operations
by imposing conditions on their licence
o require the ACI to take certain steps or refrain from adopting or pursuing a
particular course of action
o prohibit the ACI from soliciting deposits from all persons or a particular class of
persons impose limitations on the granting of credit or the making of investments
o prohibit the ACI from entering into any other transaction or class of transactions
require the removal of any director, chief executive or manager
o oblige the ACI to hold own funds in excess of the minimum requirements require
the reinforcement of existing arrangements
o require the reduction of the risk inherent in the activities, products and systems of
the ACIs.
Any of these conditions may be varied or withdrawn by the CBC. Before taking any measure
mentioned above, the CBC will provide the ACI with a report inviting its comments, to which the
ACI must reply within three days from its delivery.
• consult with other ACIs with a view to determine the action to be taken
• assume control of the ACI’s business, and continue to run the business on the ACI’s
behalf for as long as is deemed necessary
• demand that a recovery plan is prepared and submitted and provide information to the
CBC for the preparation of a resolution plan
• demand that remuneration and benefits of the ACI’s advisers and executive directors is
limited.
The CBC may demand that the ACI increases its share capital by a specific date, and on specific
terms. The ACI must submit a recovery plan to the CBC detailing the measures that it will take to
comply with its decisions, including a timetable, and it will convene an extraordinary general
meeting (EGM) of shareholders, and inform the Registrar of Companies of the increase in capital.
Failure to call the EGM or inform the Registrar of Companies may result in a fine of up to e100.000
on each member of the board of directors who failed to comply.
The CBC may request additional information in association with the recovery plan, require the
inclusion of capital restructuring, amend the recovery plan to make it more effective and
dictate a timetable for the execution of the recovery plan. The final recovery plan will be
approved by the ACI’s board of directors, and its content must remain confidential.
Recovery and resolution plans are not binding on the CBC, and only the CBC in its capacity as
resolution authority can demand the execution of the plan.
6
2. Capital
Learning Objective
Ø Know the following capital requirements: minimum capital (Article 20); capital adequacy
(Article 21))
The minimum capital of an ACI incorporated in the Republic is €5 million, unless the CBC
determines that a higher amount of own funds is required.
The CBC sets the minimum capital adequacy ratio by which ACIs incorporated in the Republic
have to abide. For each individual ACI, the minimum capital adequacy ratios may be varied from
time to time. The CBC will notify ACIs in writing.
The capital adequacy ratio maintained by an ACI is in the form of the mandatory amount of own
funds that must be held in relation to total assets, including trading book, off-balance sheet
exposures, operational risk and categories of assets specified by the CBC.
Learning Objective
Ø Know the basic responsibilities ACIs must meet with respect to submitting returns and
accounts (Articles 24 and 25)
Within four months of the end of the financial year, every ACI must submit an electronic copy
of its audited annual accounts for the year to the CBC. This has to be in the prescribed format
together with a signed copy of the audit report of the approved auditor. The audit will take place
in accordance with international auditing standards as well as any additional requirements
specified by the CBC.
If an ACI fails to appoint an approved auditor, one may be appointed by the CBC, who will fix
the remuneration to be paid by the ACI.
ACIs incorporated in the Republic need to publish their balance sheet, profit and loss account, and
their auditor’s report within six months of the end of the financial year. All other ACIs need to
publish their balance sheet and profit and loss account for each financial year covering their
business as a whole.
Within 15 days of the end of each month every ACI has to submit a certified statement of its assets
and liabilities as at the end of the month to the CBC.
The CBC may request and compile information that is necessary or useful for the exercising of its
powers. It may request any additional information from ACIs, and any other natural or legal
person under its supervision, to be provided within a specified time frame. The request for
information must include a request to present, submit and file any written records and information,
including client records and other data stored on computers. Any request to provide information
must be kept in the strictest confidence, and any person requested to provide information must
comply with the CBC request.
Every ACI incorporated in the Republic must publicly disclose information concerning its
operation, including:
• own funds
Chapter 7
The Prevention and Suppression of Money
Laundering and Terrorist Financing Laws
Learning Objectives
Introduction
The Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007–2019 and
CysecDirective regarding the Prevention and Suppression of Money Laundering and Terrorist
Financing outline the regulations for anti-money laundering and terrorist financing in the Republic. In
combination these rules cover, among other things, the appropriate systems and procedures applied
within a risk-based approach in obliged entities financial organisations, the requirements related to
customer identification and due diligence procedures, the responsibilities of the board of directors,
employees’ obligations, education and training, the duties of the compliance officers, and the
recognition and reporting of suspicious transactions/activities.
Introduction
The prevention of money laundering and of the financing of terrorist activities is of significant
importance for the global financial system. Any association with these activities has a negative
impact on the reputation of institutions and, in turn, has the potential to undermine the banking
sector, as well as the local economy. There are three stages to a successful money laundering
operation:
• Placement – the first phase of money laundering process which is the physical disposal of
cash proceeds derived from illegal activity; typically it is the introduction of ‘dirty’ money in
the form of cash or other assets derived from criminal activity into the financial system (such
as a bank, a casino, a cash business or any other form of legitimate business). There are two
techniques used by money launderers during this stage:
• Layering – the second phase of money laundering process involves distancing illegal
proceeds from their source by creating complex levels of financial transactions designed to
disguise the audit trail and to provide anonymity; involves moving the money around in
order to make it difficult for the authorities to link the placed funds with the ultimate
beneficiary of the money. The essence is to disguise the audit trail, the source and the
ownership of funds so as to avoid attracting any attention.
§ Integration – the third phase is the last stage of the money laundering
process and this is the phase of placing laundered funds back into the
economy by re-entering the funds into the financial system and giving them
the appearance of legitimacy; in this stage, it is really difficult to distinguish
between the legal and dirty money.
• customer identification
• recordkeeping
A person generally commits an offence if they enter into, or are linked with, an arrangement that
facilitates the retention or control of terrorist funds.
Learning Objective
Ø Understand the provision for obliged entities to apply adequate and appropriate
systems and procedures(Article 58); the penalties for non-compliance (Article
59(6(a)(i-v), 6(a1-a4) and 6A(a)); when to apply customer due diligence measures
(Article 60); the ways to apply identification procedures and customer due
diligence measures (Article 61(1))
Ø Know when simple or enhanced customer due diligence measures may be
applied (Article 63 and 64)
Obliged Entities must implement adequate and appropriate policies, controls and procedures,
proportionate to their nature and size, in order to mitigate the money laundering and terrorist
financing risks in relation to the following:
• Customer identification and due diligence – know the customer and their business. Due
diligence is carried out at the start, and on a regular basis throughout the business
relationship with a customer. Additional due diligence is required in the event that the
customer carries out transactions for €15.000 or more, whether the transaction is carried
out in a single operation or in several operations which appear to be linked Also, if
constitutes a transfer of over €1.000. Furthermore, due diligence is needed in the event of
suspicion of money laundering or terrorist financing, regardless of the amount of the
transaction, as well as when there are doubts about the veracity or adequacy of previous
customer identification data. For providers of gambling services, due diligence is also
required when carrying out transactions amounting to €2.000 or more, upon the collection
of winnings or the wagering of a stake, or both, in a single or several operations that may be
linked. Lastly, due diligence is needed for persons trading in goods when they carry out
occasional transactions in cash of €10.000 or more, in a single or multiple operation which
seem to be linked. Customer identification procedures and customer due diligence
measures comprise of:
a. identifying the customer and, if applicable, the third-party acting on behalf of the
customer and verifying their identity on the basis of documents, data or
information obtained from a reliable and independent source
b. identifying the beneficial owner and, if applicable, the third-party acting on behalf
of the beneficial owner, and taking risk-based and adequate measures to verify
their identity on the basis of documents, data or information obtained from a
reliable and independent source so that the person carrying on in financial or
other business knows who the beneficial owner is, with regard to legal persons,
trusts and similar legal arrangements, taking risk-based and adequate measures
to understand the ownership and control structure of the customer
c. assessing and obtaining information on the purpose and intended nature of the
business relationship
The extent of these measures and identification procedures may be determined on a risk-
sensitive basis depending on the type of customer, business relationship, product or
transaction. The obliged entities must be able to demonstrate to the competent supervisory
authorities that the extent of the measures taken is appropriate in view of the risks of
money laundering and terrorist financing they are exposed to.
For the purposes of identification procedures and customer due diligence requirements, proof
of identity is satisfactory if it is reasonably possible to establish that the customer is the
person they claim to be; and the person who examines the evidence is satisfied, in
accordance with the procedures followed under this Law, that the customer is actually the
person they claim to be.
Businesses providing life insurance, other investment-related insurance, trusts or similar legal
arrangements must take the necessary measures to establish the identity of the beneficiary at
the times of payout or at the application of vested rights. Obliged entities may be allowed to
avoid certain due diligence measures with respect to electronic money, considering that their
risk assessment has appropriately demonstrated low risk and the following risk-mitigation
conditions have been met:
c. The payment instrument is used exclusively for the purchase of goods or services
e. The issuer possesses appropriate and adequate systems and procedures for
monitoring the transactions or business relationship to enable the detection of
unusual or suspicious transactions
The above provisions do not apply in the case of redemption in cash or cash withdrawal of the
monetary value of electronic money where the amount redeemed exceeds €100. Moreover, the
above exceptions do not include the obligation to monitor transactions and business
relationships on an on-going basis as well as the obligation of detecting and reporting suspicious
transactions.
• Internal reporting and reporting to MOKAS (the Unit for Combating Money
Laundering) – the appointed money laundering compliance officer needs to report
any suspicious transactions both internally and to MOKAS.
• Internal control, risk assessment and risk management in order to prevent money
laundering and terrorism financing.
• Compliance management
Failure to comply with the AML/CFT Law or the directive issued by CySEC, will subject the Obliged Entities to the
following measures taken against them:
a. To require the Obliged Entity to take such measures within a specified timeframe to remedy
the situation.
b. To impose:
- An administrative fine of not exceeding EUR 1.000.000 (one million euro) having first
given the opportunity to the supervised person to be heard
- in the event that the culpable offender derived a benefit from the breach which
benefit exceeds the administrative fine mentioned above, an administrative fine up to
an amount of at least twice the amount of the benefit derived from the breach
- in the event the breach continues, an administrative fine of up to one thousand euro
(€1.000) for each day the breach continues
c. To amend or suspend or withdraw the operating license of the supervised person
d. A temporary ban on persons discharging managerial duties or any other natural person
found guilty of misconduct in the performance of managerial duties in the obliged entity
e. Impose the aforementioned administrative fine to the person(s) performing managerial
duties in the obliged entity and to any other person who was related to infringement, due to
their fault, intentional omission or negligence.
f. If the obliged entity is a credit or financial institution, the competent Supervisory Authority
may additionally impose administrative pecuniary sanctions to legal and natural persons of a
maximum of €5.000.000. Also, for legal persons, a 10% of the total annual turnover
according to the latest approved accounts.
g. Independent legal professionals or auditors or external accountants who fail to comply with
the related provisions of the Law and the directives issued by CySEC, are referred by CySEC
to the competent Disciplinary Board which will decide accordingly.
CySEC will publish in its official website the administrative fine or the measures taken against the sanctioned
persons immediately after communicating the related decision to them.
Obliged entities may apply simplified customer due diligence (SDD) measures if they have previously ascertained
that the business relationship or the transaction presents a lower degree of risk. Furthermore, it is provided
that the obliged entity carries out sufficient monitoring of the transactions and the business relationships to
enable the detection of unusual or suspicious transactions if these occur during a business relationship.
SDD is not an exemption from any of the customer due diligence (CDD) measures; however, obliged entities
may adjust the amount, timing or type of each or all of the CDD measures in a way that is commensurate to the
low risk they have identified.
When assessing the risks of money laundering or terrorist financing which relate to types of customers,
geographical areas and particular products, services, transactions or delivery channels, the obliged entity takes
into account at least the factors of potentially lower risk situations set out in the AML/CFT Law.
In accordance to non-exhaustive list of factors and types of evidence of potentially lower risk, to the following
customers the simplified due diligence may be applicable:
a. public companies listed on a stock exchange and subject to disclosure requirements (either by
stock exchange rules or through law or enforceable means), which impose requirements to
ensure adequate transparency of beneficial ownership,
b. public administrations or enterprises,
c. customers that are resident in geographical areas of lower risk.
SDD may not be appropriate in certain type of industries, products or services or may not be allowed due to the
national legislation.
Customers that pose higher money laundering and terrorist financing risks present increased exposure to
obliged entities. Higher risk customers should be viewed even more closely at account opening and their
transactions should be monitored more closely during the account operation. An obliged entity applies
enhanced customer due diligence (EDD) measures, additionally to the measures referred in the Law, in the
following cases:
a. When it is transacting with a natural person or legal entity with an establishment in a high-risk
third country,
- Enhanced customer due diligence measures need not be invoked automatically with
respect to branches or majority-owned subsidiaries of obliged entities established in
the European Union which are located in high risk third countries, where those
branches or majority-owned subsidiaries fully comply with the group-wide policies and
procedures in accordance with the Law and, in this case, the obliged entity uses risk-
based approach.
b. In cross border correspondent relationships with a third-country respondent institution, a credit
institution and financial institution:
- gather sufficient information about the respondent institution to understand fully the
nature of the respondent's business and to determine from publicly available
information the reputation of the institution and the quality of supervision
- assess the respondent institution's AML/CFT controls
- obtain approval from senior management before establishing new correspondent
relationships
- document the respective responsibilities of each institution
- with respect to payable-through accounts, be satisfied that the respondent institution
has verified the identity of, and performed ongoing due diligence on, the customers
having direct access to accounts of the correspondent institution, and that it is able to
provide relevant CDD data to the correspondent institution, upon request
c. In transactions or business relationships with a politically exposed person (PEP), an obliged entity:
- has in place appropriate risk management systems, including risk-based procedures, to
determine whether the customer or the beneficial owner of the customer is a PEP
- obtains Senior Management (SM) approval for establishing or continuing the business
relationship with such person
- take adequate measures to establish the source of wealth and source of funds that are
involved in business relationships or transactions with such person
- conduct enhanced and on-going monitoring of the business relationship
- In case that the person has ceased to exercise significant public function in the Republic
or in a Member State or in a third country or hold an important public office in an
international organization the obliged entity shall, for at least 12 months, the obliged
entity is required to take into account the continuing risk posed by that person and
apply appropriate and risk- sensitive measures until such time as that person is deemed
to pose no further risk specific to politically exposed persons
- applies the above measures for the immediate family members and close associates of
the PEP
An obliged entity is required to take reasonable measures to determine whether a beneficiary of a life or other
investment related insurance policy and/or, where required, the beneficial owner of the beneficiary is a PEP.
These measures shall be taken no later than at the time of the payout or at the time of the assignment, in whole
or in part, of the policy in the following cases:
a. the beneficiary of a life insurance or other investment-related insurance policy and/or, where
required, the beneficial owner of the beneficiary is a PEP at the time of the pay-out or at the time
of the assignment of the insurance policy; and/or
b. higher risks are detected in transactions or in business relationships with a PEP, in addition to the
application of CDD measures, an obliged entity:
- informs senior management prior to pay-out of insurance policy proceeds
- conducts enhanced scrutiny of the entire business relationship with the policy holder
An obliged entity must apply EDD measures in other situations which by their very nature present a high risk of
money laundering or terrorist financing. When assessing the risks of money laundering and terrorist financing,
obliged entities must consider at least the factors of potentially higher-risk situations as set out in the Law.
In addition to the non-exhaustive list of factors and types of evidence of potentially higher risk, the enhanced
due diligence is applicable:
In accordance with the Risk Factors Guidelines, an indication of EDD measures obliged entities should apply,
may include:
Learning Objective
• Determines, records and approves the general policy principles of the obliged entity in relation to
the prevention of ML and TF and communicates them to the Compliance Officer.
• Appoints a compliance manager and, and, where necessary, alternate compliance officer, assistant
compliance officers and determines their duties and responsibilities, which are recorded in the risk
management and procedures manual.
• Approves the risk management and procedures manual which is communicated to all employees
that manage, monitor or control in any way the customers’ transactions and have the responsibility
for the application of the practices, measures, procedures and controls that have been determined.
• Ensures that all requirements of the Law and of the CySEC Directive are applied, and assures that
appropriate, effective and sufficient systems and controls are introduced for achieving compliance
with the requirements.
• Assures that the compliance officer, the alternate compliance officer and their assistants, and any
other person who has been assigned with the duty of implementing the procedures for the
prevention of money laundering and terrorist financing, have complete and timely access to all data
and information concerning customers’ identity, transactions’ documents and other relevant files
and information maintained by the obliged entity.
• Ensures that all employees are aware of the persons who have been assigned the duties of the
compliance officer, the alternate compliance officer as well as their assistants, to whom they report
any information concerning transactions and activities for which they have knowledge or suspicion
that might be related to money laundering and terrorist financing.
• Establishes a quick and clear reporting chain based on which information regarding suspicious
transactions is passed without delay to the compliance officer, either directly or through their
assistants and notifies accordingly the compliance officer for its explicit prescription in the risk
management and procedures manual.
• Ensures that the compliance officer and alternate compliance officer have sufficient resources
including competent staff and technological equipment for the effective discharge of their duties.
• Assesses and approves the annual report, and takes actions, as deemed appropriate under the
circumstances, to remedy any weaknesses and/or deficiencies identified in the Annual Report.
The Board of Directors must designate a member who may be executive or non-executive. The member is
responsible for the implementation of the provisions of the AML/CFT Law and of the directives and/or circulars
and/or regulations issued by the Supervisory Authority, pursuant thereto including any relevant acts of the
European Union. The member may perform additional duties, where appropriate, depending on the nature and
size of the activities of the obliged entity.
The internal audit department reviews and evaluates, at least on annual basis, the appropriateness,
effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms
applied within an obliged entity for the prevention of money laundering and terrorist financing.
The findings and observations of the reviews must be submitted to the board of directors in a written
format, in order to decide the necessary measures to be taken for ensuring the rectification of any
weaknesses and/or deficiencies.
The internal audit report and the measures taken are submitted to CySEC.
A customers’ acceptance policy must be developed according to the provisions of the Law and CySEC’s
directive. The acceptance policy is prepared after detailed assessment of the risks the obliged entity
faces from its customers, their transactions and countries of origin and operations.
The customers’ acceptance policy shall include the criteria for accepting new customers, clarify which
categories of customers cannot be accepted or must not execute occasional transactions, as well as
the customer risk categories, which shall be at minimum three (low, normal and high risk).
A Compliance Officer is appointed by the board of directors and needs to belong to the senior management in
order to possess the necessary authority. The alternate compliance officer takes over the responsibilities of the
compliance officer in case of his/her absence. The alternate compliance officer function may be outsourced to
a natural person and the outsourcing procedure is recorded in the risk management and procedures manual.
Compliance officer assistants may be appointed, if deemed necessary. The assistants report to the compliance
officer. The Obliged Entity communicates immediately to CySEC the names, the positions and the contact details
of the persons it appoints as Compliance Officer, alternate Compliance Officer and assistants of the Compliance
Officer.
- The design of the internal practices, measures, procedures and controls related to the prevention
of money laundering and terrorist financing based on the policy principles defined by the BoD.
- The allocation of the appropriateness and responsibility limits of each involved department.
- The development and establishment of the customers’ acceptance policy which is submitted to
the BoD for consideration and approval.
- The preparation of the risk management and procedures manual regarding money laundering
and terrorist financing.
- Monitoring and assessment of the correct and effective implementation of the policy, the
practices, measures, procedures and controls and in general the implementation of the risk
management and procedures manual.
- Receives information from the employees which is considered to be knowledge or suspicion of
money laundering or terrorist financing activities or might be related with such activities. The
information is received on the Internal Suspicious report and the compliance officer, together
with the informer and the informer’s superiors, evaluates and examines the provided
information. If MOKAS needs to be notified, the compliance officer prepares the related report
and sends it the soonest possible. On the other hand, if an incident needs not to be reported to
MOKAS, the compliance officer needs to justify the decision.
- Acts as the first point of contact with the MOKAS, upon commencement and during an
investigation as a result of filing a report to the Unit.
- Ensures the preparation and maintenance of the lists of customers in accordance to their assessed
risk level giving amongst others, information for the names of customers, account numbers and
date of the commencement of the business relationships. The compliance officer ensures that
the lists and related information are kept updated for all new and existing clients.
- Detects, records, and evaluates, at least on an annual basis, all risks arising from existing and new
customers, new financial instruments and services and updates and amends the systems and
procedures applied by the obliged entity for the effective management of the aforementioned
risks.
- Evaluates the systems and procedures applied by a third person on whom the obliged entity relies
for customer identification and due diligence purposes.
- Ensures that the branches and subsidiaries of the obliged entity that operate in countries outside
the European Economic Area, have taken all necessary measures for achieving full compliance
with the provisions of the CySEC’s Directive, in relation to customer identification, due diligence
An obliged entity takes appropriate steps to identify and assess the risks of money laundering and
terrorist financing which it faces, taking into account the risk factors, including those which relate to
its customers, countries and geographical areas, products, services, transactions or delivery channels
for providing certain services, provided that such measures are proportionate to the nature and size
of the obliged entity.
Certain sectors of a business may pose higher risks than others and will therefore necessitate
additional controls to mitigate those risks, while others may present lower risks that will necessitate
less controls. As a result, an obliged entity should apply appropriate measures and procedures, on
RBA, to focus its effort in those areas where the risk of money laundering and terrorist financing
appears to be higher. In addition, the obliged entity’s resources should be invested and applied
where they are most required. Consequently, the RBA should assist the obliged entity to understand
where its exposure to money laundering and terrorist financing is derived from and to which areas
it should prioritize its efforts.
Risk Based Approach involves specific measures and procedures such as:
• The aforementioned identification and assessment of the money laundering and terrorist
financing risks
• Documenting in the risk management and procedures manual the policies, measures,
procedures and controls to ensure their uniformed application across the obliged entity by
persons specifically appointed for that purpose by the Board of Directors
• Managing and mitigating the assessed risks by the application of appropriate and effective
measures, procedures and controls
2.6. Examples
• Mixing of illegitimate funds with funds from legitimate cash-intensive businesses such as
restaurants, hair salons, coffee shops, etc
• Repayment of loans by using laundered cash
• Currency smuggling by moving physical cash cross-border
• Purchasing of foreign exchange with illegal funds
• Sending wire transfers of funds from one bank account to another, from one country to
another etc
• Converting deposited cash into monetary instruments
• Placing money in investments such as shares or bonds in rapid succession, investing in
collective investment scheme or insurance-based investment products
• Buying and selling foreign currencies
• Creating complex shell companies to circulate huge sum of money between companies and
jurisdictions within the network in order to lose audit trail
The “clean” money from the integration stage can involve:
There are also a number of similarities between money laundering and terrorist financing, such as the
methods used. From a technical perspective, the methods used by terrorists and other criminal
organizations are similar with the methods used to launder funds. Although it would seem logical that
funding from legitimate sources does not need to be laundered, there is a need for the terrorist group
to disguise the link between it and its legitimate funding sources. In doing so, the terrorists use
methods similar to those of criminal organizations: structuring and purchase of monetary
instruments, wire transfers, and use of debit or credit cards.
Although money laundering and terrorist financing have many similarities, they are two separate
crimes. However, there are key distinctions and certain typologies that can help Compliance Officers
understand the differences and distinguish suspicious terrorist financial activity from money
laundering.
a. The origin of funds – Terrorist financing often uses clean legal funds to commit a crime with
a political background; hence such funds have not necessarily been obtained illegally. On the
other hand, money laundering involves the use of money derived from illicit proceeds and its
purpose is to use dirty money to perform legitimate activities.
b. Motivation – Criminals perform money laundering to gain profit, whereas terrorist financing
is based on ideological beliefs.
c. The money trail - laundered money eventually end up with the person(s) who initiated the
proceedings (circular process) whereas, in terrorist financing activities, money is used to
commit terrorist attacks and finance terrorist group activities (linear process), and in many
cases are unrelated to the initiator.
d. Money laundering involves large amounts of money which are usually structured but terrorist
financing uses small amounts which are unstructured.
e. The financial activity in money laundering involves complex group structures with shell,
bearer shares and offshore secrecy heavens while in terrorist financing there are no such
group structures and usually there are unrelated parties.
There are a large number of known activities that should arouse suspicion of money laundering
including:
However, those who wish to launder funds or finance terrorism are continuously finding new
ways to do so; staff members of financial institutions, therefore, need to be alert to anything
that is out of the ordinary.
1. Describe the appropriate systems that need to be in place to enable the detection of money
laundering and the financing of terrorism.
Answer reference: Section 1.1
Chapter 8
Markets in Financial
Instruments Regulation (MiFIR)
Learning Objectives
The Markets in Financial Instruments Regulation of 2014 (Regulation EU 600/2014) is also known as
MiFIR and is accompanied by the Markets in Financial Instruments Directive (MiFID). These EU wide
rules, collectively known as MiFID II, apply to all member states and concerns investments firms,
regulated markets and data reporting services. The regulation and the directive aim at smoothening
the function of the internal market.
Learning Objective
• investment firms
CCPs and third-country firms are only subject to specific rules (title VI and VIII of the regulations
respectively).
2. Transparency Requirements
Learning Objective
Ø Know transparency requirements for equity instruments: pre-trade (Article 3); waivers
(Article 4); volume cap mechanism (Article 5); post-trade (Article 6); deferred publication
(Article 7)
Ø Know transparency requirements for non-equity instruments: pre-trade (Article 8); waivers
(Article 9); post-trade (Article 10); deferred publication (Article 11)
Ø Know transparency requirements applicable to systematic internalisers and investment
firms trading OTC (Article 14–15)
Equity instruments are subject to transparency requirements. In the context of this section, the term
‘financial instrument’ is used to describe shares, depositary receipts, exchange-traded funds (ETFs),
certificates or other similar financial instruments.
2.1.1. Pre-Trade
Market operators and investment firms operating a trading venue need to make the following
information publicly available for all equity and equity-related instruments traded on their trading
venue:
The information needs to be made available to the public on a continuous basis during normal trading
hours, and it needs to be calibrated for different types of trading systems including order-book, quote-
driven, hybrid, and periodic auction trading. The operator shall give access to the arrangements
employed for making this information public on reasonable commercial terms, and on a non-
discriminatory basis.
2.1.2. Waivers
The obligation to make pre-trade information available may be waived in the following examples:
a. A system matching orders based on a trading methodology by which the price of the
financial instrument referred to is derived from:
• the trading venue where the financial instrument was first admitted to trading,
or
The reference price needs to be widely published and regarded by market participants as a reliable
reference price.
• made with the current volume weighted spread reflected on the order book or
the quotes of market makers of the trading venue operating that system
• subject to conditions other than the current market price of the instrument.
d. Orders held in an order management facility of the trading venue pending disclosure.
The reference price is typically the midpoint between the current bid price and the offer price or, if a
current price is not available, the midpoint between the closing bid price and the offer price of the
relevant trading session.
Formalised negotiated transactions need to be carried out in accordance with the rules of the trading
venue which shall ensure that appropriate arrangements, systems, and procedures are in place to
province and detect (attempted) market abuse in relation to these transactions. In addition, the
trading venue needs to establish, maintain, and implement systems to detect any attempt to use the
waiver to circumvent any other requirements. Any such attempts need to be reported to CySEC.
The Commission will monitor waivers granted on the basis of the first and third bullet of item (b)
above.
Prior to granting a waiver, CySEC will notify ESMA and other competent authorities of the intended
use of the waiver, and will provide an explanation of its functioning including details of the trading
venue. Notification of the intention to grant a waiver shall be made at least four months prior to the
intended start date. ESMA will issue a non-binding opinion within two months of receipt of the
notification. In the event that another member state disagrees with the waiver, they may refer the
matter back to ESMA. ESMA monitors the application of the waivers and, on an annual basis, submits
a report to the EC.
If it is observed that a waiver is being used in a way that deviates from its original purpose, or if it is
believed that the waiver is used to circumvent the requirements, CySEC may withdraw it, either on
their own initiative or on request from another competent authority. CySEC will notify ESMA.
In order to ensure that waivers (section 2.1.2) do not unduly harm price information, trading under
those waivers on a trading venue is restricted to 4% of total volume in the financial instrument to
which the waiver applies on all trading venues in the EU over the previous 12 months. Overall EU
trading in a financial instrument under a waiver shall not exceed 8% of the total volume of trading in
that financial instrument across the EU over the previous 12 months. The volume cap does not apply
to negotiated financial transactions for which there is no liquid market provided, they are transacted
within a predetermined range of a suitable reference price. In addition, the cap does not apply to
negotiated transactions that are subject to conditions other than current market price.
Once the 4% limit is exceeded, the competent authority that has issued the waiver shall suspend the
use of it for a period of six months within two days of the limit being exceeded.
Once the 8% limit is exceeded across all trading venues in the EU, all competent authorities in the EU
shall suspend the use of the waiver for a period of six months within two days of the limit being
exceeded.
Within five working days of the end of the calendar month, ESMA will publish the total volume per
financial instrument across the EU in the previous 12 months, the percentage of trading in a financial
instrument under those waivers per trading venue in the previous 12 months, and the methodology
used to derive the percentages. Once trading in a financial instrument on a trading venue exceeds
3,75% of total trading in the EU in the previous 12 months, or once trading across the EU exceeds
7,75% of all EU trading in the financial instrument over the previous 12 months, an additional report
will be published within five working days from the 15th of the next month.
In order to facilitate the monitoring of trading volumes and caps, operators of trading venues need to
have systems and procedures in place to enable the identification of all trades at the venue under a
waiver and to ensure that the trading volume does not exceed the permitted percentage of trading.
2.1.4. Post-Trade
Operators of trading venues need to make public the price, volume and time that transactions are
executed, as close to real-time as is technically possible. Under reasonable commercial terms, and on
a non-discriminatory basis, the operator will give access to the arrangements they employ for making
this information public to investment firms who are obliged to publish the details of their transactions.
CySEC may authorise the operator of a trading venue to defer the publication of the details of
transactions on the basis of their type or size, in particular transactions that are large in scale
compared to the normal market size for the type of financial instrument. Operators of a trading venue
need to obtain CySECs prior approval to defer publication and they need to disclose these
arrangements to market participants and to the public. ESMA monitors the application of the
arrangement of deferred trade publication and annually submits a report to the EC on this subject. In
the event that a competent authority of another member state disagrees with an authorised deferred
publication, the issue may be referred to ESMA.
Non-equity instruments are subject to transparency requirements as outlined in the sections below.
In the context of this section, the term ‘financial instrument’ is used to describe bonds, structured
finance products, emission allowances and derivatives.
2.2.1. Pre-Trade
Market operators and investment firms operating a trading venue need to make current bid of offer
prices as well as depth of trading interest at those prices, publicly available for all financial instruments
traded on their trading venue; this also applies to actionable indication of interests. The information
needs to be made available to the public on a continuous basis during normal trading hours. The
information needs to be calibrated for different types of trading systems, including order-book,
quote-
driven, hybrid, and periodic auction trading. The publication obligation does not apply to derivatives
transactions of non-financial counterparts which are objectively measurable as reducing risks directly
relating to the commercial activity or treasury financing activity of the non-financial counterparty or
of the group. The information needs to be calibrated for different types of trading systems, including
order-book, quote-driven, hybrid, periodic auction trading, and voice trading systems. The operator
shall give access to the arrangements employed for making this information public on reasonable
commercial terms, and on a non-discriminatory basis.
In the event a waiver is granted in line with the rules outlined in section 2.2.2, the trading venue need
to, at a minimum, make public pre-trade bid and offer prices. These prices need to be close to the
price of the trading interest advertised through their systems. This information will be made available
to the public through appropriate electronic means on a continuous basis during normal trading
hours.
2.2.2. Waivers
The obligation to make pre-trade information available may be waived for the following reasons:
a. Orders that are large in scale compared to normal market size orders for the type of
instrument and orders held in an order management facility of the trading venue.
c. Derivatives which are not subject to trading on regulated markets, MTFs, OTFs and
other financial instruments for which there is not a liquid market.
Prior to granting a waiver, CySEC will notify ESMA and other competent authorities of the intended
use of the waiver, and will provide an explanation of its functioning including details of the trading
venue. Notification of the intention to grant a waiver shall be made at least four months prior to the
intended start date. ESMA will issue a non-binding opinion within two months of receipt of the
notification. In the event that another member state disagrees with the waiver, they may refer the
matter back to ESMA. ESMA monitors the application of the waivers and, on an annual basis, submits
a report to the EC.
If it is observed that a waiver is used in a way that deviates from its original purpose, or if it is believed
that a waiver is used to circumvent the requirements, CySEC may withdraw a waiver either on its own
initiative or on request from another competent authority. CySEC will notify ESMA.
CySEC may temporarily suspend the pre-trade obligations if the liquidity of a financial instrument falls
below a predetermined threshold. This threshold will be determined on the basis of objective criteria
specific to the market for the financial instrument concerned. Notification of a temporary suspension
will be published on CySEC’s website.
Prior to applying a suspension, or renewing a temporary suspension, CySEC will notify ESMA of its
intentions and will provide an explanation.
2.2.3. Post-Trade
CySEC may authorise the operator of a trading venue to defer publication of the details of transactions
on the basis of their type or size. In particular:
• transactions that are large in scale compared to the normal market size for the type of
class of the financial instrument
in the event the size of the trade would expose liquidity providers to undue risk.
When authorising the delay CySEC will need to take into consideration whether the market
participants are retail or wholesale investors.
Operators of a trading venue need to obtain CySECs prior approval to defer publication and they need
to disclose these arrangements to market participants and to the public. ESMA monitors the
application of the arrangement of deferred trade publication and annually submits a report to the EC
on this subject. In the event that a competent authority of another member state disagrees with an
authorised deferred publication, the issue may be referred to ESMA.
CySEC may temporarily suspend trading if the liquidity in a specific class of financial instrument falls
below a pre-determined threshold, and it will publish the suspension on its website. A temporary
suspension will be valid for an initial period of up to three months from the date of publication that
appears on the CySEC website. The suspension may be renewed for a further period, not exceeding
three months at a time, if the grounds for the suspension continue to be applicable. If a temporary
suspension is not renewed, it will automatically lapse.
In the context of this section, a financial instrument could be a share, a depositary receipt, an ETF, a
certificate or a similar financial instrument.
Investment firms must make public any quotes for financial instruments traded on a trading venue
for which they are a systematic internaliser, and for which there is a liquid market. In the event that
there is no liquid market, quotes will be made available to clients on request. The transparency
requirements in this section do not apply to systematic internalisers that deal in sizes above standard
market size.
Systemic internalisers may decide the size(s) at which they will quote with the minimum quote size
being 10% or more of the standard market size of the financial instrument traded on a trading venue.
Each quote needs to include a firm bid and offer price(s) for a size or sizes up to the standard market
size for the class of financial instruments. The price(s) will reflect the prevailing market conditions for
the financial instrument.
Financial instruments will be grouped in classes on the basis of the arithmetic averages value of the
orders executed in the market for those financial instruments. The standard size for each class shall
be one that is representative of the arithmetic average value of the orders executed in the market for
the financial instruments included in each class.
The market for each financial instrument is comprised of all the orders executed in the EU in respect
of the financial instrument, excluding those that are large in scale compared to normal market size.
The competent authority will determine the class to which a financial instrument belongs at least
annually on the basis of the arithmetic average value of orders executed in the market in respect of
the financial instrument.
Firms that meet the definition of the term ‘systematic internaliser’ will notify CySEC, who will then
transmit this notification to ESMA, which maintains a list of all systematic internalisers (SIs) in the EU.
Quotes will be made public on a regular and continuous basis during normal trading hours, they may
be updated at any time and, under exceptional market conditions, they may be withdrawn. Quotes
shall be made public in a manner that is easily accessible to other market participants and on a
reasonable commercial basis.
Orders from clients will be executed at the quoted prices at the time they are received. In justified
cases, the order may be executed as a better price providing that the price falls within a public range
close to market conditions. Orders received from professional clients might be executed at prices
different from the quoted prices in respect of transactions where execution in several securities is
part of one transaction, or in respect of orders that are subject to conditions other than the current
market price.
Where a systematic internaliser, quoting only one quote or whose highest quote is lower than the
standard market size, receives an order from a client between the quotation size and the standard
market size, they may decide to execute that part of the order which exceeds the quotation size at
the quoted price. If the systematic internaliser quotes different sizes, and receives an order between
those sizes, they shall execute the order at one of the quoted prices.
3. Reporting Requirements
Learning Objective
3.1. Record-Keeping
Investment firms need to keep all relevant data relating to all orders and transactions in financial
instruments that they have carried out for their own account or on behalf of a client for a period of
five years. For client transactions the records need to contain all details of the identity of the clients,
and all information required for anti-money laundering purposes. Information may need to be
provided to CySEC and ESMA on request.
The operator of a trading firm needs to maintain all the relevant data relating to all orders in financial
instruments which are advertised through its systems for a period of at least five years. The records
need to contain all relevant data that constitutes the characteristics of the order, including those that
link an order to one or more executed transactions. Information may need to be provided to CySEC
and ESMA. ESMA will perform a facilitation and coordination role in relation to access to the
information by competent authorities.
Investment firms that execute transactions in financial instruments shall report complete and
accurate details of such transactions to the competent authority as soon as possible, but no later than
the close of business of the following working day. CySEC will establish the necessary arrangements
to ensure that the competent authorities of the most relevant markets in terms of liquidity for those
financial instruments also receive that information. On request, CySEC will make all information
available to ESMA.
1. admitted to trading, or traded on a trading venue for which a request for admission to trading
has been made
The reporting requirement applies irrespective of whether or not such transactions are carried out on
the trading venue.
• transaction price
• identification of the client on whose behalf the transaction is executed (legal entity
identifiers need to be established to identify clients that are legal persons)
• identification of persons and computer algorithms within the firm responsible for the
investment decision and execution of the transaction
• identification of the applicable waiver under which the trade has taken place
• designation to identify a short sale in respect of any shares and sovereign debt.
For transaction executed on a trading venue the report will include a designation identifying the type
of transaction. For commodity derivatives, the report will indicate whether the transaction reduces
risk in an objectively measurable way.
Investment firms that transmit orders shall include all details outlined above in the transmission of
the order. However, instead of including the details when transmitting the order, the firm may choose
to report the order as a transaction once it has been executed.
The reporting requirements also apply to financial instruments executed by a firm not subject to the
regulation.
Reports need to be submitted to CySEC either by the investment firm itself, an advanced reporting
mechanism (ARM) acting on its behalf, or by the trading venue through whose system the transaction
was completed. Either way, the investment firm must take reasonable steps to verify completeness,
accuracy and timeliness of the transaction reports that were submitted on its behalf.
In accordance with EU rules and regulations, CySEC will require trading firms that make reports on
behalf of investment firms to have sound mechanisms in place to:
The trading venue needs to maintain adequate resources and have back-up facilities in place in order
to offer and maintain its services at all times.
An investment firm would be deemed to have fulfilled its transaction reporting requirements if it has
reported a transaction (including all the required details) to a trade repository approved as an ARM,
and the ARM has reported the same to CySEC within the appropriate time limit.
Any errors or omissions will be corrected by the party submitting the report, and a new report will be
submitted to CySEC.
In the event that the Republic is the host member state, CySEC will transmit the information to the
competent authority in the home member state of the investment firm unless the competent
authorities of the home member state have decided that they do not wish to receive this information.
Trading venues need to disclose transaction data outlined in section 3.2 for financial instruments
admitted to trading on regulated markets or on MTFs or OTFs. Systematic internalisers need to
provide reference data related to the financial instruments defined in section 3.2. Identified reference
data will be submitted to CySEC in an electronic and standardised format before trading commences
in the financial instrument that it refers to. Financial instrument reference data needs to be updated
whenever there are changes. CySEC will, without delay, submit the information to ESMA who will
publish it on their website. ESMA will give competent authorities access to the reference data.
In order for competent authorities to be able to monitor the activities of investment firms to ensure
that they act honestly, fairly and professionally, and in a manner which promotes the integrity of the
market, ESMA and the competent authorities will establish the necessary arrangements to ensure
that they effectively receive the financial instrument reference data, that the quality of the data is
appropriate, and that the data is efficiently exchanged between the relevant competent authorities.
4. Derivatives
Learning Objective
Ø Know the obligation to trade derivatives on (Article 28): regulated markets; MTFs; OTFs;
third- country trading venues
Ø Know obligations relating to the clearing and indirect clearing of derivatives (Article 29–
30)
Ø Know the obligations relating to portfolio compression (Article 31)
Eligible derivatives may be admitted to trading on regulated markets or trading venues on a non-
exclusive and non-discriminatory basis. Upon careful consideration, the EC may approve trading
venues from third-countries as elite trading venue for derivatives trading. The legal and supervisory
framework of the third county is considered to have equivalent effect where that framework fulfils
all of the following conditions:
a. Trading venues of the third country are subject to authorisation, effective supervision and
b. Trading venues have clear and transparent rules regarding the admission of financial
instruments to trading so that they can be traded in a fair, orderly and efficient manner,
and are freely negotiable.
d. It ensures market transparency and integrity via rules addressing market abuse in the
form of insider dealing and market manipulation.
It is the responsibility of the operator of a regulated market to ensure that all derivatives transactions
are cleared by a CCP. The trading venues, CCPs and investment firms who act as clearing members
need to have effective systems, procedures and arrangements in place in relation to cleared
derivatives to ensure that the transactions are submitted and accepted for clearing as quickly as
technologically practicable as possible using automated systems. In this context, cleared derivatives
are all those that are processed by a regulated market as well as all derivatives for which it is otherwise
agreed between relevant parties that they will be cleared.
Indirect clearing arrangements are permissible providing that they do not increase counterparty risk
and that they ensure that the assets and positions of the counterparty benefit from appropriate
protection.
When providing portfolio compressions, investment firms and market operators are not subject to
the best execution obligation. Termination or replacement of derivatives in a portfolio component
are not subject to the obligation to trade on regulated markets, MTFs or OTFs. Investment firms and
market operators providing portfolio compression will make the volume of transactions, and the time
they were concluded public through an APA, as close to real time as is technically possible. They shall
keep complete and accurate records of all portfolio compressions which will be made available
promptly to CySEC or ESMA on request.
Chapter 9
Capital Adequacy Requirements
Learning Objectives
Investment firms operating in the Republic of Cyprus need to meet specific requirements regarding
capital adequacy, professional standards, the compliance function, systems and controls in
automated trading environments and suitability requirements.
The CRR covers prudential regulations, capital and own funds requirements as well as the calculation
of risk weighted assets and the criteria that need to be met by banks to apply the standardised or
advanced approaches. Unless otherwise indicated, the paragraphs and sections noted behind the
learning objectives refer to Directives DI144–2014–14 and DI144–2014–15 arising from CRR.
The reference to Capital Requirements Regulation should not be EU575/2013 but Regulation (EU)
575/2013.
Learning Objective
In the context of the regulations, CySEC is the consolidating supervisor who may waive the capital
requirements on a consolidated basis provide that:
1. each EU investment firm in the group uses the alternative calculation of total risk exposure;
2. all investment firms in a group that are not authorised to provide the following investment
services and activities:
c. deal on own account only for the purpose of fulfilling or executing a client order or for
the purpose of gaining entrance to a clearing and settlement system of a recognised
exchange when acting as an agent or executing a client order
iv. for which the execution and settlement whose transactions take place under
the responsibility of a clearing institution and are guaranteed by that clearing
institution.
f. f. any financial holding company which is the parent financial holding company in a
member state of any CIF in the group holds at least enough capital, to cover the sum of
the following:
vi. ii. the total amount of any contingent liability in favour of CIFs, financial
institutions, asset management companies and ancillary services
undertakings which would otherwise be consolidated
Where the above criteria are met, each EU investment firm will have systems in place to monitor and
control the sources of capital and funding of all financial holding companies, investment firms,
financial institutions, asset management companies and ancillary services undertakings within the
group.
On a case-by-case basis, CySEC may apply the waiver if the financial holding companies hold a lower
amount of own funds than the amount calculated under F above, but not lower than the sum of the
own funds requirements imposed on an individual basis to CIFs, financial institutions, asset
management companies and ancillary services undertakings which would otherwise be consolidated
and the total amount of any contingent liability in favour of CIFs, financial institutions, asset
management companies and ancillary services undertakings which would otherwise be consolidated.
The own funds requirement for investment undertakings of third countries, financial institutions,
asset management companies and ancillary services undertakings is a notional own funds
requirement.
Own funds consist of tier 1 and tier 2 capital with tier 1 capital consisting of the sum of common equity
tier 1 (CET1) capital and additional tier 1 capital. Tier 1 capital is the core capital including equity
capital and disclosed reserves.
a. capital instruments
c. retained earnings
Items C–F may only be recognised as CET1 if they are available for unrestricted and immediate use to
cover losses as soon as they occur. Interim year-end profits may be included under retained earnings
in CET1prior to confirming the final profit and loss provided they have gained permission from CySEC
which will be provided if the profits have been independently verifies, and the institution has satisfied
CySEC that any foreseeable charge or dividend have been deducted.
In order to qualify as CET1, capital instruments need to meet a number of conditions. Capital
instruments need to be fully paid up, perpetual and may not be guaranteed or secured. Capital
instruments absorb the first and proportionately the largest share of losses as they occur and they
rank below all other claims in the event of insolvency or liquidation. Capital instruments entitle the
owners to a claim on residual assets of the institution and are not secured, subject to a guarantee, or
subject to any arrangement that enhances the seniority.
Additional tier 1 capital consists of capital instruments and their associated premium accounts that
generally have the same characteristics as CET1 capital instruments but can have integrated call
options as long they may be exercised at the sole discretion of the issuer. Additional tier 1 capital
ranks after tier 2 capital in case of insolvency.
Tier 2 capital consists of capital instruments and subordinated loans and associated share premium
accounts as well as:
2. for institutions calculating risk-weighted exposure amounts under the advanced approaches:
positive amounts, gross of tax effects, resulting from the calculation laid down in Articles 158
and 159 up to 0,6 % of risk weighted exposure amounts.
At all times firms must maintain the capital ratios as defined in the table below:
Total Tier 1 6% Tier 1 capital expressed as a percentage of the total risk exposure amount
Total 8% Own funds of the institution expressed as a percentage of the total risk
Capital exposure amount
Total risk exposure is the sum of items 1–6 below after taking into account that the own funds
requirements in points 3–5 below include all those arising from all business activities; and the own
funds requirements in points 2–5 will be multiplied by 12,5.
1. Risk weighted exposure amounts for credit risk and dilution risk in respect of all business
activities excluding the trading book.
2. Own funds requirements for the trading book business for position risk and large exposures
exceeding the large exposure limits.
3. Own funds requirements for foreign exchange risk, settlement risk, and commodities risk.
4. Own funds requirements for credit valuation adjustment risk of OTC derivatives except credit
derivatives recognised to reduce risk-weighted exposure amounts for credit risk.
6. Risk weighted exposure amounts for counterparty credit risk arising from trading book
business including credit derivatives, repurchase transactions, margin lending, and long
settlement transactions.
In addition to CET1 capital, CIFs can be required to maintain a capital conservation buffer up to 2,5%
of their total risk exposure amount. In addition, according to par. 52(2) of the Directive, the
Macroprudential Authority may exempt small- and medium-sized CIFs from holding a CCB, in addition
to their Common Equity Tier 1 Capital. The Macroprudential Authority has decided not to exempt
small- and medium- sized CIFs. Therefore, the CCB applies to all CIFs that are authorised to provide
the investment services listed in points 3 (dealing on own accounts) and/or 6 (underwriting with firm
commitment) of the Law, irrespective of their size. In the event a CIF fails to meet the capital
conservation buffer requirement, they shall be prohibited from distributing more than the Maximum
Distributable Amount (MDA).
CIFs need to report to CySEC direct, indirect, and synthetic holdings of the common equity and
additional Tier 1 instruments, and Tier 2 instruments of financial sector entities where those entities
have a reciprocal cross holding with the CIF and the Commission considers them to have been
designed to inflate artificially the own funds of the CIF, as memorandum items.
For the purpose of calculating their capital requirements, a risk weight of 1,250%needs to be applied
to the greater of:
1. the amount of qualifying holdings in financial sector entities and non-financial sector entities
that are considered a direct extension, an ancillary of banking, or leasing, factoring,
management of unit trusts or data management in excess of 15% of the CIFs eligible capital
When the business of an investment firm materially changes, CySEC may adjust the requirements for
own funds based on fixed overheads.
The European Commission may decide whether a third county applies prudential supervisory and
regulatory requirements that are at least equivalent to those applied in the EU. For any third countries
approved by the European Commission (equivalent third country), the CIFs may treat exposures to
these countries’ credit institutions, clearing houses, and exchanges similarly to exposures to
institutions established in Australia, Canada, Japan, Switzerland, USA, and Russia.
When competent authorities in an equivalent third country assign a risk lower than 100% to central
banks or lower than the rate for the quality step in the table below for exposures to their central
government and central bank denominated in domestic currency, CIFs may assign the same risk
weight to these exposures.
When equivalent third countries treat exposures to regional governments or local authorities as
exposures to their central government and there is no risk between exposures because of the specific
revenue-raising powers of regional government or local authorities and to specific institutional
arrangements to reduce the risk of default, CIFs may risk weight those exposures in the same manner.
When an equivalent third-country treats exposures to public sector entities assign risk weights to
public sector entities in accordance with the table below, CIFs may risk weight their exposures to
these entities in the same way. Otherwise a risk weight of 100%must be applied.
The risk weight for an equivalent third country CIU may be determined on the basis of a look-through
or the average risk weight for its exposures provided the following eligibility criteria are met and:
1. the CIU is managed by a company that is subject to supervision in a member state or, in the
case of third country CIU, where the following conditions are met:
b. b. if investment limits apply, the relative limits and the methodologies to calculate them
3. the business of the CIU is reported on at least an annual basis to enable an assessment to be
made of the assets and liabilities, income and operations over the reporting period.
On the basis of the data collected by the competent authorities, in line with the EU Regulations, taking
into account forward-looking immovable property market developments and any other relevant
indicators, CySEC shall at least annually, assess whether the minimum LGD values remain appropriate
for exposures secured by residential property or commercial immovable property located in its
territory. Where appropriate in the context of financial stability, the CySEC may set higher minimum
values of exposure weighted average LGD for exposures secured by immovable property in the
Republic. CySEC shall notify EBA of any changes to the minimum LGD values.
After taking into account the effect of credit risk mitigation, exposures to a client or a group of
connected clients may not exceed 25% of a CIFs eligible capital. In the event the client is an institution,
or where a group of connected clients includes one or more institutions, the value of the exposure
may not exceed 25% of the CIFs eligible capital or €150 million (whichever is higher) provided the sum
of the exposure values, after eligible risk mitigation, to all connected clients that are not institutions
does not exceed 25% of the CIF’s eligible capital.
If €150 million is more than 25% of the CIF’s eligible capital the limit shall be amended to a reasonable
level by the CIF. Determination of the limit will be in accordance with the CIF policies and procedures
and to control concentration risk. The limit may not exceed 100% of the CIF’s eligible capital.
1. Covered bonds.
These undertakings need to be e covered by the supervision on a consolidated basis to which the CIF
itself is subject, or an equivalent third country.
4. Asset items constituting claims and other exposures to CIFs provided those exposures do not
constitute the CIF’s own funds, do not last longer than the following business day and are
not denominated in a major trading currency.
5. 50% of medium/low risk off-balance sheet documentary credits and undrawn credit facilities
and, subject to CySEC agreement, 80% of guarantees other than loan guarantees which have
a legal or regulatory basis and are given for their members by mutual guarantee schemes
possessing the status of CIF.
6. Legally required guarantees used when a mortgage loan financed by issuing mortgage bonds
is paid to the borrower before final registration of the mortgage in the land register provided
the guarantee is not used to reduce the risk in the calculation of risk weighted exposure
amounts.
7. Asset items constituting claims on, and other exposures to, recognised exchanges.
All of the above will be fully exempt until the entry into force of the large exposures regulations, but
not after the 31 December 2028.
From the 1 January 2015, CySEC requires CIFs to include 100% of unrealised losses measured at fair
value in the calculation of Common Equity Tier 1 (CET1) capital. In addition, CySEC may also permit
CIFs to include 100% of their unrealised gains at fair value. The percentage of unrealised losses
measured at fair value to be included in the calculation of CET1 capital will not exceed the percentage
of unrealised gains measured at fair value to be included.
From the 1 January 2014 until the 31 December 2018, CySEC may permit CIFs that prepare their
accounts conform international accounting standards to add an appropriate amount for their defined
benefit pension plans to their CET1 capital. Between the 1 January and the 31 December 2018, this
amount needs to be multiplied by a factor of 0,2%.
• applicable amount of direct, indirect and synthetic holdings of CET1 instruments of financial
sector institutions in which the institution has a significant investment. The deduction is
subject to the following percentages:
Period Percentages
CET1 capital consists of amounts that are regarded under national law as equity capital subscribed by
the shareholders or other proprietors, regardless of their actual designation and includes the nominal
amount of capital and share premium accounts. Related share premium accounts that qualified as
original own funds may be included in Tier 1 capital at a percentage of the nominal amount that
remained issued on the 31 December 2012 against the following limits:
Period Percentage
1 January – 31 December 2018 40%
1 January – 31 December 2019 30%
1 January – 31 December 2020 20%
1 January – 31 December 2021 10%
In addition to regulations regarding capital, own funds, and the calculation of risk weighted assets,
the CRR also specifies requirements in relation to the risk management system in place within
institutions.
Learning Objective
Ø Know the arrangements, processes and mechanisms CIFs should have in place for:
recovery and resolution; remuneration; treatment of risks; calculating and benchmarking
own funds requirements (Part II, chapter 1, section 1, paragraph 4–8)
Ø Know the arrangements, processes and mechanisms CIFs should have in place for: credit
and counterparty risk; residual risk; concentration risk; securitisation risk; market risk;
interest risk arising from non-trading activities; operational risk; liquidity risk; risk of
excessive leverage Part II, Chapter 1, section 1, paragraph 9–17)
CIFs need to have resolution plans in place as well as recovery plans in place to ensure they can restore
their financial situation after a significant deterioration. These plans need to be proportionate to the
size and business of the CIF. In consultation with CySEC they may be reduced if CySEC considers that
the failure of a specific CIF will not have a negative impact on financial markets, other institutions, or
funding conditions due to its size, business model, or interconnectedness with other institutions or
the financial system in general.
A CIF must cooperate closely with resolution authorities and provide all necessary information for
them to prepare and draft viable plans setting out options for the orderly resolution of a CIF in the
case of failure. The principle of proportionality applies here too.
2.2. Remuneration
CySEC is responsible for the collection of information that needs to be disclosed by institutions in
relation to remuneration of those categories of staff whose professional activities have a material
impact on its risk profile. The following information needs to be disclosed:
1. Information regarding the decision making process for the determination of the
remuneration policy, number of meetings held by the main body overseeing remuneration
during the financial year including (if applicable) information about the composition and
mandate of a remuneration committee, external consultant used for the determination of
the remuneration poly, and the role of relevant stakeholders.
3. Most important characteristics of the remuneration system, including criteria used for
performance measurement and risk adjustment, deferral policy, and vesting criteria.
5. Performance criteria that form the basis for the entitlement to shares, options, or variable
remuneration.
6. Main parameters and rationale for any variable component scheme and other non-cash
benefits.
a. amounts per for the financial year split into fixed and variable components and the
number of beneficiaries
b. amounts and forms of variable remuneration split into cash, shares, share-linked
instruments and others
d. amounts of deferred remuneration awarded during the financial year, paid out and
reduced through performance adjustments
e. new sign-on and severance payments made during the financial year and the number
of beneficiaries
9. Number of individuals remunerated €1 million or more per financial year broken down into
pay bands of €1 million including job responsibilities, business area, main elements of salary,
bonus, long-term awards and pension contribution.
10. On demand of CySEC – the total remuneration for each member of the managing body or
senior management.
The Board of Directors of a CIF needs to approve and periodically review the strategies and policies
for taking, managing, monitoring, and mitigating the risks a CIF is exposed to including those risks
posed by the macroeconomic environment and the business cycle. The board of directors need to
devote sufficient time to consideration of risk issues and be actively involved in ensuring adequate
resources are allocated to the management of all material risks, the valuation of assets, the use of
external credit ratings, and the use of internal risk models. The CIF must establish reporting lines to
the board of directors covering all material risks and risk management policies (including any
changes).
CIFs that are significant in terms of size, internal organisation, and the nature, scope and complexity
of their activities must establish a risk committee. The risk committee must consist of members of the
board of directors who do not perform any executive function in the CIF. Members of the risk
committee need to have the appropriate knowledge, skills, and expertise to fully understand and
monitor the risk strategy and risk appetite of the CIF. The risk committee advises the board of
directors regarding the overall current and future risk appetite and strategy, and assists with
overseeing the implementation of the strategy by senior management. The board of directors retains
overall responsibility for risks.
The risk committee reviews whether prices of liabilities and assets offered to clients fully take into
account the CIF’s business model and risk strategy. In the event this is not the case, the risk committee
shall present a remediation plan to the board of directors.
A CIF that is not considered significant may be permitted by CySEC to combine the risk committee
with the audit committee in which case the members must have the appropriate knowledge, skills,
and expertise to qualify for both committees.
The board of directors and, if applicable, the risk committee must have adequate access to
information regarding the risks of the CIF, the risk management function, and external expert advice
as appropriate. They must determine the nature, amount, format, and frequency of risk information
they need to receive. Without prejudice to the remuneration committee, they will examine whether
incentives provided by the remuneration system take into consideration risk, capital, liquidity, and
the likelihood and timing of earnings.
CIFs need to ensure they have a risk management function in place that is independent from the
operational functions and which shall have sufficient authority, stature, resources, and access to the
board of directors. The risk management function needs to be proportionate to the size and
complexity of the business. The risk management function is responsible for the identification,
measurement, and appropriate reporting of all risks. They need to be actively involved in elaborating
the risk strategy and all material risk management decisions. The risk management function needs to
be able to deliver a complete overview of the whole range of risks the CIF is subject to.
Where necessary, the risk management function must be able to report directly to the board of
directors, independent from senior management. They need to be able to raise concerns and warn
the board of directors of specific risk developments that (may) affect the CIF. The head of the risk
management function is an independent senior manager with distinct responsibility for the risk
management function. This function may be undertaken by another person within the CIF if the size,
scale and complexity of the organisation do not justify a specially appointed person provided there is
no conflict of interest. The head of risk management may not be removed without prior approval from
the board of directors.
CIFs that are significant in terms of their size, internal organisation and the nature, scale and
complexity of their activities, are encouraged to develop internal credit risk assessment capacity and
to increase use of the internal ratings based approach for calculating their own funds requirements
for credit risk where their exposures are material in absolute terms and where they have at the same
time a large number of material counterparties. In addition, they are encouraged to develop internal
specific risk assessment capacity and to increase use of internal models for calculating own funds
requirements for specific risk of debt instruments in the trading book, together with internal models
to calculate own funds requirements for default and migration risk where their exposures to specific
risk are material in absolute terms and where they have a large number of material positions in debt
For these CIFs, CySEC shall monitor that they do not solely or mechanistically rely on external credit
ratings for assessing the creditworthiness of an entity or financial instrument.
CIFs that are permitted to use internal approaches for the calculation of risk weighted exposure
amounts or own fund requirements except for operational risk, report the results of the calculations
of their internal approaches for the exposures or positions that are included in the benchmark
portfolios. CIFs shall submit the results of their calculations, together with an explanation of the
methodologies used to produce them, to CySEC at least annually. The results of these calculations
must be submitted to CySEC and EBA by means of the appropriate template.
On the basis of the reported information CySEC monitors the range of risk weighted exposure
amounts or own funds requirements, except for operational risk, for the exposures or transactions in
the benchmark portfolio resulting from the internal approaches of those CIFs. At least annually, CySEC
assesses the quality of those approaches paying particular attention to those approaches that exhibit
significant differences in own fund requirements for the same exposure and approaches where there
is particularly high or low diversity, and also where there is a significant and systematic under-
estimation of own funds requirements.
For CIFs that diverge significantly from the majority of their peers, or where there is little commonality
in approach leading to a wide variance of results, CySEC shall investigate the reasons. If it can be
clearly identified that a CIF’s approach leads to an underestimation of own funds requirements which
is not attributable to differences in the underlying risks of the exposures or positions, CySEC shall take
corrective action. CySEC shall ensure their decisions on the appropriateness of corrective actions
comply with the principle that such actions must:
a. maintain the objectives of an internal approach and therefore do not lead to standardisation
or preferred methods
CIFs must ensure they have appropriate processes and procedures in place to manage all the different
types of risk.
Credit granting must be based on sound and well-defined criteria. The process for approving,
amending, renewing, and refinancing need to be clearly established. Internal methodologies need to
enable the CIF to assess the credit risk of exposures to individual obligors, securities or securitisation
positions and credit risk at the portfolio level. Internal methodologies may not solely or mechanically
rely on external credit ratings.
When own funds requirements are based on a rating form an External Credit Assessment Institution
(ECAI), or based on the fact that an exposure is unrated, the CIF still needs to consider other relevant
information when assessing their allocation of internal capital.
Credit risk bearing portfolios and exposures need to be monitored on an ongoing basis including the
identification and management of problem credits and making adequate value adjustments and
provisions.
Portfolios need to be adequately diversified given a CIFs target market by applying effective systems
and overall credit strategy.
Residual risk is the risk that remains when credit mitigation techniques prove less effective than
expected. This risk needs to be addressed and controlled and incorporated in written policies and
procedures.
Concentration risk arises from exposures to counterparties, including central counterparties, groups
of connected counterparties, and counterparties in the same economic sector, geographic region, or
from the same activity or commodity. The risk mitigation techniques need to address risks associated
concentration risk, in particular risks with large indirect credit exposures such as a single collateral
issuer and need to be incorporated in written policies and procedures.
Securitisation risk arises from securitisation transaction in which the CIF is an investor, originator or
sponsor and includes reputational risk. These risks arise from the complex structures of the product
and must be evaluated and addressed through the appropriate policies and procedures to ensure the
economic substance of the transaction is fully reflected in the risk assessment and management
decisions.
CIFs who are originators of revolving securitisation transactions with early amortisation provisions
need to have Liquidity plans in place to address the implications of both scheduled and early
amortisation.
Policies and procedures need to be in place for the identification, measurement, and management of
all material sources and effects of market risks. Where short positions fall due before the long
position, CIFs must take measures against the risk of a liquidity shortage.
The internal capital must be adequate to cover all material market risks that are not subject to the
own funds requirements. CIFs that net their positions in one or more of the equities constituting a
stock-index against one or more positions in the stock-index futures or other stock-index products
when calculating the own fund requirements, must have adequate internal capital when they hold
opposite positions in stock-index futures which are not identical in respect of their maturity,
composition, or both.
CIFs that reduce their net underwriting position when calculating their own funds requirements must
ensure they hold sufficient internal capital against the risk of loss which exists between the time of
the initial commitment and the following working day.
CIFs must implement systems to identify, evaluate and manage the risk arising from potential changes
in interest rates that affect a CIF’s non-trading activities.
Policies and procedures need to be in place to evaluate and manage the exposure to operation risk
including model risk, and to cover low-frequency high-severity events. The policy needs to articulate
what constitutes operational risk for the purpose of the policies. The policies need to include
contingency and business continuity plans to ensure a CIF’s ability to operate on an on-going basis
and limit losses in the event of severe business disruption.
Robust strategies, policies, procedures, and systems need to be in place for the identification,
measurement, management and monitoring of liquidity risk over appropriate time horizons including
intra-day. These policies need to be in place to ensure they maintain adequate levels of liquidity
buffers and need to be tailored to business lines, currencies, branches and legal entity. They need to
include adequate allocation mechanisms of liquidity, costs, benefits and risks. The strategies, policies,
procedures and systems need to be proportional to the complexity, risk profile, scope of operation of
the CIF and the risk tolerance set by the board of directors and reflect the importance of the CIF in
the Republic. CIFs must communicate their risk tolerances to all relevant business lines.
The liquidity risk profile must not be consistent with, but not in excess of, those required of a well-
functioning and robust system while being proportionate to the nature, scale, and complexity of their
activities.
CySEC monitors developments in relation to liquidity risk profiles such as product design and volumes,
risk management, funding policies and funding concentrations. They will take effective action when
any developments may lead to individual CIF or systemic instability and will inform EBA about any
actions carried out.
CIFs must develop methodologies for the identification, measurement, management and monitoring
of funding positions. This includes the current and projected material cash-flows in and arising from
assets, liabilities, off-balance sheet items, including contingent liabilities and the possible impact of
reputational risk. A distinction must be made between pledged and unencumbered assets that are
available at all times, in particular during emergency situations. In addition, CIFs must take into
account:
1. The legal entity in which assets reside, the country where assets are legally recorded either
in a register or in an account and their eligibility and shall monitor how assets can be
mobilised in a timely manner.
2. Existing legal, regulatory, and operational limitations to potential transfers of liquidity and
unencumbered assets among entities, both within and outside the EEA.
3. Different liquidity risk mitigation tools, including a system of limits and liquidity buffers in
order to be able to withstand a range of different stress events and an adequately
diversified funding structure and access to funding sources. Those arrangements shall be
reviewed regularly.
4. Alternative scenarios on liquidity positions and risk mitigants and reviews the assumptions
underlying decisions concerning the funding position at least annually. Alternative
scenarios need to address off-balance sheet items and other contingent liabilities including
those of Securitisation Special Purpose Entities (SSPE) or other special purpose entities.
Taking into account the outcome of these scenarios the CIF must adjust their strategies,
internal policies and limits on liquidity risk and develop effective contingency plans.
Liquidity recovery plans need to be in place setting out adequate strategies and proper
implementation measures to address possible liquidity shortfalls, including in relation to branches in
other member states. Those plans need to be tested at least annually and updated if necessary. The
result of the test needs to be reported to and approved by senior management so that internal
policies and procedures can be adjusted accordingly. The necessary operational steps need to be
taking in advance to ensure liquidity recovery plans can be implemented immediately.
CIFs must have policies and procedures in place for the identification, management, and monitoring
of the risk of excessive leverage. Indicators of excessive leverage include the leverage ratio calculated
as the institute’s capital measure divided by their total exposure measure expressed as a percentage,
and mismatches between assets and liabilities.
The risk of excessive leverage must be addressed precautionary by taking into account potential
increases in the risk of excessive leverage caused by reductions of the CIF’s own funds through
expected or realised losses, depending on the applicable accounting rules. CIF’s must be able to
withstand a range of different stress events.
3. Governance
Learning Objective
Ø Know the governance requirements relating to: country-to-country reporting; public
disclosure of return on assets (section 2, paragraph 18–19)
Ø Know governance requirements relating to remuneration: remuneration policies; variable
elements of remuneration; remuneration committee (section 2, paragraph 20–22)
As of the first of January 2015, CIFs need to annually disclose, on a consolidated basis for the financial
year, the following information by Member State and by third country in which it is established:
2. turnover
The information needs to be audited in accordance with the auditors and statutory Audits of Annual
and Consolidated Accounts Law of 2009. Where possible, the information shall be published as an
annex to the annual financial statements or, where applicable to the consolidated financial
statements of the CIF. In addition, the CIF must report key indicators including return on assets
calculated as net profit divided by their total balance sheet.
3.2. Remuneration
The governance requirements related to remuneration apply to CIFs at group, parent company and
subsidiary levels, including those established in offshore financial centres.
Total remuneration includes salaries and discretionary pension benefits. When establishing and
applying the total remuneration policies, for categories of staff including senior management, risk
takers, staff engaged in control functions and any employee receiving total remuneration that takes
them into the same remuneration bracket as senior management and risk takers, whose professional
activities have a material impact on their risk profile, CIFs must comply with the following principles
in a manner and to the extent that is appropriate to their size, internal organisation and the nature,
scope and complexity of their activities:
1. the remuneration policy is consistent with and promotes sound and effective risk
management and does not encourage risk-taking that exceeds the level of tolerated risk of
the CIF
2. the remuneration policy is in line with the business strategy, objectives, values and long-
term interests of the CIF, and incorporates measures to avoid conflicts of interest
3. the CIF’s board of directors adopts and periodically reviews the general principles of the
remuneration policy and is responsible for overseeing its implementation
4. the implementation of the remuneration policy is, at least annually, subject to central and
independent internal review for compliance with policies and procedures for remuneration
adopted by the board of directors
5. staff engaged in control functions are independent from the business units they oversee,
have appropriate authority, and are remunerated in accordance with the achievement of
the objectives linked to their functions, independent of the performance of the business
areas they control;
6. the remuneration of the senior officers in the risk management and compliance functions is
directly overseen by the remuneration committee referred to in paragraph 22 in Directive
DI144–2014–14 or, if such a committee has not been established, by the board of directors
7. the remuneration policy, taking into account national criteria on wage setting, makes a clear
distinction between criteria for setting:
3. Total variable remuneration does not limit the ability of the CIF to strengthen its capital base.
4. Guaranteed variable remuneration is not consistent with sound risk management or the pay-
for- performance principle and shall not be part of prospective remuneration plans.
5. Guaranteed variable remuneration is exceptional, occurs only when hiring new staff and
where the CIF has a sound and strong capital base and is limited to the first year of
employment.
6. Fixed and variable components of total remuneration are appropriately balanced and the
fixed component represents a sufficiently high proportion of the total remuneration to allow
the operation of a fully flexible policy on variable remuneration components, including the
possibility to pay no variable remuneration component.
7. CIFs must set the appropriate ratios between the fixed and the variable component of the
a. the variable component shall not exceed 100 % of the fixed component of the total
remuneration for each individual.
b. shareholders of the CIF may approve a higher maximum level of the ratio between the
fixed and variable components of remuneration provided the overall level of the
variable component shall not exceed 200 % of the fixed component of the total
remuneration for each individual.
If the CIF was to apply a higher ratio for the fixed and variable compensation as noted in point 7B in
above they need to seek approval from the shareholders and provide a reasonable notice period for
them to act upon a detailed recommendation by the CIF giving the reasons for, and the scope of, an
approval sought, including the number of staff affected, their functions and the expected impact on
the requirement to maintain a sound capital base. At least 50% of the shares or equivalent ownership
rights must vote on the approval and it neds to be passed with a 66% majority, or a 75% majority of
the ownership rights represented if it is below 50%. It is the responsibility of the CIF to inform CySEC
without delay of the recommendation to its shareholders, including the proposed higher maximum
ratio and the reasons therefore. The CIF must be able to demonstrate that the proposed higher ratio
does not conflict with the CIF’s obligations in relation to the CIF’s own funds obligations. The CIF needs
to inform CySEC without delay of the decisions taken by the shareholders. CySEC provides EBA with
this information who will publish it on an aggregate home member state basis in a common reporting
format.
Any staff who are directly concerned by the higher maximum levels of variable remuneration referred
to in point 7B above must not, where applicable, be allowed to exercise, directly or indirectly, any
voting rights they may have as shareholders. CIFs may apply the discount rate to a maximum of 25 %
of total variable remuneration provided it is paid in instruments that are deferred for a period of not
less than five years.
8. Payments relating to the early termination of a contract reflect performance achieved over
time and do not reward failure or misconduct.
11. The allocation of the variable remuneration components within the CIF must also take into
account all types of current and future risks.
12. A substantial portion, and in any event at least 50 %, of any variable remuneration must
a. shares or equivalent ownership interests, subject to the legal structure of the CIF
concerned or share- linked instruments or equivalent non-cash instruments, in the case
of a non-listed CIF
b. other capital instruments that can be fully converted to Common Equity Tier 1
instruments. These instruments must be subject to an appropriate retention policy
designed to align incentives with the longer-term interests of the CIF. This point must be
applied to both the portion of the variable remuneration component deferred in
accordance with point (m) and the portion of the variable remuneration component not
deferred;
13. A substantial portion, and in any event at least 40 %, of the variable remuneration
component is deferred over a period which is not less than three to five years and is correctly
aligned with the nature of the business, its risks and the activities of the member of staff in
question. Remuneration payable under deferral arrangements shall vest no faster than on a
pro-rata basis. In the case of a variable remuneration component of a particularly high
amount, at least 60 % of the amount shall be deferred. The length of the deferral period shall
be established in accordance with the business cycle, the nature of the business, its risks and
the activities of the member of staff in question.
14. The variable remuneration, including the deferred portion, is paid or vests only if it is
sustainable according to the financial situation of the CIF as a whole, and justified on the
basis of the performance of the CIF, the business unit and the individual concerned. Without
prejudice to the general principles of national contract and labour law, the total variable
remuneration shall generally be considerably contracted where subdued or negative
financial performance of the CIF occurs, taking into account both current remuneration and
reductions in pay outs of amounts previously earned, including through malus or clawback
arrangements. Up to 100 % of the total variable remuneration shall be subject to malus or
clawback arrangements. CIFs must set specific criteria for the application of malus and
clawback. Such criteria shall in particular cover situations where the staff member:
a. participated in or was responsible for conduct which resulted in significant losses to the
CIF
15. The pension policy is in line with the business strategy, objectives, values and long- term
interests of the CIF. If the employee leaves the CIF before retirement, discretionary pension
benefits shall be held by the CIF for a period of five years in the form of instruments referred
to in point (l). Where an employee reaches retirement, discretionary pension benefits must
be paid to the employee in the form of instruments referred to in point (l) subject to a five-
year retention period.
16. Staff members are required to undertake not to use personal hedging strategies or
remuneration- and liability-related insurance to undermine the risk alignment effects
embedded in their remuneration arrangements.
17. Variable remuneration is not paid through vehicles or methods that facilitate the non-
compliance with this Directive or Regulation (EU) No 575/2013.
CIFs which are significant in terms of their size, internal organisation and the nature, scope and
complexity of their activities, must establish a remuneration committee. The remuneration
committee must be constituted in such a way as to enable it to exercise competent and independent
judgment on remuneration policies and practices and the incentives created for managing risk, capital
and liquidity. The remuneration committee is responsible for the preparation of decisions regarding
remuneration, including those which have implications for the risk and risk management of the CIF
concerned and which are to be taken by the board of directors. The Chair and the members of the
remuneration committee must be members of the board of directors who do not perform any
executive function in the CIF concerned. If employee representation on the board of directors is
provided for by Cyprus law, the remuneration committee shall include one or more employee
representatives. When preparing such decisions, the remuneration committee shall take into account
the long-term interests of shareholders, investors and other stakeholders in the CIF and the public
interest.
Learning Objective
The supervisory review and evaluation process (SREP) comprises the processes and measures
applied by CySEC to ensure that CIFs have sufficient capital to support all material risks to which
their business exposes them and includes:
• the review and evaluation of the CIF’s internal capital adequacy assessment process
(ICAAP) and strategies, as well as its ability to monitor and ensure its compliance with
own funds requirements
In determining the SREP framework, CySEC takes into account the following principles:
• Risk approach – the SREP is an essential part of CySEC’s risk-based overall supervisory
approach.
• Levels of application – all CIFs subject to the directive are required to prepare an ICAAP
report and are subject to the SREP.
• Activities – CySEC considers in the SREP all the activities of the CIF and all business units
that give rise to significant risks, whether these are related to domestic or non-domestic
operations.
• Risks and governance – CySEC formally evaluates the CIF’s business risks and internal
governance (including risk controls, compliance and internal audit). The evaluation will
focus on identifying each CIF’s risk profile and assessing the quality of the CIF’s risk
management system. CySEC reviews the controls that have been put in place to mitigate
risk, as well as the adequacy and composition of capital held against those risks. The
evaluation is forward looking and it will use both qualitative and quantitative techniques.
• Assessment and review – CySEC assesses the CIF’s ICAAP as part of its SREP, including a
consideration of the assumptions, components, methodology, coverage and outcome of
the CIF’s ICAAP.
• Compliance assessment – as part of the SREP, CySEC evaluates the CIF’s compliance with
the minimum requirements under the CRD, in addition to the ICAAP requirement, eg,
large exposures requirements.
• Measures – as part of the SREP, the CySEC needs to have sufficient information to
identify any supervisory actions or prudential measures that need to be applied to the
CIF.
• Communication – as part of the dialogue between the CIF and the supervisory authority,
CySEC will communicate the results of its risk assessment to the management or/and
the board of directors of the CIF, including any supervisory measures that have been
applied. CySEC may also provide qualitative feedback to the CIF about the adequacy of
its risk management and internal controls in relation to its business risk profile.
• Evaluation and revision – the annual review does not constitute a full risk assessment
of the CIF. On a periodic basis, CySEC will assess any significant changes to the overall
risk profile of the CIF. This will take into account the results of any supervisory visits,
inspections and other information received during the period, and will consider whether
the timing of the next full assessment remains appropriate. Any significant new
information received in the course of ongoing monitoring and supervision which may
affect the CIF’s risk profile will trigger consideration of the need for a formal review or
full risk assessment.
Learning Objective
Ø Understand the five key stages of the SREP: planning; review and assessment of ICAAP;
review of additional information; supervisory measures; SREP validation (Section 4)
CySEC has implemented the SREP process as outlined in the diagram below, identifying five stages
from planning through to validation.
• Planning – this phase refers to CySEC’s internal planning of the SREP for each CIF. Part of this
relates to CySEC’s request to a CIF to submit an ICAAP report.
• Review and assessment of ICAAP submission – during this phase CySEC typically undertakes
a desk-based review of the ICAAP, the process followed by the CIF in the preparation and
any additional documentation supporting ICAAP. In addition, this phase may include an on-
site assessment of the implementation of the ICAAP process.
• Review of additional information – this phase includes the outcome of the ongoing
supervision and other inspections or visits that have taken place in the most recent past and
that are relevant to the ICAAP. In addition, the CIF’s controls and governance, as well as the
results of the SREP onsite review and overall compliance with the rules and regulations, may
be subject to review.
• Supervisory measures for risk mitigation – during this phase, CySEC sets the capital resource
requirements for Pillar 2, and imposes any necessary supervisory measures for mitigating
risks.
• SREP validation – CySEC’s internal validation process of the results of the SREP.
Communication between the CIF and CySEC will take place throughout the process.
Learning Objective
The outcome of the SREP should define the level of capital that the CIF should hold, in order to cover
the full spectrum of risks it faces. This level of capital, which may be higher than the capital calculated
in the CIF’s own assessment (ICAAP), will form the CIF’s capital requirement.
The CIF’s management is responsible for monitoring the level of capital resources held against the
capital requirements set at the SREP, and ensuring that it has sufficient capital to cover the
requirements set. The CIF is responsible for informing CySEC if the level of capital resources is below
the capital requirements set at the SREP, or if it is expected to fall below it in the CIF’s planning
horizon.
Once the SREP is completed, subsequent periodic reviews will take place with different frequencies
per CIF depending on their complexity, the nature of their business, risks and systemic importance.
At least annually, any change in circumstances needs to be assessed. In case any of the key
assumptions underpinning the CIF’s ICAAP change, or its risk profile alters, and this results in a
situation in which the capital requirement no longer adequately reflects the underlying risks, the re-
assessment may need to be brought forward. In any event, it is expected that the CIF will notify CySEC
of any such changes.
Learning Objective
The ICAAP is a set of processes, procedures and measures implemented by a CIF to ensure:
• application and further development of suitable risk management and internal control
systems.
Learning Objective
• Assessment of capital adequacy relative to risk profile – every CIF must have an effective
and sound ICAAP process in place.
• Responsibility for ICAAP – the CIF is responsible for implementing the ICAAP process,
based on regulatory requirements and guidelines, and for setting target levels of own
funds, consistent with its risk profile and operating environment. Even when part or all
of the ICAAP procedures are outsourced, the CIF remains fully responsible for its ICAAP.
• Integral part of management process and decision-making culture – the ICAAP should
form an integral part of the CIF’s management processes, so as to enable the board of
directors and senior management of the CIF to assess, on an ongoing basis, the risks that
are inherent in their activities and material to the CIF.
• Regular review – the ICAAP should be reviewed by the CIF at least annually or, if
required, more frequently to ensure that risks are covered adequately and that capital
coverage reflects their actual risk profile. The ICAAP and its review process should be
subject to independent assessment by a function or person that has not been involved
in the ICAAP process, such as the internal audit function. Any changes in the CIF’s
strategic focus, business plan, operating environment or other factors that materially
affect assumptions or methodologies used in the ICAAP should initiate appropriate
adjustments to the ICAAP.
• Risk-based – the additional capital charge for the CIF will be significantly dependent on
its risk profile and operating environment. All considerations and factors taken into
account for the set of an internal capital target need to be presented through the
dialogue with CySEC and the assessment procedure for each one should be explained
and documented.
• Comprehensive – the ICAAP should capture all material risks to which the CIF is exposed.
Although no standard categorisation of risk types and definition of materiality is
provided, ICAAP should cover risks covered under Pillar 1, risks not fully captured under
Pillar 1 (eg, operational risk, concentration risk) and all risks covered under Pillar 2 (eg,
strategic risk, liquidity risk, reputation risk).
• Forward looking – the ICAAP should be strongly interconnected with the strategic plans
of the CIF and a forward capital plan should be put in place for a three- to five-year
period. The CIF should conduct appropriate stress tests which take into account, all the
material risks identified and analyse the impact of the test to the future capital
requirements of the CIF.
• Reasonable outcome – the ICAAP should produce a reasonable overall capital number
and assessment. The CIF should be able to provide CySEC with the adequate evidence.
Learning Objective
Under Pillar 1 of the Capital Requirements Directive (CRD) and the Basel Capital Accord, three types
of risks are identified that need to be managed.
Credit risk is the risk of loss of principal or financial reward caused by the borrower’s failure to repay
a loan or otherwise meet a financial obligation. The percentage interest due on a loan reflects the risk
taken by the lender.
CIFs should ensure that they effectively identify, measure, monitor and control credit risk which could
include an assessment of whether the CIF’s credit risk is fully captured in the capital assessed by Pillar
1. Credit risks that should be assessed include the following:
• investments in bonds and other instruments when there is counterparty credit risk
Market risk is the risk to value, earnings, or capital arising from movements of risk factors in financial
markets. This risk includes interest rate risk (including real- and nominal interest rates, credit spreads
and basis spreads), currency risk, equity risk (including dividend risk), and commodity risk (including
precious metals) and risks from changes in volatilities or correlations. Market risk is one of the Pillar
1 risks.
CIFs dealing on their own account are directly exposed to market risk. In addition, indirect exposure
to market risk occurs when the firm acts as an agent to fulfil a customer order in the event that the
transaction does not clear or settle properly.
Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes,
people and systems or from external events. This definition includes legal risk, but excludes strategic
and reputational risk.
Although operational risk is one of the most significant risks CIFs are exposed to, its calculation under
the Basel Capital Accord is based on approximation, not a true calculation of the actual risk. Therefore,
additional factors need to be considered when determining the exposure of the CIF, including the
impact of the loss of key individuals on the ability to operate normally, consequences of not complying
with conduct of business requirements, and internal or external fraud. In addition, the consequences
of an operational risk event occurring need to be considered, bearing in mind the systems and controls
in place to mitigate these risks. Tolerance for errors and losses needs to be taken into account.
As part of their risk assessment process CIFs should consider historical operational costs arising due
to matters such as trading errors or other unexpected costs. Similarly, the CIF should ensure that it
has adequately tested its business continuity procedures to ensure that they function adequately and
are suitable as risk mitigants.
In order to evidence adequate capital has been earmarked to ensure the continued existence of the
CIF, senior management should be able to demonstrate that the possibility of severe operational risk
losses has been considered. Any deficiencies need to be addressed by applying risk mitigants other
than capital.
Risk resulting from limitations in control and management could be a significant factor for smaller
CIFs. The concept of proportionality means that supervisors will not expect the same degree of
sophistication of governance arrangements and controls that could be found in a large CIF. The overall
risk profile of a smaller CIF may, however, be higher and smaller CIFs are expected to consider the risk
resulting from limitations in control and management as part of their internal capital assessment.
Important focus should be given to the control mechanisms in place to safeguard client’s assets held
by the CIF.
Learning Objective
Ø Understand risk typologies not fully covered in Pillar 1 (Section 4.4.3.2): credit
concentration risk; residual risk; securitisation risk; settlement risk; foreign exchange risk
There are a number of risk types that are not fully covered within Pillar 1 of the CRD and Basel Capital
Accord.
• Credit concentration risk – a risk concentration is any single exposure or group of similar
exposures (eg, to the same borrower or counterparty, geographic area, industry or other
risk factors) with the potential to produce losses large enough (relative to a CIF’s earnings,
capital, total assets or overall risk level) to threaten a CIF’s ability to maintain its core
operations or a material change in a CIF’s risk profile. Risk concentrations should be
analysed at both a local legal entity level and a consolidated basis. An unmanaged
concentration in a subsidiary may appear immaterial at the consolidated level, but can
still threaten the viability of the subsidiary itself. For most CIFs concentration risk is
significant and is most likely the result of large exposures to a limited number of
counterparties, a large transaction or a single product type.
• Residual risk – occurs, for example, as a result of the low performance or failure of credit
risk mitigation techniques such as ineffective documentation, or delay or inability to
realise payment from a client in a timely manner.
• Settlement risk – is the risk that one party fails to deliver the asset or cash value at the
time of settlement of a trade. This is of particular importance when transferring funds on
behalf of clients.
• Foreign exchange risk – is the risk of movement in foreign exchange rates resulting in a
loss for the CIF. Due to the high liquidity and volatility of the market, these losses can be
significant and it is therefore essential for CIFs to identify, measure and manage their
foreign exchange risk effectively. The risk is not confined to proprietary positions and
extends to known profit flows in foreign currencies, client-driven transactions and
provisions for bad debts denominated in foreign currency.
Learning Objective
In addition to credit, market, and operational risk, there are a number of risks that are identified in
Pillar 2.
Liquidity risk is defined as the risk that a CIF has insufficient financial resources to meet its current
and prospective obligations, as they fall due, or can only secure these resources at excessive costs.
Liquidity risk can arise from:
• failure to recognise or address changes in market conditions that affect the ability to
liquidate assets quickly and with minimal loss in value.
CIFs need to assess their exposure to liquidity risk, their ability to respond to liquidity drainage in the
market and their ability to repay all their obligations to clients at all times. A liquidity contingency plan
needs to be in place to enable the CIF to handle liquidity shortages.
Capital is risk sensitive and may vary over time as business cycles and conditions change. Deterioration
in business or economic conditions may result in a situation that additional capital is required at a
time when market conditions are unfavourable. In order to assess expected capital requirements over
economic and business cycles, CIFs need to project their financial position forward, taking into
consideration their business strategy, expected growth, an assessment of the changes in economic
and business cycles, and other factors such as competition, and lower than expected performance.
This will enable the CIF to assess the level of changes it can sustain in its environment. Projections will
need to be made for a three- to five-year period to calculate the projected capital resource
requirement. The CIF needs to assess whether it can meet the projected capital requirements from
its expected financial resources.
CIFs are exposed to performance risk and need to assess how they will manage their relationships
with clients during periods of poor performance. In addition, performance risk may affect a CIF’s
ability to generate income.
Legal and compliance risk may arise as a result of breaches or non-compliance with legislation,
regulations, practices or ethical standards:
• investment advice – legal risk of breaching the customer’s obligations, for example, by
providing unsuitable advice
Additionally, non-compliance and possible penalties from CySEC should be taken into consideration
under this risk category. Anti-money laundering practices should also be assessed as part of the
compliance with regulatory requirements.
Reputational risk is the adverse perception of the image of the CIF by customers, counterparties,
investors or regulators.
It may arise from providing poor customer service or from fines imposed by CySEC that create a
negative feeling towards the CIF from the market.
Strategic risk occurs as a result of adverse business decisions, improper implementation of decisions
or lack of responsiveness to changes in the business environment.
A CIF needs to assess the impact of its business plans on its capital over the time horizon which it uses
in its business plan.
Group risk applies to all subsidiaries that are part of a group which is established either in the Republic,
another member state, or a third country. Group risk relates to the risks that emanate from the
relationship that the CIF has with other group entities. For example, a CIF that has a parent in a third
country which does not apply Basel II rules and has exposure to high political risk, needs to assess the
possibility of being indirectly adversely impacted from a political event in the set-up stage of the
parent company.
CySEC considers this risk of high importance and requires that each CIF which falls into this category
adequately evaluates the risks that could arise from the relationship with other entities of the group
or the parent.
When assessing the adequacy of their capital, CIFs should consider the impact of external factors.
Material risks arising from the ICAAP review itself should be detailed in the report including the nature
of the risks and their possible impact. The effectiveness of any mitigating controls needs to be
considered and, for Pillar 2 purposes, an adequate amount of capital should be held.
Learning Objective
Ø Understand the following risk management tools: risk register (Section 4.4.3.4); stress
testing (Section 4.5)
A risk register is used by a CIF to document and categorise all risks that it is, or could be, exposed to
in the future. The risk register includes an indication of severity of the risk and the adverse impact it
could have had on the CIF if it had remained unidentified.
The impact can be measured either in quantitative or qualitative terms, such as economic loss, capital
loss, reputational loss and loss of human life. The result of the assessment will be the profiling of risks
in different categories of severity.
Stress testing is a general term, covering quantitative and qualitative techniques and risk
management methodologies that can be applied by financial institutions to obtain an overview of
their exposure or vulnerability to the impacts of exceptional but possible events that may occur due
to rare risk events that can have severe consequences. Stress testing has gained significant
importance as a result of the most recent financial and economic crisis and needs to be an integral
part of the ICAAP and risk management framework of every CIF.
The purpose of stress tests required in the ICAAP is to assess all material risks of the CIF in a
comprehensive, integrated and forward-looking manner. The scope of stress tests includes the
consideration of the impact of all market, economic, institutional or political risk factors which may
have a perceivable, substantial impact on the prudent and solvent operation of the CIF.
CySEC believes that there is no single correct stress testing methodology. The range of approaches
acceptable for a specific CIF depends on its size, activities, risk appetite and the quality of risk
management. The applied stress-testing methodology needs to be sufficiently sophisticated given its
circumstances, and needs to comply with the regulations. Stress tests applied under the framework
of the ICAAP in business and regulatory practice usually relate to three main methods:
• Scenario analysis – assumes the simultaneous change of several risk factors and
quantifies their combined impact on the position of a CIF. The analysis is based on
expected, hypothetical and historic scenarios. The main advantage is that scenario
analysis takes the relationship between risk factors into consideration, which allows for
an integrated approach to risk. The main disadvantage is that, in the event of a crisis,
interrelations between risk factors are not necessarily stable.
• • Reverse stress testing – primarily designed to be a risk management tool for the
identification of vulnerabilities and defects in the business model, reverse stress testing
requires a CIF to assess scenarios and circumstances that would render its business
models unviable. Reverse stress testing starts with the outcome of a business failure and
identifies the circumstances under which these outcomes might occur. Based on the
analysis of the results, senior management should determine whether triggers are
required for future action in the event a particular scenario would develop.
• • must be defined with a view to the CIF’s portfolio characteristics and assumed risks,
and in line with the external environment
• • need to be reviewed annually, as well as at the time of any (expected) changes to the
factors and revised as necessary
• • need to be suitable for the specific circumstances, risk profile and operational model
of the CIF
• • must be forward looking, and therefore take into consideration the current position
as well as any future strategic developments
• • the impact of adverse scenarios must demonstrate any future impacts on the
profitability and capital adequacy of the CIF.
As part of the assessment process, management actions need to be defined and assigned to
responsible people and departments for implementation. Once implemented, the stress test should
be run again to observe any changes on the impact.
1. On which basis may CySEC waive the capital requirements on a consolidated basis?
Answer reference: Section 1.1
2. What is an equivalent third country?
Answer reference: Section 1.3
3. What are the risk weights and credit quality steps when equivalent third countries assign a
risk lower than 100% to central banks?
Answer reference: Section 1.3
4. What is the large exposure limit?
Answer reference: Section 1.4
5. Who approves and reviews the risk policies?
Answer reference: Section 2.3
6. What is residual risk?
Answer reference: Section 2.6.2
7. List the information that needs to be disclosed on a consolidated basis per member state
and geographical location?
Answer reference: Section 3.1
8. Describe the five stages of the SREP process.
Answer reference: Sections 4.1 and 4.2
9. Summarise the SREP outcomes.
Answer reference: Section 4.3
10. List the ICAAP principles.
Answer reference: Section 5.2
11. Describe the responsibilities of the risk management function in ICAAP.
Answer reference: Section 5.3
12. Define operational risk.
Answer reference: Section 5.3.3
13. List the typologies not fully covered in Pillar 1.
Answer reference: Section 5.4
14. Describe business risk.
Answer reference: Section 5.5.2
15. Define the three methods of stress testing.
Answer reference: Section 5.6.2
Learning Objectives
Learning Objective
European Market Infrastructure Regulation (EMIR) came into force in 2012, and is designed to put
into practice several of the commitments made by the G20 leaders to reform derivatives markets in
the EU. It promotes transparency in derivatives markets and aims to reduce systemic risk. EMIR
mandates the central clearing of standardised and liquid OTC derivatives contracts, and sets out the
prudential and operational requirements for derivatives transactions. Counterparties and CCPs are
required to report all details regarding their derivatives contracts to trade repositories. EMIR also
requires CCPs and trade repositories to fulfil prudential minimum requirements.
Derivatives play an important role in the economy, but they also bring certain risks. These risks were
highlighted during the 2008 financial crisis, when significant weaknesses in the OTC derivatives
markets became evident.
On 17 June 2019, EMIR Refit came into force which brought significant changes to the existing
regulation.
Enhancing Transparency
EMIR introduces reporting requirements to make derivatives markets more transparent. Under the
Regulation:
• detailed information on each derivative contract has to be reported to trade repositories and
made available to supervisory authorities
• trade repositories have to publish aggregate positions by class of derivatives for both OTC and
listed derivatives
• the European Securities and Markets Authority (ESMA) is responsible for the surveillance of
trade repositories and for granting and withdrawing accreditation.
EMIR introduces rules to reduce the counterparty credit risk of derivatives contracts; in particular:
• all standardised OTC derivatives contracts must be centrally cleared through CCPs
• CCPs must comply with stringent prudential, organisational and conduct of business
requirements.
EMIR also requires market participants to monitor and mitigate the operational risks associated with
trading in derivatives such as fraud and human error, for example by using electronic means to
promptly confirm the terms of OTC derivatives contracts.
2. General Requirements
Learning Objective
Ø Know the general requirements relating to the Clearing Obligation (Articles 4 and 5)
Ø Know the reporting obligations under EMIR Refit (Article 9) and the amendments to the
CCP regime
Ø Know the general requirements relating to the Risk Mitigation Techniques (Articles 11.5,
11.6, 11.7, 11.8 and 11.10)
Ø Know EMIR regulation relating to capital requirements for CCPs (Article 16)
Ø Know the general requirements relating to large exposures; exposures to transfer credit
risk (ESMA and EBA Guidance on CRR and EMIR)
Ø Know the general requirements relating to liquidity (Article 41, 44)
Ø Know the general requirements relating to leverage
Ø Know the general disclosure requirements (Article 38)
EMIR includes the obligation to centrally clear certain classes of over-the-counter (OTC) derivative
contracts through Central Counterparty Clearing (CCPs). For non-centrally cleared OTC derivative
contracts, EMIR establishes risk mitigation techniques.
The Regulation (EU) 2019/834 amending EMIR, EMIR Refit, introduces changes in the OTC regulatory
framework. Some of the most relevant aspects include a change on the way to determine which
counterparties are subject to the clearing obligation and the inclusion of a mechanism to suspend the
clearing obligation.
The clearing obligation applies to EU firms that are counterparties to an OTC derivative contract
including interest rate, foreign exchange, equity, credit and commodity derivatives.
EMIR identifies two categories of counterparties to whom the clearing obligation applies depending
on whether their positions are above or below the clearing thresholds:
• Non-Financial counterparties (NFC), firms taking positions in OTC derivative contracts other
than financial counterparties.
Intra-group transactions are exempted from central clearing under certain conditions, pension funds
included.
Financial counterparties and non-financial counterparties need to inform ESMA and the relevant
national competent authority when they exceed the clearing threshold and when they no longer
exceed it.
EMIR introduces the obligation to clear certain classes of OTC derivatives in CCPs that have been
authorised (for European CCPs) or recognised (for non-EU CCPs) under the EMIR framework.
EMIR foresees two possible processes for the identification of the relevant classes of OTC derivatives:
1. The “bottom-up” approach described in EMIR Article 5(2), according to which the
determination of the classes to be subject to the clearing obligation will be done based on the
classes which are already cleared by authorised or recognised CCPs.
2. The “top-down” approach described in EMIR Article 5(3), according to which ESMA will on its
own initiative identify classes which should be subject to the clearing obligation but for which
no CCP has yet received authorisation.
Non-EU Counterparties
Under certain conditions, the clearing obligation may also apply to third-country (non-EU)
counterparties including when:
3. An impact on EU markets exists (a direct, substantial and foreseeable effect in the EU)
As of 18 December 2019:
- CCPs are required to provide their clearing members with a simulation tool allowing them to
determine the amount of additional initial margin, on a gross basis, that the CCP may require
Page 224 of 334
Financial Services Regulatory Framework:
Advanced Examination
- member states’ national insolvency laws shall not prevent a CCP from acting in accordance
with certain obligations.
As of 18 June 2020:
- The Financial Counterparty are solely responsible and legally liable for reporting on behalf of
both itself and NFCs that are not subject to the clearing obligation with regard to OTC
derivative contracts entered into by those counterparties, as well as for ensuring the
correctness of the details reported.
- In relation to UCITS and AIFs, the management company of a UCITS and the AIFM,
respectively, are responsible and legally liable for reporting on behalf of that UCITS or AIF with
regard to OTC derivative contracts, to which the UCITS or AIF is a counterparty, as well as for
ensuring the correctness of the details reported.
EMIR’s risk mitigation requirements apply to all non-centrally cleared OTC derivative transactions.
Those techniques include timely confirmation, portfolio reconciliation and compression, dispute
resolution procedures and the exchange of collateral.
As a general rule, financial counterparties must have risk management procedures in place that
require the timely, accurate and appropriately segregated exchange of collateral with respect to OTC
derivative transactions. Under EMIR Refit, Investment Funds and Central Securities Depositories have
been added in the definition of Financial Counterparties whereas a new category, that of a “small
financial counterparty” was introduced.
This requirement also applies to non-financial counterparties, but only after the clearing threshold is
exceeded. Under EMIR Refit, the threshold calculation and clearing requirements have been
narrowed. However, NFCs remain subject to the requirement to exchange collateral where any of the
clearing thresholds is exceeded.
This requirement does not apply to intragroup transactions within the EU between financial and/or
non-financial counterparties, providing that there is no foreseen practical or legal impediment to the
prompt transfer of own funds or the repayment of liabilities between parties. In the event that one
of the parties to an intragroup transfer is based in a third-country with equivalent regulations to the
EU, the transfer may be partly or wholly treated in the same way.
In relation to the exchange of collateral for OTC derivatives contracts that are not cleared by a central
counterparty (CCP), the Commission Delegated Regulation 2016/2251 contains the following
provisions:
Counterparties have to exchange both initial and variation margin. These provisions reduce
counterparty credit risk, mitigate any potential systemic risk and ensure alignment with international
standards.
List of eligible collateral for the exchange of margins, the criteria to ensure the collateral is sufficiently
diversified and not subject to wrong-way risk, as well as the methods to determine appropriate
collateral haircuts.
Procedures for counterparties and competent authorities related to the treatment of intragroup
derivative contracts.
A CCP must have at least €7,5 million in capital to be authorised. Its capital, including retained earnings
and reserves, needs to be proportionate to the risk associated with their activities and must, at all
times, be sufficient to:
ensure an orderly wind-down or restructuring of activities over an appropriate time span, and
provide adequate protection of the CCP against credit, counterparty, market, operational, legal, and
business risks not already covered by specific financial resources.
The large exposure regime is captured in the Capital Requirements Regulation (CRR) of the EU. A
specific report, issued by the EBA and ESMA on the functioning of the CRR and EMIR covers the large
exposure regime in light of EMIR.
Under the CRR, institutions may not incur net exposures of a value in excess of 25% of the eligible
capital of the institution. In the event that the client is an institution, or if a group of connected clients
includes one or more institutions, the value of the net exposure may not exceed 25% of the
institution’s eligible capital, or €150 million (whichever is highest). Due to the nature of their business,
CCPs can easily exceed the large exposure limit, and they are explicitly exempted from the large
exposure requirements.
2.6. Liquidity
Access to adequate liquidity is essential for a CCP. Liquidity may derive from access to central bank
liquidity, creditworthy and reliable commercial bank liquidity or both. In assessing the adequacy of
liquidity resources, especially in stress situations, a CCP should take into consideration the risks of
obtaining the liquidity by only relying on commercial banks credit lines. CCPs must measure and assess
their liquidity and credit exposures to each clearing member and (if relevant) other CCPs with whom
they have concluded an interoperability arrangement on a near-time or real-time basis. A CCP needs
to have access to relevant pricing resources in a timely manner and in a non-discriminatory basis,
considering a reasonable cost basis.
At all times, a CCP should have access to adequate liquidity to perform its services and activities. In
order to ensure that its liquidity needs are covered in the event that the financial resources at its
disposal are not immediately available, it will obtain the necessary credit lines or similar
arrangements. A clearing member, parent undertaking or subsidiary of that clearing member together
shall not provide more than 25 % of the credit lines needed by the CCP. On a daily basis the CCP needs
to measure its potential liquidity needs, taking into account the liquidity risk generated by the default
of the two clearing members to whom they have the largest exposures.
2.7. Leverage
Financial stability can be threatened by a number of conditions including highly leveraged and
interconnected institutions for the bank and non-bank sector and failures in the functioning of
financial markets. In the current revision of EMIR, specific attention is paid to the use of
macroprudential policies to mitigate systemic risk from excessive leverage and procyclicality in
collateral requirements.
Margin and haircut practices can exacerbate systemic risks by contributing to the build-up of excessive
leverage in the financial system during upswings and deleveraging during downswings. Margins and
haircuts contribute to financial stability by absorbing losses and helping to manage financial risk.
However, collateral requirements may also be procyclical due to the effects of changes in asset prices
on valuations: as asset prices increase, the valuations of securities that have been provided as
collateral at a CCP or in a bilateral transaction increase. This means that fewer securities are required
to collateralise a given exposure, thereby allowing for the build-up of leverage during upswings.
Conversely, a fall in asset prices triggers automatic calls for more collateral, which might force
deleveraging, thereby amplifying the effects of downswings in asset prices. This procyclicality arising
from automatic valuation effects may be compounded by the characteristics of the risk-based models
used by CCPs and by participants in bilateral markets. These models generally link the calculation of
margins and haircuts to price volatility, which means that margin and haircut requirements will tend
to decrease when conditions in financial markets are benign, and increase when volatility rises. The
procyclical aspect of margin and haircut requirements can exacerbate ‘leverage cycles’ in which
market participants use the collateral freed up by higher asset prices and lower margin and haircut
requirements to increase their borrowing and contingent commitments from derivatives, thereby
accumulating financial and synthetic leverage. This process can lead to a destabilising deleveraging
mechanism when asset prices fall. The reason is that firms that are faced with increasing margin calls
and haircuts at the very time when the value of their collateral declines may have to close positions,
thereby triggering asset fire sales.
2.8. Disclosure
A CCP and its clearing members will publicly disclose the prices and fees for each of its services
individually including discounts and rebates. In the event that they offer discounts or rebates, they
need to publish the conditions to benefit from such a reduction. Costs and revenues of the services
need to be accounted for separately and disclosed to CySEC. A CCP needs to disclose the risks
associated with its services to clearing members and clients. In addition, price information used to
calculate the end-of-day exposures needs to be disclosed to their clearing members and to CySEC.
The technical requirements relating to the communication protocols of content and message formats
used need to be publicly disclosed.
Any breaches by clearing members will need to be disclosed publicly, except in cases where CySEC, in
consultation with ESMA, considers that this would:
2. The transfer of the own funds limit does not apply to which type of organisations?
Answer reference: Section 2.1
Chapter 11
Recovery and Resolution Laws
Learning Objectives
Law 20(I) of 2016 provides for the recovery of Cypriot investment firms (CIFs) and other entities under
the supervision of CySEC. The law applies to CIFs in the Republic, as well as to entities authorised in
third country states that undertake investment business in the Republic, including financial holding
companies, mixed (financial) holding companies, and branches of third-country investment
undertakings. All articles in this chapter refer to Law 20(I) of 2016, unless specified otherwise.
1. Recovery Planning
Learning Objective
Ø Know the recovery planning obligations and the assessment and relevant provisions for CIF
that are not part of a group subject to consolidated supervision (Article 4); CySEC evaluation on
simplified obligations (Article 5); group recovery plan (Article 6)
CIFs that are not part of a group subject to consolidated supervision need to draw up and maintain a
recovery plan providing for measures to be taken by it to restore its financial position following a
significant deterioration of its financial situation. Recovery plans are part of a CIF’s governance
arrangements, and need to include the following:
1. Where applicable, an analysis of how and when an institution may apply for the use of
central bank facilities and identify the assets that would qualify as collateral.
3. A summary of material changes to the CIF since the most recently filed recovery plan.
4. A communication and disclosure plan to deal with potentially negative market reactions.
7. A detailed description of any material impediment to the timely and effective execution of
the plan.
9. A process for determining value and marketability of core business lines, operations and
assets.
10. A detailed description of the integration of recovery planning in the corporate governance
structure.
18. Preparatory arrangements to facilitate the sale of assets and business lines within an
appropriate time frame.
A recovery plan should not assume access to extraordinary public financial support. It plan needs to
be approved by the management body before being submitted to CySEC, and needs to be reviewed
at least annually, and after any material change of the legal or organisational structure of the CIF.
Any union parent undertakings supervised on a consolidated basis by CySEC need to provide a group
recovery plan that covers the group as a whole, including specific measures that apply to the group
as a whole, and with the aim of stabilising the group as a whole. To this end the group recovery plan
needs to include arrangements that ensure coordination and consistency of measures to be taken at
the level of the union parent undertaking as well as any of its subsidiaries and significant branches.
Both the group recovery plan and the recovery plan of an individual subsidiary need to include all
elements outlined above, where applicable arrangements for intra-group financial support. Any
obstacles to the implementation need to be addressed at both the group and the individual level. The
plan needs to be approved by the management body prior to submission to CySEC who will inform
local competent authorities and competent authorities of member states where significant branches
are located.
CySEC may, after assessing the extent of the impact that an insolvency situation may have on a CIF
and whether its bankruptcy is likely to have a negative effect on the financial markets, other
institutions, the financing conditions, or the wider economy, and after notify the EBA accordingly,
specify by a Directive the simplified obligations of CIFs in relation to:
o the deadline for drawing up the first recovery plans and how often they shall be updated
o where appropriate, the content and individual data of the required information
CIFs representing a significant share of the financial system in the Republic must prepare the recovery
plans based on the provisions of the legislation. The operations of a CIF are considered to represent
a significant share of the financial system in the Republic, if any of the following conditions are met:
o the percentage of its total assets in relation to the GDP of the Member State of establishment
exceeds 20%, unless the total value of its assets does not exceed €5 billion
Learning Objective
Institutions that are part of a union parent undertaking may enter into an agreement to provide intra-
group financial support where the party that receives the support meets the conditions for early
intervention in line with the recovery plan and the regulations. Institutions may provide financial
support to any group entity in financial difficulties without a financial agreement if the institution
decides to do so on a case-by-case basis according to group policies and the support does not
represent a risk for the whole group. The group financial support agreement may cover any
combination of entities that are part of the group (eg, parent to subsidiary and subsidiary to
subsidiary). The agreement needs to specify the principles for the calculation of the consideration for
any transactions made under it whereas the consideration will be set at the time of the provision of
financial support. The intra-group financial agreement needs to comply with the following:
3. Each party providing support needs to have full disclosure of all relevant information from
the recipient.
5. The calculations for consideration do not take into account any anticipated temporary
impact on market prices.
Intra-group financial agreements are approved by CySEC only if none of the parties complies with the
conditions for early intervention outlined in section 3 below.
3. Early Intervention
Learning Objective
A CIF may infringe the own funds requirements as a result of a rapidly deteriorating financial
condition, deteriorating liquidity, increasing levels of leverage, non-performing loans, or
concentration of exposures. This is typically assessed on the basis of a set of triggers including, for
example, own funds
+1.5%. In the event that the CIF infringes, or is due to infringe, the own funds requirement CySEC may
require the management of the CIF to update its recovery plan if the triggers are not yet described in
the current recovery plan. CySEC may also require the management body to examine the situation
and to identify measures to overcome any problems identified by means of a clear action plan,
including a timetable for implementation. In addition, CySEC may require the following:
Finally, CySEC may undertake on-site inspections and provide all the necessary information to the
resolution authority to update the resolution plan and prepare for the possible resolution of the CIF,
and the valuation of the assets and liabilities.
3.1. Administrators
• a special administrator
• a temporary administrator
A special administrator is appointed by the resolution authority for a period not exceeding one year,
and assumes the management of the institution. The resolution authority may appoint one or more
persons, strictly based on professional experience, knowledge of banking-related issues, and personal
criteria to ensure the suitability of the appointed person(s). During their term they shall not engage
in any other employment unless this is specifically approved by the resolution authority. The special
administrator will exercise their duties with diligence, professionalism, integrity, discretion and
confidentiality. Their remuneration will be borne by the institution. They shall have access to any data
Page 234 of 334
Financial Services Regulatory Framework:
Advanced Examination
• revise business services and policies related to granting advances and/or accepting and
attracting deposits
• remove or replace members of the management body and senior executive director
• allow take-overs by institutions that are financially and organisationally sound, and
Upon approval from the resolution authority, they may also appoint or place personnel in any organic
or administrative post, and hire external legal or financial consultants, or consultants of any other
professional capacity or qualifications. A full report will be submitted to the resolution authority
within 30 days of the appointment of the special administrator including, among other things, an
updated balance sheet, an assessment of the effectiveness of the resolution measures, and a list of
assets categorised by degree of risk.
A temporary administrator is appointed by CySEC for a period not exceeding one year in the event
that the replacement of senior management is deemed insufficient. They can either temporarily
replace or work with the CIF’s management body. On the basis of want is proportionate given the
circumstances, CySEC specifies their powers at the time of the appointment, and limits their role and
duties. Where the temporary administrator works with the CIF’s management, CySEC will further
clarify the role, duties and powers, as well as any requirements for the CIF’s management body to
consult with, or obtain consent from the temporary administrator. Unless the temporary
administrator does not have the power to represent the CIF, all appointments of temporary
administrators will be made public. It is the responsibility of CySEC to ensure that the temporary
administrator has the appropriate qualifications, ability and knowledge. CySEC has executive powers
to appoint and remove any temporary administrator at any time, or to vary their terms of
appointment; in addition, they may require certain acts to be preapproved by them. CySEC is
responsible for determining whether the conditions are appropriate to maintain a temporary
administrator, and will justify their decision to the CIF’s shareholders.
4. Resolution
Learning Objective
Ø Know the resolution tools: the sale of operations measures (Article 48 of L.22(I)/2016 CBC);
the measure to transfer assets, rights or liabilities to a bridge institution (Article 50 of
L.22(I)/2016 CBC); the measure to transfer assets and rights to an asset management
company (Article 52 of L.22(I)/2016 CBC); the bail-in measure (Article 53 of L.22(I)/2016 CBC)
Ø Know the special resolution requirements: the sale of business measure (Article 23); the asset
transfer measure (Article 24); treatment of shareholders in case of write down or conversion
of capital instruments (Article 25); classification of mutual requirements (Article 41(A))
The resolution tools are outlined in Law 22(I)/2016 (the resolution of credit institutions and
investment firms law 2016) of the Central Bank of Cyprus (CBC).
The Central Bank of Cyprus acts as the resolution authority and has the following measures available:
4. Bail-in – a mechanism for the exercise by the resolution authority of the write-down and
conversion powers in relation to liabilities of an institution under resolution
5. Write down or conversion – a mechanism to write down and convert capital instruments;
common equity tier 1 will be written down, and additional tier 1 and tier 2 will be written
down or converted into common equity tier 1 capital.
For the resolution of CIFs and of other supervised entities, special requirements apply according to
the legal provisions of Law 20(I)/2016.
Sale of business: In the event of the sale of a business tool by the resolution authority, CySEC needs
to check whether the acquirer of the business has the appropriate authorisation to undertake the
business. CySEC will ensure that an application for authorisation associated with the sale of the
enterprise will be considered in a timely manner.
In the event that the transfer of shares or other financial instruments results in the acquisition or
increase of a qualifying holding in a CIF, CySEC will carry out the appropriate assessments in a timely
manner so as not to delay the resolution. In the event that CySEC has not finalised their assessment
by the date of transfer, the transfer will take place with immediate effect, but the voting rights of the
acquirer will be suspended until the assessment is complete. CySEC will promptly finalise their
assessment and will notify the resolution authority and the acquirer whether they oppose or approve
the transfer.
Transfer of assets: CySEC may grant permission for the establishment of a bridge institution without
complying with the Investment Services and Activities and Regulated Markets Law for a short period
of time so that assets can be separated from the institution in resolution. The authorisation will
stipulate for which period the bridge institution is waived from complying to the requirements of the
law.
Bail-in: In the event that CySEC has not completed the assessments required in relation to
shareholders in bail-in, write-down or conversion on the date of application, the transfer will be made
with immediate legal effect, but voting rights will be suspended during the assessment period.
Insolvency proceedings: During the normal insolvency proceedings of a CIF, the provisions for the
verification and classification of claims of article 300 of the Companies Law are applied. In the cases
of unsecured claims, the special provisions of the mentioned Law are followed.
5. Procedural Obligations
Learning Objective
Ø Know the notification requirements pertaining to the expected and actual failure of a CIF
(article 29)
CySEC needs to be notified when it is considered that a CIF is failing, or is likely to fail. They shall, in
turn, notify the relevant resolution authorities including any crisis prevention measures or actions. In
the event that CySEC determines that the conditions for resolution are met, they will inform the
following:
• The resolution authority and the competent authority of the entity and any branch of the
entity.
• The CBC and the competent central bank of the member state (if applicable.
• A consolidating supervisor.
• The European Systemic Risk Board (ESRB), and the designated national macro-prudential
authority.
At all times, the appropriate level of confidentiality needs to be maintained and alternatives may need
to be considered for the deposit guarantee scheme and the resolution financing agreement if
confidentiality cannot be ensured.
Learning Objective
Ø Know how the law facilitates cross-border resolution: resolution colleges (Article 33);
cooperation with third country authorities (Article 34); exchange of confidential information
(Article 35)
In its capacity of consolidating supervisor, CySEC performs the following tasks in a resolution college:
1. The exchange of information that is relevant to the development of group resolution plans
including preparatory and preventative powers.
2. The coordination of the public communication of group resolution strategies and schemes.
CySEC will be a member of the resolution college, of which the resolution authority is also a member,
and may be accompanied by a representative of the Central Bank of Cyprus.
CySEC may enter into a memorandum of cooperation with the following third-county authorities:
1. For union subsidiaries established in two or more member states: the relevant authorities of
the third-country where the parent undertaking is established.
2. For an institution operating branches in two or more member states: the relevant authorities
of the third country where the institution is established.
4. For institutions for which a subsidiary or significant branch in another member state has
Page 238 of 334
Financial Services Regulatory Framework:
Advanced Examination
established one or more branches in one or more third countries, the relevant authority of
the third countries where the branches are located.
The framework cooperation agreement establishes the processes and arrangements between the
participating authorities for the sharing of information and for carrying out some, or all, the following:
CySEC may enter into bilateral or multilateral arrangements, and will notify the European Banking
Authority (EBA) of any cooperation arrangements concluded.
As part of a resolution, CySEC will exchange confidential information with third-country authorities,
but only if the professional secrecy standards in the third country are at least equivalent to the EU
standards and any personal data is governed by the applicable Union and national data protection
law. Information will only be shared if it is necessary for the performance of the resolution functions
under national law which are comparable to law 20(I)/2016, and is not used for any other purpose.
Information originated in another member state will not be disclosed by CySEC to a third-country
unless the relevant authority of the member state has agreed and the information is disclosed only
for the original purpose.
4. What are the requirements that intra-group financial agreements need to apply with?
Answer reference: Section 2
8. With which third-county authorities may CySEC enter into a memorandum of cooperation?
Answer reference: Section 6
Chapter 12
Prospectus Regulation
Learning Objectives
Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 determines
the requirements for the preparation, approval and distribution of the prospectus to be published
when securities are offered in the public or are admitted to trading on a regulated market in a
Member State. CySEC is the competed authority in the Republic for the performance of the duties
provided by the Regulation as well as for the assurance of its implementation.
Following the full implementation of the Regulation in the Republic on 21 July 2019, Law 114(I)/2005,
which outlines the conditions for making an offer to the public of securities and on the prospectus to
be published when securities are offered to the public or admitted to trading on a regulated market,
is pending for repeal and will be replaced with a new Law related to CySEC’s powers and
responsibilities, responsibilities related to the prospectus, administrative sanctions and other
administrative matters.
Until the enactment of the new Law, the following provisions of Law 114(I)/2015 are in effect:
o Article 43 on the fees charged by the supervisory authority of the host Member State
Learning Objective
The Regulation lays down requirements for the drawing up, approval and distribution of the
prospectus to be published when securities are offered to the public or are admitted to trading on a
regulated market situated or operating within a Member State.
- units issued by collective investment undertakings other than the closed-end type
- non-fungible shares of capital whose main purpose is to provide the holder with a right to
occupy an apartment, or other form of immovable property or a part thereof and where the
shares cannot be sold on without that right being given up
Also, the Regulation does not apply to an offer of securities to the public with a total consideration in
the Union of less that €1,000,000 which is calculated over a period of 12 months.
Learning Objectives
2.1. Requirements
It’s not permitted to make a public offer of securities or admit securities to trading on a regulated
market situated or operating within a Member State without prior publication of a prospectus which
has been drawn in accordance with the provisions of the Regulation. In the events that the type of
security is exempted from the Regulation or the obligation to publish a prospectus is waived, a
prospectus may be drawn voluntarily.
The obligation to publish a prospectus is not applied to any of the following types of offers of securities
to the public:
o an offer of securities addressed to fewer than 150 natural or legal persons per Member
State, other than qualified investors
o shares issued in substitution for shares of the same class already issued, if the issuing of
such new shares does not involve any increase in the issued capital
o dividends paid out to existing shareholders in the form of shares of the same class as the
shares in respect of which such dividends are paid, provided that a document is made
available containing information on the number and nature of the shares and the reasons
for and details of the offer
o an offer of securities, whose total consideration for such offer in the European Union is
less than €5,000,000, which limit must be calculated over a period of 12 months, provided
that such offer is not subject to notification in accordance with the Regulation (Article
4(3)(e) L.114/2005)
The obligation to publish a prospectus is not applied to the admission to trading on a regulated market
of any of the following:
o o securities fungible with securities already admitted to trading on the same regulated
market, provided that they represent, over a period of 12 months, less than 20% of the
number of securities already admitted to trading on the same regulated market
o o shares resulting from the conversion or exchange of other securities or from the
exercise of the rights conferred by other securities, where the resulting shares are of the
same class as the shares already admitted to trading on the same regulated market,
provided that the resulting shares represent, over a period of 12 months, less than 20%
of the number of shares of the same class already admitted to trading on the same
regulated market
o o securities resulting from the conversion or exchange of other securities, own funds,
or eligible liabilities by a resolution authority
o o shares issued in substitution for shares of the same class already admitted to trading
on the same regulated market, where issuing of such shares does not involve any increase
in the issued capital
Learning Objectives
Ø Understand the general provisions related to drawing up of the prospectus: the context
of the prospectus (Article 6); the prospectus summary (Article 7); supplements to the
prospectus (Article 23); the base prospectus (Article 8); the universal registration
document (Article 9); the validity period (Article 12)
Ø Know the EU growth prospectus (Article 15) and the Simplified Disclosure Regime for
Secondary Issuances (Article 14)
Ø Understand the responsibility of the persons signing the prospectus (Articles 20 – 24,
L.144(I)/2005)
The issuer, offeror or person asking for the admission to trading on a regulated market may draw up
the prospectus as a single document or as separate documents.
o the assets and liabilities, profits and losses, financial position, and prospects of the issuer
and any guarantor
o the reasons for the issuance and its impact on the issuer
o A securities note which contains information concerning the securities offered to the
public or to be admitted to training on a regulated market
o A summary which provides key information that investors need to understand the nature
and risks of the issuer, the guarantor and the securities that are being offered or admitted
to trading on a regulated market. A summary is not required when the prospectus related
to the admission to trading on a regulated market of non-equity securities, provided that:
The content of the prospectus summary must be accurate, fair and clear and must not be misleading.
The prospectus summary is read as an introduction to the prospectus and must be consistent with
the other parts of the prospectus. It is drawn up as a short document, is presented and laid out in a
way that is easy to read and is written with characters of readable size. It is also written in a language
and style that facilitate the understanding of the information, in particular, in a language that is clear,
non-technical, concise and comprehensible for investors. The summary is made up of the following
four sections:
o key information on the offer of securities to the public and/or the admission to trading
on a regulated market
Every significant new factor, material mistake or material inaccuracy relating to the information
included in a prospectus which may affect the assessment of the securities and which arises or is
noted between the time when the prospectus is approved and the closing of the offer period or the
time when trading on a regulated market begins, whichever occurs later, must be mentioned in a
supplement to the prospectus without undue delay. Such a supplement is approved in the same way
as a prospectus and in a maximum of five working days.
Base prospectus: For non-equity securities, including warrants in any form, the prospectus may, at
the choice of the issuer, offeror or person asking for the admission to trading on a regulated market,
consist of a base prospectus containing the necessary information concerning the issuer and the
securities offered to the public or to be admitted to trading on a regulated market. A base prospectus
must include the following information:
o a template, entitled ‘form of the final terms’, to be filled out for each individual issue and
indicating the available options regarding the information to be determined in the final
terms of the offer
o the address of the website where the final terms will be published
A base prospectus may be drawn up as a single document or as separate documents and will include
a summary once the final terms are included in the base prospectus, or in a supplement, or have been
filed.
Universal registration document: Any issuer whose securities are admitted to trading on a regulated
market or an MTF may draw up every financial year a registration document in the form of a universal
registration document describing the company’s organisation, business, financial position, earnings
and prospects, governance and shareholding structure. An issuer that chooses to draw up a universal
registration document every financial year shall submit it for approval to CySEC or the competent
authority of its home member state. In the event where the issuer has had a universal registration
document approved for two consecutive financial years, subsequent universal registration documents
may be filed with the competent authority without prior approval. The issuer may also file any
amendments. The universal registration document(s) and their amendments must comply with the
format and language provided in the Regulation. Issuers who meet the conditions to have the status
of frequent issuers, and whose prospectus consists of separate documents, can benefit from a faster
approval process which is reduced to 5 working days.
Validity periods: A prospectus, whether a single document or consisting of separate documents, will
be valid for 12 months after its approval for offers to the public or admissions to trading on a regulated
market. Where a prospectus consists of separate documents, the period of validity begins upon
approval of the securities note. A registration document which has been previously approved will be
valid for use as a constituent part of a prospectus for 12 months after its approval. A universal
registration document will be valid for use as a constituent part of a prospectus for 12 months after
its approval.
The European Commission may adopt delegated acts to supplement the Regulation regarding the
format of the prospectus, the base prospectus and the final terms as well as the information
contained in both the prospectus and the universal registration document.
The following persons may choose to draw up an EU Growth prospectus under the proportionate
disclosure regime in the case of an offer of securities to the public, provided that they have no
securities admitted to trading on a regulated market:
1. SMEs
2. issuers, other than SMEs, whose securities are traded or are to be traded on an SME growth
market capitalisation of less than €500,000 on the basis of end-year quotes for the previous
three calendar years
3. issuers, other than those above, where the offer of securities to the public is of total
consideration in the Union that does not exceed €20,000,000 calculated over a period of 12
months, and provided that such issuers have no securities traded on an MTF and have an
average number of employees during the previous financial year of up to 499
4. issuers, other than SMEs, offering shares to the public at the same time as seeking admission
of those shares to trading on an SME growth market, provided that such issues have no
shares already admitted to trading on an SME growth market and the combined value of (a)
the final offer price, or the maximum price, and (b) the total number of shares outstanding
immediately after the share offer to the public, is less than €200,000,000
The following persons may choose to draw up a simplified prospectus under the simplified disclosure
regime for secondary issuances, in the case of an offer of securities to the public or of an admission
to trading of securities on a regulated market:
1. issuers whose securities have been admitted to trading on a regulated market or an SME
growth market continuously for at least the last 18 months and (a) who issue securities
fungible with existing securities which have been previously issued, or (b) who issue non-
equity securities or securities giving access to equity securities fungible with the existing
equity securities of the issuer already admitted to trading
3. issuers whose securities have been offered to the public and admitted to trading on an SME
growth market continuously for at least 2 years, and who have fully complied with the
reporting and disclosure obligations throughout the period of being admitted to trading, and
who seek admission to trading on a regulated market of securities fungible with existing
securities which have been previously issued
The EU Growth prospectus as well as the simplified prospectus consist of a specific summary, a specific
registration document and a specific securities note.
3.3. Language
According to CySEC’s Directive (R.A.D. 270/2016), the Greek language is the accepted language in the
following cases:
a. In the prospectus draw up, where it is related to a public offering made only in the Republic
or for the listing of securities for trading only on the Stock Exchange or in another regulated
market operating in the Republic and the Republic is the home member state
b. In the prospectus availability, where the home member state is not the Republic and the
securities for which a prospectus is drawn up are publicly offered in the Republic or are to
be admitted to trading on a regulated market of the Republic
c. In the prospectus draw up, where the home member state is the Republic and the securities
are offered exclusively in another member state or their listing is admitted for trading
exclusively on the regulated market of another member state
d. In the prospectus draw up and publication, where it is related to a public offering made in
the Republic and at the same time in another member state, or the securities are admitted
for trading on the Stock Exchange or in another regulated market in the Republic and at the
same time in a regulated market of another member state and where the Republic is the
home member state
e.
In the events referred to (a) and (d), the use of the English language is permitted provided that it does
not involve a public offering in the Republic or in another member state and the issuer has a registered
office in another member state or in a third country.
The issuer, offeror or person asking for the admission of securities to trading on a regulated market,
as the case may be, must sign the prospectus. In the event that the offeror or person asking for the
admission of securities to trading on a regulated market are legal persons, the prospectus must be
signed by the representative(s) and at least three executive members of the Board of the issuer. In
the case of a person asking for the admission of securities to trading on a regulated market, it is also
required by the President of the Board and the Managing Director(s) to sign the prospectus. The
prospectus is also signed by the persons responsible for providing the information. The signatories
are responsible to the accuracy, completeness, clarity and update of the prospectus. All natural and
legal persons signing the prospectus must give a statutory declaration and must exercises in due care
in its preparation. The signatories are fully liable to investors for any loss they have sustained due to
any omissions or imprecisions in the prospectus.
In the event of claims for damages against the prospectus signatories, the burden of proof for the
accuracy, completeness, clarity and update the prospectus or the lack of liability as to any errors in
the prospectus, lies with the persons signing the prospectus. The persons who submitted the
summary note and any of its translations, and asked for its publication or its notification, bear civil
liability only if the said note is misleading, inaccurate or inconsistent when read together with the
main part of the prospectus. No liability arises solely on the basis of the summary note.
Any claim pursuant against the persons signing the prospectus bears a statutory bar of two years from
the date the securities were made available or were admitted to trading on a regulated market. In
case of malicious intention by the persons signing the prospectus, the statutory bar does not apply.
In the event that the persons who must sign the prospectus is not the issuer of the securities offered
to the public nor the maker of the application for admission to trading on a regulated market, the
issuer:
- at the request of the offeror or the person asking for the admission to trading, must make
available to them, at their expense, all relevant information by law necessary for the
preparation of the prospectus, and
- may take a written stand as to the accuracy, completeness, clarity and update of the
prospectus which is submitted for approval.
In every public offer that takes place in the Republic, an underwriter participates who will be
responsible for at least the collection of the purchase value of the securities offered. The underwriter
cares for the safe keeping of the funds paid by the participants to the public offer and ensures that
they are made available to the offeror the soonest alongside with the allotment of the offered
securities to the investors who participated to the public offer.
Additionally, an underwriter must participate in the prospectus draw up and bears responsibility
towards it as well as must be a signatory party. An underwriter responsible for the drawing up of the
prospectus is responsible to its accuracy, completeness, clarity and update, and aims at providing
information that is true, fair and objective. The underwriter responsible for the preparation of the
prospectus is also responsible against the investors, who acquired securities based on erroneous,
deficient or insufficient information. If the underwriter is not responsible for the deficiencies of the
prospectus, will not be held liable.
Any person who, within his/her professional duties, issues any type of statements which constitute a
base for the preparation of the prospectus and the reports contains therein, or is prepared in order
to be taken into account for the preparation of the prospectus, must exercise due care in order to
ensure the accuracy, completeness and clarity of the said statements. Provided that the statements
are mentioned in the prospectus, their author is responsible against the investors for any loss they
may sustain related to any inaccuracies or omissions due to deficiencies in the said statements.
CySEC may allow certain information, that must be included in the prospectus or its components, to
be omitted if:
- The disclosure of such information would seriously harm the interests of the issuer or
guarantor, provided that an omission of such information would not mislead the public
Learning Objectives
Ø Understand the approval procedure (Articles 20, 24, and 28); the publication
procedure (Article 21); and the advertisements (Article 22)
A prospectus must not be published unless the related competent authority has approved it and,
where applicable, all its constituent parts. Where the Republic is home member state, the prospectus
is approved by CySEC.
The competent authority will notify the issuer, the offeror or the person asking for admission to
trading on a regulated market of its decision regarding the approval of the prospectus within 10
working days of the submission of the draft prospectus. If the prospectus related to a public offer by
an issuer that does not have any securities admitted to trading on a regulated market and has not
previously offered securities to the public, the notification is extended to 20 working days. The
competent authority will notify ESMA accordingly within 1 working day after approval has been given.
When an offer of securities to the public or admission to trading on a regulated market occurs in one
or more Member States, or in a Member State other than the home Member State, the prospectus
approved by the home Member State and any supplements thereto will be valid for the offer to the
public or the admission to trading in any number of host Member States, provided that ESMA and the
competent authority of each host Member State are notified according to the related provisions of
the Regulation.
Where a third country issuer intends to offer securities to the public in the Union or to seek admission
to trading of securities on a regulated market established in the Union under a prospectus drawn up
in accordance with the Regulation, it must obtain approval of its prospectus from the competent
authority of its home Member State. Once a prospectus is approved, it entails all the rights and
obligations provided for a prospectus and both the prospectus and the issuer are subject to all the
regulatory provisions under the supervision of the competent authority of the home Member State.
The competent authority of the home Member State of a third country issuer may approve a
prospectus for an offer of securities to the public or for admission to trading on a regulated market,
that is drawn up in accordance and is subject to the national laws of the third country issuer, provided
that:
- the information requirements imposed by the third country laws are equivalent to the
requirements of the Regulation, and
- the competent authority of the home Member State has concluded cooperation
arrangements with the relevant supervisory authorities of the third country issuer in
accordance with the related provisions of the Regulation
Once the prospectus is approved, it must be made available to the public by the issuer, the offeror or
the person asking for admission to trading on a regulated market, at a reasonable time in advance of,
and the latest at the beginning of, the offer to the public or the admission to trading of the securities
involved.
In the case of an initial offer to the public of a class of shares that is admitted to trading on a regulated
market for the first time, the prospectus must be made available to the public at least six working
days before the end of the offer.
The competent authority of the home Member State publishes on its website all the prospectuses
approved or at least the list of the prospectuses approved, including a hyperlink to the dedicated
website sections as well as an identification of the host Member State(s) where prospectuses are
notified. In addition, ESMA manages the European electronic database which contains all the
prospectuses approved in the European Economic Area. All approved prospects remain publicly
available in electronic form for at least ten years after their publication.
Any advertisement relating either to an offer of securities to the public or to an admission to trading
on a regulated market must comply with the principles and related provisions of the Regulation.
Advertisements must state that a prospectus has been or will be published, and indicate where
investors are or will be able to obtain it. The information contained in an advertisement must not be
inaccurate or misleading and must be consistent with the information contained in the prospectus or,
where a prospectus has not been published yet, the information required to be in the prospectus.
Learning Objectives
Ø Know the administrative sanctions and other administrative measures (Articles 38 – 43)
Member States must ensure that competent authorities have the power to impose administrative
sanctions and take other appropriate administrative measures which shall be effective, proportionate
and dissuasive in the events of non-compliance with the provisions of the Regulation or of a failure to
cooperate or comply in an investigation, inspection or other related requests. Member States may
provide for additional sanctions or measures and for higher levels of administrative pecuniary
sanctions that those provided in the Regulation. However, Member States must ensure that decisions
taken under the Regulation are properly reasoned and subject to a right of appeal before a tribunal.
The competent authorities have the power to impose at least the following administrative sanctions
and other administrative measures related to infringements:
- a public statement indicating the natural person or legal entity responsible and the nature of
the infringement
- an order requiring the natural person or the legal entity responsible to cease the conduct
constituting the infringement
- maximum administrative pecuniary sanctions of at least twice the amount of the profits
gained or losses avoided because of the infringement, where those can be determined
Competent authorities establish effective mechanisms to encourage and enable reporting of actual
or potential infringements, including:
- specific procedures for the receipt of reports of actual or potential infringements and their
follow-up, including the establishment of secure communication channels for such reports
- appropriate protections for employees working under a contract of employment who report
infringements at least against retaliation, discrimination and other types of unfair treatment
by their employer or third party
- protection of the identity and personal data of both the person who reports the infringements
and the natural person who is allegedly responsible for an infringement, at all stages of the
procedure unless such disclosure is required by national law in the context of further
investigation or subsequent judicial proceedings
- member states may provide for financial incentives to persons who offer relevant information
about actual or potential infringements
Chapter 13
Transparency Laws
Learning Objectives
The Transparency Requirements (Securities Admitted to Trading on a Regulated Market) Laws of 2007
to 2017 state the transparency requirements for issuers whose securities are admitted to trading on
a regulated market. All articles mentioned in this chapter’s learning objectives relate to consolidation
of the laws 190(I)/2007, 72(I)/2009, 143(I)/2012, 60(I)/2013, 163(I)/2014, 164(I)/2014, 35(I)/2016 and
56(I)/2017.
Learning Objective
Ø Know issuer reporting requirements for periodic information (Articles 9–11 and 14–16)
Ø Know issuer reporting requirements for ongoing information (Articles 17–19, 21, 23–24)
Every issuer and their administrative, management or supervisory bodies are responsible for the
preparation and disclosure of the periodic information required. In the event that the information is
not prepared or disclosed, administrative, management or supervisory bodies of the issuer are
personally liable for and are subject to the following administrative sanctions and measures:
a. A public announcement indicating the person(s) responsible for the breach and the nature
of the breach.
b. The person(s) responsible are ordered to cease the activity and to desist from any repetition.
Issuers need to disclose their annual financial report as soon as possible, but at the latest four months
after the end of the financial year. The annual financial report needs to be available to the public for
at least ten years, and needs to consist of:
3. statements made by board of directors, the chief executive officer (CEO) (or equivalent) and
the chief financial officer (CFO) if they are both not members of the board of directors of the
issuer, and a clear indication of their name and function.
Issuers incorporated in accordance with Companies Law, and who do not need to prepare
consolidated financial statements, need to prepare their annual financial statements in accordance
with the provisions in Companies Law. Issuers incorporated in accordance with the law of another
member state, and who do not need to prepare consolidated accounts, need to prepare their annual
financial statements in accordance with the laws of that member state.
2. the annual accounts of the parent company in accordance with Companies Law, if
incorporated in the Republic, or the law of the member state in which the parent company
is incorporated.
Annual financial statements of issuers incorporated under Companies Law need to be audited by a
person with the necessary qualifications. These persons need to be appointed as auditors and are
subject to international auditing standards. The audit report is signed by the auditor and is fully
disclosed together with the annual financial report. Other issuers need to be audited in accordance
with the laws of their member state. The audit report needs to be signed by the auditor responsible,
and disclosed in full together with the annual financial report. Issuers with a registered office in a
third- country need to prepare accounts of the parent company in accordance with the EU regulation
on consolidated accounts.
For issuers incorporated under Companies Law, the management report is drawn up in accordance
with the relevant sections of Companies Law. For other issuers, the management report is drawn up
in accordance with the laws of their member state. For issuers whose registered office is in a third-
country, the management report is prepared in accordance with the appropriate regulations. The
annual financial statements include statements by the auditors to the effect that, to the best of their
knowledge, the annual financial statements have been prepared in accordance with the applicable
accounting standards and give a true and fair view of the financial position of the firm. The
management report includes a fair review of the development and performance of the business, the
position of the issuer and the undertakings included in the consolidated accounts, as well as a
description of the principal risks and uncertainties faced.
Issuers of shares and debt securities need to disclose a half-yearly financial report as soon as possible,
but at the latest within three months after the end of the first six months of the financial year. This
report needs to be available to the public for a period of at least ten years and comprises of:
3. statements made by the board of directors, the CEO (or equivalent) and the CFO if they are
both not members of the board of directors of the issuer and a clear indication of their name
and function.
Interim financial statements need to be prepared in accordance with the appropriate International
Financial Reporting Standards (IFRSs). In the event that they are audited or reviewed by an auditor,
this audit or review needs to be produced in full in the half-yearly financial report. In the event that
the half- yearly financial statements have not been audited, or that the auditor has refused to issue
their report, this needs to be reported in the interim report.
a. a detailed and extended economic analysis of the results so that readers will be able to assess
and evaluate the course of the results during the period
c. a comparative economic analysis of the figures for the period in relation to the previous
corresponding period, this analysis has to be sufficient and extensive in order to identify the
changes and the differences between the results of the two periods
d. an indication of important events that have occurred during the first six months of the
financial year, and their impact on the interim financial statement
e. a description of the principal risks and uncertainties for the remaining six months of the
financial year
f. any other substantial information which affects (could affect) the reader’s assessment or
evaluation of profits and losses for the relevant period or any future periods, the prospects
and trends of the operations and the gain or loss of important contracts or cooperations,
and
g. (for issuers of shares) any related parties’ transactions during the first six months of the
financial year, in accordance with the appropriate IFRSs.
The management statement includes a fair review of the information in points a to g above.
In preparing the annual and half-yearly accounts, issuers active in the extractive industry or in the
logging of primary forest need to specifically report payments made to governments on a
consolidated basis.
6.1.4. Exemptions
The following issuers are exempt from the publication of yearly and half-yearly financial statements,
disregarding of whether they issue shares or other securities:
3. A public international body of which the Republic or at least another member state is a
member.
7. The European Financial Stability Facility (EFSF) established by the EFSF framework
agreement and any other mechanism established with the objective of preserving the
financial stability of European Monetary Union (EMU) by providing temporary financial
assistance to the member states whose currency is the euro.
In addition, issuers who exclusively issue debt securities admitted to trading on a regulated market
with a denomination per unit of at least e100.000 (or equivalent) are exempt from the reporting
requirements. Issuers who exclusively issue debt securities that have been admitted to trading on a
regulated market prior to 31 December 2010 are exempt from the reporting requirements for
denominations per unit of at least e50.000 for as long as they are outstanding. For any new debt
securities, a limit of e100.000 will apply.
1. The acquisition or disposal of own shares – issuers who (in)directly acquire or dispose of their
own shares need to disclose as soon as possible and at the latest on the next working day,
the total proportion of own shares reaching or exceeding a threshold of 5% or 10% of total
voting rights, calculated on the basis of the total number of shares of the issuer with voting
rights, or where their holding falls below 5% or 10% of total voting rights. The proportion of
shares is calculated on the basis of the total number of shares with voting rights.
2. The total number of acquisition or disposal of voting rights and capital at the end of each
calendar month during which voting rights and/or capital has changed.
3. Notification of voting – issuers need to publish the notification of acquisition or the disposal
of voting rights as soon as possible but at the latest on the next working day.
4. Change in rights – any changes in the rights attached to the various share classes, including
changes in rights attached to derivative securities, need to be disclosed immediately and
without delay. Changes of rights attached to issues other than shares need to be disclosed
immediately and without delay, including changes to the terms and conditions which could
indirectly affect the rights of the holder (eg, changes in loan terms or interest rates).
In the event that an issuer does not comply with the disclosure requirements then the administrative,
management or supervisory bodies of the issuer are presumed personally liable for the omission and
are subject to administrative fines, unless they can prove that the infringement was not due to their
liability, deliberate omission or negligence.
Any issuer who does not comply with the ongoing disclosure requirements for points 1, 3, and 4 above
a. A public announcement indicating the person(s) responsible for the breach and the nature
of the breach
b. The person(s) responsible are ordered to cease the activity and to desist from any repetition
In relation to a breach of item 2 above, CySEC may impose an administrative fine not exceeding
e85.000 and, in the event of a repetition of the infringement, an amount not exceeding e170.000,
depending on the severity.
Learning Objective
Ø Know issuer obligations relating to shares (Articles 25 and 27)
Ø Know issuer obligations relating to debt securities (Articles 26 and 27)
Any issuer who does not comply with the framework of communication requirements is subject to an
administrative fine not exceeding e85.000 and, in the case of repetition of the infringement, an
administrative fine not exceeding e170.000, depending on the severity.
7.1. Shares
Issuers of shares are obliged to treat all shareholders who are in the same position equally. Their
obligations are as follows:
1. Issuers for whom the Republic is the home member state need to ensure that all necessary
facilities and information is available to enable shareholders to exercise their rights in the
Republic.
Share issuers need to make available the required proxy form (on paper or electronically) to each
person entitled to vote at a shareholders’ meeting, together with the notice of the meeting and, in
the case of meetings called via announcement without notice to each individual shareholder they
need to:
1. designate a financial institution as its agent for shareholders to exercise their financial rights,
and
2. publish notices or distribute circulars concerning the allocation and payment of dividends or
issuance of new shares, including information of any arrangements for allotment,
subscription, cancellation, or conversion.
Electronic notifications may be used as long as the use of electronic means is taken in a general
meeting of the shareholders and it is not dependent on the residence of the shareholder or their
agent, identification arrangements have been put in place to ensure shareholders or their agents are
effectively informed; written consent has been obtained, and that any costs are determined in
compliance with the principle of equal treatment.
In the event that no objection has been received to the submission by electronic means within a
reasonable period from shareholders, it is presumed that they have consented. At any time in the
future, a shareholder or their agent may request the information to be sent to them in writing.
Issuers of debt securities are under the obligation to ensure the equal treatment of all debt securities
holders ranking pari passu, in respect of all the rights attached to those debt securities. Every issuer
has the following obligations:
1. In cases where the Republic is the home member state, ensure all the necessary facilities
and information are available to the Republic to enable debt securities holders to exercise
their rights.
3. To not prevent the exercise of the rights by proxy of the debt securities holders. In addition,
every issuer of debt securities is obliged to carry out the following:
b. the payment of interest and the exercise of any conversion, exchange, subscription or
cancellation rights
c. c. repayment, and
5. Make available the required proxy form, on paper or electronically to each person entitled
to vote at a debt securities holders’ meeting and, in the case of meetings called via
announcement without notice, to each debt security holder upon request.
6. Designate a financial institution as its agent through which debt securities holders may
exercise their financial rights.
In the event that only the debt securities holders are invited to a general meeting of holders of debt
securities whose denomination per unit is at least e100.000 (or equivalent), the issuer may choose
any member state as venue for the meeting, providing that all the necessary facilities and information
are made available in that member state to enable such holders to exercise their rights. For debt
securities admitted to trading on a regulated market in the EU prior to the 31 December 2010, the
issuer may choose a venue in another member state if only debt security holders are invited whose
domination per unit is at least e50.000 (or equivalent).
Information may be conveyed by electronic means providing that this is not dependent on the
location of the seat or residence of the debt security holder or of their proxy, and identification
arrangements are put in place so that debt securities holders are effectively informed. Debt security
holders need to give written consent to the use of electronic means and any apportionment of the
costs associated with the use of electronic means is determined by the issuer of debt securities, in
compliance with the principle of equal treatment.
In the event that no objection has been received to the submission by electronic means within a
reasonable period from a debt security holder or their proxy, it is presumed that they have consented.
At any time in the future a shareholder or their agent may request the information to be sent to them
in writing.
8. Shareholder Obligations
Learning Objective
Anyone who acquires shares in an issuer to which voting rights are attached is considered a
shareholder. Notifications of changes in voting rights must be provided to both the issuer and CySEC
if the voting rights held reach or exceed/fall below thresholds of 5%, 10%, 15%, 20%, 25%, 30%, 50%,
or 75% of total voting rights. This obligation exists for initial and subsequent purchases or disposals.
Voting rights are calculated on the basis of all shares of the issuer with voting rights attached on an
aggregate basis, even if the exercise of such rights is suspended. In addition, information of all voting
rights in the same share class needs to be provided.
1. Shares acquired for the sole purpose of the clearing and settling of transactions at the latest
of three working days following the transaction.
2. Custodians holding shares in their custodian capacity, providing that the custodian can only
exercise the voting rights attached to such shares under instructions given in writing or by
electronic means by the beneficiary of the shares.
3. Acquisition or disposal of voting rights by a market maker that reaches or crosses the 5%
threshold of the total voting rights of the issuer, providing that the market maker acts in
their capacity as market maker, and that neither intervenes in the management of the
issuer concerned nor exerts any influence on the issuer to buy such shares or back the share
price.
4. Voting rights held in the trading book of a credit institution or investment firm so long as
the voting rights do not exceed 5% of the total voting rights of the issuer and that the
institution ensures that the voting rights are not exercised nor otherwise used to intervene
in the management of the issuer.
5. Shares provided to, or by, the members of the European System of Central Banks (ESCB) in
carrying out their functions as monetary authorities, including shares provided under a
pledge or repurchase or similar agreement for liquidity granted for monetary policy
purposes or within a payment system, providing that the transactions last for a short period
and that the voting rights attached to such shares are not exercised.
6. Voting rights attached to shares acquired for stabilisation of financial instruments providing
that voting rights are not exercised or otherwise used to intervene in the management of
the issuer.
A person who is entitled to acquire, dispose of or exercise voting rights of the issuer has an obligation
to notify both the issuer and CySEC of the percentage of voting rights held, providing that, as a result
of the acquisition or of the disposal, the exercise, or of the events changing the breakdown of voting
rights of the issuer, percentage reach, exceed or fall below the thresholds noted above and/or in one
or more of the following cases:
1. Voting rights held by a third party with whom that person has concluded an agreement which
obliges the contractual parties to adopt, by concerted exercise of the voting rights they hold,
a lasting common policy towards the management of the issuer.
2. Voting rights held by a third party under an agreement concluded with that person providing
for the temporary transfer for consideration of the exercise of voting rights.
3. Voting rights attaching to shares which are lodged as collateral with that person, providing
that the person controls the voting rights and declares their intention of exercising them.
4. Voting rights attached to shares in which that person has the life interest.
5. Voting rights which are held, or may be exercised within the meaning of points 1–4 above by
an undertaking controlled by that person.
6. Voting rights attached to shares deposited with that person which the person can exercise
at its discretion in the absence of specific instructions from the shareholder.
7. Voting rights held by a third party in their own name on behalf of that person.
8. Voting rights which that person may exercise at their discretion as a proxy of a shareholder
in the absence of specific instructions given from the shareholder.
The circumstances mentioned under point 3 above do not apply to shares provided to, or by, the
members of the ESCB within the framework of carrying out their functions as monetary authorities,
including shares provided to, or by, members of the ESCB within the framework of a pledge or
repurchase or similar agreements for liquidity, granted for monetary policy purposes or within the
framework of a payment system, providing that the transactions are for a short period and providing
that the voting rights attached to such shares are not exercised.
Chapter 14
Insider Dealing and Market Manipulation
Regulation (2016)
Learning Objectives
Introduction
1. Inside Information
2. Provisions Relating to Issuers of Financial Instruments
3. Market Manipulation
4. Disseminating Information
5. Administrative Measures and Sanctions
Introduction
EU Regulation 596/2014 deals with market abuse within the European Union (EU). It seeks to ensure
that EU regulation keeps pace with market developments in order to combat the abuse of financial
markets, including commodity and related derivatives markets. The regulation explicitly bans the
manipulation of benchmarks and reinforces the investigative and sanctioning powers of EU
regulators.
Abuse in financial markets is related to market manipulation, insider dealing and the unlawful
disclosure in inside information. All article numbers in this chapter refer to Regulation 596/2014.
1. Inside Information
1.1. Inside Information
Learning Objective
‘Information of a precise nature, which has not been made public, relating, directly or indirectly, to
one or more issuers or to one or more financial instruments, and which, if it were made public, would
be likely to have a significant effect on the prices of those financial instruments or on the price of
related derivative financial instruments’.
In respect of persons charged with order execution, inside information includes information conveyed
by a client relating to their orders and which would, if made public, have a significant effect on the
prices of financial instruments.
In the context of this definition, financial instruments cover all instruments, including commodities,
emission allowances, and related derivatives.
In the definition of inside information, ‘precise nature’ indicates a set of circumstances which exists,
or may reasonably come into existence, or an event that has occurred, or is reasonably expected to
occur, which is specific enough to enable a conclusion to be drawn as to the possible effect of that set
of circumstances or event on the prices of the financial instruments.
‘where a person possesses inside information and uses that information by acquiring or disposing of,
for its own account or for the account of a third party, directly or indirectly, financial instruments to
which that information relates’.
Insider dealing also applies when an order concerning a financial instrument previously entered into
is cancelled or amended on the basis of inside information being received after the transaction has
been concluded. Generally, insider dealing applies to any person who uses inside information under
any circumstance not mentioned above and who knows, or ought to know, that the information they
possess is inside information.
In addition, bids for the auction of emission allowances or other products submitted, modified or
withdrawn based on of insider information are also considered to be insider dealing.
Encouraging our inducing another person to engage in insider dealing occurs when a person holding
inside information recommends that the other person, buys or sells a financial instrument, or to
amends an existing order on the basis of inside information. Insider dealing also occurs in the event
the other person acts on this information and knows, or should have known, that the
recommendation was made because of inside information.
Insider dealing applies to any person who possesses inside information because they:
• have a holding in the capital of the issuer or emission allowance market participant
• it comes to the knowledge of investors inside or outside the Republic, or it may be easily and
legally obtained, or
1.3. Obligations
A person shall not engage, or attempt to engage, in insider dealing, recommend or induce another
person to engage in insider dealing, or unlawfully disclose inside information.
Possession of inside information is not in itself a violation. A firm needs to have established,
implemented and maintained adequate and effective internal arrangements to effectively ensure that
transactions are not undertaken or influenced by persons with access to inside information. In
addition, the firm will need to be able to show that they have not encouraged, recommended,
induced, or otherwise influenced a person to enter into a transaction on the basis of inside
information.
In the event that the person is a market maker in the security or is executing transactions on behalf
of a third party with no inside information they may legally transact even when in the possession of
inside information and will not be considered insider dealing. Similarly, obligations that result from
agreements concluded prior to obtaining inside information, or transactions carried out to satisfy a
legal or regulatory obligation prior to having obtained inside information, are not considered to be
insider dealing.
Unlawful disclosure of inside information arises when a person discloses it to another person, unless
it is in the course of their employment, profession, of duties. Onward disclosure or recommendations
and inducement amounts is unlawful if the person passing the information knows, or should know,
that the recommendations or inducement amounts were based on inside information.
• obtain consent of the person receiving the market sounding to receive inside information;
• inform the recipient that they are prohibited from using the information in any purchase,
sale, cancellation, or amendment of a transaction, and
• inform the recipient that they are obligated to keep the information confidential.
The disclosing market participant shall record what information has been provided to the person
receiving the sounding. All records need to be maintained for at least five years.
Once information that has been provided as part of a market sounding ceases to be inside
information, the market participants will inform all recipients of the information as soon as possible.
Learning Objective
Ø Know how issuers of financial instruments should manage inside information (Article 17)
Ø Understand the circumstances in which publication of inside information might be
justifiably delayed (Article 17)
Ø Know the importance of keeping an updated insiders’ list (Article 18)
Ø Know the reasons and circumstances when a manager must report his/her transactions
(Article 19)
It is the responsibility of the firm issuing a security or the emission allowance market participant (for
the purpose of this section collectively known as ‘firm’) to inform the public as soon as possible of any
inside information that directly concerns the firm. The information needs to be made public in a
manner that enables fast access and complete, correct and timely assessment of it by the public.
Where applicable, the information needs to be disseminated using the officially appointed
mechanisms by the home member state.
The disclosure requirement does not apply to a participant in the emission allowance market where
the installations or aviation activities owned, controlled, or under their responsibility had no
emissions or thermal inputs over the minimum threshold during the past year.
Firms may, at their own responsibility, delay public disclosures providing that the following conditions
are met:
It is the responsibility of the firm to notify the appropriate authorities of their intention to delay the
disclosure of information. Once the confidentiality of the information is no longer guaranteed, it will
be made public as soon as possible; this is also the case when sufficiently accurate rumours are in
circulation.
When a firm, or someone acting on their behalf, discloses any information to a third party in their
normal course of employment or professional duties, complete and effective public disclosure of the
information will need to be made. The public disclosure needs to be simultaneous in the event of
intentional disclosure and prompt in case of non-intentional disclosure. Public disclosure is not
required in the event that the recipient of the information has a duty of confidentiality based in law,
Insider information related to issuers whose financial instruments are admitted to trading on a small-
and medium-sized enterprise (SME) growth market may be posted on the trading venue’s website
instead of the website of the issuer.
Issuers or persons acting on their behalf, need to draw up and maintain a list of all persons employed
by them who have access to inside information; this includes employees, advisers, accountants and
credit rating agencies. This is known as the insider list and it needs to be kept up to date and made
available as soon as possible to the competent authority on request. Persons that are registered on
the insider list need to acknowledge, in writing, that they understand their legal and regulatory duties
and applicable sanctions. Ensuring that the list is up to date and complete remains the responsibility
of the issuer.
An insider list needs to be updated as soon as there is a change in the reason for including a person
on it, when a new person needs to be added, and when a person no longer has access to inside
information. Any insider list needs to be maintained for a period of at least five years from the date
when it is drawn up or amended and/or updated.
Issuers of financial instruments admitted on an SME growth market are exempt from drawing up an
insider list providing that they take all reasonable steps to ensure that any person with access to inside
information acknowledges the legal and regulatory duties of being an insider, and is aware of the
associated sanctions. The issuer will need to be able to provide an insider list to the competent
authority upon request.
The requirement to maintain insider lists applies to all issuers who admit (or have been approved to
admit) financial instruments on regulated markets, multilateral trading facilities (MTFs) or organised
trading facilities (OTFs) in a member state. In addition, these requirements also apply to emission
allowances market participants or emissions auction platforms.
2.2. Managers
Persons that hold a managerial position, and those closely associated with them will need to notify
the issuer, emission market participants, and the competent authority of every transaction conducted
on their own account related to the shares or debt instruments of the issuer, emission allowances, or
any associated derivatives. Any such notification will have to be made immediately, and no later than
three business days after the date of the transaction. The competent authority will need to be notified
of every subsequent transaction once the total transactions in a year exceed e5,000. The threshold
may be increased to e20,000 by the competent authority, who will have to inform the European
Securities and Markets Authority (ESMA) of this change and provide justification for its decision. ESMA
will publish the list of thresholds on their website and the justifications provided by the competent
authorities for these thresholds.
5. The nature of the transactions (sale or purchase), and whether they are linked to the exercise
of an options programme.
7. The price and volume of the transaction(s). If a pledge is made that provides its value to
change, this should be disclosed together with its value at the date of the pledge.
3. transactions made under a life insurance policy where the policyholder has a managerial
position or is a close associate, the investment risk is borne by the policyholder, and the
policyholder has the power or discretion to make investment decisions with regard to
instruments in the life insurance policy.
Any such transactions need to be made public within three working days of the transaction and in a
manner that is easily accessible.
The notification requirements apply to issuers whose financial instruments are (approved for) trading
on regulated markets, MTFs or OTFs.
Issuers and emission allowance market participants need to ensure that their managers are aware of
their responsibilities to report any transaction made for their own account.
Notification also apply to managers in auction platforms, auctioneers, auction monitors and persons
closely related to them.
Managers of an issuer may not (in)directly conduct any transaction for their own account or for the
account of a third-party relating to shares or debt instruments (or their derivatives) of the issuer
during a closed period of 30 days before the announcement of an interim financial report or a year-
end report. Issuers may allow a manager to trade during this period on a case-by-case basis in
exceptional. Circumstances such as financial difficulties, or for specific transactions such as employee
share saving schemes, qualifications or entitlements, or transactions where the beneficial interest in
the relevant security does not change.
3. Market Manipulation
Learning Objective
Ø Know which acts are considered to constitute market manipulation (Article 12)
Ø Understand how market operators help to detect and prevent market manipulation
(Article 16)
Ø Know accepted market practices (Article 13)
Market manipulation is related to entering into transactions, the dissemination of false or misleading
information through the media, including the internet, or the transmitting of false information or
inputs related to a financial instrument or a benchmark with the intention of giving false or misleading
signals to the market with regard to supply, demand, or the price of an instrument, or to secure a
price at an abnormal or artificial level. This does not apply to market makers whose orders are
undertaken for legitimate reasons.
Behaviour that constitutes market manipulation is defined as (unless noted otherwise, these apply to
financial instruments, emission allowances and related derivatives) the following:
• The buying or selling of financial instruments at the closing of the market with the
intention to mislead investors acting on the basis of the prices displayed including the
• The placing of orders to a trading venue (including amendments and cancellations) with
the intent to manipulate the price or to create unfair trading conditions by:
• disrupting or delaying the functions of the trading system or trading venue making it more
difficult to distinguish between genuine and false orders, or creating a false or misleading
signal about supply, demand, or price.
• The buying or selling of emission allowances on the secondary market prior to an auction
taking place in order to fix the clearing price at an abnormal level.
Market operators and investment firms operating a trading venue need to establish and maintain
effective arrangements, systems and procedures aimed at preventing and detecting (attempted)
insider dealing or market manipulation. Any orders, amendments and cancellations that may
constitute (attempted) insider dealing or market manipulation will immediately be reported to the
competent authority of the trading venue.
Any person professionally arranging or executing transactions will establish and maintain effective
arrangements, systems and procedures to detect and report suspicious orders and transactions. In
the
event that they have reasonable suspicions about a transaction related to insider dealing or market
manipulation, they will immediately notify the competent authority in the member state in which
they are registered; the competent authority will then pass on any such information to the competent
authority of the trading venue.
Accepted market practices established by a competent authority need to take into consideration
whether the market practice:
• ensures a high degree of safeguards to the operation of market forces and the mechanism
of supply and demand
• takes into account the trading mechanism of the relevant market and enables
participants to react properly and in a timely manner
• does not create risk for the integrity of (in)directly related regulated and unregulated
markets in the relevant financial instruments
• is designed not to infringe rules or regulations designed to prevent market abuse or codes
of conduct.
In addition, the market practices need to take into consideration the structural characteristics of the
relevant markets and products.
The competent authority will notify ESMA of their intention to establish an accepted market practice
at least three months before the accepted market is intended to become active. Within two months
of receipt of the notification, ESMA will issue an opinion assessing the market practice to ensure that
it conforms with the regulations. In addition, market practices will be reviewed every two years by
the competent authority, and a report will be submitted to ESMA.
4. Disseminating Information
Learning Objective
With the exception of a situation where the person (in)directly derives an advantage or profit from
the disclosure of the information, or where disclosure is made with the intention of misleading the
market with regard to the supply and demand or price for the financial instruments, any information
disclosed or disseminated to the media needs to be assessed, taking into account the rules governing
the freedom of the press, freedom of expression, and the rules and codes governing journalists.
Learning Objective
Ø Know the administrative measures and sanctions in relation to market abuse (Article 30)
Within the context of the EU Market Abuse Law, infringement of the following articles of the
regulation are subject to administrative measures and sanctions:
• Insider lists.
• Managers’ transactions.
1. Order requiring the person responsible for the infringement to cease the conduct and to
desist from a repetition of that conduct.
3. A public warning noting the person responsible for, and the nature of the infringement.
managerial responsibilities within an investment firm or any other natural person who is held
responsible for the infringement, from exercising management functions in investment
firms.
8. Maximum administrative pecuniary sanctions of at least three times the amount of the
profits gained or the losses avoided because of the infringement, where those can be
determined.
Glossary
• Regulated Markets
Multilateral system managed or operated by a
market operator that brings together, or
facilitates the bringing together, of multiple
third-party buying and/or selling interests in
The following additional questions have been compiled to reflect as closely as possible the
examination standard that you will experience in your examination. Please note, however, they
are not the CySEC examination questions themselves.
1. CySEC and the CBC are responsible for supervision under whose directives?
a. European Central Bank
b. European Union
c. European Community
d. European Economic Area
2. CySEC reviews the arrangements, strategies and processes of a CIF to ensure they meet the
regular requirements and to evaluate the risks the CIF may be exposed to. These reviews are:
a. Independent of the complexity of the CIF
b. Representative of a risk based approach
c. Undertaken at least annually
d. Only applied to large CIFs
3. Under which circumstances may a CIF undertake services outside their authorisation?
a. It is a regulatory requirement in a third country
b. It is used to avoid a conflict of interest
c. It directly benefits another service offered
d. It is in the interest of the client
4. Law 87(I)/2017 provides for the provision of investment services, exercised of investment
activities and the operation or regulated markets. As such, the law regulates the
authorisation conditions for:
a. Market operators
b. Third country firms
c. Investment advisors
d. CIFs
Page 283 of 334
Edition B.Ad.1 / EN
5. One of the main concerns from a regulatory perspective are conflicts of interest between:
a. Different CIFs
b. Clients from different CIFs
c. CYSEC and CIF
d. CIF and their client
6. Remuneration policy for persons involved in the provision of services to clients should aim:
a. to encourage responsible conduct
b. for revenue maximisation
c. to ensure balanced pay-outs to staff
d. to ignore conflicts of interest
9. CySEC may withdraw the authorisation of a regulated market when the regulated market does
not use its authorisation within how many months of the date of issue?
a. 3 months
b. 6 months
c. 9 months
d. 12 months
10. Which of the following measures can be used to manage any disorderly trading conditions
that may arise by the use of algorithm trading systems?
a. Introduce maximum tick size
b. Limit the level of executed transactions
c. Impose the same fee to all operators
Page 284 of 334
Financial Services Regulatory Framework:
Advanced Examination
11. The main aim of compliance with organisational requirements is to establish, implement and
maintain:
a. decision-making procedures
b. adequate external control mechanisms
c. training procedures
d. adequate external communication systems
12. The adequacy and effectiveness of the measures, policies and procedures put in place, and
the actions taken to address any deficiencies in the firm’s compliance with its obligations
should be:
a. monitored on a regular basis and assessed, on a permanent basis
b. monitored on a permanent basis and assessed, on a regular basis
c. monitored and assessed on a permanent basis
d. monitored and assessed on a regular basis
13. The risk management function of a firm needs to be established taking into consideration:
a. nature of their clients
b. structure of the organisation
c. nature and range of the services
d. financial stability of the markets
15. Which of the following large undertakings could be considered as a professional client?
a. Balance sheet of €2.000.000 and own funds of €41,000,000
b. Net turnover of €20.000.000 and Own funds of €2,000,000
c. Balance sheet of €22.500.000 and Net turnover of €42,000,000
d. Balance sheet of €42.000.000 and own funds €1,000,000
16. In the event the firm provides advice to the same client on an independent and non-
independent basis the firm needs to explain:
Page 285 of 334
Edition B.Ad.1 / EN
17. The reason for assessing suitability of an investment for a client is to ensure the firm:
a. earns the maximum possible profit for the client
b. can act in the best interest of the client
c. receives the appropriate performance fee
d. can pass responsibility for the investment results to the client
18. When executing a client order, the firm needs to take into account the:
a. terms and conditions of the trading venue
b. fee and pricing structures
c. financial instruments available in the market
d. characteristics of the client order
19. Up to which percentage of their assets may a UCITS invest in transferable securities?
a. 5%
b. 10%
c. 20%
d. 25%
20. Transferable securities and money market instruments listed in a regulated market held by
UCITS are valued as follows:
a. most recently published price for same-day transactions
b. most recent closing price
c. opening price
d. current trade price
23. Which of the following is a condition the management company must meet in order for
an operation licence to be granted to a management company?
a. Completed business plan without organisational
b. Fully paid up capital is at least €125.000,00
c. Appointment of one director
d. Registered office in an approved country
24. When a management company wants to establish a branch in another EU country, they need
to notify CySEC and provide the following information:
a. Market research of the host country
b. Audited business plan
c. List of client names
d. Risk management process
26. AIFMs are responsible for taking reasonable steps to identify conflicts of interest between:
a. customers of an AIF not managed by the AIFM
b. the AIFM and an AIF managed by another AIFM
c. unrelated clients of different AIFMs
d. employees of the AIFM and customers of another AIFM
28. AIFs must prepare an annual report for each financial year:
a. within three months following the end of the period
b. within six months following the end of the period
c. within nine months following the end of the period
d. as soon as possible after the end of the period
29. AIFMs need to have a permanent and effective compliance function in place. The details of
the technical and personnel organisation of the compliance functions should be calibrated to
the:
a. nature, scale and complexity of the AIFM’s
b. number of services it provides
c. number of AIFs it manages
d. number of employees it has in its AIFs
30. CySEC may allow the AIFM to market units of any type of AIF to retail investors in the
Republic once:
a. the AIFM has applied for authorisation to market units
b. the AIF has been approved
c. the AIFM is authorised to do so
d. the shareholders have approved
31. The Central Bank of Cyprus is the competent authority of the Republic and is, among others,
responsible for:
a. audit financial institutions
b. providing liquid assets
c. prudential supervision
d. financial stability of the eurozone
33. In order to be able to detect money laundering and terrorist financing, the firm needs to
undertake customer due diligence:
a. at the start of the relationship
b. after the first transaction
c. at the end of the relationship
d. periodically throughout the relationship
36. The risk-based approach to the prevention of money laundering and terrorist financing means
that the procedures implemented by a CIF must consider:
a. the regulations
b. risk taken by the organisation
c. similar to the procedures in other CIFs
d. financial stability
37. Which of the following makes identification and tracking of terrorism money more difficult
than that of money laundering:
a. no layering
b. use of money mules
c. only cash deposits
d. small amounts of money
Page 289 of 334
Edition B.Ad.1 / EN
38. The Markets in Financial Instruments Regulation (MiFIR) establishes uniform requirements in
relation to:
a. reporting of transactions to competent authorities
b. reporting of the financial position of the instruments
c. disclosure of trade data to selected groups
d. discriminatory access to clearing and trading benchmarks
39. Investment firms operating a trading venue need to make current bid of offer prices available
to the public:
a. on continues basis at all time
b. on continues basis during normal trading hours
c. only at the end of the normal trading hours
d. only when there is a significant change in the bid of offer prices
40. Trading firms that make reports on behalf of investment firms are required to:
a. certify the security and authentication of the means of transfer of information
b. minimise information leakage maintaining the confidentiality of data at all times
c. minimise the risk of data corruption and unauthorised access
d. certify the information access methods
41. Which party is responsible for ensuring that all derivative transactions are cleared by a CCP?
a. The derivative issuer
b. The operator of the derivative platform
c. The operator of the automated systems
d. The operator of a regulated market
42. The capital ratios the firms must maintain at all time are:
43. When assessing the allocation of own funds requirements for credit and counterparty risk
Page 290 of 334
Financial Services Regulatory Framework:
Advanced Examination
44. When CIF’s set the ratio between the fixed and variable part of the total remuneration, the
variable component must be below which percentage of the fixed component?
a. 25%
b. 50%
c. 75%
d. 100%
45. The purpose of the SREP is to ensure that CIFs have sufficient capital to support all:
a. market risk
b. immaterial risk
c. material risk
d. operational risk
46. The outcome of the SREP is to determine that the CIF holds sufficient capital, and:
a. is always the same as the ICAAP
b. is always lower than the ICAAP
c. may be higher than the ICAAP
d. is unrelated to the ICAAP
47. A purpose of the ICAAP is to ensure the CIF holds the appropriate level of:
a. external capital in relation to liquidity risk
b. regulatory capital in relation to market risk
c. equity capital in relation to credit risk
d. internal capital in relation to its risk profile
48. Credit concentration risk is a risk type not fully covered by the Basel Accord which is related to:
a. risk on a single exposure
b. ineffective credit risk mitigation
c. incomplete transfer of credit risk
49. The risk that a CIF can not meet their financial obligations when they fall due is:
a. reputational risk
b. liquidity risk
c. operational risk
d. concentration risk
53. Breaches by clearing members need to be disclosed publically, except when the breach:
a. is minimal
b. involves more than one party
c. is not recent
d. constitutes a threat to market confidence
54. Recovery plans are part of which part of a CIF’s processes and procedures?
a. governance arrangements
b. contractual arrangements
c. remuneration arrangements
d. insolvency arrangements
55. Which of the following is TRUE when considering intra-group financial agreement?
a. Parties act in the best interest of their clients
b. Anticipated impact on market price is irrelevant
c. Only high level information needs to be disclosed
d. Each party freely enters into the agreement
56. The administrator that is appointed by the resolution authority for a period not exceeding one
year and assumes the management of the institution is called:
a. a temporary administrator
b. a special administrator
c. an extraordinary administrator
d. a periodic administrator
57. The mechanism by which an institution is recapitalised, or some or all of their debt is
converted to equity is called:
a. write down or conversion
b. transfer of assets
c. bail in
d. sales of business
58. In the event that CySEC determines that the conditions for resolution are met, they should
inform the:
a. European Securities and Markets Authority (ESMA)
b. European Banking Association (EBA)
c. European Central Bank (ECB)
d. European Systemic Risk Board (ESRB)
60. Frequent issuers of securities may submit to CySEC the universal registration document to secure
the approval of a prospectus, if used within the eligibility limitations and within:
a. 5 months
b. 5 weeks
c. 5 days
d. 5 hours
61. In the event of a public offer of securities prior to admitting them for trading on a regulated
market, the prospectus must be publicly available:
a. at least 6 working days prior to the public offer
b. the latest 6 working days after the public offer has been made
c. at the beginning of the public offering
d. at least 6 working days prior to the end of the public offer
62. Natural persons who do not comply with the obligations towards publishing a prospectus, are
subject to an administrative fine of:
a. €500,000
b. €700,000
c. €2,000,000
d. €5,000,000
63. The annual financial report needs to be available to the public for at least:
a. one year
b. five years
c. eight years
d. ten years
64. Issuers of shares who do not comply with the framework of communication requirements are
subject to an administrative fine of at most:
a. €50.000 b. €85.000 c. €100.000 d. €170.000
65. Notification of changes in voting rights must be provided when specific thresholds are reached
by:
a. issuer
b. CySEC
c. acquirer
d. seller
66. Information of a precise nature which has not been made public is considered inside
information if it is likely to have:
a. no effect on the price of a financial instrument
b. minimal effect on the price of a financial instrument
c. average effect on the price of a financial instrument
d. significant effect on the price of a financial instrument
67. A person engages in insider dealing when they possess information by virtue of the fact that
they:
a. are related to a staff member of CySEC
b. have their portfolio managed by a CIF
c. are studying financial management
d. participate in the capital of the issuer
68. Inside information and significant changes to previously disclosed information needs to be
made available by the issuer:
a. as soon as possible
b. immediately after issuance of the financial instrument
c. within 30 days after informing CySEC
d. after five years
70. The following penalty applies for insider dealing, unlawful disclosure and market manipulation
by a natural person:
a. €1.000.000
b. €2.500.000
c. €5.000.000
d. €15.000.000
Each of the supervisory authorities (CySEC and the Central Bank) is responsible for supervision
under the European Union (EU) directives and regulations including the exchange of any information
that is essential or relevant to the exercise of their functions and competencies.
2. C Chapter 1, Section 2
CySEC shall review the arrangements, strategies, processes and mechanisms implemented by CIFs
to meet supervisory requirements and evaluate the risks that the CIFs may be exposed to. The
frequency and intensity of the reviews will be established based on size, systemic importance,
nature, scale and complexity of the activities, taking into account the principle of proportionality;
reviews will take place at least annually.
4. D Chapter 2, Section 1
A CIF is a firm that provides professional investment services to clients in the Republic and abroad. Law
87(I)/2017 includes specific provisions related to the capital requirements, establishment of branches
and licencing.
One of the main concerns from a regulatory perspective is associated with the management of
conflicts of interest between the CIF (including its manager, employees, tied agents, and other
relevant persons) and its clients or between two clients.
The eligible counterparties are CIFs, IFs, credit institutions, insurance undertakings, Undertakings for
Collective Investment in Transferable Securities (UCITS) and their management companies, pension
funds and their management companies and other financial institutions authorised by a member state
or regulated under community legislation or the national law of a member state, national governments,
central banks and supranational organisations.
8. B Chapter 2, Section 5
A market may apply to be an SME growth market if at least 50% of the issuers admitted to trading
are SMEs. In order to assess whether at least 50% of the issuers are SMEs, CySEC will calculate the
average ratio of SMEs over the total number of issuers whose financial instruments are admitted
to trading on that market. The average ratio shall be calculated on 31 December of the previous
calendar year as the average of the 12 end-of-month ratios of that calendar year.
9. D Chapter 2, Section 6
• does not make use of its authorisation within 12 months from the date of issue of the
relevant authorisation
• expressly renounces its authorisation
• has not operated for the preceding six months
• has submitted false or misleading information as part of the application or has generally
provided false or misleading information, details or documents
• no longer meets the conditions for authorisation
• has seriously and/or systematically infringed the regulations, or
• falls within any of the cases provided in other Cypriot legislation which provides for
withdrawal of authorisation.
A regulated market may impose a higher fee on operators of a high-frequency algorithmic trading
technique.
o monitor on a permanent basis and to assess, on a regular basis, the adequacy and
effectiveness of the measures, policies and procedures put in place, and the actions
taken to address any deficiencies in the firm’s compliance with its obligations.
In order to be considered a professional client, the client must comply with the following criteria:
Entities required to be authorised or regulated to operate in the financial markets, including those
authorised by an EC member state.
National and regional governments, public bodies managing public debt, central banks,
international and supranational institutions and other similar international organisations.
Investment firms should inform clients, clearly and simply, that the reason for assessing suitability
is to enable the firm to act in the client’s best interest.
When executing client orders, the firm needs to take into account the characteristics of the client
including the categorisation of the client as retail or professional; the characteristics of the client
order, including where the order involves a securities financing transaction (SFT); the characteristics
of financial instruments that are the subject of that order; and the characteristics of the execution
venues to which that order can be directed.
A UCITS fund may not invest more than 10% of its assets in transferable securities, except for
those mentioned, and may not acquire precious metals, or certificates representing them.
Summarised statement of assets and First, second, and third Within 15 days of the end of
expenses quarter the period
A feeder UCITS is a UCITS, or an investment compartment of a UCITS, that has been approved to invest
at least 85% of its total net assets in UCITS or other collective investment funds. Up to 15% of its
assets may be invested in ancillary liquid assets, and financial derivatives for hedging purposes. In
addition, VCICs may invest in (im)movable property.
An AIFM needs to comply with all relevant rules and regulations when conducting its business and
must treat all AIF investors fairly. Investors may not be given preferential treatment, unless such
treatment is disclosed in the AIF’s rules or instruments of incorporation.
An AIFM that is also authorised to undertake discretionary portfolio management services must
not invest all or part of a client’s portfolio in units of AIFs that it manages, unless the client has
provided prior general approval
Party I Party II
An AIFM, its managers, employees or any person
(in)directly linked to the AIFM by control
An AIF managed by an AIFM or its investors
As the competent authority in the Republic, one of the responsibilities of the CBC is prudential
supervision. As such, the CBC also has to work together with the competent authorities in other
member states, participate in the activities of the European Banking Authority (EBA), and follow the
EBA guidelines and recommendations or provide reasons for not doing so.
The minimum capital of an ACI incorporated in the Republic is €5 million, unless the CBC determines
that a higher amount of own funds is required.
The compliance officer is responsible for the design of the internal practice, measures, procedures,
and controls related to the prevention of money laundering and terrorist financing based on the
policy principles defined by the board of directors. The policies and procedures need to include
measures to prevent abuse of new technologies and systems for the purpose of money laundering
and terrorist financing. The compliance function is responsible for the preparation of a risk
management procedures manual covering the risk the organisation faces regarding money
laundering and terrorist financing. The procedures need to include appropriate monitoring
mechanisms so that the compliance function will receive all necessary information to be able to
assess the level of compliance of the relevant employees and departments.
There are two main differences to note, however, between terrorist financing and money
laundering activities:
• Often, only small sums of money are required to commit terrorist acts, making identification
and tracking more difficult.
• If legitimate funds are used to fund terrorist activities, it is difficult to identify when the funds
become ‘terrorist funds’.
• Terrorist organisations can, however, require significant funding and will employ modern
techniques to manage them and transfer funds between jurisdictions, hence the similarities
Page 304 of 334
Financial Services Regulatory Framework:
Advanced Examination
The trading venue needs to maintain adequate resources and have back-up facilities in place, in order
to offer and maintain its services at all times.
CET1 4,5% CET1 capital expressed as a percentage of the total risk exposure amount
Total Tier 1 6% Tier 1 capital expressed as a percentage of the total risk exposure amount
Total 8% Own funds of the institution expressed as a percentage of the total risk
Capital exposure amount
When own funds requirements are based on a rating form an External Credit Assessment Institution
(ECAI), or based on the fact that an exposure is unrated, the CIF still needs to consider other relevant
information when assessing their allocation of internal capital.
a. the variable component shall not exceed 100 % of the fixed component of the total
remuneration for each individual.
b. shareholders of the CIF may approve a higher maximum level of the ratio between the fixed and
variable components of remuneration provided the overall level of the variable component shall
not exceed 200 % of the fixed component of the total remuneration for each individual.
The outcome of the SREP should define the level of capital that the CIF should hold, in order to cover
the full spectrum of risks it faces. This level of capital, which may be higher than the capital calculated
in the CIF’s own assessment (ICAAP), will form the CIF’s capital requirement.
The ICAAP is a set of processes, procedures and measures implemented by a CIF to ensure an
appropriate level of internal capital in relation to their risk profile.
Liquidity risk is defined as the risk that a CIF has insufficient financial resources to meet its current
and prospective obligations, as they fall due, or can only secure these resources at excessive costs.
A CCP must have at least €7,5 million in capital to be authorised. Its capital, including retained
earnings and reserves, needs to be proportionate to the risk associated with their activities and must,
at all times, be sufficient to:
bank liquidity, creditworthy and reliable commercial bank liquidity or both. In assessing the adequacy
of liquidity resources, especially in stress situations, a CCP should take into consideration the risks of
obtaining the liquidity by only relying on commercial banks credit lines.
Any breaches by clearing members will need to be disclosed publicly, except in cases where CySEC,
in consultation with ESMA, considers that this would:
• a special administrator
• a temporary administrator
A special administrator is appointed by the resolution authority for a period not exceeding one
year, and assumes the management of the institution. The resolution authority may appoint one
or more persons, strictly based on professional experience, knowledge of banking-related issues,
and personal criteria to ensure the suitability of the appointed person(s).
The Central Bank of Cyprus acts as the resolution authority and has the following measures available:
Bail-in – a mechanism for the exercise by the resolution authority of the write-down and
conversion powers in relation to liabilities of an institution under resolution
• The resolution authority and the competent authority of the entity and any branch of the
entity.
• The CBC and the competent central bank of the member state (if applicable.
• An appropriate deposit guarantee scheme.
• A body in charge of resolution financing arrangements.
• The group-level resolution authority (if applicable).
• The minister or competent ministry in the member state (if applicable).
• A consolidating supervisor.
• The European Systemic Risk Board (ESRB), and the designated national macro-prudential
authority.
• units issued by collective investment undertakings other than the closed-end type
• non-equity securities issued by a Member State or by one of a Member State’s regional or local
authorities, by public international bodies of which one or more Member States are members,
by the European Central Bank or by the central banks of the Member States
In the case of an initial offer to the public of a class of shares that is admitted to trading on a regulated
market for the first time, the prospectus must be made available to the public at least six working days
before the end of the offer.
Anyone who acquires shares in an issuer to which voting rights are attached is considered a
shareholder. Notifications of changes in voting rights must be provided to both the issuer and
CySEC if the voting rights held reach or exceed/fall below thresholds of 5%, 10%, 15%, 20%, 25%,
30%, 50%, or 75% of total voting rights. This obligation exists for initial and subsequent purchases
or disposals.
Inside information is information of a precise nature, which has not been made public, relating,
directly or indirectly, to one or more issuers or to one or more financial instruments, and which, if it
were made public, would be likely to have a significant effect on the prices of those financial
instruments or on the price of related derivative financial instruments
Insider dealing applies to any person who possesses inside information because they:
It is the responsibility of the firm issuing a security or the emission allowance market participant (for
the purpose of this section collectively known as ‘firm’) to inform the public as soon as possible of
any inside information that directly concerns the firm.
1.3.1 Know the objective and the members of the ICF 3.1
Offences
1.4 On completion, the candidate should:
Authorisation
2.1 On completion, the candidate should:
Regulated Markets
2.6 On completion, the candidate should:
Know how the obligations apply to regulated markets
• Application and authorisation process
2.6.1 • Senior management requirements 6.1
• Organisational requirements
• Obligations
Know obligations relating to:
2.6.2 • Direct electronic access
6.2
• Algorithmic trading systems
Organisational Requirements
3.1 On completion, the candidate should:
Specific Requirements
3.2 On completion, the candidate should:
Conflicts of Interest
3.3 On completion, the candidate should:
• Information requirements
• Information about the CIF
• Information about the client
• Client categorisation and professional clients
Know the requirements regarding information about
3.4.2 4.2
financial instruments
Investment Advice
3.5 On completion, the candidate should:
Know t h e requirements regarding investment advice:
3.5.1 • Information about investment advice 5
• Investment advice on an independent basis
Suitability
3.6 On completion, the candidate should:
Know t h e s u i t a b i l i t y requirements:
• Assessment of suitability and suitability reports
3.6.1 • Common assessment provisions 6
• Assessment of appropriateness and related record-
keeping obligations
Know the obligations for CIFs who provide
3.6.2 services through the medium of another IF 6
Best Execution
3.7 On completion, the candidate should:
Obligations of UCITS
4.2 On completion, the candidate should:
Know the obligations of UCITS:
• Investment policy
4.2.1 2.1
• Standing obligations
• Investor information
Know the special provisions applicable to UCITS that
market their units abroad:
• UCITS established in the Republic marketing units
4.2.2 2.2
to other member states
• UCITS from other member states marketing units in
the Republic
UCITS Structures
4.3 On completion, the candidate should:
Know the main obligations that apply to master-feeder
UCITS structures:
• Investment policy
4.3.1 3
• General operating obligations
• Specific obligations of the feeder UCITS
• Specific obligations of the master UCITS
Management Companies
4.4 On completion, the candidate should:
Organisational Requirements
5.3 On completion, the candidate should:
Investors
5.4 On completion, the candidate should:
General
6.1 On completion, the candidate should:
Understand how the Central Bank of Cyprus (CBC)
supervises banks:
• Ownership and management
6.1.1 • Supervision and inspection 1
• Disclosure of information
• Cooperation with other competent authorities
• Powers of the Central Bank of Cyprus (CBC)
Transparency Requirements
8.2 On completion, the candidate should:
Know transparency requirements for equity
instruments
• Pre-trade
8.2.1 • Waivers 2.1
• Volume cap mechanism
• Post trade
• Deferred publication
Know transparency requirements for non-equity
instruments
• Pre-trade
8.2.2 2.2
• Waivers
• Post trade
• Deferred publication
Know transparency requirements
8.2.3 applicable to systematic internalisers and 2.3
investment firms trading OTC
Reporting Requirements
8.3 On completion, the candidate should:
Derivatives
8.4 On completion, the candidate should:
Know the obligation to trade derivatives on:
8.4.1 • Regulated markets 4.1
• MTFs
• OTFs
• Third-country trading venues
• Securitisation risk
• Market risk
• Interest risk arising from non-trading activities
• Operational risk
• Liquidity risk
• Risk of excessive leverage
Governance
9.3 On completion, the candidate should:
Know governance requirements relating to:
9.3.1 • Country-by-country reporting 3
• Public disclosure of return on assets
Know governance requirements relating to
remuneration:
9.3.2 • Remuneration policies 3
• Variable elements of remuneration
• Remuneration committee
Supervisory Review and Evaluation Process
9.4 (SREP)
On completion, the candidate should:
EMIR
10.1 On completion, the candidate should:
General Requirements
10.2 On completion, the candidate should:
Recovery Planning
11.1 On completion, the candidate should:
Know recovery planning obligations and the
assessment and relevant provisions for:
• CIF that are not part of a group subject to
11.1.1 1
consolidated supervision
• CySEC evaluation on simplified obligations
• Group recovery plan
Early Intervention
11.3 On completion, the candidate should:
Resolution
11.4 On completion, the candidate should:
Know resolution tools:
• The sale of operations measure
• The measure to transfer assets, rights or liabilities to
11.4.1 a bridge institution 4
• The measure to transfer assets and rights to an asset
management company
• The bail-in measure
Know the special resolution requirements:
• The sale of business measure
11.4.2 4
• The asset transfer measure
• Treatment of shareholders in case of write down or
Procedural Obligations
11.5 On completion, the candidate should:
Shareholder obligations
13.3 On completion, the candidate should:
Inside Information
14.1 On completion, the candidate should:
Disseminating Information
14.4 On completion, the candidate should:
Know provisions relating to persons and institutions
who:
• Produce or disseminate investment
recommendations (Article 20 EU 596/2014)
14.4.1 4
• Disseminate statistics and forecasts (Article 20 EU
596/2014)
• Disclose or disseminate information to the media
(Article 21 EU 596/2014)
Administrative Measures and Sanctions
14.5 On completion, the candidate should:
Examination Specification
It is important to note that the numbers quoted may vary slightly from
examination to examination as there is some flexibility to ensure that each
examination has a consistent level of difficulty. However, the number of
questions tested in each element should not change by more than plus or
minus 2.
Element
Element Questions
Number
5 Alternative Investments 6
12 Prospectus Regulation 2
13 Transparency Laws 3
Total 70