English Advanced Workbook

Financial Services Regulatory Framework:
Advanced Examination
Edition B.Ad.1 / EN, November 2020
This learning manual relates to syllabus version 4.0 and

will cover examinations from 1 February 2021
Edition B.Ad.1 / EN
Intentionally blank page
Page 2 of 334
Preface
Welcome to the Cyprus Securities and Exchange Commission’s Financial Services Regulatory
Framework study material for the Advanced Examination.
This workbook has been written to prepare you for the Advanced Examination of the Cyprus
Securities and Exchange Commission’s Financial Services Regulatory Framework.
Published for:
Cyprus Securities & Exchange Commission
19 Diagorou St., 1097 Nicosia, Cyprus
All information provided in this workbook is presented for educational purposes only. Cyprus
Securities and Exchange Commission accepts no responsibility for persons undertaking
trading or investments in whatever form.
While every effort has been made to ensure its accuracy, no responsibility for loss occasioned
to any person acting or refraining from action as a result of the information provided in this
workbook can be accepted by the publisher or authors.
All rights reserved. No part of this workbook may be reproduced, stored in a retrieval system,
or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or
otherwise without the prior permission of the copyright owner.
Warning: any unauthorised act in relation to all or any part of the material in this workbook may
result in both a civil claim for damages and criminal prosecution.
A learning map, which contains the full syllabus, appears at the end of this workbook. Please note
that the examination is based upon the syllabus.
The questions included in this workbook are designed as an aid to revision of the different
areas of the syllabus as well as to help you consolidate your learning chapter by chapter.
Learning Manual Version 4: Issued in November 2020
Page 3 of 334
Edition B.Ad.1 / EN
Foreword
The Cyprus Securities and Exchange Commission (CySEC) is an independent public supervisory
authority responsible for the overall supervision of the securities market in the Republic of Cyprus
By putting high standards of investor protection at the core of its supervision, CySEC’s aim is to
safeguard the integrity, fairness and transparency of the securities market, and consequently, to
facilitate the steady, sound development of the securities sector.
Since 2012, CySEC has been responsible conducting the examinations for the certification of persons
employed by investment firms, credit institutions, management companies, variable capital
investment companies and alternative investment fund managers that are engaged in the provision
of investment services and the performance of specific functions, as specified in the new framework
set up by CySEC.
The aim of the examinations is to ensure that candidates have an appropriate level of knowledge,
understanding and appreciation of the regulatory framework that underpins the financial services
sector in Cyprus. This ensures we are taking every step to creating a compliance-first culture across
the firms in our financial sector, as well as helping the individuals in the performance of their duties.
The Basic Examination concerns individuals who wish to be certified only for the investment services
of receiving, transmitting and executing orders and for the marketing of collective investment
schemes. The Advanced Examination concerns individuals who wish to be certified for all the
investment services/activities found in paragraph 4 of Directive 44/2019, found on CySEC’s website.
This workbook has been designed to ensure that candidates gain a comprehensive understanding
of the examination content. The workbook provides thorough preparation for the examination
and is compulsory preparation work.
We would like to wish you every success in your studies.
Demetra Kalogerou
Chairman, Cyprus Securities and Exchange Commission
Page 4 of 334
Contents
CHAPTER 1 INVESTMENT SERVICES LAW 2017: SCOPE/POWERS/OFFENCES ................................................. 13
1. SCOPE,APPLICATION AND COMPETENT AUTHORITIES .................................................................................... 13
1.1. Scope and Application.................................................................................................................. 14
1.2. Investment Services by third-country firms .............................................................................. 15
1.3. Exemptions ..................................................................................................................................... 16
1.4. Competent Authorities .................................................................................................................... 19
2. THE CYPRUS SECURITIES AND EXCHANGE COMMISSION (CY SEC) .................................................................... 20
3. INVESTOR COMPENSATION FUND (ICF).......................................................................................................... 22
3.1. ICF Objectives and Members .......................................................................................................... 22
3.2. Funds and Resources ...................................................................................................................... 23
3.3. Compensation ................................................................................................................................. 25
4. OFFENCES .................................................................................................................................................. 27
CHAPTER 2 CYPRIOT INVESTMENT FIRMS (CIFS) ........................................................................................... 29
1. AUTHORISATION ......................................................................................................................................... 29
1.1. Initial Authorisation of a Firm ......................................................................................................... 29
1.2. Continuous CIF Obligations ............................................................................................................. 30
1.3. Suspension and Termination of Authorisation of a Firm ................................................................ 31
2. CONDUCT OF BUSINESS OBLIGATIONS .......................................................................................................... 33
2.1. Management Body ......................................................................................................................... 33
2.2. Governance ..................................................................................................................................... 35
2.3. Responsibility of Senior Management ............................................................................................ 36
3. GENERAL CIF OBLIGATIONS ........................................................................................................................ 37
3.1. Tied Agents ..................................................................................................................................... 37
3.2. EligibleCounterparties ................................................................................................................. 39
3.3. Crowdfunding ............................................................................................................................... 39
4. SPECIFIC RESTRICTIONS ................................................................................................................................ 41
5. SME GROWTH MARKETS ............................................................................................................................ 42
Page 5 of 334
Edition B.Ad.1 / EN
6. REGULATED MARKETS ................................................................................................................................ 44
6.1. Application and Authorisation Requirements .......................................................................... 44
6.2. Direct Electronic Access and Algorithmic Trading........................................................................... 53
6.3. Admission of Financial Instruments to Trading ......................................................................... 54
6.4. Transparent and Non-Discriminatory Rules ............................................................................... 55
6.5. Compliance and Trade Transparency.............................................................................................. 55
7. DATAREPORTINGSERVICEPROVIDERS(DRSPS ) ............................................................................................. 56
CHAPTER 3 CYPRIOT INVESTMENT FIRMS (CIFS) AND BANKS ....................................................................... 60
1. ORGANISATIONAL REQUIREMENTS ................................................................................................................ 60
2. SPECIFIC REQUIREMENTS ............................................................................................................................. 62
2.1. Compliance ..................................................................................................................................... 62
2.2. Electronic Communications ............................................................................................................ 63
2.3. Outsourcing .................................................................................................................................... 65
2.4. Client Assets .................................................................................................................................... 68
2.5. Risk Management and Internal Audit .......................................................................................... 68
3. CONFLICTS OF INTEREST ............................................................................................................................. 69
4. PROVISION TO ENSURE INVESTOR PROTECTION ............................................................................................ 72
4.1. Professional Clients ......................................................................................................................... 74
4.2. Information about Financial Instruments ....................................................................................... 76
4.3. Costs and Charges........................................................................................................................... 77
5. INVESTMENT ADVICE ................................................................................................................................. 78
6. SUITABILITY ................................................................................................................................................ 80
6.1. Suitability Requirements ................................................................................................................. 80
7. BEST EXECUTION ........................................................................................................................................ 83
7.1. Client Order Handling .................................................................................................................. 85
CHAPTER 4 OPEN-ENDED UNDERTAKINGS FOR COLLECTIVE INVESTMENT (UCI) LAWS 2012–2019 ............... 88
1. UNDERTAKINGSFORCOLLECTIVEINVESTMENTIN TRANSFERABLESECURITIES(UCITS) ...................................... 90
1.1. Specific Types of UCITS ................................................................................................................ 91
1.2. Depositaries ................................................................................................................................... 92
2. OBLIGATIONS OF UCITS ............................................................................................................................. 97
2.1. UCITS Obligations ........................................................................................................................... 97
2.2. Marketing Provisions .................................................................................................................... 106
Page 6 of 334
3. UCITSSTRUCTURES ................................................................................................................................. 107
3.1. Investment Policy .......................................................................................................................... 108
3.2. General Obligations ...................................................................................................................... 108
3.3. Special Obligations of the Feeder UCITS ....................................................................................... 108
3.4. Specific Obligations of the Master UCITS ...................................................................................... 109
4. MANAGEMENT COMPANIES ..................................................................................................................... 110
4.1. Management Company Operations ............................................................................................. 110
4.2. Cross-Border Services .................................................................................................................. 115
CHAPTER 5 ALTERNATIVE INVESTMENTS .................................................................................................... 122
1. ORGANISATION AND OPERATION OF AIFS .................................................................................................... 123
1.1. Initial Capital and Retention of Minimum Assets ......................................................................... 124
1.2. Investment Policy .......................................................................................................................... 124
1.3. Risk Management ......................................................................................................................... 124
1.4. Management and Conduct of Business ........................................................................................ 125
1.5. Valuation ...................................................................................................................................... 125
1.6. Transactions.................................................................................................................................. 125
2. OPERATIONAL CONDITIONS OF AIF MANAGERS (AIFMS) .................................................................................. 126
2.1. Authorisation ................................................................................................................................ 126
2.2. General Principles ......................................................................................................................... 132
2.3. Remuneration ............................................................................................................................... 132
2.4. Conflicts of Interest ....................................................................................................................... 135
2.5. Risk Management ......................................................................................................................... 136
2.6. Liquidity Management.................................................................................................................. 137
2.7. Transparency ................................................................................................................................ 137
3. ORGANISATIONAL REQUIREMENTS ................................................................................................................. 141
3.1. Valuation ...................................................................................................................................... 142
4. INVESTORS ............................................................................................................................................... 143
4.1. Marketing of AIFs to Retail Investors in the Republic ................................................................... 143
CHAPTER 6 THE BUSINESS OF CREDIT INSTITUTIONS LAWS OF 1997–2016 ........................................... 145
1. GENERAL.................................................................................................................................................. 145
1.1. Ownership and Management ....................................................................................................... 146
1.2. Supervision and Inspection ........................................................................................................... 147
Page 7 of 334
Edition B.Ad.1 / EN
1.3. Disclosure of Information ............................................................................................................. 148
1.4. Cooperation with Other Competent Authorities ........................................................................... 148
1.5. Powers of the Central Bank of Cyprus (CBC) ................................................................................. 149
2. CAPITAL.................................................................................................................................................... 151
3. RETURNSANDACCOUNTS .......................................................................................................................... 151
CHAPTER 7 THE PREVENTION AND SUPPRESSIONOFMONEY LAUNDERING AND TERRORIST

FINANCING LAWS .................................................................................................................................. 153
INTRODUCTION ................................................................................................................................................. 154
1. SPECIAL PROVISIONS IN RESPECT OF FINANCIAL AND OTHER BUSINESS ACTIVITIES .......................................... 155
1.1. SystemsandProcedures............................................................................................................. 155
1.2. Simplified and Enhanced Customer Due Diligence (CDD) ............................................................. 159
2. THE RESPONSIBILITIES OF OBLIGED ENTITIES ................................................................................................ 162
2.1. The Responsibility of the Board of Directors ................................................................................. 162
2.2. Obligations of the Internal Audit department ....................................................................... 163
2.3. Customers’ acceptance policy .................................................................................................. 163
2.4. ComplianceOfficerDuties .......................................................................................................... 164
2.5. Risk-Based Approach (RBA) .......................................................................................................... 165
2.6. Examples ....................................................................................................................................... 166
CHAPTER 8 MARKETSINFINANCIAL INSTRUMENTS REGULATION (MIFIR) ............................................ 170
.................................................................................................................................................................. 170
1. SPECIAL PROVISIONS IN RESPECT OF FINANCIAL AND OTHER BUSINESS ACTIVITIES ................................................... 170
2. TRANSPARENCY REQUIREMENTS .................................................................................................................... 171
2.1. Equity Instruments ........................................................................................................................ 172
2.2. Non-Equity Instruments ................................................................................................................ 175
2.3. Systematic Internalisers and Investment Firms Trading OTC........................................................ 177
3. REPORTING REQUIREMENTS ....................................................................................................................... 178
3.1. Record-Keeping ............................................................................................................................. 178
3.2. Transaction Reporting .................................................................................................................. 179
3.3. Reference Data ............................................................................................................................. 180
4. DERIVATIVES............................................................................................................................................. 181
4.1. Obligation to Trade on Regulated Markets, MTFs or OTFs ........................................................... 181
4.2. Clearing of Derivatives .................................................................................................................. 182
Page 8 of 334
4.3. Portfolio Compression................................................................................................................... 182
CHAPTER 9 CAPITAL ADEQUACY REQUIREMENTS ................................................................................. 184
.................................................................................................................................................................. 184
1. PRUDENTIAL REGULATIONS, CAPITAL AND OWN FUNDS REQUIREMENTS ............................................................... 184
1.1. Prudential Consolidation............................................................................................................... 185
1.2. Own Funds Requirements ............................................................................................................. 187
1.3. Capital Requirements.................................................................................................................... 189
1.4. Large Exposures ............................................................................................................................ 191
1.5. Transitional Provisions .................................................................................................................. 192
2. RISK MANAGEMENT SYSTEMS ................................................................................................................... 193
2.1. Recovery and Resolution ............................................................................................................... 194
2.2. Remuneration ............................................................................................................................... 194
2.3. Treatment of Risk.......................................................................................................................... 195
2.4. Calculating Own Funds Requirements .......................................................................................... 196
2.5. Supervisory Benchmarking of Own Funds Requirements.............................................................. 197
2.6. Processes and Procedures for Types of Risk .................................................................................. 197
3. GOVERNANCE ........................................................................................................................................... 201
3.1. Country-to-Country Reporting and Return on Assets Disclosure .................................................. 201
3.2. Remuneration ............................................................................................................................... 202
4. THESUPERVISORYREVIEW ANDEVALUATIONPROCESS (SREP) ...................................................................... 206
4.1. The Five Stages of SREP.............................................................................................................. 206
4.2. The Five Stages of SREP ................................................................................................................ 208
4.3. SREP Outcomes ............................................................................................................................. 209
5. THE PURPOSE OF THE INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP) ..................................... 210
5.1. General Guideline 1 – Compliance Risk Assessment ..................................................................... 210
5.2. Principles for Implementation....................................................................................................... 211
5.3. Pillar 1 Risks .................................................................................................................................. 212
5.4. Risks not Fully Covered in Pillar 1.................................................................................................. 214
5.5. Pillar 2 Risks .................................................................................................................................. 215
5.6. Risk Register and Stress Testing.................................................................................................... 217
CHAPTER 10 EUROPEAN MARKET INFRASTRUCTURE REGULATION (EMIR) ....................................... 221
.................................................................................................................................................................. 221
Page 9 of 334
Edition B.Ad.1 / EN
1. EUROPEAN MARKET INFRASTRUCTURE REGULATION (EMIR) ....................................................................... 221
2. GENERAL REQUIREMENTS ......................................................................................................................... 223
2.1. Clearing Obligation ....................................................................................................................... 223
2.2. Reporting Obligations under EMIR Refit and Amendments to CCP Regime ................................. 224
2.3. Risk Mitigation Techniques ........................................................................................................... 225
2.4. Capital Requirements for CCPs ..................................................................................................... 226
2.5. Large Exposures and Exposures to Transfer Credit Risk ................................................................ 226
2.6. Liquidity ........................................................................................................................................ 226
2.7. Leverage ....................................................................................................................................... 227
2.8. Disclosure...................................................................................................................................... 228
CHAPTER 11 RECOVERY AND RESOLUTION LAWS ................................................................................. 230
.................................................................................................................................................................. 230
1. RECOVERY PLANNING .................................................................................................................................. 230
2. INTRA-GROUPFINANCIALSUPPORT ............................................................................................................ 233
3. EARLY INTERVENTION ............................................................................................................................... 233
3.1. Administrators .............................................................................................................................. 234
4. RESOLUTION.............................................................................................................................................. 236
5. PROCEDURALOBLIGATIONS ...................................................................................................................... 237
6. CROSS-BORDERGROUPRESOLUTION ......................................................................................................... 238
CHAPTER 12 PROSPECTUS REGULATION ................................................................................................ 241
.................................................................................................................................................................. 241
1. SUBJECT MATTER AND SCOPE OF THE REGULATION ........................................................................................... 242
2. REQUIREMENTSANDEXEMPTIONS ............................................................................................................. 243
2.1. Requirements ................................................................................................................................ 243
2.2. Exemptions from the Obligation to Publish a Prospectus ............................................................. 243
3. DRAWING UP OF THE PROSPECTUS ............................................................................................................ 245
3.1. General Provisions for the Drawing Up of the Prospectus ............................................................ 246
3.2. Simplified Disclosure Regime and EU Growth Prospectus ............................................................ 248
3.3. Language ...................................................................................................................................... 249
3.4. Responsibility of Signatories ......................................................................................................... 250
4. APPROVAL AND PUBLICATION OF THE PROSPECTUS .................................................................................... 251
4.1. Approval, Publication and Advertising .......................................................................................... 251
Page 10 of 334
5. ADMINISTRATIVE SANCTIONS AND OTHER ADMINISTRATIVE MEASURES ...................................................... 253
5.1. Administrative Sanctions and Other Administrative Measures .................................................... 253
CHAPTER 13 TRANSPARENCY LAWS ........................................................................................................... 256
.................................................................................................................................................................. 256
6. INFORMATION REPORTING REQUIREMENTS FOR ISSUERS ............................................................................ 256
6.1. Periodic Information ..................................................................................................................... 256
6.2. Ongoing Information .................................................................................................................... 260
7. FRAMEWORK OF COMMUNICATION FOR ISSUERS AND HOLDERS OF SECURITIES ...................................................... 261
7.1. Shares ........................................................................................................................................... 261
7.2. Debt Securities .............................................................................................................................. 262
8. SHAREHOLDER OBLIGATIONS ........................................................................................................................ 264
CHAPTER 14 INSIDER DEALING AND MARKET MANIPULATIONREGULATION (2016) ............................. 267
.................................................................................................................................................................. 267
INTRODUCTION ................................................................................................................................................. 267
1. INSIDE INFORMATION ............................................................................................................................... 268
1.1. Inside Information......................................................................................................................... 268
1.2. Insider Dealing .............................................................................................................................. 268
1.3. Obligations.................................................................................................................................... 269
1.4. Market Sounding .......................................................................................................................... 270
2. PROVISIONS RELATING TO ISSUERS OF FINANCIAL INSTRUMENTS .................................................................... 271
2.1. Insider Lists ................................................................................................................................... 272
2.2. Managers...................................................................................................................................... 273
3. MARKET MANIPULATION ........................................................................................................................... 274
3.1. Prevention and Detection of Market Abuse .................................................................................. 275
3.2. Accepted Market Practices ........................................................................................................... 275
4. DISSEMINATING INFORMATION ..................................................................................................................... 276
5. ADMINISTRATIVE MEASURES AND SANCTIONS ........................................................................................... 277
6. DISSEMINATING INFORMATION ..................................................................................................................... 277
GLOSSARY .................................................................................................................................................. 280
MULTIPLECHOICE QUESTIONS ................................................................................................................ 283
SYLLABUS LEARNING MAP ......................................................................................................................... 313
Page 11 of 334
Edition B.Ad.1 / EN
Page 12 of 334
Chapter 1
Investment Services Law 2017:
Scope/Powers/Offences
Learning Objectives
1. Scope, Application and Competent Authorities

2. The Cyprus Securities and Exchange Commission (CySEC)
3. Investor Compensation Fund
4. Offences
Law 87(I) of 2017 was enacted to transpose European Union (EU) directive 2014/65, the Markets
in Financial Instruments Directive (MiFID), and the subsequent update, EU/2017/565, MiFID II, into
Cypriot law. L
aw 87 replaces the Investment Services Law of 2007–16 unless otherwise specified.
1. Scope, Application and Competent Authorities
Learning Objective
Ø Know the scope and application of the law (Article 3)
Ø Know the provision of investment services by third country firms (R.A.D. 5/2018)
Ø Know the exemptions from the scope and application of the law (Article 4)
Page 13 of 334
Edition B.Ad.1 / EN
1.1. Scope and Application
Law 87(I)/2017 applies to Cypriot investment firms (CIFs), market operators, data reporting service
providers (DRSP), and third-country firms providing investment services or activities through the
establishment of a branch in the Republic. The Law regulates:
1. the authorisation conditions for CIFs and operating conditions for investment firms (IFs)
2. the provision of investment services or activities by third-country firms through the

establishment of a branch
3. the authorisation and operation of the regulated markets of the Republic
4. the authorisation and operation of DRSPs
5. the supervision, cooperation and enforcement by competent authorities, and
6. other related matters.
The following specific provisions also apply to credit institutions undertaking investment
services or activities covered by the authorisation granted to them by the competent
authority of another EU member state:
• Governance arrangements.
• Membership of an authorised investor compensation scheme.
• Organisational requirements.
• Algorithmic trading.
• Trading process and finalisation of transactions in a multilateral trading facility

(MTF) and an organised trading facility (OTF).
• Specific requirements for MTFs and OTFs.
• Provisions to ensure investor protection.
• Rights of IFs and credit institutions (except the provision of services, and the
establishment of branches, in member states).
• Competent authorities: designation, powers and redress procedures.
• Cooperation between competent authorities in supervisory activities for on-site

verification of investigations.
Page 14 of 334
• The powers of the Commission as a host member state.
• Precautionary measures to be taken by host member states.
• Persons employed by CIFs.
In addition, the following also apply to authorised credit institutions that sell or advise clients in
relation to structured products:
• Governance arrangements.
• Membership of an authorised investor compensation scheme.
• Organisational requirements.
• Conflicts of interest.
• Investor protection.
• Client order handling.
• Obligations when appointing tied agents.
• Transactions executed with eligible counterparties.
• Competent authorities: designation, powers and redress procedures.
Algorithmic trading requirements also apply to members or participants of regulated markets and
MTFs that are not required to be regulated.
All multilateral systems in financial instruments need to operate either in accordance with the
authorisation and operating conditions for CIFs, or with the conditions for regulated markets
of the Republic. When executing client orders outside a regulated market, an MTF or OTF needs
to operate in accordance with the transparency requirements for systematic internalisers and
investment firms trading over-the-counter (OTC).
1.2. Investment Services by third-country firms
In cases where third-country firms wish to provide their services in the Republic to eligible
counterparties and professional customers without the establishment of a branch, their registration
in the register of third-country firms maintained by the European Securities and Markets Authority
(ESMA) is required. ESMA shall enter in the register a third-country firm which has applied for the
provision of investment services or activities in the Union if:
Page 15 of 334
Edition B.Ad.1 / EN
• The European Commission has issued a decision for a third country in which it is stated that
the legal and supervisory arrangements of that third country ensure an equivalent effect to
the requirements set out in the legal framework of the European Union.
• The firm is licensed in the third country in which the headquarters are located, to provide
investment services or to carry out activities which will be provided or carried out in the
European Union and it is subject to effective supervision and control of its compliance
obligations.
• Cooperation arrangements have been established between ESMA and the relevant third-
country competent authorities concerning at least (a) the information exchange mechanism
between ESMA and the relevant competent authorities, (b) the immediate notification
mechanism to ESMA, in cases where the competent authority of a third country considers
that a third-country firm violates the terms of its license or other legislation which it is
required to comply with and (c) the procedures concerning the coordination of supervisory
activities, including, when necessary, on-site inspections.
A third-country firm that does not satisfy the legal requirements based on the Law and Regulation
(EU) 600/2014, and intends to provide investment services or perform investment activities with or
without ancillary services to eligible counterparties and professional clients in the Republic must:
- Receive authorisation in the third country where its head offices are established for the
provision of the aforementioned services and activities in the EU.
- Comply with the requirements of the Law.
- Establish a branch in the Republic, which will be supervised by CySEC or the Central Bank.
The third-country firm must not market otherwise than through the branch in the Republic any new
categories of investment products or investment services to eligible counterparties or professional
clients which at their own exclusive initiative, initiated the provision of investment services or the
performance of investment activities.
In the event where the third-party firm received authorisation of a branch in the Republic, and the EU
adopts a decision which results to the third-country firm satisfying the legal conditions, the third-party
firm may continue the operation of its branch or be registered in the third-country register of ESMA.
The final decision must be communicated to CySEC.
1.3. Exemptions
There are a number of organisations that are exempt from Law 87(I)/2017 (as listed below).
However, for each of these, the requirements in relation to position limits and position
management controls in commodity derivatives and reporting remain applicable.
Organisations carrying out the following are exempt from Law 87(I)/2017:
1. Undertaking insurance, reinsurance and retrocession activities as defined in the insurance,

reinsurance and other related matters law.
Page 16 of 334
2. Providing investment services exclusively to parent undertakings, subsidiaries or other

subsidiaries of the parent.
3. Providing investment services in an incidental manner in the course of a professional activity

regulated by legal or regulatory provisions or a code of ethics governing the profession which
do not exclude the provision of that service.
4. Dealing on own account in financial instruments other than commodity derivatives or emission
allowances or their derivatives, and that do not provide any other investment activities unless
they are:
a. market makers, or
b. members of or participants in regulated markets or MTF, have direct electronic

access to trading venues, and are not non-financial entities that execute
transactions on trading venues, or
c. apply a high-frequency algorithmic trading technique, or
d. deal on own account when executing client orders.
5. Operators that need to comply with the establishment of a greenhouse gas emission
trading scheme law that do not execute client orders, do not provide investment services
other than dealing on own account, and do not apply a high-frequency algorithmic trading
technique.
6. Providing investment services exclusively to employee-participation schemes with or without

the provision of investment services exclusively for their parent undertakings, subsidiaries,
and other subsidiaries of the parent.
7. Members of the European System of Central Banks (ESCB) or an equivalent national body.
8. Collective investment undertakings and pension funds and their depositaries and managers.
9. In relation to commodity derivatives, emission allowances, or emission allowance derivatives

that deal on their own account, except when they deal on own account when executing client
orders, or provide investment services to customers or suppliers of their main business
providing that:
a. this is an ancillary activity to the main business
b. they do not apply high-frequency algorithm trading, and
c. they annually notify the Cyprus Securities and Exchange Commission (CySEC) of the
exemption.
Page 17 of 334
Edition B.Ad.1 / EN
10. Providing investment advice in the course of providing another professional activity.
11. Associates of Danish and Finnish pension funds set up to manage assets of the pension funds.
12. ‘Agenti di cambio’ governed by article 201 of Italian legislative degree 58 (24 February 1998).
13. Transmission system operators for the sale of natural gas in relation to investment services
related to commodity derivatives to carry out their activities, but not in secondary markets.
14. Central securities depositories (CSDs).
Page 18 of 334
1.4. Competent Authorities
Learning Objective
Ø Know the competent authorities in the Republic: Cyprus Securities and Exchange
Commission (the Commission); Central Bank of Cyprus (the Central Bank); obligation of
cooperation with other member states and the Commission’s right to refuse
The Cyprus Securities and Exchange Commission (CySEC) operates on the basis of the CySEC
Law (establishment and responsibilities) and is the supervisory authority of investment firms (IFs).
In this context, it is the responsibility of CySEC to establish, maintain and regularly update a public
register of all persons acting on behalf of a CIF or an IF of another EU member state. CySEC
ensures that these individuals need to be of sufficiently good repute and possess appropriate
general, commercial and professional knowledge.
The powers of the Central Bank of Cyprus (CBC) are laid down in the Central Bank of Cyprus Law,
and in banking law. In relation to CySEC, the CBC also has the powers to:
• demand information from any person and, if necessary, summon and question them
• request telephone and data traffic records
• demand cessation of any practice that is contrary to the provisions of the law
• request the freezing and/or the sequestration of assets
• temporarily prohibit the exercise of professional activity
• adopt any measure to ensure persons under their supervision continue to comply with the
requirements of the law and any associated directives
• carry out on-site inspections
• allow auditors or experts to carry out verifications or investigations.
Each of the two supervisory authorities, CySEC and the CBC, is responsible for supervision under
EU directives and regulations, including the exchange of any information that is essential or
relevant to the exercise of their functions and competencies. In addition, they also cooperate
with every other competent authority in the Republic responsible for the supervision of pension
funds, insurance and reinsurance intermediaries and insurance undertakings.
CySEC is the designated contact point for the facilitation and acceleration of cooperation and for
Page 19 of 334
Edition B.Ad.1 / EN
the exchange of information for the purposes of Directive 2004/39/EC.
The supervisory authorities can exercise their powers either directly, by collaborating among
themselves or with other authorities, or by application to the competent courts. Any
confidential information received by the supervisory authorities may only be used in the
performance of their duties and for the exercise of their functions. Any confidential information
is subject to the conditions of professional secrecy.
CySEC needs to cooperate with the competent authorities of other member states, as well as
the European Securities and Markets Authority (ESMA) when this is necessary for the purpose
of carrying out its duties.
2. The Cyprus Securities and Exchange Commission

(CySEC)
Learning Objective
Ø Know the responsibilities of the Cyprus Securities and Exchange Commission (the
Commission)
Ø Know how the Commission cooperates with other competent authorities: eligible authorities;
conducting investigations on behalf of other authorities; exchanging information;
circumstances where inside information may be shared
Ø Know the extent of the Commission’s power to collect information and carry out inspections
and investigations
Ø Know the extent of the Commission’s power to impose sanctions for non-compliance with a
request from the Commission to: submit information; cooperate in an onsite inspection/
investigation
CySEC authorises and supervises CIFs, investment firms, and regulated markets to operate in the
Republic. It is the responsibility of CySEC to ensure that CIFs that are authorised and established
in the Republic comply with all requirements, that all CIFs are maintained in a publicly accessible
register, and that all CIF authorisations, rejections and revocations are communicated to ESMA.
When authorising the provision of investment services and/or the performance of investment
activities, CySEC makes sure that it knows the identities of all (in)direct shareholders. CySEC may
revoke or, wholly or partially, suspend a CIF authorisation. As part of the authorisation process
and during the period thereafter, CySEC is responsible for ensuring the sound and prudent
management of a CIF.
Page 20 of 334
CySEC shall review the arrangements, strategies, processes and mechanisms implemented by
CIFs to meet supervisory requirements and evaluate the risks that the CIFs may be exposed to.
The frequency and intensity of the reviews will be established based on size, systemic importance,
nature, scale and complexity of the activities, taking into account the principle of proportionality;
reviews will take place at least annually.
CySEC will provide assistance to other competent authorities, particularly in relation to the
exchange of information, cooperation in investigations, and inspections of supervisory activity. If
CySEC has reason to believe that an entity which is not subject to its supervision is carrying
out an act contrary to EC regulation in another member state, it shall notify the competent
authority in that member state as well as ESMA, in as much detail as possible. In the event that
CySEC receives such a notification from another member state, it will take the appropriate action
and inform the competent authority and ESMA of the outcome of the actions and, if possible, of
any significant interim developments.
CySEC will provide ESMA with all necessary information upon request without delay. In addition,
on an annual basis, CySEC will provide consolidated information concerning all administrative
penalties imposed. CySEC will report any complaints and the relevant remedial procedures to
ESMA.
In supervisory activities, inspections and investigations, CySEC can cooperate with the competent
authorities of other member states. In the event that a CIF is a remote member of a regulated
market that is authorised in another member state, the competent authority of the regulated
market may address the CIF directly. In this case, the authority will inform CySEC accordingly.
Similarly, when CySEC decides to address an IF authorised in another member state which is a
remote member of a regulated market authorised in the Republic, CySEC will inform the competent
authority of the IF’s home member state.
If CySEC receives a request regarding an inspection or investigation, it will:
1. carry out the inspection or investigation, or
2. allow the requesting authority to carry out the inspection or investigation, or
3. allow auditors or experts to carry out the inspection or investigation.
ESMA’s staff may participate in the supervisory activities of CySEC, including on-site inspections
carried out jointly by two or more competent authorities. Similarly, to competent authorities in
other member states, CySEC is designated as the contact point that will immediately supply the
other contact points with the information needed to carry out their functions. Some of the
information CySEC shares or receives is confidential, and should be treated as such; however, the
fact that information is confidential does not prevent CySEC from transmitting it to ESMA, the
European Systemic Risk Board (ESRB), the CBC, other central banks of member states, or the
European Central Bank (ECB) on the understanding that it is to be treated confidentially.
Page 21 of 334
Edition B.Ad.1 / EN
Under certain circumstances, CySEC may refuse to provide information or cooperate with an
investigation. This could, for instance, occur when:
• such an inspection, investigation, supervisory activity or exchange of information might

adversely affect the sovereignty, security or public order in the Republic
• judicial proceedings have already been initiated in respect of the same actions and the same
persons before a court
• final court judgment has already been delivered in the Republic in respect of the same
persons and the same actions.
If CySEC refuses to provide information or to cooperate, they shall inform the competent authority
of the requesting member state, as well as ESMA. In addition, CySEC will inform ESMA and the
EC in the event that measures taken by the home member state in this respect have proven to be
inadequate.
Any difficulties encountered by CIFs in establishing branches or in providing a service in a third

country will be brought to the attention of the EC.
3. Investor Compensation Fund (ICF)
Learning Objectives
Ø Know the objective and the members of the ICF
Ø Know the funds and resources
Ø Understand the compensation procedure
CySEC issued Directives R.A.D. 76/2019 and R.A.D. 154/2020 for regulating the provisions concerning
the operation of the Investor Compensation Fund (ICF).
3.1. ICF Objectives and Members
The purpose of the ICF is to secure the claims of covered customers against the members of the ICF,
by paying compensation.
The following members participate in the ICF:
Page 22 of 334
(a) CIFs
(b) Branches of IFs of Member States can voluntarily participate in the ICF in order to supplement
the coverage that is already available to the investors due to the IFs participation in the
investor compensation scheme of its home Member State;
(c) Branches of third country IFs
(d) Managers of Alternative Investment agencies given that they provide portfolio management
services and ancillary investment advisory services, custody and management of units of
collective investment undertakings and the receipt and transmission of financial instrument
orders
(e) Management companies if they provide investment management services and ancillary
services of investment consulting, custody and management of units of collective investment
undertakings.
The above companies must, as soon as requested by CySEC, submit immediately an application to
participate in the ICF as they and cannot provide any investment services or activities if they are not
members of the ICF.
In the event that a member of the ICF loses for any reason its operating license, the member is also
removed from the ICF. The covered clients maintain their rights for compensation(s) until the member
is removed from the ICF.
3.2. Funds and Resources
Available Funds: The ICF funds are available to compensate covered clients. The funds derive from:
- initial contributions of its members during the acquisition of membership based on the
investment operations for which the respective member applied to CySEC
- regular annual contributions of members based on the annual statement of eligible

funds and financial instruments of their covered customers
- Following the decision of CySEC, where necessary, additional contributions when the
member receives written and justified information from the ICF notifying that the funds
available are insufficient
- income from the ICF investment operations
- donations and other voluntary causes
Page 23 of 334
Edition B.Ad.1 / EN
- fees paid by its members, to cover administrative and/or other expenses arising from
the operation of the ICF
- unclaimed customer funds
- funds transferred to the ICF under the procedure for suspension and withdrawal of
operating license, which become the ICF’s resources after three years from the date of
their transfer
The Management Committee of the ICF, if it deems that the funds available are not sufficient for the
payment of the due or probable expenses or compensations, may, with the consent of CySEC, receive
loans and other credits with banks in the Republic or abroad. It is also possible, with the consent of
CySEC, to proceed with an insurance policy for the insurance coverage of the obligations of the ICF, in
whole or in part, towards the covered clients.
The contributions and fees paid to the ICF are not an asset of the members and therefore, no amount
can be refunded to members at any stage, except (a) in the event of a miscalculation of a contribution
paid during the current year, and (b) in the case where despite the application for participation in the
ICF, CySEC rejects the application for an operating license to a potential member.
Investment Policy: The ICF in the context of the investment policy of funds ensures that at least:
- 70% of all assets are to be placed in governmental securities, in interest-bearing accounts in

banks operating in the Republic / other Member State(s) or in an ICF account in the Central
Bank of Cyprus, and
- 10% of the total assets are to be placed in interest-bearing current accounts in banks operating
in the Republic.
Unsolicited customer funds: A member of the ICF may choose to pay the ICF with funds held by and
owned by a client, without violating any provisions relating to the protection of customer funds, in
cases where:
- the member held the amount for at least six years from the date on which the last
transaction in that account took place, including deposits and withdrawals, but excluding
any interest or fee payments or charges and related transactions
- the member is able to demonstrate that it has taken reasonable steps to identify the
customer and reimburse the amount
- the member commits to return to the client an amount equal to the funds of the client
that the member paid to the ICF, in case the client (or his legal heir) claims the funds at
any time in the future
Page 24 of 334
3.3. Compensation
Customer Information: The members of the ICF must inform their customers about the provided
coverage, which customers are covered, the maximum amount of compensation and the conditions
and formalities of the payment of compensation. Investment firms that provide investment services
or activities in the Republic and are exempted from the obligation to participate in the ICF, shall inform
their clients in writing about their exception status.
Payment of Compensation: The ICF proceeds with the process of payment of compensation followed
by CySEC’s approval when it determines that a member of the ICF is not capable of fulfilling its
obligations arising from customer claims, for reasons directly related to its financial situation, and is
not expected to become able in the near future. The procedure can also be enabled in the event that
a court in the Republic, based on reasons directly related to the financial situation of a member, has
issued a decision, which has the effect of suspending the ability of covered customers to submit claims
against of that member.
Covered Claims: The ICF covers claims that arise due to the inability of a member (a) to repay to
covered customers the funds owed to them or owned by them and were held on their behalf in
connection with investment operations or (b) to return to covered clients any financial instruments
that belong to them and which it holds, manages or manages on their behalf, in relation to investment
operations. The amount of the claim of a covered customer is calculated according to:
- the legal and contractual conditions applicable to the valuation of the amount of capital
or value
- the financial instruments that belong to the covered client
- the funds or instruments the ICF member is unable to repay or return, respectively
Application procedure: When the compensation payment process is activated, the ICF publishes as
soon as possible, in at least two newspapers widely circulating in Cyprus, a request for compensation,
setting out the relevant application process, the deadline for their submission and their content.
Amount of compensation and conditions for payment of compensation: The ICF provides coverage
for all the claims of the covered client against a member of the ICF but cannot exceed €20,000 or 90%
of the cumulative covered claims of the covered client whichever of the two amounts is smaller. The
payment of compensation by the ICF presupposes the following:
- activating the compensation payment process
- the existence of a valid claim of a covered client against a member of the ICF, arising
from investment activities
- submitting an application
Page 25 of 334
Edition B.Ad.1 / EN
- that the claims do not result from transactions for which a criminal conviction has been
issued for money laundering
- no criminal proceedings are pending against the covered client for money laundering
- the right of the covered customer is not statute-barred under the Law on limitation of
offenses
The ICF, after issuing a decision that includes the determination of the amount of compensation and
the beneficiaries, is obliged to pay within three months from the notification of its decision to the
covered client the compensation due to it.
Uncovered Customers: The ICF does not cover the following categories of investors:
1. Institutional and professional investors (investment firms, banks, cooperative credit

institutions, insurance companies, UCITS and management companies, social security
institutions and funds, legal entities affiliated with a member of the ICF)
2. States and supranational organizations
3. The central, federal, provincial, and local administrations
4. Companies that have a close connection with the member of ICF
5. Managers and administrators of the ICF member
6. Shareholders of the member, who hold directly or indirectly at least 5% of its share capital,
or its partners who are personally responsible for the obligations of the member, as well as
persons responsible for carrying out the financial audit of the member, such as its approved
auditors
7. Investors holding in companies affiliated with the member
8. Relatives up to the second degree and spouses of the persons listed in points (5), (6) and (7),
as well as third parties acting on behalf of these persons
9. Investors-clients of a member, who are responsible for events concerning the member and
have caused its financial difficulties or have contributed to the deterioration of its financial
situation or who have benefited from these events
10. Other companies of the same Group
Investors in the form of a company, which due to its size, are not allowed to prepare a summary
balance sheet in accordance with the Companies Law or a corresponding law of a Member State
Page 26 of 334
4. Offences
Learning Objective
Ø Know which violation constitutes both a criminal and an administrative offence (Article 94)
Any person to whom Law 87(I)/2017 applies must ensure the correctness, completeness and
accuracy of any information that needs to be:
- submitted to CySEC or the CBC
- notified to CySEC or the CBC
- made public, or
- public announced.
Providing false or misleading information, data, documents, or forms, is not permitted, neither is
withholding material information from any application or notification submitted to CySEC or the
CBC.
Any person who fails to comply with this is guilty of a criminal offence. In the event of a conviction,
this is punishable by imprisonment of up to five years and/or a fine of up to €700.000.
In the event an offence is committed by a legal person, the following may also be criminally liable:
- members of the board of directors, and
- managerial, supervisory or auditory bodies of the legal person
However, they are only liable if it is established that they have consented to, or are party to, the
offence. They are liable together with the legal person and/or separately for any damage caused
to third parties by the act or the omission comprising the offence.
Page 27 of 334
Edition B.Ad.1 / EN
End of Chapter Questions
1. List the entities in scope of the Law.

Answer reference: Section 1.1
2. List the conditions for the provision and operation of investment services by a third country firm.
3. List the exemptions of the Law.
4. Which supervisory authorities exist in the Republic?
5. Answer reference: Section 1.4
6. What are the obligations of CySEC when they receive a request for an inspection or an
investigation?
Answer reference: Section 2
7. Under what circumstances may CySEC refuse to provide information or cooperate with an
investigation?
8. Which are the members of the ICF?
Answer reference: Section3.1
9. From which sources the ICF raises funds?
11. When is the ICF activated and what are the investor compensation limits?
13. Which violations constitute a criminal and an administrative offence?
Page 28 of 334
Chapter 2
Cypriot Investment Firms (CIFs)
Learning Objectives
1. Authorisation
2. Conduct of Business Obligations
3. General CIF Obligations
4. Restrictions on CFDs and Binary Options
5. SME Growth Markets
6. Regulated Markets
7. Data Reporting Service Providers (DRSPs)
Cypriot investment firms (CIFs) are firms that provide investment services on a professional basis to
parties inside and outside of the Republic. Law 87(I)/2017 provides specific provisions regarding
capital requirements, the establishment of branches and authorisation. This chapter outlines the
authorisation and supervision of the CIFs in the Republic.
1. Authorisation
The obligations of a CIF do not stop once the initial approval has been obtained. The firm must
ensure it meets the requirements on a continuing basis so as not to lose its authorisation.
1.1. Initial Authorisation of a Firm
Learning Objective
Ø Know the conditions and procedures for granting CIF authorisation (Articles 5 and 6)
A CIF is not allowed to provide professional investment services without prior authorisation from
CySEC. Similarly, market operators are allowed to operate a multilateral trading facility (MTF) as
Page 29 of 334
Edition B.Ad.1 / EN
long as CySEC has ascertained in advance that it complies with the authorisation provisions.
In order to obtain authorisation, the applicant needs to provide all necessary information to
satisfy CySEC. CySEC will inform the applicant within six months of their application whether it
is successful. Once approved by CySEC, the authorisation is valid in all EU member states. As
a result, the CIF can provide all services and activities for which it has been authorised in all
member states either through the establishment of a branch or directly. The authorisation
specifically states the services and activities the CIF is entitled to undertake. No authorisation
will be provided solely for the provision of ancillary services. Similarly, investment firms
authorised in other member states may freely operate in the Republic.
A CIF may not undertake any services or activities outside its authorisation unless it directly
benefits another service it is authorised to undertake or it has received specific permission from
CySEC, which is granted in exceptional circumstances.
All CIF authorisations are registered, maintained and updated in a register which is freely
accessible to the public containing the CIF’s name and number of authorisation, the date of
authorisation, the investment and ancillary services which the CIF is authorised to provide, the
investment activities which it is authorised to carry out, as well as any other information CySEC
may deem necessary. CySEC communicates all CIF authorisations to ESMA.
It is the obligation of the CIF to publish their authorisation number as well as the fact that they
are supervised and authorised by CySEC on any official documents. Moreover, a CIF must maintain
a website, which should clearly state that it is authorised by CySEC as well as contain its
number and content of authorisation.
When authorising a CIF for a subsidiary of an institution authorised in another member state, CySEC
will request the opinion of the competent authorities in the member state and will exchange any
information necessary in relation to the application. CySEC and the competent authorities in the
member state will liaise with each other in the assessment of the suitability of the shareholders
and management as well as the ongoing compliance with the relevant rules and regulations.
1.2. Continuous CIF Obligations
Learning Objective
Ø Know the continuous CIF obligations: regular internal review (Article 28); conflicts of
interest (Article 24)
Page 30 of 334
During its operational lifecycle, a Cypriot investment firm (CIF) must at all times comply with
the rules governing its authorisation. On a regular basis, a CIF needs to undertake an internal
review to ensure that the rules and conditions governing its authorisation remain appropriate,
effective, comprehensive, and proportionate to the nature, scale, and complexity of its business.
CySEC monitors the activities of CIFs to assess compliance with operating conditions specific in
the Law and may request for specific information to be provided to them.
One of the main concerns from a regulatory perspective is associated with the management of
conflicts of interest between the CIF (including its manager, employees, tied agents, and other
relevant persons) and its clients or between two clients. The arrangements put in place by the
CIF must be sufficient to ensure it can prevent any risk of damage to clients’ interests. If the
arrangements are deemed to be insufficient, the CIF must clearly disclose the general nature
and/or sources of conflicts of interest to the client prior to undertaking any business on the client’s
behalf.
CySEC may define the steps CIFs are expected to take to identify, prevent, manage or/and
disclose conflicts of interest, and the appropriate criteria for determining the types of conflict of
interest whose existence may damage the interests of the clients or potential clients of a CIF.
The rules and conditions governing CIF authorisation cover organisational requirements,
ongoing capital requirements and outsourcing.
1.3. Suspension and Termination of Authorisation of a Firm
Learning Objective
Ø Know the circumstances under which CIF authorisation may be withdrawn (Article 8);
suspended (Article 71); and their procedures (R.A.D. 204/2018)
A CIF’s authorisation may be suspended by CySEC in the context of administrative sanctions and
measures arising from the violation of the legal requirements of Law 87(I)/2017, the Prevention and
Suppression of Money Laundering and Terrorist Financing Law of 2007 – 2019, Regulation (EU)
600/2014 including the relevant issued Acts, CySEC Directives and Acts harmonised under Directive
2014/65/EU.
CySEC may decide the total or partial suspension of the authorisation of a CIF (including third-party
firms with a branch in Cyprus). The CIF must, within a certain period of time, inform CySEC of its
compliance with the provisions of the relevant rules and regulations. In the event that the CIF fails to
comply within the deadline, CySEC will withdraw its operating licence without any additional notice
or procedure.
Page 31 of 334
Edition B.Ad.1 / EN
During the suspension period, the CIF is not allowed to provide investment services or perform
investment activities, enter into a business relationship with any person, accept any new customers
and advertise itself and the related services, unless otherwise specified by CySEC. The CIF must also
publish a relevant announcement on its website(s).
A CIF’s authorisation may be withdrawn in the event that they:
• have not used their authorisation within 12 months of the date it was granted
• have expressly renounced the authorisation
• have not provided investment services or performed investment activities for a period of six
months
• have received authorisation based on false or misleading information
• no longer meet the conditions under the authorisation was granted
• have seriously and/or systematically violated laws and regulations
• have an operational licence which is regulated by other laws in the Republic and are irrelevant
to the investment services laws
In the event that a CIF (including a third-country firm with a branch in the Republic) renounces its
authorisation for any reason, they must notify CySEC in writing. The notification must include the
original authorisation, its intention towards renouncing the authorisation, the related reasons, and
the proposed timetable for the implementation of its actions.
Once CySEC has been notified, the CIF must:
• publish on its website(s) a public announcement informing about its intention to renounce its
authorisation and the procedure its clients must follow
• inform each client individually about the relevant process
• return all funds and financial instruments owned by or are accounted for their clients,
including any profits
• settle all its obligations, including any debts to CySEC
• examine and resolve all customer complaints or grievances
• not provide any investment and ancillary services other than those that are strictly necessary
for the completion of pending transactions
• maintain their offices and have the necessary staff, including at least one board member
and/or senior manager
The aforementioned obligations also apply in cases where CySEC withdraws an authorisation. In such
event, the CIF must immediately, and without delay, return all the original licences.
Page 32 of 334
During the process of authorisation renouncement or withdrawal, the CIF remains under the
supervision of CySEC until all related provisions of the legislation have been satisfied.
Once CySEC is satisfied with the actions taken and revokes the authorisation of a CIF, CySEC will
update the public register and notify ESMA. Once the authorisation has been revoked, and without
delay, the CIF must ensure that any public information, online and offline, related to its former
provisions of investment services and performance of investment activities, has been deleted. CySEC
reserves its right to submit an application to the Court for liquidation and for the appointment of a
liquidator or temporary liquidator, in accordance with the provisions of the Companies Law.
In the event that, during the process of renouncement or withdrawal of authorisation, CySEC
considers that the clients’ interests are at stake, it may require the creation of an escrow account and
the appointment of a person to return all the funds owned by or are allocated to the clients, including
any profits. In cases where the funds are not sufficient to cover all liabilities to customers, the CIF
must cover any additional amount from its own funds. CySEC may also require the payment, in the
escrow account, of any additional funds by the CIF for the purpose of covering future customer claims.
In cases where it was not possible to return all client funds, the remaining amount will be deposited
by the CIF in a bank account in the Investor Compensation Fund (ICF).
2. Conduct of Business Obligations
Learning Objective
Ø Know requirements relating to: management body (Article 9); governance arrangements
(Article 10); responsibility of senior management (Article 25 of EU 565/2017)
2.1. Management Body
Members of the board of directors are the persons who effectively direct the business of the CIF.
They need to be of sufficiently good repute and possess sufficient knowledge, skills and experience
to perform their duties. The overall composition of the board of directors needs to reflect an
adequately broad range of experiences. All members of the board of directors need to commit
sufficient time to perform their duties in the CIF. The board of directors shall collectively possess
adequate knowledge, skills and experience to be able to understand the CIFs activities and
principal risks.
Page 33 of 334
Edition B.Ad.1 / EN
The number of directorships which may be held by a member of the board of directors at the
same time shall take into account individual circumstances and the nature, scale and complexity
of the CIF’s activities. Unless representing the Republic, members of the board of directors of a CIF
that is significant in terms of its size, internal organisation and the nature, scope and complexity
of its activity, shall not hold more than one of the following combinations of directorships at the
same time:
a. one executive and two non-executive directorships
b. four non-executive directorships
Directorships in organisations which do not pursue predominantly commercial objectives do not

count towards this limit. On a regular basis CySEC will inform ESMA of such authorisations.
The following count as a single directorship:
a. executive or non-executive directorships held within the same group
b. executive or non-executive directorships held within:
1. institutions that are members of the same institutional protection scheme
2. undertakings (including non-financial entities) in which the CIF holds a qualifying

holding.
Each member of the board of directors shall act with honesty, integrity and independence of
mind to effectively assess and challenge senior management decision and to effectively oversee
and monitor the decision-making process.
The CIF will need to devote adequate human and financial resources to the induction and training of
members of the board of directors. When recruiting members for the board of directors, it is
the responsibility of the CIF to ensure a broad set of qualities and competencies exists. In this
light, the CIF will have a policy in place promoting diversification of the board of directors.
CySEC shall collect the required information to benchmark their diversity practices and will provide
this information to ESMA.
CySEC may reject an application for authorisation of a CIF if they consider the directors are
not of sufficiently good repute or experience, or if CySEC believes that these directors pose a
threat to the CIF’s sound and prudent management and to the adequate consideration of the
interest of their clients and the integrity of the market. At least two members of the management
of a CIF need to be classed as directors. A CIF must inform CySEC of all members of their board
of directors and of any changes in its composition, along with all information required to assess
whether the CIF complies with the requirements of the laws and regulations.
Page 34 of 334
2.2. Governance
The board of directors defines, oversees, and is accountable for the implementation of
governance arrangements that ensure effective and prudent management of a CIF, including
the segregation of duties in the organisation and the prevention of conflicts of interest. The
governance arrangements have to comply with the following principles.
• The board of directors must:
• have overall responsibility for the CIF and approve and oversee the implementation of
the CIF’s strategic objectives, risk prevention strategy and internal governance
• ensure the integrity of the accounting and financial reporting systems, including
financial and operational controls and compliance with the law and relevant standards
• oversee the process of disclosure and announcements
• be responsible for providing effective supervision of senior management
The chairman of the board of directors of the CIF cannot also be the chief executive officer (CEO)
of the same CIF, unless justified by the CIF and approved by CySEC.
In addition, the governance arrangements need to ensure that the management body defines,
approves, and oversees:
• the organisation of the CIF for the provision of investment services and activities and ancillary
services, including the skills, knowledge and expertise required by personnel, resources,
procedures and arrangements, taking into consideration the nature, scale and complexity
of the business
• policies related to services, activities, products, and operations offered or provided in line
with the risk tolerance of the CIF, and the characteristics and needs of the clients to
whom they will be offered/provided, including carrying out stress testing (where
appropriate), and
• the remuneration policy for persons involved in the provision of services to clients aiming
to encourage responsible conduct, fair treatment of clients, as well as avoiding conflict
of interest in the relationship with clients.
Periodically, the board of directors need to monitor and assess the effectiveness of the CIF’s
governance arrangements and, when necessary, take appropriate steps to address any
deficiencies. Members of the board of directors will have adequate access to information and
documents which are needed to oversee and monitor management decision-making.
A CIF which is significant in terms of its size, internal organisation and the nature, scope and
Page 35 of 334
Edition B.Ad.1 / EN
complexity of its activities, needs to appoint a nomination committee composed of members of the
board of directors who do not perform any executive function in the CIF. This does not apply
where, under the laws of Cyprus, the board of directors does not have any competence in the
process of selection and appointment of any of its members. The nomination committee has the
following duties:
• Identify and recommend, for the approval of the board of directors, or for approval of the
general meeting, candidates to fill vacancies in the board of directors, evaluate the balance
of knowledge, skills, diversity and experience of the board of directors and prepare a
description of the roles and capabilities for a particular appointment, and assess the time
commitment expected.
• Decide on a target for the representation of the underrepresented gender in the board of
directors and prepare a policy on how to increase the number of the underrepresented
gender in the board of directors in order to meet that target. The target, policy and their
implementation shall be made public.
• Periodically (and at least annually) assess the structure, size, composition and performance
of the board of directors and make recommendations to the board of directors with regard
to any changes.
• Periodically (and at least annually) assess the knowledge, skills and experience of members
of the board of directors individually, and of the board of directors collectively, and report to
the board of directors accordingly.
• Periodically review the policy of the board of directors for selection and appointment of
senior management and make recommendations to the board of directors.
• In performing its duties, take into consideration, to the extent possible and on an ongoing
basis, the need to ensure that the board of directors’ decision making is not dominated by
any one individual or a small group of individuals in a manner that is detrimental to the
interests of the CIF as a whole.
• Be able to use any forms of resources that it considers to be appropriate, including external
advisors, and shall receive appropriate funding to that effect.
2.3. Responsibility of Senior Management
When allocating functions internally, investment firms need to ensure that senior management
and, if applicable, the supervisory function, are responsible for ensuring the firm complies with
the obligations under MiFID. In particular, they need to assess and periodically review the
effectiveness of the policies, arrangements and procedures put in place to comply with the
obligations and take appropriate measures to address any deficiencies. The allocation of
Page 36 of 334
significant functions among senior managers need to clearly establish who is responsible for
overseeing and maintaining the firm’s organisational requirements. All records of the allocation
of significant functions need to be kept up to date.
It is the responsibility of the firm to ensure that senior management periodically (at a minimum
annually) receive written reports covering:
• compliance
• risk management, and
• internal audit.
The reports need to specifically mention whether appropriate remedial measures have been
taken in the event of any deficiencies. In the event the firm has a supervisory function, the firm
needs to ensure they also receive periodic reports on these subjects.
In this context, the supervisory function is the function that provides oversight over the firm’s
senior management.
3. General CIF Obligations
Learning Objective
Ø Understand the obligations relating to the appointment and use of tied agents (Article 30):
public register; responsibility and monitoring
Ø Know the rules relating to eligible counterparties (Article 31): relevance of conduct of
business obligations; scope; express confirmation
Ø Know the conditions and requirements regarding the provision of participatory financial
services (crowdfunding) in securities through crowdfunding platforms (R.A.D. 12/2020)
3.1. Tied Agents
A tied agent means a person established in a member state, who is acting under the full and
unconditional responsibility of only one IF of a member state, on whose behalf it acts, promotes
investment or/and ancillary services, attracts clients or prospective clients, receives and transmits
client orders in respect to investment services or financial instruments, places financial
Page 37 of 334
Edition B.Ad.1 / EN
instruments or/and provides advice to clients or prospective clients in respect of those financial
instruments or services.
Tied agents need to be registered in the public register of the Republic, or the equivalent register
of a member state. The CIF remains fully and unconditionally responsible for any action or
omission on the part of the tied agent when he acts on behalf of the CIF. In addition, it is the
responsibility of the CIF to ensure that a tied agent discloses the capacity in which he is acting
and the CIF he is representing. A CIF that appoints tied agents must make sure it has adequate
measures in place to avoid a situation in which activities undertaken by tied agents outside the
scope of the Law have a negative impact on the activities they undertake on behalf of the CIF.
Tied agents who are established in the Republic:
• need to be registered in a public register that is maintained by CySEC, is updated regularly,

and is freely accessible by the public through its website
• need to be of sufficiently good repute and possess the appropriate general, commercial
and professional knowledge and competence to undertake their service and accurately
communicate all relevant information regarding the service to the (potential) client.
A CIF that intends to use a tied agent established in the Republic must notify CySEC by submitting a
notification of registration and appointment. An IF of another Member State which intends to use a
tied agent established in the Republic must either notify CySEC of its intention to register and appoint
a tied agent, or notify the competent authority of the Member State and will be subject to the
corresponding provisions that may exist under the applicable law of the host Member State. The CIFs
or IFs are known as principals.
The principals must notify CySEC prior to the use of a tied agent and the tied agent shall represent the
principal only after the successful registration and appointment.
In cases where the tied agent is already registered in the register and appointed by a principal, and
he/she wishes to change the principal, the tied agent shall notify CySEC of the termination of
cooperation with the existing principal. The new proposed principal shall notify CySEC only of their
intention to appoint the tied agent, by proportionally complete and submit to CySEC the notification
of registration and appointment.
CySEC approves the appointment of the tied agent within 1 month. In the event that CySEC does not
allow the appointment of a tied agent, they may delete the tied agent from the register, if CySEC
considers that the legal conditions are no longer met.
A principal shall ensure that the tied agent will act solely on behalf of the represented principal.
In case where the cooperation between a principal and a tied agent is terminated, the principal must
inform CySEC immediately. The register will be updated within three (3) working days, except in the
case of a replacement with a new principal. After the termination of their cooperation, the principal
Page 38 of 334
shall, without any delay, publish on their website in a clear and visible way, the termination and the
date of the termination of the cooperation.
3.2. Eligible Counterparties
Eligible counterparties are CIFs, IFs, credit institutions, insurance undertakings, Undertakings for
Collective Investment in Transferable Securities (UCITS) and their management companies,
pension funds and their management companies and other financial institutions authorised by a
member state or regulated under community legislation or the national law of a member state,
national governments, central banks and supranational organisations. In addition, CySEC
recognises as eligible counterparties member state undertakings meeting predetermined criteria
and third country entities with equivalent status. CIFs must act honestly, fairly and professionally,
and communicate in a way which is fair, clear, and not misleading, taking into consideration the
nature of the eligible counterparty and its business.
When dealing with eligible counterparties, the CIF obtains express confirmation from the
counterparty that it agrees to be treated as an eligible counterparty. This can be obtained either
as a general agreement or on a transaction by transaction basis.
3.3. Crowdfunding
Crowdfunding is an alternative method of financing, through which small and medium-sized

enterprises are financed by the public, through transferable securities. Stakeholders are contacted
through crowdfunding service providers acting as intermediaries, who manage electronic systems and
match the needs for small and medium-sized enterprises to be financed by investors' interest in
financing them.
CySEC Directive R.A.D. 12/2020 in relation to crowdfunding services in respect of transferable

securities, concerns exclusively equity financing based on the issuance of securities (e.g. shares or
bonds). Where an offer of securities arises on a cross-border basis, crowdfunding service providers
may also be subject to the legislation, depending on the limits set by the host Member State or the
provisions of any other national legislation.
For the provision of crowdfunding services by a CIF, the prior consent of CySEC is required. The CIF
must maintain a website owned and used exclusively, through which the crowdfunding platform will
operate, from which the crowdfunding services will be offered, without the possibility for any other
person to operate through the said website.
CIFs that act as crowdfunding service providers are subject to rules related to investor protection and
include provisions in relation to the following:
Page 39 of 334
Edition B.Ad.1 / EN
1. Avoiding conflicts of interest: (i) CIFs are subject to restrictions that make them independent
intermediaries, (ii) CIFs are not allowed to receive fees to execute investor orders on specific
projects on their platform (instead of others) or on another platform , (iii) CIFs are not allowed
to acquire securities in relation to the projects offered through their platform or to allow
specific persons (who are defined as involved persons) to act as project owners.
2. Due diligence checks: CIFs should carry out additional audits on participants and the funded
projects, including credit risk, authentication and AML checks on both final investors and
project owners.
3. Transparency obligations: In order for CIFs to accept a crowdfunding project on their platform,
the project owner must issue a Key Investment Information Sheet (“KIIS”) and apply
procedures for identifying and correcting errors or omissions. CIFs should ensure that the
content of the KIIS is complete, accurate and understandable before making an offer available
on their platform. Furthermore, the marketing communications should be clear, non-
misleading and consistent with the content of the KIIS.
4. Protection of investors' funds and financial instruments: CIFs should transfer the money
raised to the project owner only after the successful completion of the offer (i.e. only when
the goal set for the collection of capital is achieved). Also, funds and securities will be subject
to safe custody through custodians. CIFs should hand over the money collected to the project
owner only after their securities have been delivered in person or in case they cannot be
delivered in person, after the project owner provides sufficient evidence that the ownership
of the securities has been transferred to investors depending on the amounts they have paid.
5. Exit opportunities from the investment: The CIFs can operate a bulletin board, through which
their customers who acquired securities through crowdfunding offers, can express their
interest to buy or sell (depending where applicable) securities. The bulletin board may allow
investors to communicate with each other with a view to trading, but it may not act as a
trading system. Therefore, the bulletin board should only function as a means of
communication in relation to the interest of buying or selling, without allowing the assignment
of orders or the conclusion of agreements. When such a board allows binding prices to be
posted on it, it will act as a trading venue, rather than simply as a point of contact for
investment interest. When a bulletin board acts not only as a point of contact for investment
interest, but also as a place where investment interest is matched by concluding a transaction
or contract, then it will meet the definition of the "trading venue" of the Law and the CIF must
be licensed for the operation of such a trading venue.
Page 40 of 334
4. Specific Restrictions
Learning Objective
Ø Know the marketing, purchase, distribution and selling restrictions on binary options (R.A.D.
223/2019) and CFDs (R.A.D. 323/2019)
CySEC exercises its powers under Article 42 of Regulation (EU) 600/2014 to impose restrictions that
prevent CIFs and investment firms of member states and third countries with investment activities in
the Republic, from marketing, purchasing, distribution and selling binary options and CFDs to private
clients whose residence is in the Republic. In the case of CFDs, private clients residing in a member
state without similar national law and in third countries are also included.
The restrictions on binary options are not applicable when:
o the lower of the predetermined fixed amounts is at least equal to the total lowest price paid
by the private client for the binary option
o the binary option’s validity period (issue to expiry) is at least 90 days
o a public prospectus is available to the public, which is developed and approved based on the
related national law or the legislation of another member state which aims to harmonise
Directive 2003/71/EC, and
o the binary option provider is not exposed to market risk during the validity period of the
binary option and the provider is not making any profit or loss from the binary option except
the related commission, payment or charges that are announced in advance.
The restrictions on CFDs are not applicable when the CFD provider meets the below conditions:
o obliges the private client to pay the initial margin protection

o provides to the private client protection of closing position margin and of negative balance
o does not provide directly or indirectly a payment, financial or exempted non-financial, related
to the marketing, distribution or sale of CFDs, except profits
o includes the related risk warnings in all marketing communications
Page 41 of 334
Edition B.Ad.1 / EN
Learning Objective
Ø Know regulations relating to the operation of SME growth markets: qualification (Article
77 of EU 565/2017); registration (Article 78 of EU 565/2017); deregistration (Article 79 of EU
565/2017)
Issuers whose shares have been admitted to trading for less than three years are deemed to be an
SME providing their market capitalisation is below €200 million on the basis of either of the
following:
Length of Trading Base Price

Less than one year Closing share price of the first day of trading
Between one and two Last closing share price of the first year of trading
years
Between two and three Average of last closing share prices of each of the first two years of trading
years
Issuers without listed equity will be deemed an SME if, according to their last annual or
consolidated accounts, they meet at least two of the following three criteria:
1. The average number of employees during the financial year is less than 250.
2. The total balance sheet does not exceed €43 million.
3. The annual net turnover does not exceed €50 million.
A market may apply to be an SME growth market if at least 50% of the issuers admitted to trading
are SMEs. In order to assess whether at least 50% of the issuers are SMEs, CySEC will calculate the
average ratio of SMEs over the total number of issuers whose financial instruments are admitted
to trading on that market. The average ratio shall be calculated on 31 December of the previous
calendar year as the average of the 12 end-of-month ratios of that calendar year.
Applicants with no previous operating history will be registered as an SME growth market. Once
three calendar years have elapsed, CySEC will verify that the MTF complies with the minimum
proportion of SMEs. CySEC will not register the MTF as an SME growth market unless it is satisfied
that the MTF:
1. establishes and applies rules providing for objective and transparent criteria for the initial
and ongoing admission to trading of issuers on its venue
2. has an operating model which is appropriate for the performance of its functions and
Page 42 of 334
ensures the maintenance of fair and orderly trading in the financial instruments admitted
to trading on its venue
3. has established and applies rules that require an issuer seeking admission of its financial
instruments to trading on the MTF, to publish, an appropriate admission document,
drawn up under the responsibility of the issuer and clearly stating whether or not it has
been approved or reviewed and by whom
4. has established and applies rules that define the minimum content of the admission
document referred to under point (c), in such a way that sufficient information is
provided to investors to enable them to make an informed assessment of the financial
position and prospects of the issuer, and the rights attaching to its securities
5. requires the issuer to state, in the admission document referred to under point (c), whether
or not, in its opinion, its working capital is sufficient for its present requirements or, if not,
how it proposes to provide the additional working capital needed
6. has made arrangements for the admission document referred to under point (c) to be
subject to an appropriate review of its completeness, consistency and comprehensibility
7. requires the issuers whose securities are traded on its venue to publish annual financial
reports within six months after the end of each financial year, and half yearly financial
reports within four months after the end of the first 6 months of each financial year
8. ensures dissemination to the public of prospectuses drawn up in accordance with Directive

2003/71/ EC, admission documents referred to under point (c), financial reports
referred to under point (g) and information defined the MiFID regulations publicly
disclosed by the issuers whose securities are traded on its venue, by publishing them on
its website, or providing thereon a direct link to the page of the website of the issuers
where such documents, reports and information are published
9. ensures that the regulatory information referred to under point (h) and direct links remain
available on its website for a period of at least five years.
An SME growth market shall only be deregistered by CySEC where the proportion of SMEs falls
below 50% for three consecutive calendar years.
Page 43 of 334
Edition B.Ad.1 / EN
6. Regulated Markets
6.1. Application and Authorisation Requirements
Learning Objective
Ø Know how the obligations apply to regulated markets: application and authorisation
process (Article 45); senior management requirements (Article 47); organisational
requirements (Article 48); obligations (Articles 80–82 of EU 565/2017)
Authorisations for regulated markets are granted by CySEC providing that both the market operator
and its systems meet CySEC’s requirements and the regulated markets’ home member state is the
Republic. How the obligations are divided between the regulated market and the market operator
is established by CySEC by means of directives. The authorisation document includes the name of
the regulated market, its operator, the number and date of the issue of its authorisation and any
other details.
An application for regulated market authorisation is made by the market operator and submitted
to CySEC, and must include all necessary background information. During the assessment process,
CySEC may request additional information which must be provided. The market operator is
responsible for correctness, completeness, and accuracy of the application and the additional
documentation provided. The market operator signs the application and confirms that they have
exercised due diligence in ensuring that the information included in the application, as well as
the details and documents that accompany it are correct, complete and truthful. CySEC must
inform the market operator of its decision within six months from the submission of a duly
completed application.
The market operator needs to ensure the regulated market complies with the regulations and is
entitled to exercise the rights of the regulated market it manages.
Persons who effectively direct the business and the operation of a regulated market must be of
sufficiently good repute and sufficiently experienced as to ensure the sound and prudent
management and operation of the regulated market. In the event that CySEC finds these persons
are not suitable, it may reject the application. Ownership of the regulated market and/or the
operator must be reported to CySEC, with a specific focus on the identity and scale of interest of
any person in a position to exercise significant influence over the management and operation of
the regulated market. Any changes in the ownership levels of persons with significant influence
must be reported to CySEC prior to the transfer of ownership, after which CySEC will notify the
regulated market of its decision to permit or prohibit the share transfer within one month.
The regulated market must have arrangements in place to enable it to identify and manage any
potential adverse consequences for its operation, its members, participants, owners and
Page 44 of 334
operators, and to be able to manage any conflict of interest. In addition, the organisational
requirements for a regulated market include:
• adequate risk management
• adequate management for the technical operations of the system
• transparent and non-discretionary rules and procedures to ensure fair and orderly trading
• objective criteria for efficient order execution
• effective arrangements to facilitate efficient and timely finalisation of transaction execution
• sufficient financial resources to facilitate its orderly functioning, given the nature and extent
of the transactions concluded on the market and the range and degree of risk to which it is
exposed.
CySEC may withdraw the authorisation when the regulated market:
• does not make use of its authorisation within 12 months from the date of issue of the relevant
authorisation
• expressly renounces its authorisation
• has not operated for the preceding six months.
• has submitted false or misleading information as part of the application or has generally
provided false or misleading information, details or documents
• no longer meets the conditions for authorisation
• has seriously and/or systematically infringed the regulations, or
• falls within any of the cases provided in other Cypriot legislation which provides for
withdrawal of authorisation.
Any revocation of authorisation will be reported to ESMA.
6.1.1. Operating Obligations for Trading Venues
Suspending or removing a financial instrument from trading is deemed to be likely to cause

significant damage to investors’ interests or the orderly functioning of the market where:
Page 45 of 334
Edition B.Ad.1 / EN
a. it would create s systemic risk undermining financial stability such as where the need exists
to unwind a dominant market position or where settlement obligations would not be
met in a significant volume
b. continuation of trading on the market is necessary to perform critical post-trade risk

management functions when there is a need for the liquidation of financial instruments
due to the default of a clearing member under the default procedures of the CCP and the
CCP would be exposed to unacceptable risks as a result of an inability to calculate margin
requirements
c. financial viability of the issuer would be threatened, such as where it is involved in a

corporate transaction or capital raising.
In the determination whether the suspension or removal of a financial instrument is likely to

cause significant damage to investors’ interest or the orderly functioning of the markets, CySEC,
the market operator of the regulated market, or the investment firm or market operator of the
MTF or OTF, shall consider all relevant factors, including the:
1. relevance of the market in terms of liquidity where the consequences of the actions are
likely to be more significant where those markets are more relevant in terms of liquidity
than in other markets
2. nature of the envisaged action where actions with a sustained or lasting impact on the
ability of investors to trade a financial instrument on trading venues, such as removals,
are likely to have a greater impact on investors than other actions
3. knock-on effects of a suspension or removal of sufficiently related derivatives, indices or

benchmarks for which the removed or suspended instrument serves as an underlying or
constituent
4. effects of a suspension on the interests of market end users who are not financial
counterparties, such as entities trading in financial instruments to hedge commercial risks.
These factors also need to be taken into consideration when the decision is made not to suspend
or remove a financial instrument on the basis of circumstances not covered under points a–c
mentioned above.
When assessing whether CySEC needs to be informed of any significant infringements of the rules
of the trading venue, disorderly trading conditions, or system disruptions in relation to a financial
instrument, operators of trading venues shall consider the following signals:
Page 46 of 334
Type Signal
1. Market participants infringe rules of the trading venue

which aim to protect the market integrity, the
orderly functioning of the market or the significant
Significant infringement of the
interests of the other market participants, and
rules of a trading venue
2. a trading venue considers that an infringement is of
sufficient severity or impact to justify consideration
of disciplinary action.
3. The price discovery process is interfered with over a

significant period of time
4. The capacities of the trading systems are reached or
exceeded
5. Market makers/liquidity providers repeatedly claim
Disorderly trading conditions mis-trades, or
6. Breakdown or failure of critical mechanisms under
Article 48 of Directive 2014/65/EU and its
implementing measures which are designed to
protect the trading venue against the risks of
algorithmic trading.
7. Any major malfunction or breakdown of the system

for market access that results in participants losing
their ability to enter, adjust or cancel their orders
8. Any major malfunction or breakdown of the system
for the matching of transactions, that results in
participants losing certainty over the status of
completed transactions or live orders as well as
unavailability of information indispensable for trading
(eg, index value dissemination for trading certain
derivatives on that index)
9. Any major malfunction or breakdown of the systems
System disruptions
for the dissemination of pre- and post-trade
transparency and other relevant data published by
trading venues in accordance with their obligations
under MiFID
10. Any major malfunction or breakdown of the systems
of the trading venue to monitor and control the
trading activities of the market participants; and any
major malfunction or breakdown in the sphere of
other interrelated services providers, in particular
CCPs and CSDs, that has repercussions on the trading
system.
Page 47 of 334
Edition B.Ad.1 / EN
Information is only required in cases of significant events which have the potential to jeopardise the
role and function of trading venues as part of the financial market infrastructure.
When assessing whether the requirement to immediately inform their competent authorities of
conduct that may indicate behaviour that is prohibited under MiFID applies, operators of trading
venues shall consider the signals listed in the table below:
Type Signal
1. Unusual concentration of transactions and/or orders

to trade in a particular financial instrument with
one member/ participant or between certain
Signals of possible insider
members/participants.
dealing or market manipulation
2. Unusual repetition of a transaction among a small
number of members/participants over a certain
period of time.
3. Unusual and significant trading or submission of

orders to trade in the financial instruments of a
company by certain members/participants before
the announcement of important corporate events
or of price sensitive information relating to the
company; orders to trade/ transactions resulting in
sudden and unusual changes in the volume of
orders/transactions and/or prices before public
Signals of possible insider
announcements regarding the financial instrument
dealing
in question.
4. Whether orders to trade are given or transactions
are undertaken by a market member/participant
before or immediately after that
member/participant or persons publicly known as
linked to that member/participant produce or
disseminate research or investment
recommendations that are made publicly available.
5. Orders to trade given or transactions undertaken

which represent a significant proportion of the daily
Signals of possible market volume of transactions in the relevant financial
manipulation (those in points instrument on the trading venue concerned, in
18–23 are particularly relevant in particular when these activities lead to a significant
automated trading change in the price of the financial instruments.
environments) 6. Orders to trade given or transactions undertaken
by a member/participant with a significant buying or
selling interest in a financial instrument which lead
to significant changes in the price of the financial
Page 48 of 334
instrument on a trading venue.

7. Orders to trade given or transactions undertaken
which are concentrated within a short time span in
the trading session and lead to a price change which
is subsequently reversed.
8. Orders to trade given which change the

representation of the best bid or offer prices in a
financial instrument admitted to trading or traded on
a trading venue, or more generally the representation
of the order book available to market participants, and
are removed before they are executed.
9. Transactions or orders to trade by a
market/participant with no other apparent
justification than to increase/decrease the price or
value of, or to have a significant impact on the supply
of or demand for a financial instrument, namely near
the reference point during the trading day, eg, at the
opening or near the close.
10. Buying or selling of a financial instrument at the
reference time of the trading session (eg, opening,
closing, settlement) in an effort to increase, to
decrease or to maintain the reference price (eg,
Signals of possible market opening price, closing price, settlement price) at a
specific level (usually known as marking the close).
manipulation (those in points
11. Transactions or orders to trade which have the effect
18–23 are particularly relevant in
of, or are likely to have the effect of
automated trading
increasing/decreasing the weighted average price of
environments)
the day or of a period during the session.
of, or are likely to have the effect of, setting a market
price when the liquidity of the financial instrument or
the depth of the order book is not sufficient to fix a
price within the session.
13. Execution of a transaction, changing the bid-offer
prices when this spread is a factor in the
determination of the price of another transaction
whether or not on the same trading venue.
14. Entering orders representing significant volumes in
the central order book of the trading system a few
minutes before the price determination phase of the
auction and cancelling these orders a few seconds
before the order book is frozen for computing the
auction price so that the theoretical opening price
might look higher or lower than it otherwise would
do.
15. Engaging in a transaction or series of transactions
Page 49 of 334
Edition B.Ad.1 / EN
which are shown on a public display facility to give the

impression of activity or price movement in a financial
instrument (usually known as painting the tape).
16. Transactions carried out as a result of the entering of

buy and sell orders to trade at or nearly at the same
time, with the very similar quantity and similar price
by the same or different but colluding market
members/participants (usually known as improper
matched orders).
of, or are likely to have the effect of bypassing the
trading safeguards of the market (eg, as regards
volume limits, price limits, and bid/offer spread
parameters).
18. Entering of orders to trade or a series of orders to
trade, executing transactions or series of transactions
likely to start or exacerbate a trend and to encourage
other participants to accelerate or extend the trend in
order to create an opportunity to close out/open a
position at a favourable price (usually know as
momentum ignition).
19. Submitting multiple or large orders to trade often
Signals of possible market away from the touch on one side of the order book in
manipulation (those in points order to execute a trade on the other side of the order
18–23 are particularly relevant in book. Once that trade has taken place, the
automated trading manipulative orders will be removed (usually known
environments) as layering and spoofing).
20. Entry of small orders to trade in order to ascertain the
level of hidden orders and particularly used to assess
what is resting on a dark platform (usually know as
ping order).
21. Entry of large numbers of orders to trade and/or
cancellations and/or updates to orders to trade so as
to create uncertainty for other participants, slowing
down their process and to camouflage their own
strategy (usually known as quote stuffing).
22. Posting of orders to trade, to attract other market
members/ participants employing traditional trading
techniques (‘slow traders’), that are then rapidly
revised onto less generous terms, hoping to execute
profitably against the incoming flow of ‘slow traders’
orders to trade (usually known as smoking).
23. Executing orders to trade or a series of orders to trade,
in order to uncover orders of other participants, and
then entering an order to trade to take advantage of
the information obtained (usually known as phishing).
24. The extent to which, to the best knowledge of the
Page 50 of 334
operator of a trading venue, orders to trade given or

transactions undertaken show evidence of position
reversals in a short period and represent a significant
proportion of the daily volume of transactions in the
relevant financial instrument on the trading venue
concerned, and might be associated with significant
changes in the price of a financial instrument admitted
to trading or traded on the trading venue.

of, or are likely to have the effect of
increasing/decreasing/ maintaining the price of a
financial instrument during the days preceding the
issue, optional redemption or expiry of a related
derivative or convertible.
of, or are likely to have the effect of maintaining the
price of the underlying financial instrument below or
above the strike price, or other element used to
determine the pay-out (eg, barrier), of a related
derivative at expiration date.
Signals for cross-product
27. Transactions which have the effect of, or are likely to
market manipulation, have the effect of modifying the price of the
including across different underlying financial instrument so that it
trading venues (particularly to surpasses/not reaches the strike price, or other
be considered by the operator element used to determine the pay-out (eg, barrier),
of a trading venue where both of a related derivative at expiration date. Transactions
a financial instrument and which have the effect of, or are likely to have the
related financial instruments effect of modifying the settlement price of a financial
are admitted to trading or instrument when this price is used as a
traded or where these reference/determinant, namely, in the calculation of
instruments are traded on margins requirements.
several trading venues operated 28. Orders to trade given or transactions undertaken by a
by the same operator) member/participant with a significant buying or
selling interest in a financial instrument which lead to
significant changes in the price of the related
derivative or underlying asset admitted to trading on
a trading venue.
29. Undertaking trading or entering orders to trade in one
trading venue or outside a trading venue (including
entering indications of interest) with a view to
improperly influencing the price of a related financial
instrument in another or in the same trading venue or
outside a trading venue (usually known as cross-
product manipulation (trading on financial instrument
to improperly position the price of a related financial
instrument in another or in the same trading venue or
Page 51 of 334
Edition B.Ad.1 / EN
outside a trading venue)).

30. Creating or enhancing arbitrage possibilities between
a financial instrument and another related financial
instrument by influencing reference prices of one
of the financial instruments can be carried out
with different financial instruments (like
rights/shares, cash markets/derivatives markets,
warrants/shares…). In the context of rights issues,
it could be achieved by influencing the (theoretical)
opening or (theoretical) closing price of the rights.
Prior to informing CySEC, the operator of the trading venue(s) where a financial instrument
and/or related financial instrument are traded needs to apply a proportionate approach and
exercise judgment on the signals triggered, including any relevant signals not specifically included
in the table above. In doing so, they need to take into account deviations from the usual trading
pattern of the financial instruments admitted to trading or traded on its trading venue; and the
information available or accessible to the operator, whether that be internally as part of the
operations of the trading venue or publicly available.
The operator needs to take into account front running behaviours (trading for own account ahead
of clients) by using the order book data required to be recorded by the trading venue, in particular
those relating to the way the member or participant conducts its trading activity.
Page 52 of 334
6.2. Direct Electronic Access and Algorithmic Trading
Learning Objective
Ø Know obligations relating to: direct electronic access (Article 49(7); algorithmic trading
systems (Article 49(6), (9), and (10))
A regulated market that permits direct electronic access must have effective systems, procedures,
and arrangements in place to ensure that:
1. members or participants are only permitted to provide these services if they are
authorised IFs
2. appropriate criteria are in place and applied in relation to the suitability of persons to
whom access may be provided, and
3. the member or participant remains responsible for orders and trades executed via this
way.
In addition, appropriate risk controls and thresholds for trading need to be in place. The regulated
market need to be able to distinguish and, if necessary, stop orders or trading by a person using
direct electronic access separately from other orders or trading. Processes need to be in place to
suspend or terminate direct access in case on non-compliance.
A regulated market needs to ensure their systems, procedures, and arrangements are effective for
carrying out appropriate testing so that they can ensure that algorithmic trading systems cannot
create or contribute to disorderly trading conditions. In addition, they need to be able to manage
any disorderly trading conditions that may arise by, for example, limiting the ratio of unexecuted
transactions that may be entered into the system by a market participant, slowing down the flow
of orders, or limit and enforce minimum tick size.
A regulated market may impose a higher fee on operators of a high-frequency algorithmic trading
technique. In addition, they must be able to identify orders generated in this way, the different
algorithms used and the persons initiating these orders. This information needs to be made
available to CySEC on request.
Page 53 of 334
Edition B.Ad.1 / EN
6.3. Admission of Financial Instruments to Trading
Learning Objective
Ø Understand rules relating to the admission of financial instruments to trading (Article 52)
The rules in relation to the admission of financial instruments must be clear and transparent and
are in place to ensure that the instruments can be traded in a fair, orderly and efficient manner.
In addition, transferable securities must be freely negotiable. The rules further ensure that the
design of derivative contracts allow for their orderly pricing and the existence of effective
settlement conditions for these types of instruments.
The regulated market must ensure that issuers of transferable securities that are admitted to its
market comply with all regulations including initial, ongoing and ad hoc disclosure obligations.
The regulated market is responsible for the establishment of arrangements that facilitate access
to information for its members or participants.
On a regular basis, the regulated market must ensure compliance with the admission requirements
of the instruments it admits to trading.
Financial instruments can be admitted to trading on multiple regulated markets, even without the
consent of the issuer. In this case, it is sufficient for the regulated market to inform the issuer
that its instruments have been admitted to trading. The issuer has no obligation to provide
information directly to any regulated market that trades its instruments without its consent.
The operator of the regulated market may suspend or remove from trading a financial instrument
that no longer complies with the rules of the regulated market, unless such a step would be likely
to cause significant damage to the investors’ interests or the orderly functioning of the market.
Irrespective of the possibility for the operators of regulated markets to directly inform the
operators of other regulated markets, an operator of a regulated market that suspends or
removes from trading a financial instrument shall make public its decision and immediately
communicate the relevant information to the Commission. The Commission shall immediately
inform the competent authorities of the other member states.
Page 54 of 334
6.4. Transparent and Non-Discriminatory Rules
Learning Objective
Ø Understand the obligation of a regulated market to maintain transparent and non-
discriminatory rules (Article 54)
The rule for obtaining access to membership of the regulated market must be based on
transparent, non-discriminatory rules which are based on objective criteria. The rules have to
specify all obligations for the members arising from:
• establishment and administration of the regulated markets
• rules relating to transactions on the market
• professional standards imposed on members’ staff
• rules and procedures for clearing and settlement.
Regulated market members can be participant CIFs, other IFs, credit institutions and other persons
that are of sufficient good repute, have a sufficient level of trading ability and competence, have
adequate organisational arrangements (if applicable) and have sufficient resources for the role
they are going to perform.
Access to membership can be either direct or via remote participation from other member states.
Any regulated market shall communicate to CySEC if it intends to provide remote participation
from other member states.
A list of all members needs to be reported to CySEC on a regular basis and, in addition, to
competent authorities in other member states on their request.
6.5. Compliance and Trade Transparency
Learning Objective
Ø Know how regulated markets monitor compliance (Article 55)
Ø Know how transparency requirements apply to regulated markets
A regulated market must, on a regular basis, monitor compliance with its rules by its members.
Individual transactions are monitored in order to identify breaches of the rules, disorderly trading
Page 55 of 334
Edition B.Ad.1 / EN
conditions or market abuse. Any violations must be reported immediately by the market operator
to CySEC. CySEC will immediately inform ESMA and the competent authorities of the other
member state. In the event CySEC is investigating and prosecuting market abuse, the market
operator must supply the relevant information without delay and provide full assistance to CySEC.
CIFs and market operators must establish and maintain effective arrangements and procedures for
the regular monitoring of the compliance by its members, participants or users. They will monitor
the orders sent (including cancellations) and the transactions undertaken by their members,
participants or users of their systems, in order to identify infringements of the rules, disorderly
trading conditions, conduct that may indicate behaviour that is prohibited under the MiFID
regulations or system disruptions in relation to a financial instrument and shall deploy the resource
necessary to ensure that such monitoring is effective.
CIFs must immediately inform CySEC of any:
• significant infringements of the rules
• disorderly trading conditions
• conduct that may indicate behaviour prohibited under the MiFID rules, or
• system disruptions related to financial instruments.
CySEC will communicate this information to ESMA and, where applicable, the authorities of any
other member state. However, prior to reporting conduct prohibited under MiFID CySEC will need
to ensure this behaviour has actually been carried out. CIFs and market operators need to provide
full assistance to CySEC in their investigation and prosecution of market abuse occurring on or
through its systems.
7. Data Reporting Service Providers (DRSPs)
Learning Objective
Ø Know requirements for DRSPs (Article 60): approved publication arrangements (APAs),
approved reporting mechanisms (ARMs), consolidated tape providers (CTPs); obligations
for data reporting service providers (Articles 84–89 of EU 565/2017)
All data reporting service providers (DRSPs) for whom the Republic is the home state need to be
authorised by CySEC. A market operator may operate the data reporting services of an approved
publication arrangement (APA), approved reporting mechanism (APM) or consolidated tape
provider (CTP), providing it is included in their authorisation. All DSRPs are maintained by CySEC
in a publicly available register that includes information on the services for which they are
Page 56 of 334
authorised. The register will be updated on a regular basis and all changes (including
withdrawals) will be reported to ESMA. CySEC regularly reviews and monitors the compliance
of DRSPs with the conditions of their authorisation.
The members of the board of directors of a DSRP need to have adequate collective knowledge,
skills and experience to be able to understand the activities. DRSPs need to have adequate policies
and procedures in place to make public any information required as close to real time as
possible on a reasonable commercial basis. DRSPs need to maintain effective processes and
procedures to prevent conflicts of interest and have sound security mechanisms in place.
APAs and CTPs will need to make at least the following information public as near to real time as
possible:
1. identifier of the financial instrument
2. price at which the transaction was concluded
3. volume of the transactions
4. time of the transaction
5. time the transaction was reported
6. price notation of the transaction
7. code of the trading venue including the indicator SI for Systemic Internalisers or OTC for
others
8. specific conditions (if applicable).
In addition, within 15 minutes after publication, CTPs will need to make the information available
free of charge including whether a computer algorithm was responsible for the investment
decision and whether the transaction was subject to any waivers. All data made available by a
CTP needs to be consolidated from all regulated markets, MTFs, OTFs and APAs.
ARMs need to report all transaction information as soon as reasonably practicable but at the
latest by the close of the next business day. In addition to systems to prevent conflict of interest
and sound security systems, ARMs must have systems in place that can effectively check
transaction reports for completeness, identify omissions and obvious errors caused by the CIF.
Any errors and omissions need to be reported to the CIF and reports will need to be retransmitted.
In order to make market data available to the public on a reasonable commercial basis, approved
publication arrangements (APAs) and CTPs must apply the following:
1. Provision of market data on the basis of cost – the price of market data must be based on
Page 57 of 334
Edition B.Ad.1 / EN
the cost of production and disseminating the data and may include a reasonable
margin. An appropriate share of joint cost for other service provided by APAs and CTPs
may be included.
2. Obligation to provide market data on a non-discriminatory basis – data must be

made available to all customers falling in the same category at the same price and on the
same terms and conditions. Price differentials for different categories of customers will be
proportionate to the value the data represents to the customers taking into account:
a. the scope and scale of the market data, including number of financial instruments
covered and trading volume
b. the way it is used by the customer, including whether it is used for own trading
activities, resale or data aggregation.
Scalable capacities need to be in place to ensure customers can obtain timely access to market
data at all times on a non-discriminatory basis.
3. Per user fees – the charge for market data shall be on the basis of the use made by
individual end- users. Arrangements must be in place to ensure each individual use is
charged only once. Where a per-user fee is deemed disproportionate the APA or CTP may
decide not to make the data available on this basis and will publish their grounds for
refusal on their website.
4. Unbundling and disaggregating market share – market data shall not be bundled with
other services. Prices for market data shall be charged on the basis of the level of
market data disaggregation.
5. Transparency obligation – price and other terms and conditions for the provision of the
market data must be disclosed and easily available to the public. Disclosure will include:
a. current price list including fees per display user; non-display fees; discount policies;
fees associated with licence conditions; fees for pre- and post-trade market data;
fees for other information subsets; and other contractual terms and conditions
b. advanced disclosure with a minimum of 90 days’ notice of future price changes
c. information on the content of the market data including the number of instruments
covered; the total turnover of instruments covered; pre- and post-trade market
data ratio; information on any data provided in addition to market data; and the
date of the last licence fee adaption for market data provided
d. revenue obtained from making market data available and the proportion of that
revenue compared to total revenue of the APA or CTP
e. information on how the price was set, including the cost accounting
Page 58 of 334
methodologies used and information about the specific principles according to

which direct and variable joint costs are allocated and fixed joint costs are
apportioned, between the production and dissemination of market data and
other services provided by APAs and CTPs.
The above do not apply to APAs and CTPs that make data available free of charge. However, when
the data is made available free of charge it will need to be provided on a non-discriminatory basis
and may not be bundled with other services.
1 What does as CIF need to obtain authorisation?

2 What are the reasons a CIF needs to undertake a periodic internal review?
3 Under what circumstances may CySEC wholly or partially withdraw a CIF authorisation?
4 How many directorships may a member of a CIF board of directors hold at the same
time?
5 Answer reference: Section 2.1
6 What do the governance arrangements need to ensure?
7 What is the responsibility of senior managers?
8 What is a tied agent and why may they be appointed?
9 What are the requirements for crowdfunding service providers?
10 On which financial instruments CySEC has imposed restrictions on marketing, purchase,
distribution, and sale?
11 What are the criteria for an SME growth market?
12 How is senior management of a regulated market defined?
13 Describe the direct electronic access requirements.
15 List the minimum information to be reported by an APA.
Page 59 of 334
Edition B.Ad.1 / EN
Chapter 3
Cypriot Investment Firms
(CIFs) and Banks
Learning Objectives
1. Organisational Requirements
2. Specific Requirements
3. Conflicts of Interest
4. Provision to Ensure Investor Protection
5. Investment Advice
6. Suitability
7. Best Execution
Similar to all other regulators in the EU, Cyprus has implemented the EU regulations including
2017/565, most commonly known as MiFID II.
Learning Objective
Ø Know the general organisational requirements for CIFs and banks (Article 21)
Investment firms must comply with the following organisational requirements to:
• establish, implement and maintain decision-making procedures and an organisational

structure which clearly, and in a documented manner, specifies reporting lines and
allocates functions and responsibilities
Page 60 of 334
• ensure their relevant persons are aware of the procedures which must be followed for
the proper discharge of their responsibilities
• establish, implement and maintain adequate internal control mechanisms designed to

secure compliance with decisions and procedures at all levels of the investment firm
• employ personnel with the skills, knowledge and expertise necessary for the discharge of
the responsibilities allocated to them
• establish, implement and maintain effective internal reporting and communication of

information at all relevant levels of the investment firm
• maintain adequate and orderly records of their business and internal organisation
• ensure that the performance of multiple functions by their relevant persons does not
and is not likely to prevent those persons from discharging any particular function soundly,
honestly, and professionally.
When complying with these requirements, investment firms need to take into account the nature,
scale and complexity of the business of the firm, and the nature and range of investment services
and activities.
In addition, systems and procedures need to be in place to:
1. safeguard the security, integrity and confidentiality of information, taking into account the
nature of the information
2. ensure, in the case of an interruption to their systems and procedures, the preservation of
essential data and functions, and the maintenance of investment services and activities, or,
where that is not possible, the timely recovery of such data and functions and the timely
resumption of their investment services and activities
3. deliver, in a timely manner to the competent authority financial, reports which reflect a true
and fair view of their financial position and which comply with all applicable accounting
standards and rules.
Firms shall monitor and, on a regular basis, evaluate the adequacy and effectiveness of their
systems, internal control mechanisms and arrangements and take appropriate measures to
address any deficiencies.
Page 61 of 334
Edition B.Ad.1 / EN
2. Specific Requirements
Learning Objective
Ø Know the requirements relating to compliance (Article 22)
Ø Understand the requirements relating to telephone recordings and electronic
communications (Article 76)
Ø Understand the requirements regarding outsourcing: scope of critical and important
operational functions (Article 30); outsourcing critical or important operational functions
(Article 31); service providers located in third countries (Article 32)
Ø Know the requirements regarding the safeguarding of client assets: information requirements
(Article 49)
Ø Know requirements relating to: risk management (Article 23); internal audit (Article 24)
2.1. Compliance
CIFs and banks need to establish, implement and maintain adequate policies and procedures
designed to detect any risk of failure by the firm to comply with their obligations under MiFID
as well as the associated risks, and put in place adequate measures and procedures designed
to minimise such risk and to enable the competent authorities to exercise their powers effectively.
Investment firms shall take into account the nature, scale and complexity of the business of the
firm, and the nature and range of investment services and activities undertaken in the course of
that business. They need to establish and maintain a permanent and effective compliance
function which operates independently and has the following responsibilities to:
a. monitor on a permanent basis and to assess, on a regular basis, the adequacy and
effectiveness of the measures, policies and procedures put in place, and the actions taken
to address any deficiencies in the firm’s compliance with its obligations
b. advise and assist the relevant persons responsible for carrying out investment services and
activities to comply with the firm’s obligations under MiFID
c. report to the management body, on at least an annual basis, on the implementation

and effectiveness of the overall control environment for investment services and
activities, on the risks that have been identified and on the complaints-handling reporting
as well as remedies undertaken or to be undertaken
d. monitor the operations of the complaints-handling process and consider complaints as

a source of relevant information in the context of its general monitoring
responsibilities. In order to comply with points (a) and (b) above, the compliance
Page 62 of 334
function shall conduct an assessment on the basis of which it shall establish a risk-based
monitoring programme that takes into consideration all areas of the investment firm’s
investment services, activities and any relevant ancillary services, including relevant
information gathered in relation to the monitoring of complaints handling. The
monitoring programme shall establish priorities determined by the compliance risk
assessment ensuring that compliance risk is comprehensively monitored.
In order to enable the compliance function to discharge its responsibilities properly and
independently, investment firms shall ensure that the following conditions are satisfied:
1. The compliance function has the necessary authority, resources, expertise and access to
all relevant information.
2. A compliance officer is appointed and replaced by the management body and is

responsible for the compliance function and for any reporting as to compliance.
3. The compliance function reports on an ad-hoc basis directly to the management body where
it detects a significant risk of failure by the firm to comply with its obligations.
4. The relevant persons involved in the compliance function are not involved in the
performance of services or activities they monitor.
5. The method of determining the remuneration of the relevant persons involved in the
compliance function does not compromise their objectivity and is not likely to do so.
An investment firm does not have to comply with points 4 or 5 above if they can demonstrate
that in view of the nature, scale and complexity of its business, and the nature and range of
investment services and activities, these requirements are not proportionate and that its
compliance function continues to be effective. In that case, the investment firm shall periodically
assess whether the effectiveness of the compliance function is compromised.
2.2. Electronic Communications
Investment firms need to establish, implement and maintain an effective recording of telephone
conversations and electronic communications policy, set out in writing, and appropriate to the size
and organisation of the firm, and the nature, scale and complexity of its business. The policy
needs to include the following:
• identification of the telephone conversations and electronic communications, including

relevant internal telephone conversations and electronic communications, that are
subject to the recording requirements
• specification of the procedures to be followed and measures to be adopted where
Page 63 of 334
Edition B.Ad.1 / EN
exceptional circumstances arise and the firm is unable to record the

conversation/communication on devices issued, accepted or permitted by the firm.
Evidence of such circumstances shall be retained and shall be accessible to competent
authorities.
Investment firms need to ensure that the management body has effective oversight and control
over these policies and procedures. Arrangements need to comply with recording requirements and
are technology-neutral. The effectiveness of the firm’s policies and procedures needs to be
evaluated on a periodic basis. Any alternative or additional measures and procedures as are
necessary and appropriate need to be identified. At a minimum, the adoption of alternative or
additional measures shall occur when a new medium of communication is accepted or permitted
for use by the firm.
The firm will need to keep and regularly update a record of individuals that have firm devices or
privately owned devices that have been approved for use by the firm. All employees need to
be educated and trained about electronic communications and the recording of telephone
conversations. On a periodic basis, the firm will periodically monitor the records of transactions
and orders subject to the electronic monitoring requirements including relevant conversations
to ensure they comply with the recording and record-keeping requirements. All monitoring
needs to be risk based and proportionate. Policies, procedures and management oversight will
be made available to CySEC on request.
Firms need to inform new and existing clients that their conversations and communications
are recorded and that a copy will be made available on request for up to five years. If requested
by CySEC, the information may be retained for up to seven years. The firm needs to inform
the client prior to providing investment services and activities relating to receipt, transmission,
and execution of orders. The information needs to be provided in the same language as other
investment services.
All relevant information related to relevant face-to-face conversations with clients need to be
recorded on a durable medium and include, at a minimum:
• date and time of meetings
• location of meetings
• identity of the attendees
• initiator of the meetings, and
• relevant information about the client order including the price, volume, type of order
and when it shall be transmitted or executed.
The information needs to be stored on a durable medium which can be replayed or copied. It
must be retained in a format that does not allow the original to be altered or deleted. The
Page 64 of 334
information needs to be stored in such a way that it is readily accessible and available to clients
on request. Firms shall ensure the quality, accuracy and completeness of the records of all
telephone recordings and electronic communications. The period of time for the retention of a
record starts on the date the record is created.
2.3. Outsourcing
An operational function is regarded as critical or important if a defect or failure in its

performance would materially impair the continuing compliance of an investment firm with the
conditions and obligation of their authorisation or other obligations, their financial performance;
or the soundness or the continuity of its investment services and activities. The following
functions shall not be considered as critical or important:
• Provision of advisory services and other services which do not form part of the investment
business of the firm, including the provision of legal advice, training of personnel,
billing services and the security of the firm’s premises and personnel.
• Purchasing of standardised services, including market information services and the

provision of price feeds.
When outsourcing critical or important operational functions, the firm remains fully responsible for
discharging of all of their obligations and shall comply with the following conditions:
a. The outsourcing does not result in the delegation by senior management of its
responsibility.
b. The relationship and obligations of the investment firm towards its clients is not altered.
c. The conditions with which the investment firm must comply in order to be and remain
authorised are not undermined.
d. None of the other conditions subject to which the firm’s authorisation was granted is
removed or modified.
Firms shall exercise due skill, care and diligence when entering into, managing or terminating any
arrangement for outsourcing critical or important operational functions. They need to take the
necessary steps to ensure that the following conditions are satisfied:
e. The service provider has the ability, capacity, sufficient resources, appropriate
organisational structure supporting the performance of the outsourced functions, and
any authorisation required by law to perform the outsourced functions, reliably and
professionally.
Page 65 of 334
Edition B.Ad.1 / EN
f. The service provider carries out the outsourced services effectively and in compliance
with applicable law and regulatory requirements, and to this end the firm has
established methods and procedures for assessing the standard of performance of the
service provider and for reviewing on an ongoing basis the services provided by the
service provider.
g. The service provider properly supervises the carrying out of the outsourced functions,
and adequately manage the risks associated with the outsourcing.
h. Appropriate action is taken where it appears that the service provider may not be
carrying out the functions effectively or in compliance with applicable laws and
regulatory requirements.
i. The investment firm effectively supervises the outsourced functions or services and
manage the risks associated with the outsourcing and to this end the firm retains the
necessary expertise and resources to supervise the outsourced functions effectively and
manage those risks;
j. The service provider has disclosed to the investment firm any development that may
have a material impact on its ability to carry out the outsourced functions effectively
and in compliance with applicable laws and regulatory requirements.
k. The investment firm is able to terminate the arrangement for outsourcing where
necessary, with immediate effect when this is in the interests of its clients, without
detriment to the continuity and quality of its provision of services to clients.
l. The service provider cooperates with the competent authorities of the investment firm
in connection with the outsourced functions.
m. The investment firm, its auditors and the relevant competent authorities have effective
access to data related to the outsourced functions, as well as to the relevant business
premises of the service provider, where necessary for the purpose of effective oversight
in accordance with this article, and the competent authorities are able to exercise those
rights of access.
n. The service provider protects any confidential information relating to the investment
firm and its clients.
o. The investment firm and the service provider have established, implemented and
maintained a contingency plan for disaster recovery and periodic testing of backup
facilities, where that is necessary having regard to the function, service or activity that
has been outsourced.
p. The investment firm has ensured that the continuity and quality of the outsourced
functions or services are maintained also in the event of termination of the outsourcing
either by transferring the outsourced functions or services to another third party or by
Page 66 of 334
performing them itself.
The outsourcing agreement needs to be drawn up in writing and clearly state the allocated rights
and obligations of the investment firms and the service provider. In particular, the investment
firm shall keep its instruction and termination rights, its rights of information, and its right to
inspections and access to books and premises. The agreement shall ensure that outsourcing by
the service provider only takes place with the consent of the investment firm which needs to be
in writing.
In case the investment firm and the service provider are members of the same group, the
investment firm may take into account the extent to which the firm controls the service provider
or has the ability to influence its actions. Investment firms need to make available on request
to CySEC all information necessary to enable them to supervise the compliance of the
performance of the outsourced functions.
Where an investment firm outsources functions related to the investment service of portfolio
management provided to clients to a service provider located in a third country, that investment
firm ensures that the following conditions are satisfied:
1. The service provider is authorised or registered in its home country to provide that
service and is effectively supervised by a competent authority in that third country.
2. There is an appropriate cooperation agreement between the competent authority of the

investment firm and the supervisory authority of the service provider.
The cooperation agreement referred needs to ensure that the competent authorities of the
investment firm are able, at least, to:
a. obtain on request the information necessary to carry out their supervisory tasks
b. obtain access to the documents relevant for the performance of their supervisory duties
maintained in the third country
c. receive information from the supervisory authority in the third country as soon as
possible for the purpose of investigating apparent breaches of the requirements
d. cooperate with regard to enforcement, in accordance with the national and international
law applicable to the supervisory authority of the third country and the competent
authorities in the Union in cases of breach of the requirements and its implementing
measures and relevant national law.
CySEC will publish on their website a list of the supervisory authorities in third countries with which
they have a cooperation agreement.
Page 67 of 334
Edition B.Ad.1 / EN
2.4. Client Assets
Firms that hold client assets need to provide (potential) clients with the following information
(where relevant):
1. When the funds may be held by a third party – the responsibilities of the investment
firm under applicable national law for any acts or omissions of the third party and the
consequences for the client of the insolvency of the third party.
2. When funds may be held in an omnibus account by a third party – client will be informed
of this including a warning of the risks.
3. Where it is not possible for client assets to be held by third parties to be identified
separately from the instruments of the third party or other clients – client will be informed
of the risks.
4. Any instances in which the client will be subject to the law of a jurisdiction other than
that of a Member State, including the rights of the (potential) client relating to those
financial instruments or funds may differ accordingly.
5. Existence and the terms of any security interest or lien which the firm has or may have
over the client’s financial instruments or funds, or any right of set-off it holds in relation
to those instruments or funds. Where applicable, it shall also inform the client of the
fact that a depository may have a security interest or lien over, or right of set-off in
relation to those instruments or funds.
Before entering into securities financing transactions in relation to financial instruments held by it
on behalf of a client, or before using such financial instruments for its own account or the account
of another client, the firm must inform the (potential) client including the terms for restitutions
and risks involved. Any information provided to on a durable medium, with clear, full and
accurate information on the obligations and responsibilities of the investment firm.
2.5. Risk Management and Internal Audit
In relation to risk management, investment firms need to establish, implement and maintain
adequate risk management policies and procedures which identify the risks relating to the firm’s
activities, processes and systems and, where appropriate, set the level of risk tolerated by the
firm. They need to adopt effective arrangements, processes and mechanisms to manage the risks
relating to the firm’s activities, processes and systems, in light of that level of risk tolerance. Firms
need to monitor:
1. the adequacy and effectiveness of their risk management policies and procedures
Page 68 of 334
2. the level of compliance by the firm and its relevant persons with the arrangements,
processes and mechanisms
3. the adequacy and effectiveness of measures taken to address any deficiencies in those
policies, procedures, arrangements, processes and mechanisms, including failures by the
relevant persons to comply with such arrangements, processes and mechanisms or follow
such policies and procedures.
here appropriate and proportionate in view of the nature, scale and complexity of their business
and the nature and range of the investment services and activities undertaken in the course of that
business, firms shall establish and maintain a risk management function that operates
independently. The risk management function implements the policy and procedures and provides
reports and advice to senior management. Investment firms that do not establish and maintain
a risk management function need to be able to demonstrate upon request that the policies and
procedures which it is has adopted the requirements of a risk management function.
Where appropriate and proportionate in view of the nature, scale and complexity of their business
and the nature and range of investment services and activities undertaken in the course of that
business, firms need to establish and maintain an internal audit function which is separate and
independent from the other functions and activities of the investment firm. The internal audit
function has the following responsibilities to:
a. establish, implement and maintain an audit plan to examine and evaluate the adequacy and
effectiveness of the investment firm’s systems, internal control mechanisms and
arrangements
b. issue recommendations based on the result of work carried out in accordance with
point (a) and verify compliance with those recommendations
c. report in relation to internal audit matters.
3. Conflicts of Interest
Learning Objective
Ø Know examples where a conflict of interest may occur (Article 33)
Ø Know the requirements relating to conflicts of interest: conflict of interest policy (Article
34); record of services or activities (Article 35); investment research and marketing
communications (Article 36)
Conflicts of interest may arise in the course of providing investment and/or ancillary services, and
may damage the interest of a client. Firms shall, at a minimum, take into account whether the
investment firm, a relevant person, or a person (in)directly linked by control to the firm:
Page 69 of 334
Edition B.Ad.1 / EN
1. Is likely to make a financial gain, or avoid a financial loss, at the expense of the client.
2. Has an interest in the outcome of a service provided to the client or of a transaction carried
out on behalf of the client, which is distinct from the client’s interest in that outcome.
3. Has a financial or other incentive to favour the interest of another client or group of clients
over the interests of the client.
4. Carries on the same business as the client.
5. Receives or will receive from a person other than the client an inducement in relation to
a service provided to the client, in the form of monetary or non-monetary benefits or
services.
Firms need to establish, implement and maintain an effective conflicts of interest policy set out in
writing and appropriate to the size and organisation of the firm and the nature, scale and
complexity of its business. Where the firm is a member of a group, the policy shall also take
into account any circumstances, of which the firm is or should be aware, which may give rise
to a conflict of interest arising as a result of the structure and business activities of other
members of the group. The conflicts of interest policy must identify, with reference to the
specific investment services and activities and ancillary services carried out by or on behalf of
the investment firm, the circumstances which constitute or may give rise to a conflict of interest
entailing a risk of damage to the interests of one or more clients. In addition, the policy must
specify procedures to be followed and measures to be adopted in order to prevent or manage
such conflicts. These procedures and measures referred shall be designed to ensure that relevant
persons engaged in different business activities involving a conflict of interest carry on those
activities at a level of independence appropriate to the size and activities of the investment firm
and of the group to which it belongs, and to the risk of damage to the interests of clients. The
procedures to be followed and measures to be adopted shall include at least those items in the
following list that are necessary for the firm to ensure the requisite degree of independence:
a. Effective procedures to prevent or control the exchange of information between relevant

persons engaged in activities involving a risk of a conflict of interest where the exchange
of that information may harm the interests of one or more clients.
b. The separate supervision of relevant persons whose principal functions involve carrying
out activities on behalf of, or providing services to, clients whose interests may conflict,
or who otherwise represent different interests that may conflict, including those of the
firm.
c. The removal of any direct link between the remuneration of relevant persons principally
engaged in one activity and the remuneration of, or revenues generated by, different
relevant persons principally engaged in another activity, where a conflict of interest may
arise in relation to those activities.
Page 70 of 334
d. Measures to prevent or limit any person from exercising inappropriate influence over the
way in which a relevant person carries out investment or ancillary services or activities.
e. Measures to prevent or control the simultaneous or sequential involvement of a relevant

person in separate investment or ancillary services or activities where such involvement may
impair the proper management of conflicts of interest.
Investment firms need to ensure that disclosure to clients is a measure of last resort that shall be
used only where the effective organisational and administrative arrangements established by the
investment firm to prevent or manage its conflicts of interest are not sufficient to ensure, with
reasonable confidence, that risks of damage to the interests of the client will be prevented.
The disclosure shall clearly state that the organisational and administrative arrangements
established by the investment firm to prevent or manage that conflict are not sufficient to
ensure, with reasonable confidence, that the risks of damage to the interests of the client will be
prevented. The disclosure shall include specific description of the conflicts of interest that arise in
the provision of investment and/or ancillary services, taking into account the nature of the client
to whom the disclosure is being made. The description needs to explain the general nature and
sources of conflicts of interest, as well as the risks to the client that arise as a result of the
conflicts of interest and the steps undertaken to mitigate these risks, in sufficient detail to
enable that client to take an informed decision with respect to the investment or ancillary
service in the context of which the conflicts of interest arise.
Periodically the firm shall review, on an at least annual basis, the conflicts of interest policy and
shall take all appropriate measures to address any deficiencies. Over-reliance on disclosure of
conflicts of interest shall be considered a deficiency in the investment firm’s conflicts of interest
policy.
Investment firms need to keep and regularly update a record of the kinds of activities and advice
carried out by them or on their behalf in which a conflict of interest has arisen or may arise
entailing a risk of damage to the interests of one or more clients. On a regular basis, and at least
annually, senior management shall receive written reports on situations in which conflicts of
interest have arisen.
Investment research is defined as research or other information recommending or suggesting an

investment strategy, explicitly or implicitly, concerning one or several financial instruments or the
issuers of financial instruments, including any opinion as to the present or future value or price of
such instruments, intended for distribution channels or for the public. It needs to be labelled
or described as investment research or in similar terms, or is otherwise presented as an objective
or independent explanation of the matters contained in the recommendation. If the
recommendation was made by an investment firm to a client, it would not constitute the provision
of investment advice. A recommendation that does not meet these conditions shall be treated as
a marketing communication. Investment firms that produce or disseminate that recommendation
shall ensure that it is clearly identified as such. Additionally, firms shall ensure that any such
recommendation contains a clear and prominent statement that (or, in the case of an oral
recommendation, to the effect that) it has not been prepared in accordance with legal
Page 71 of 334
Edition B.Ad.1 / EN
requirements designed to promote the independence of investment research, and that it is not
subject to any prohibition on dealing ahead of the dissemination of investment research.
4. Provision to Ensure Investor Protection
Learning Objective
Ø Know the general principles regarding information to clients: fair, clear and not misleading
information requirements (Article 44 2017/565); information about the CIF; information
about the client; client categorisation and professional clients (including Article 58
2017/565)
Ø Know the requirements regarding information about financial instruments (Article 48 EU
2017/565)
Ø Know the information requirements relating to: costs and associated charges (Article 50
EU 2017/565)
All information addressed or disseminated (potential) retail or professional clients including

marketing communications, need to include the name of the investment firm, and needs to be
accurate and give a fair and prominent indication of any relevant risks. The font size used to
describe the risks should at least be the same as the font used for the remaining of the
material, and should be prominently presented. The information should be sufficient and
presented in a way that is likely to be understood by the average person by whom it is likely to
be received. It should not disguise, diminish, or obscure important items, statements or warnings
and needs to be consistently presented in the same language throughout all forms of information
and marketing materials issued by the firm. An exception is made for clients who have opted to
receive information in more than one language. The information needs to be up-to-date and
relevant.
If the information compares investments, services, financial instruments, or persons the comparison
has to be meaningful and presented in a fair and balanced way. Sources used, key facts and
assumptions need to be clearly specified.
Any indications of past performance may not be the most prominent feature, and must include
the appropriate performance information covering at least the preceding five years. If the
instrument or index has not yet existed for five years, the whole period the financial instrument
or index has existed. All performance information must be based on complete 12-month periods.
The reference period and source of information needs to be clearly stated. A prominent warning
needs to be included to state the figures refer to pat performance and are not a reliable indicator
of further results. If the information is in a currency other that euro this needs to be clearly stated
together with a warning that the return may vary as a result of currency fluctuations. Any effects
Page 72 of 334
of gross performance, the effect of commissions, fees or other charges need disclosed. Any use of
simulated past performance needs to be based on the actual past performance of one or more
financial instruments or financial indices which are (substantially) the same as the financial
instrument concerned and needs to satisfy the same conditions as any actual performance
information, and include a prominent warning. Any indications of future performance may not
be based on or refer to simulated past performance; and needs to be based on reasonable
assumptions supported by objective data. In the event the information is based on gross
performance, the effect of commissions, fees or other charges needs to be clearly disclosed.
Future performance needs to be based on negative and positive performance scenarios in
different market conditions, and reflect the nature and risks of the specific types of instruments
included in the analysis. A prominent warning needs to be included forecasts are not a reliable
indicator of future performance.
Any particular tax treatments need to be clearly specified including a statement that the tax
treatment depends on the individual circumstances of each client and may be subject to change
in the future. The name of any competent authority may not be used in such a way that would
indicate or suggest endorsement or approval by that authority of the products or services of the
investment firm.
A firm must provide (potential) clients with comprehensive information about:
• the firm and its services
• financial instruments and proposed investment strategies, including appropriate guidance

and warnings of the risks associated with investments in those instruments or in
respect of particular investment strategies
• execution venues
• costs and associated charges, in a standardised and easy to understand format.
The information needs to be transparent so that it allows the client to make informed investment
decisions.
A firm needs to obtain a record with sufficient information to understand the (potential) client’s
levels of knowledge and experience regarding the products or services it is offering the (potential)
client, his financial situation and investment objectives. This will assist the firm to be able to
recommend the most suitable investments to the client.
In the event the firm considers that a particular investment or financial product is not appropriate
for a (potential) client, they will send a warning to the client. The warning may be in a
standardised format. If the (potential) client elects not to provide any information, the firm must
inform the (potential) client that they will not be allowed to determine whether a product or
Page 73 of 334
Edition B.Ad.1 / EN
service is appropriate. When the only service a firm provides solely consists of receiving and
executing client orders, the firm does not need to assess the client’s knowledge and expertise
as long as the transaction is related to shares, is undertaken on the client’s request, and the
client has been informed the form does not need to assess the appropriateness of the investment.
A firm needs to maintain client files including documentation outlining the rights and obligations of
the client and the firm, as well as any legal documentation. The firm needs to provide clients
with regular, adequate reports on the products and services including, when applicable, cost.
4.1. Professional Clients
A professional client is a client who possesses the experience, knowledge and expertise to make
its own investment decisions and properly assess the risk it incurs. In order to be considered a
professional client, the client must comply with the following criteria:
1. entities required to be authorised or regulated to operate in the financial markets,

including those authorised by an EU member state
2. large undertakings meeting two of the following size requirements:
a. balance sheet total at least e20.000.000
b. net turnover at least e40.000.000
c. own funds at least e2.000.000.
3. national and regional governments, public bodies managing public debt, central banks,
international and supranational institutions and other similar international organisations
4. other institutional investors, whose main activity is to invest in financial instruments.
Although these clients are considered to be professional clients, they must be allowed to request
non- professional treatment and higher levels of protection.
When a client is a professional client, the CIF must inform the client prior to undertaking any services
that he will be treated as a professional client, unless otherwise agreed between the parties. In
addition, the CIF must inform the client that he can request to be treated as non-professional,
and thus be subject to a higher level of protection. It is the client’s responsibility to request to be
treated as a non-professional.
Firms need to enter into a written agreement with a client in order to provide any of the following:
1. Safekeeping and administration of financial instruments for the account of clients,

including custodianship and related services such as cash/collateral management and
Page 74 of 334
excluding maintaining securities accounts at the top tier level.
2. Granting credits or loans to an investor to allow him to carry out a transaction in one
or more financial instruments, where the firm granting the credit or loan is involved in
the transaction.
3. Advice to undertakings on capital structure, industrial strategy and related matters and
advice and services relating to mergers and the purchase of undertakings.
4. Foreign exchange services where these are connected to the provision of investment
services.
5. Investment research and financial analysis or other forms of general recommendation

relating to transactions in financial instruments.
6. Services related to underwriting.
7. Investment services and activities as well as ancillary services of the type included under
Section A or B of Annex 1 related to the underlying of the derivatives included under points
(5), (6), (7) and (10) of Section C where these are connected to the provision of investment
or ancillary services.
The agreement has to on paper or another durable medium, setting out the essential rights and
obligations of the firm and the client. A periodic assessment of the suitability of the financial
instruments or services recommended needs to be performed. The written agreement shall set
out the essential rights and obligations of the parties, and shall include the following:
a. a description of the services, and where relevant the nature and extent of the investment
advice, to be provided
b. in case of portfolio management services, the types of financial instruments that may be
purchased and sold and the types of transactions that may be undertaken on behalf of
the client, as well as any instruments or transactions prohibited, and
c. a description of the main features of any services mentioned in the above list to be
provided, including where applicable the role of the firm with respect to corporate
actions relating to client instruments and the terms on which securities financing
transactions involving client securities will generate a return for the client.
Page 75 of 334
Edition B.Ad.1 / EN
4.2. Information about Financial Instruments
Before providing investment services to (potential) clients, they need to be given a general
description of the nature and risks of financial instruments, taking into account, in particular,
the client’s categorisation as either a retail client, professional client or eligible counterparty. The
description needs to explain the nature of the specific type of instrument concerned, the
functioning and performance of the financial instrument in different (both positive and negative)
market conditions as well as the risks particular to that specific type of instrument in sufficient
detail to enable the client to take investment decisions on an informed basis.
The description of risks shall include, where relevant to the specific type of instrument concerned
and the status and level of knowledge of the client, the following elements:
a. the risks associated with that type of financial instrument including an explanation of
leverage and its effects and the risk of losing the entire investment including the risks
associated with insolvency of the issuer or related events, such as bail in
b. the volatility of the price of such instruments and any limitations on the available market
for such instruments
c. information on impediments or restrictions for disinvestment, for example as may be

the case for illiquid financial instruments or financial instruments with a fixed
investment term, including an illustration of the possible exit methods and consequences
of any exit, possible constraints and the estimated time frame for the sale of the financial
instrument before recovering the initial costs of the transaction in that type of financial
instruments
d. the fact that an investor might assume, as a result of transactions in such instruments,
financial commitments and other additional obligations, including contingent liabilities,
additional to the cost of acquiring the instruments
e. any margin requirements or similar obligations, applicable to instruments of that type.
If the information is related to a financial instrument that is the subject of a current offer to the
public and a prospectus has been published this will be communicated to the clients. In case
the financial instrument is composed of two or more different financial instruments or
services, the firm shall provide an adequate description of the legal nature of the financial
instrument, the components of that instrument and the way in which the interaction between
the components affects the risks of the investment. For financial instruments that incorporate a
guarantee or capital protection, the investment firm shall provide a client or a potential client
with information about the scope and nature of such guarantee or capital protection. When the
guarantee is provided by a third party, information about the guarantee shall include sufficient
detail about the guarantor and the guarantee to enable the client or potential client to make a
fair assessment of the guarantee.
Page 76 of 334
4.3. Costs and Charges
Firms providing investment services to professional clients or eligible counterparties have the
right to agree to a limited application of the detailed requirements on costs and charges, unless
derivatives are involved.
For ex-ante and ex-post disclosure of information on costs and charges to clients, investment firms
shall aggregate the following:
a. all costs and associated charges charged by the investment firm or other parties where the
client has been directed to such other parties, for the investment services(s) and/or
ancillary services provided to the client, and
b. all costs and associated charges associated with the manufacturing and managing of the
financial instruments.
For the purposes of the costs in point (a) above, third party payments received by investment
firms in connection with the investment service provided to a client shall be itemised separately
and the aggregated costs and charges shall be totalled and expressed both as a cash amount and as
a percentage.
If any of the cost are in a foreign currency the applicable conversion rate and costs needs to be
included.
Firms need to arrangements for payment or other performance. Firms shall calculate and disclose
product costs and charges that are not included in the UCITS KIID.
Full ex-ante disclosure will need to be provided about the aggregated costs and charges related to
the financial instrument and to the investment or ancillary service provided where the investment
firm recommends or markets financial instruments to clients; or provides any investment services
via a UCITS KIID or PRIIPs KID in relation to the relevant financial instruments, in accordance with
relevant EU legislation.
Investment firms that do not recommend or market a financial instrument to the client or are
not obliged to provide the client with a KID/KIID.
If the client uses more than one investment firm, each firm will provide the client with the cost
and charges of the services they provide. Firms that recommend or market the services provided
by another firm, shall aggregate the cost and charges of its services together with the cost
and charges of the services provided by the other firm.
A firm need to take into account the costs and charges associated to the provision of services of
other firms they have directed the client to.
When calculating costs on an ex-ante basis, the firm will use actual incurred costs as a proxy for
Page 77 of 334
Edition B.Ad.1 / EN
expected costs and charges. In the event actual costs are not available, the firm will make a
reasonable estimation. Assumptions will be assessed on the basis of ex-post experience and will
make adjustments o their assumptions as required.
On an annual basis, firms will provide ex-post information about all costs and charges related
to instruments and services they have recommended or marketed to the client, where they have
provided the client with the KID/KIID, where they had an ongoing relationship with the client
during the year. This information needs to be based on costs incurred and shall be provided
on a personalised basis. Investment firms may choose to provide such aggregated information
on costs and charges of the investment services and the financial instruments together with
any existing periodic reporting to clients.
Investment firms shall provide their clients with an illustration showing the cumulative effect of
costs on return when providing investment services. Such an illustration shall be provided both on
an ex-ante and ex-post basis and needs show the effect of the overall costs and charges on
the return of the investment; any anticipated spikes or fluctuations in the costs; and be
accompanied by a description.
5. Investment Advice
Learning Objective
Ø Know the requirements regarding investment advice: information about investment advice
(Article 52); investment advice on an independent basis (Article 53)
Firms need to explain in a clear and concise way whether and why investment advice qualifies as
independent or non-independent and the type and nature of the restrictions that apply. In the event
the firm provides advice to the same client on an independent and non-independent basis the firm
needs to explain the scope of both services to allow investors to understand the differences between
the types of advice and to make sure they do not present themselves as an independent investment
adviser for the overall activity. Firms shall not give undue prominence to their independent
investment advice services over the non-independent advice.
Firms shall explain the range of financial services that may recommended including the
relationship with the issuer. A description will be provided of all types of financial instruments
considered, the range of financial instruments and providers analysed per type of instrument
according to the scope of the service, and, how the service provided satisfies the conditions for
the provision of independent investment advice (if applicable). The information will include the
considerations used in the selection process used to recommend financial instruments such as
risks, costs, and complexity of the instrument. The firm will highlight any own financial instruments
included in the investment advice.
Page 78 of 334
The suitability of recommendations will be assessed periodically and the firm will disclose the
frequency and extent of the periodic suitability assessment including (where relevant) conditions
that trigger an assessment, the extent to which the information previously collected will be
subject to reassessment, and the way in which an updated recommendation will be
communicated to the client.
Firms that provide independent investment advice need to define and implement a selection
process to assess and compare a sufficient range of financial instruments available in the market.
The selection process needs to include:
a. the number and variety of instruments considered is proportionate to the scope of the
investment advice offered
b. the number and variety of instruments considered is adequately representative of the

market
c. the quantity of financial instruments issued by the firm or a closely linked entity is
proportionate to the instruments available in the market
d. the criteria for selecting financial instruments shall include all relevant aspects such as
risks, costs and complexity, characteristics of the client, and ensure he advice is not
biased.
In the event the firm cannot make these comparisons they will not present themselves as
independent.
Firms that provide independent investment advice focussed on a specified range or category of
financial instruments needs to make sure that they market themselves in a way that is intended
only to attract clients with a preference for those categories or range of financial instruments. In
addition, the firm shall require clients to indicate that they are only interested in investing in the
specified category or range of financial instruments; and prior to the provision of the service, the
firm shall ensure that its service is appropriate for each new client on the basis that its business
model matches the client’s needs and objectives, and the range of financial instruments that are
suitable for the client. If this is not the case, the firm shall not provide such a service to the client.
Investment firms offering both independent and non-independent investment advice need to
comply with the following obligations:
1. in good time before the provision of its services, the investment firm has informed its
clients, on a durable medium, whether the advice is independent or non-independent and the
relevant implementing measures
2. the investment firm has presented itself as independent for the services for which it provides
investment advice on an independent basis
Page 79 of 334
Edition B.Ad.1 / EN
3. the investment firms have adequate organisational requirements and controls in place to
ensure that both types of advice services and advisers are clearly separated from each
other and that clients are not likely to be confused about the type of advice that they are
receiving and are given the type of advice that is appropriate for them. The investment
firm shall not allow a natural person to provide both independent and non-independent
advice.
6. Suitability
Learning Objective
Ø Know the suitability requirements: assessment of suitability and suitability reports (Article
54); common assessment provisions (Article 55); assessment of appropriateness and
related record keeping obligations (Article 56)
Ø Know the obligations for CIFs who provide services through the medium of another IF
(Article 27, law 87)
6.1. Suitability Requirements
Firms need to make sure they do not create any ambiguity or confusion about their
responsibilities in the process when assessing the suitability of investment services or financial
instruments. When undertaking the suitability assessment, the firm shall inform (potential) clients,
clearly and simply, that the reason for assessing suitability is to enable the firm to act in the
client’s best interest. Where investment advice or portfolio management services are provided in
whole or in part through an automated or semi-automated system, the responsibility to undertake
the suitability assessment remains with the investment firm and is not reduced by the use of an
electronic system.
Firms need to determine the extent of the information to be collected from clients in light of
all the features of the investment advice or portfolio management services to be provided to
those clients. Firms shall obtain all information necessary to understand the essential facts
about the client and to have a reasonable basis for determining the best investment advice taking
into consideration the nature and extent of the service provided meets the investment objectives
of the client in question, including client’s risk tolerance; can financially be borne by the client;
and the client has the necessary experience and knowledge in order to understand the risks
involved in the transaction or in the management of his portfolio.
When investment services are provided to professional clients, the firm may assume that the client
has the necessary level of experience and knowledge of the transactions and instruments
Page 80 of 334
recommended, and that they are financially able to bear any risk.
The client’s financial information need to include, where relevant, information on the source and
extent of his regular income, his assets, including liquid assets, investments and real property,
and his regular financial commitments. The information regarding the client’s investment
objectives shall include, where relevant, information on the length of time for which the client
wishes to hold the investment, his preferences regarding risk taking, his risk profile, and the
purposes of the investment.
When a client is a legal person or a group of natural persons the investment policy will record
who should be assessed for suitability and how this assessment will be done in practice, including
from whom information about knowledge and experience, financial situation and investment
objectives should be collected. In case a natural person is represented by another natural
person, or where a legal person having requested treatment as professional client is to be
considered for the suitability assessment, the financial situation and investment objectives shall
be those of the legal person or the underlying client. The knowledge and experience shall be that
of the representative of the natural person or the person authorised to carry out transactions on
behalf of the underlying client.
Investment firms shall take reasonable steps to ensure that the information collected about their
clients or potential clients is reliable. This shall include, but shall not be limited to:
1. ensuring clients are aware of the importance of providing accurate and up-to-date
information
2. ensuring all tools, such as risk assessment profiling tools or tools to assess a client’s
knowledge and experience, employed in the suitability assessment process are fit-for-
purpose and are appropriately designed for use with their clients, with any limitations
identified and actively mitigated through the suitability assessment process
3. ensuring questions used in the process are likely to be understood by clients, capture
an accurate reflection of the client’s objectives and needs, and the information necessary
to undertake the suitability assessment, and
4. taking steps, as appropriate, to ensure the consistency of client information, such as by

considering whether there are obvious inaccuracies in the information provided by
clients. Investment firms having an on-going relationship with the client, such as by
providing an ongoing advice or portfolio management service, shall have, and be able
to demonstrate, appropriate policies and procedures to maintain adequate and up-to-
date information about clients to the extent necessary.
In the event the firm does not manage to obtain sufficient information on the (potential) client,
they shall not recommend investment services or financial instruments to them.
Investment firms shall have, and be able to demonstrate, adequate policies and procedures in
Page 81 of 334
Edition B.Ad.1 / EN
place to ensure that they understand the nature, features, including costs and risks of investment
services and financial instruments selected for their clients and that they assess, while taking into
account cost and complexity, whether equivalent investment services or financial instruments can
meet their client’s profile.
Firms shall not recommend or decide to trade where none of the services or instruments are suitable
for the client. When the advice includes switching investments, either by selling an instrument
and buying another or by exercising a right to make a change in regard to an existing instrument,
investment firms shall collect the necessary information on the client’s existing investments and
the recommended new investments and shall undertake an analysis of the costs and benefits of
the switch so that they will be reasonably able to demonstrate that the benefits of switching are
greater than the cost.
Retail clients will be provided with a report including an outline of the advice given and how the
recommendation provided is suitable for the retail client, including how it meets the client’s
objectives and personal circumstances with reference to the investment term required, client’s
knowledge and experience and client’s attitude to risk and capacity for loss. The firm will draw
the attention of the client to information on whether the recommended services or instruments
are likely to require them to seek a periodic review of their arrangements. Where an investment
firm provides a service that involves periodic suitability assessments and reports, the subsequent
reports after the initial service is established may only cover changes in the services or instruments
involved and/or the circumstances of the client and may not need to repeat all the details of the
first report.
If a periodic suitability assessment review is provided, the review shall be undertaken at least
annually. The frequency of this assessment shall be increased depending on the risk profile of
the client and the type of financial instruments recommended.
Firms need to ensure Investment that the information regarding a (potential) client’s knowledge
and experience in the investment field includes the following information, to the extent appropriate
to the nature of the client, the nature and extent of the service to be provided and the type of
product or transaction envisaged, including their complexity and the risks involved:
• the types of service, transaction and financial instrument with which the client is familiar
• the nature, volume, and frequency of the client’s transactions in financial instruments and
the period over which they have been carried out
• the level of education, and profession or relevant former profession of the client or
potential client.
Firms shall not discourage a (potential) client from providing information required for the purposes
of money laundering and compliance and will be entitled to rely on the information provided by
its clients or potential clients unless it is aware or ought to be aware that the information is
manifestly out of date, inaccurate or incomplete.
Page 82 of 334
Firms will determine whether a client has the necessary experience and knowledge in order to
understand the risks involved in relation to the product or investment service offered or
demanded when assessing whether an investment service is appropriate for a client. An
investment firm shall be entitled to assume that a professional client has the necessary
experience and knowledge in order to understand the risks involved in relation to those particular
investment services or transactions, or types of transaction or product, for which the client is
classified as a professional client.
Firms need to maintain records of the appropriateness assessments undertaken which include the
result of the appropriateness assessment; any warning given to the client in relation to potentially
inappropriate investments and where the client proceeded with the investment; any warning given
to the client where the client did not provide sufficient information to enable the firm to
undertake an appropriateness assessment, whether the client asked to proceed with the
transaction despite this warning and, where applicable, whether the firm accepted the client’s
request to proceed with the transaction.
In the event a firm receives an instruction to provide investment services on behalf of a client
through another firm, they may rely on client information provided by the instructing firm. The
instructing firm remains responsible for the completeness and accuracy of the information. The
receiving firm may also rely on any recommendations in relation to the service or transactions
that have been provided by another firm. The instructing firm will remain responsible for the
suitability of the recommendations or advice provided to the client. The receiving firm will be
responsible for concluding the service or transactions in line with the information and/or
recommendations received.
7. Best Execution
Learning Objective
Ø Understand best execution criteria (Article 64)
Ø Know the obligations regarding best execution (Article 66)
Ø Understand how client order handling rules are applied: general principles (Article 67);
aggregation and allocation of orders (Article 68); aggregation and allocation for own
account (Article 69); prompt, fair and expeditious execution and publication of unexecuted
limit orders (Article 70)
When executing client orders, the firm needs to take into account the characteristics of the client
including the categorisation of the client as retail or professional; the characteristics of the client
order, including where the order involves a securities financing transaction (SFT); the characteristics
Page 83 of 334
Edition B.Ad.1 / EN
of financial instruments that are the subject of that order; and the characteristics of the execution
venues to which that order can be directed. Execution venues include a regulated market, an
MTF, an OTF, a systematic internaliser, or a market maker or other liquidity provider or an entity
that performs a similar function in a third country to the functions performed by any of those.
Firms need to take all sufficient steps to obtain the best possible result for a client to the extent
that it executes an order or a specific aspect of an order following specific instructions from the
client relating to the order or the specific aspect of the order. Investment firms shall not structure
or charge their commissions in such a way as to discriminate unfairly between execution venues.
When executing orders or taking decision to deal in OTC products including bespoke products,
the investment firm shall check the fairness of the price proposed to the client, by gathering
market data used in the estimation of the price of such product and, where possible, by comparing
with similar or comparable products.
The execution policy and order execution arrangements need to be reviewed at least annually. In
addition, they will also be when a material change occurs that affects the firm’s ability to continue
to obtain the best possible result for the execution of its client orders on a consistent basis using
the venues included in its execution policy. An investment firm shall assess whether the change
was material and consider making changes to the relative importance of the best execution
factors. The execution policy will be customised to cater for the class of financial instrument and
type of the service provided. Firms will provide clients with the following details on their execution
policy:
a. relative performance of the execution venues
b. a list of the execution venues on which the firm places significant reliance
c. a list of factors used to select an execution venue, including qualitative factors such as:
clearing schemes, circuit breakers, scheduled actions, or any other relevant consideration,
and the relative importance of each factor
d. the information about the factors used to select an execution venue for execution shall be
consistent with the controls used by the firm to demonstrate to clients that best execution
has been achieved in a consistent basis when reviewing the adequacy of its policy and
arrangements
e. how the execution factors of price costs, speed, likelihood of execution and any other
relevant factors are considered as part of all sufficient steps to obtain the best possible
result for the client
f. where applicable, information that the firm executes orders outside a trading venue,
the consequences, for example counterparty risk arising from execution outside a trading
venue, and upon client request, additional information about the consequences of this
means of execution
g. a clear and prominent warning that any specific instructions from a client may prevent
Page 84 of 334
the firm from taking the steps that it has designed and implemented in its execution
policy to obtain the best possible result for the execution of those orders in respect of
the elements covered by those instructions
h. a summary of the selection process for execution venues, execution strategies employed,
the procedures and process used to analyse the quality of execution obtained and how the
firms monitor and verify that the best possible results were obtained for clients.
The information shall be provided in a durable medium, or by means of a website (where that
does not constitute a durable medium. If a frim applies different fees depending on the
execution venue, the firm shall explain these differences in sufficient detail in order to allow
the client to understand the advantages and the disadvantages of the choice of a single
execution venue. If the firm invites clients to choose an execution venue, fair, clear and not
misleading information shall be provided to prevent the client from choosing one execution
venue rather than another on the sole basis of the price policy applied by the firm. Firms shall
inform clients about the inducements that the firm may receive from the execution venues.
The information shall specify the fees charged by the investment firm to all counterparties
involved in the transaction, and where the fees vary depending on the client, the information
shall indicate the maximum fees or range of the fees that may be payable. Where an investment
firm charges more than one participant in a transaction, the firm shall inform its clients of the
value of any monetary or non-monetary benefits received by the firm. Where a client makes
reasonable and proportionate requests for information about its policies or arrangements and how
they are reviewed to an investment firm, that investment firm shall answer clearly and within a
reasonable time. Where an investment firm executes orders for retail clients, it shall provide
those clients with a summary of the relevant policy, focused on the total costs they incur. The
summary shall also provide a link to the most recent execution quality data for each execution
venue listed by the investment firm in its execution policy.
7.1. Client Order Handling
When firms carry out client orders they need to satisfy the following conditions:
1. ensure that orders executed on behalf of clients are promptly and accurately recorded and
allocated
2. carry out otherwise comparable client orders sequentially and promptly unless the
characteristics of the order or prevailing market conditions make this impracticable, or
the interests of the client require otherwise
3. inform a retail client about any material difficulty relevant to the proper carrying out
of orders promptly upon becoming aware of the difficulty.
If the firm is responsible for overseeing or arranging the settlement of an executed order, it shall
take all reasonable steps to ensure that any client financial instruments or client funds received
in settlement of that order are promptly and correctly delivered to the account of the client.
Page 85 of 334
Edition B.Ad.1 / EN
Firms shall not misuse information relating to pending client orders, and shall take all reasonable
steps to prevent the misuse of such information by any of its relevant persons.
A firm may not carry out a client order or a transaction for own account in aggregation with
another client order unless it is unlikely that the aggregation will work to the disadvantage of any
client involved, the aggregation is disclosed to all clients involved, and an order allocation
policy is established and implemented to ensure fair allocation of aggregated orders and
transactions. The allocation policy needs to include how the volume and price of orders
determines the allocation and the treatment of partial executions or an order. Firms that have
aggregated transactions for own account with one or more client orders shall not allocate the
related trades in a way that is detrimental to a client and in case of partially executed orders
the client transactions will be given priority over the firm’s. If the firm is able to demonstrate on
reasonable grounds that without the combination it would not have been able to carry out the
order on such advantageous terms, or at all, it may allocate the partially executed transaction for
own account proportionally in accordance with its order allocation policy.
A firm need to have procedures in place designed to prevent reallocation of transactions for own
account in a way that is detrimental to the client.
A client limit order in respect of shares admitted to trading on a regulated market or traded
on a trading venue which have not been immediately executed under prevailing market conditions
shall be considered available to the public when the investment firm has submitted the order for
execution to a regulated market or a MTF or the order has been published by a data reporting
services provider located in one Member State and can be easily executed as soon as market
conditions allow. Regulated markets and MTFs shall be prioritised according to the firm’s
execution policy to ensure execution as soon as market conditions allow.
Page 86 of 334
17. List the general organisational requirements.

18. List the responsibilities of the compliance department.
19. List the types of transactions subject to being recorded.
20. List the conditions for outsourcing.
21. List what firms need to monitor in relation to the risk management function.
22. Describe when conflicts of interest occur.
23. Describe the requirements for marketing and other information sent to clients.
24. Define what constitutes a professional client.
25. List the information that needs to be provided to a (potential) retail client when providing
investment advice.
26. Describe the suitability assessment.
27. Describe the process of executing client orders.
Page 87 of 334
Edition B.Ad.1 / EN
Chapter 4
Open-Ended Undertakings for Collective
Investment (UCI) Laws 2012–2019
Learning Objectives
1. Undertakings for Collective Investment in Transferable Securities (UCITS)

2. Obligations of UCITS
3. UCITS Structures
4. Management Companies
The Open-Ended Undertakings for Collective Investment (UCI) Law of 2012 (L.78(I)/2012), as
amended by L.88(I)/2015, L. 52(I)/2016 and L.134(I)/2019, regulates the operation and supervision
of open-ended undertakings for collective investment in transferable securities (UCITS) and of
management companies, as well as of the taxation regime of open-ended UCITS.
UCI Laws of 2012 to 2019 harmonise the following:
a. Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on
the coordination of laws, regulations and administrative provisions relating to UCITS.
b. Articles 11 and 13 of Directive 2010/78/EU of the European Parliament and of the Council
of 24 November 2010 for amending Directives 1998/26/EC, 2002/87/EC, 2003/6/EC,
2003/41/EC, 2003/71/EC, 2004/39/EC, 2004/109/EC, 2005/60/EC, 2006/48/EC, 2006/49/EC,
and 2009/65/EC in respect of the powers of the European Supervisory Authority (European
Banking Authority (EBA)), the European Supervisory Authority (European Insurance and
Occupational Pensions Authority (EIOPA)) and the European Supervisory Authority
(European Securities and Markets Authority (ESMA)).
c. Articles 2 and 4 of Directive 2013/14/EU of the European Parliament and of the Council
of 21 May 2013 for amending Directive 2003/41/EC related to the activities and
Page 88 of 334
supervisions of institutions for occupational retirement provisions, Directive 2009/65/EC

on the coordination of laws, regulations and administrative provisions related to UCITS, and
Directive 2011/61/EU in relation to Alternative Investment Fund Managers (AIFMs) in
respect of over-reliance on credit ratings.
d. Article 1(6) of Directive 2014/91/EU of the European Parliament and Council of 23 July 2014,
for amending Directive 2009/65/EC on the coordination of laws, regulations and
administrative provisions relating to UCITS as regards to depository functions, remuneration
policies and sanctions.
e. Directive 2014/91/EE of the European Parliament and of the Council of 23 July 2014, for
amending Directive 2009/65/EC on the coordination of laws, regulations and administrative
provisions relating to UCITS as regards to depository functions, remuneration policies and
sanctions.
f. Articles 2(1)(a), 5(2), 23(1), 49, 98(1) and 98 (2) of Directive 2009/65/EC of the European
Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and
administrative provisions relating to UCITS, as amended by the aforementioned Directive
2014/91/EE of the European Parliament and of the Council of 23 July 2014.
g. Article 50(a) of Directive 2009/65/EC of the European Parliament and of the Council of 13 July
2009 on the coordination of laws, regulations and administrating provisions relating to UCITS,
as amended by Article 38 of Regulation (EU) 2017/2402 of the European Parliament and of
the Council of 12 December 2017 laying down a general framework for securitisation and
creating a specific framework for simple, transparent and standardised securitisation, and
amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU and Regulations (EC) No
1060/2009 and (EU) No 648/2012.
In addition, the UCI Laws of 2012 to 2019 implement the following:
• Commission Regulation (EU) No 583/2010 implementing Directive 2009/65/EC of the

European Parliament and of the Council with regard to key investor information, and the
conditions to be met when providing key investor information or the prospectus in a
durable medium other than paper or by means of a website.
• Commission Regulation (EU) No 584/2010 implementing Directive 2009/65/EC of the

European Parliament and of the Council with regard to the form and content of the
standard notification letter and UCITS attestation, the use of electronic communication
between competent authorities for the
purpose of notification, and procedures for on-the-spot verifications and investigations and
the exchange of information between competent authorities.
Page 89 of 334
Edition B.Ad.1 / EN
1. Undertakings for Collective Investment in

Transferable Securities (UCITS)
Learning Objective
Ø Know the definition and types of UCITS (Article 4)
A UCITS fund is defined as an undertaking:
• whose sole object is the collective investment in transferable securities and/or other
liquid financial instruments referred to in subsection (1) of section 40 of UCI Laws 2012 to
2019, of capital raised from the public
• which operates on the principle of risk spreading, and
• which its units can be redeemed or repurchased, directly or indirectly, out of the
undertaking’s assets, at the request of the investor.
A UCITS fund may only be constituted in accordance with the UCI Laws and can take the form of
a common fund managed by a management company or a variable capital investment
company (VCIC). A common fund is a type of open-ended fund of no legal personality as the
unit holders are represented by the Management Company, whereas a VCIC is a limited liability
company with shares. More information about common funds and VCICs is provided in section
1.1. UCITS funds may not transform themselves by any means into an undertaking which does not
meet the definition of an undertaking.
The following shall not be regarded as UCITS for the implementation of the UCI Laws:
a. Closed-ended undertakings for collective investment.
b. Undertakings for collective investment which raise capital without promoting the sale of
their units to the public within the EU or any part of it.
c. Undertakings for collective investment the units of which, under their regulation or their
instruments of incorporation may be sold only to the public in third countries.
d. Undertakings for collective investment whose investment and borrowing policies, with
regard to the legislation of their home member state, do not comply with the conditions
of Chapter VII and Article 83 of Directive 2009/65/EC.
Investments in a UCITS can only comprise of one or more of the instruments listed in section 2.1.
Page 90 of 334
1.1. Specific Types of UCITS
Learning Objective
Ø Know the provisions applicable to specific types of UCITS: common funds and variable
capital investment companies (Articles 5–6)
1.1.1. Common Funds
A common fund is a pool of assets which belong jointly and severely to the unitholders. The
assets are deposited with a depositary and constitute a collective portfolio managed by the
management company in the interest of the unitholders. A common fund does not have a legal
personality; the management company represents the unitholders in relation to the fund and the
assets. When representing the fund and its unitholders, the management company acts in its own
name, albeit on behalf of the unitholders, and it exercises all rights deriving from the assets in the
common fund.
Unitholders shall not be responsible for any actions or omissions of the management company
or o f the depositary in the exercise of their duties. A common fund is not responsible for the
obligations of the management company or the depositary.
1.1.2. Variable Capital Investment Companies (VCICs)
A VCIC has the legal form of a limited liability company with shares and must fulfil all the following
conditions:
1. Its sole purpose is the collective management of its portfolio by investing in transferable
securities or other financial instruments (as outlined in section 1 of this chapter), to the
interest of its shareholders.
2. It collects the funds it invests from the public.
3. It operates on the principle of risk spreading.
4. Its shares are (directly or indirectly redeemed or repurchased by its assets on request of
the shareholders. Its capital is increased or decreased by the issue of new shares or the
redemption or repurchase of old ones without resorting to a capital increase or decrease
under Company Law.
Any actions taken by the company that do not result in a significant variation of the stock
exchange value of its shares from the net asset value of its assets, are regarded as the equivalent
of a redemption or repurchase, as mentioned in point 4.
Page 91 of 334
Edition B.Ad.1 / EN
1.2. Depositaries
Learning Objective
Ø Know the duties and requirements applicable to Depositaries (Article 10-15)
A management company needs to appoint a single depositary for each of the UCITS it manages.
The depositary needs to be a credit institution with a registered office in the Republic or another
EU member state. In the event that the depositary is registered in another EU member state,
it needs to have a branch in the Republic and be licensed to provide depositary services. The
depositary can be any other type of legal entity, with either a registered office in the Republic or in
another EU member state with a branch in the Republic authorised by the competent authority
(CySEC, if based in the Republic, or the competent authority in other EU member states) to carry
out depositary activities in accordance with the provision of UCI Laws or the law of another member
state which harmonises Directive 2009/65/EC and meets the appropriate capital adequacy
requirements. Such a legal entity is subject to prudential regulation and ongoing supervision, and
needs to meet the following minimum requirements:
• Have the appropriate infrastructure in place to hold, as a custodian, registered financial

instruments. These need to be kept in an account opened in the books of the depositary.
• Establish appropriate policies and other procedures to ensure compliance of the entity, its
directors and employees with the obligations under UCI laws.
• Have in place sound administrative and accounting procedures, internal control

mechanisms, and effective risk assessment procedures, controls and safeguarded
arrangements for information processing.
• Maintain and operate effective organisational and administrative arrangements to prevent

conflicts of interest.
• Keep records of all services, activities and transactions it undertakes that will be sufficient
to enable CySEC to fulfil its supervisory tasks and to perform the enforcement actions
provided for under the UCI laws.
• Take reasonable steps to ensure continuity and regularity in the performance of its
depositary functions by employing appropriate and proportionate systems, resources
and procedures, including being able to perform its depositary activities.
• Ensure that all members of its board of directors and senior management are, at all times, of
sufficiently good repute, and possess sufficient knowledge, skills and experience.
Page 92 of 334
• Ensure that its management body possesses adequate collective knowledge, skills and
experience to be able to understand the depositary’s activities, including the main risks.
• Ensure that each member of its board of directors and senior management acts with
honesty and integrity.
The aforementioned requirements also apply to depositaries which VCICs or Management Companies
appointed before 18 March 2016.
The appointment of the depositary is evidenced by a written contract which needs to regulate the
flow of information necessary to allow the depositary to perform its functions under UCI Laws, in
Directives issued pursuant to UCI Laws and in other relevant legislation.
The functions of the depositary are defined as follows:
• Ensure that the sale, issue, redemption, repurchase, cancellation and valuation of units is
carried out in accordance with the appropriate rules and regulations.
• Execute the orders of the management company or the VCIC, unless they conflict with the
rules and regulations.
• Ensure timely payment of transactions related to the assets of the UCITS.
• Ensure that profits are distributed in line with the applicable legislation and the UCITS rules
or instruments of incorporation.
The depositary needs to ensure that the cash flows of UCITS funds are properly monitored, that
payments made to (or on behalf of) investors have been received, and that all cash has been
booked in cash accounts that are opened in the name of the UCITS, the management company,
or the depositary in an approved institution, and maintained in accordance with the appropriate
regulations. Investor funds may not be commingled with funds that belong to the depositary
or the institution where the account is opened.
All aforementioned functions cannot be delegated to a third party.
The assets of the UCITS must be entrusted to the depositary for safekeeping. For financial
instruments held in custody, the depositary shall hold those instruments that may be registered in
a financial instruments account in their books and all financial instruments that can be physically
delivered to the depositary. The depositary must ensure that all such financial instruments are
registered in segregated accounts in line with the regulations. For other assets, the depositary
must verify their ownership by the UCITS or its management company, and will maintain
appropriate records. On a regular basis, the depositary must provide a full inventory of those
assets. These functions may be delegated to a third party, only when:
a. they are not delegated with the intention of avoiding the requirements laid down in the
Page 93 of 334
Edition B.Ad.1 / EN
UCI Laws
b. the depositary can demonstrate that there is an objective reason for the delegation
c. the depositary has exercised all due skill, care and diligence in the selection and
appointment of any third party to whom it intends to delegate parts of its tasks, and
continues to exercise all due skill, care and diligence in the periodic review and ongoing
monitoring of any third party to which it has delegated parts of its tasks and of the
arrangements of the third party in respect of the matters delegated to it.
d. the third party, at all times during the performance of the delegated tasks:
• has adequate structures and expertise related to the nature and complexity of the
assets
• complies with the effective prudential regulation and meets the minimum capital
requirements
• is subject to an external periodic audit related to the possession of the financial

instruments
• segregates the assets of the depositary’s clients in order distinguish those from its
own or the depositary’s assets
• ensures that in case of the third party’s insolvency, the assets held in custody are
unavailable for distribution among, or for the benefit of, the creditors of the third
party
e. the depositary and the third party comply with the related obligations and prohibitions of
the UCI Laws
The third party may sub-delegate certain functions, subject to the provisions of the UCI Laws. In the
event of delegation or sub-delegation, the depositary remains liable to the UCITS and the unit holders.
Sections 1.2.3 and 1.2.4 of this workbook provide more information on delegation and liabilities.
A company may not be both the management company or internally managed VCIC and the
depositary. The management company and the depositary need to act honestly, fairly,
professionally, independently and solely in the interest of the UCITS, and the investors of the UCITS
in exercising their duties.
The depositary shall not carry out any activities that cause a conflict of interest between the
UCITS, the investors, the management company/internally managed VCIC, and itself unless the
activities are functionally and hierarchically separated so that they cannot purposely cause any
conflict of interest, and that any potential conflicts of interest are properly identified, managed,
monitored and disclosed to the investors of the UCITS.
Page 94 of 334
1.2.1. Resignation of the Depositary
In the event that a depositary of the UCITS intends to resign from its duties, it must inform the
4
management company or the UCITS itself, of its intention in writing, and at least three months
before the resignation. The management company, or the UCITS itself, will immediately report
this to CySEC and recommend a replacement. In the event that the recommendation is
unjustifiably delayed, a recommendation must be submitted by the resigning depositary. CySEC
will either approve the recommendation or will request for a new proposal.
Once the new depositary has been appointed, the resigning depositary will hand over the UCITS
assets into the safekeeping of the new depositary as well as any other relevant documents and
information for it to exercise its duties. The resigning depositary shall continue to exercise its
duties until the new depositary has fully taken over. The resignation and replacement of the
depositary shall entail amendment of the UCITS rules or instruments of incorporation.
1.2.2. Replacement of the Depositary
In the event of serious violations of the depositary’s obligations, or to protect the unitholders
when the depositary does not exercise its duties in the interest of all unitholders, CySEC may request
the replacement of the UCITS depositary. In these cases, the CySEC will approve the selection of the
new depositary. The management company or internally managed VCIC may also submit an
application for the replacement of the depositary. In this case, the management company or
internally managed VCIC must recommend a new depositary, and inform the depositary to be
replaced.
1.2.3. Delegation of Safekeeping of Assets
The depositary may delegate the safekeeping of the assets to a third party providing that the
UCITS regulation or instruments of incorporation allow for this. The safekeeping of foreign or local
transferable securities and other liquid financial instruments may be delegated to an officially
authorised foreign depositary, provided that the instruments are listed on a regulated market.
Any delegation of safekeeping needs to be reported to the UCITS or its management company. At
any time, the delegation of safekeeping may be revoked by the depositary. The monitoring of the
activities of the management company, and the operation of the UCITS, may not be outsourced
to a third party.
At all times during the performance of the delegated tasks, the third party has to maintain structures
and expertise that are adequate and proportionate to the nature and complexity of the assets of
the UCITS, or the management company acting on behalf of the UCITS, which have been entrusted
Page 95 of 334
Edition B.Ad.1 / EN
to it. The third- party needs to be subject to effective prudential regulation, including minimum
capital requirements and supervision in their jurisdiction, and is periodically audited to ensure
that the financial instruments are in their possession. At all times, the assets of the clients of
the depositary need to be segregated from their own assets and from the assets of the depositary
in such a way that they can, at any time, be clearly identified as belonging to clients of a particular
depositary. In addition, the third party needs to take all necessary steps to ensure that, in the
event of their insolvency the assets held in custody are unavailable for distribution among, or
realisation for the benefit of, creditors of the third party, and that they comply with the general
obligations and prohibitions related to UCITS assets. In the event that the law of a third country
requires that certain financial instruments are held in custody by a local entity, and when no
local entities satisfy the delegation requirements stated, the depositary may delegate its functions
to such a local entity as long as they meet the requirements of the law in that country, and only
where:
a. the investors of the relevant UCITS are duly informed, prior to their investment, of the fact
that such a delegation is required due to legal constraints in the law of the third country,
of the circumstances justifying the delegation and of the risks involved in such a
delegation
b. the internally managed VCIC, or the management company on behalf of the UCITS, has
instructed the depositary to delegate the custody of such financial instruments to such a
local entity.
The third party may, in turn, sub-delegate these functions as long as any other party meets the
appropriate regulatory requirements.
Any assets held in custody may not be used for the depositary’s own account, or for the account
of a third party to whom the custody of the assets is delegated. Assets may be reused in the
following circumstances:
1. For the account of the UCITS.
2. On the instructions of the management company on behalf of the UCITS.
3. For the benefit of the UCITS and in the interest of the unitholders.
4. The transaction is covered by high-quality and liquid collateral received by the UCITS
under a title transfer arrangement:
The market value of the collateral shall, at all times, amount to at least the market value of the
reused assets plus a premium.
In the event of insolvency of the depositary, and/or any third party located in the EU to which
custody of UCITS assets has been delegated, the UCITS assets held in custody are unavailable
for distribution among, or realisation for the benefit of, creditors of such a depositary and/or such
a third party.
Page 96 of 334
On the request of CySEC or the competent authority, the depositary needs to make available all
information received during the exercise of its duties. CySEC, providing that t is the competent
authority of the depositary, transmits the information received without delay to the competent
authorities of the UCITS and the management company.
1.2.4. Liabilities of the Depositary
The depositary is liable to the UCITS, and to the unitholders of the UCITS, for any loss suffered as a
result of negligence or intentional failure of the depositary, or that of the third party to whom
the custody of financial instruments is delegated, to properly fulfil its obligations pursuant to the
UCI Laws. Unitholders of the UCITS have the individual right to take legal action against the
depositary either directly or indirectly via the management company or the internally managed
VCIC. Even when safekeeping of assets has been outsourced to a third party, the depositary
remains fully liable for any losses caused.
2. Obligations of UCITS
UCITS have a number of obligations regarding their investment policies, borrowing, valuations, the
distribution of profits, investor information and the marketing of units in foreign jurisdictions.
2.1. UCITS Obligations
Learning Objective
Ø Know the obligations of UCITS: investment policy (Articles 40–49); standing obligations
(Articles 50–54); investor information (Articles 55–66)
2.1.1. Investment Policy
UCITS may invest their funds in any of the following:
1. Transferable securities and money market instruments admitted to, or dealt on, a
regulated market of the Republic or another EU member state, for which the respective
regulated market operates regularly, and is recognized and open to the public.
Page 97 of 334
Edition B.Ad.1 / EN
2. Transferable securities and money market instruments listed on the stock exchanges or
on another regulated market in a third country that is included in the approved markets
by the Ministry of Finance or is included in the fund regulation or instruments of
incorporation.
3. Recently issued transferable securities provided that they are listed on a regulated
market within one year of issue.
4. Units of authorised UCITS or other collective investment undertakings, whether or not

established in a member state; provided that they are authorized, the cooperation of
CySEC and the related supervisory authority(ies) is sufficiently ensured, the level of
protection for unitholders is similar to that of unitholders in a UCITS (particularly the
rules on asset segregation, borrowing, lending and uncovered sales), the other collective
investment undertaking provides half-yearly and annual reports, and that no more than
10% of its assets are invested in aggregate in units of other UCITS or other collective
investment undertakings.
5. Deposits payable on demand, or with a maturity date shorter than 12 months with an
authorised credit institution.
6. Financial derivative instruments or OTC derivatives provided that the underlying of such
derivatives consists of indices, interest rates, foreign exchange rates or currencies, provided
that the counterparties to the OTC derivative transactions are institutions subject to
prudential supervision and belong to the categories approved by CySEC, and p r o v i d e d
that the OTC derivatives are subject to reliable and verifiable daily valuations and can
be sold, liquidated or closed by an offsetting transaction at any time at fair value.
7. Money market instruments not dealt on a regulated market, but for which the issue or
issuer is regulated for the purpose of protecting both investors and savings.
A UCITS fund may not invest more than 10% of its assets in transferable securities, except for
those mentioned under points 1–7 above, and may not acquire precious metals, or certificates
representing them. A UCITS may hold ancillary liquid assets; an internally managed VCIC may
acquire (movable or immovable property essential for the direct pursuit of its business.
A management company or internally managed VCIC that is subject to securitization and does not
meet the requirements set out in Regulation (EU) 2017/2402, if deemed necessary, must act and take
corrective actions to ensure the benefits and general interest of the unitholders.
A UCITS, internally managed VCIC or its management company needs to have a risk management
process in place which enables it to monitor and measure at any time the risk of the positions and
their contribution to the overall risk profile of the portfolio. In particular, they shall not exclusively or
mechanically rely on credit ability assessments issued by credit rating agencies. The risk management
policy needs to include a process for the accurate and independent assessment of the value of OTC
derivatives, and needs to report to CySEC the types of derivatives, associated risks, quantitative limits
Page 98 of 334
and methods to estimate risks associated with transactions in derivative instruments regarding each
UCITS. Under CySEC’s related conditions and limits, as well as the investment objectives, UCITS may
use techniques and instruments relating to transferable securities and money market instruments,
including the use of derivatives, for the purpose of efficient portfolio management. The global
exposure of derivatives may not exceed the total net value of the portfolio. The exposure calculation
includes the current value of the underlying, counterparty risk, potential future market movements
and the time available to liquidate positions. The risk for the underlying assets may not exceed, in
aggregate, the investment limits. CySEC may define the criteria for assessing the adequacy of the risk
management process, rules regarding the accurate and independent assessment of the value of OTC
derivatives, reporting requirements, and conditions and provisions related to the use of derivative
instruments.
The permitted investment limits for UCITS are as follows:
Limit Asset
The aggregate value of the transferable securities or the money market instruments of issuing
40%
bodies in which the UCITS individually invests more than 5%.
Units of other UCITS, or other collective investment undertakings with no more than 20% in
30%
the units of any single UCITS or collective investment undertaking.
Deposits made with the same institution.
20%
Investment in transferable securities or money market instruments, deposits made with that
body, and exposures arising from OTC derivatives with a single body.
Limit Asset
Transferable securities or money market instruments issued by the same body.
May be raised to 35% if the securities are issued or guaranteed by a member state, its local
authorities, a third country, or a public international body to which one or more member
states belong. Under specific circumstances this may be increased to 100% provided that
the assets are issued or guaranteed by a member state, one or more of its local authorities,
10% a third country, or a public international body to which one or more member states, and all
of the following preconditions, are complied with:
• CySEC considers that the unitholders have protection equivalent to that of

unitholders in the UCITS.
• The UCITS holds at least six different issues, and no more than 30% of its
assets in a single issue.
Page 99 of 334
Edition B.Ad.1 / EN
• The UCITS regulation or instrument of incorporation, prospectus, key investor

information document, and marketing communications specifically mention
the issuers in which they intend to invest more than 35% or their assets.
A predominant statement must be included in the prospectus and key investor information
document.
May be raised to 25% when bonds are issued by a regulated and supervised credit institution
in a member state.
May be raised to 20% when the UCITS objective is to replicate the composition of a certain
stock or debt securities index provided that the following preconditions are met:
• Composition of the index is sufficiently diversified.

• The index represents an adequate benchmark for the market it represents.
• The index is published appropriately.
May be raised to 35% for a single issuer under exceptional market circumstances in which
certain issues are highly dominant.
Exposure in an OTC derivative transaction when the counterparty is a credit institution.
5% Exposure in an OTC derivative transaction when the counterparty is not a credit institution.
The above-mentioned limits may not be combined, and therefore, the total that can be invested
with a single body (whether securities or OTC) is 35%; this includes any consolidated parts of a
group. The cumulative investment in transferable securities and money market instruments within
the same group is permitted up to 20%.
The units of a UCITS replicating an index, which has been granted an operation licence, can be
listed on a market for exchange-traded UCITS operating in the Republic or another member state,
provided that the composition of the index is sufficiently diversified; the index represents an
adequate bench mark; and it is published in an appropriate manner.
Units in a UCITS may be traded on an exchange providing that:
1. the units can be traded all day, and
2. the UCITS has been authorised to trade the units, not the exchange
3. at least one market maker has been designated who ensures that the value of the units
does not significantly differ from their net asset value, and
4. the particulars of the units have been submitted to the depositary prior to the start of
trading.
Page 100 of 334

Units of common funds may be admitted to a stock exchange without trading on the Republic,
another member state, or a third country with whom a memorandum of cooperation is in place.
When a UCITS invests in other UCITS or collective investment schemes (CISs) that are managed
by the same management company, they will not be charged any subscription, redemption, or
repurchase fees. A UCITS that invests a substantial proportion of its assets in other UCITS and
collective investment undertakings needs to disclose the maximum level of management fees
that may be charged to the UCITS itself and to the UCITS or collective investment undertaking
in which it intends to invest. The actual levels of management fees will be reported in the annual
report.
UCITS may guarantee the amount invested and its performance by means of a guarantee provided
by a credit institution established in the Republic or another member state. When the guarantee
is provided by a credit institution from another member state, the institution needs to have a
branch in the Republic. The guarantee cannot be provided by the depositary of the UCITS, or a
credit institution that also provides depositary services to the UCITS. The nature of the guarantee
must be reported in the key investor information document and the prospectus.
Internally managed VCICs and management companies connected to a common fund will not
purchase any shares carrying voting rights that would enable them to exercise significant
influence over the management of an issuing body. A UCITS may not obtain more than:
• 10% of the non-voting shares of a single issuing body
• 10% of the debt securities of a single issuing body
• 25% of the units of a single UCITS or other collective investment undertaking, or
• 10% of the money market instruments of a single issuing body. The limits do not apply to:
• transferable securities and money market instruments issued or guaranteed by a member

state or its local authorities
• transferable securities and money market instruments issued or guaranteed by a third

country
• transferable securities and money market instruments issued by a public international

body to which one or more member states belong
• shares held by a UCITS in the capital of a company incorporated in a third country investing
its assets mainly in the securities of issuing bodies having their registered offices in that
country, and when this is the only way to invest in the securities of issuing bodies in that
country
• shares held by one or more VCICs in the capital of a subsidiary company pursuing,
Page 101 of 334

Edition B.Ad.1 / EN
exclusively on its or their behalf, only the business of management, advice or marketing
in the country where the subsidiary is established, within regard to the redemption of
shares at shareholders’ request.
A UCITS does not violate an investment limit in the event that one is breached when exercising
subscription rights attached to transferable securities or money market instruments that are part
of its assets. In addition, a recently authorised UCITS may deviate from the investment limits for a
period of six months from the granting of the licence as long as the principles of risk spreading
are observed. When an investment limit is breached for reasons outside the control of the UCITS
or as a result of the exercise of subscription rights, the management company has to remedy this
situation as soon as possible, taking into consideration the interests of the unitholders.
2.1.2. Standing Obligations
Internally managed VCICs and management companies or depositaries acting on behalf of a UCITS
may generally not borrow funds, but may acquire foreign currency by means of a back-to-back loan
provided that the loan is contracted in the foreign currency for the acquisition of securities of foreign
issuers. Although generally borrowing is prohibited, internally managed VCICs, and management
companies or depositaries acting on behalf of a UCITS, may borrow on a temporary basis an amount
not exceeding 10% of the net asset value (NAV) of the UCITS. Internally managed VCICs may borrow
up to 10% of its net asset value, to acquire immovable property mandatory to its business. When a
VCICs borrows for both purposes, the borrowing must not exceed 15% of its net asset value.
Management companies may borrow up to 15% of its own funds for the acquisition of immovable
property mandatory to its business.
UCITS assets are valued as follows:
Type of asset Valuation method

Transferable securities and money The closing price of stock exchange transactions in cash on
market instruments listed on a the same day. In the event that this is not possible due to
regulated market time differences (for assets outside of the EU), the previous
working day’s closing price will be used.
The closing price or, when not available, the most recently
Derivative financial instruments published price for same-day transactions. In the event that
listed in a regulated market this is not possible due to time differences (for markets
outside of the EU), the previous working day’s closing price
will be used.
In the event that no transaction has occurred on the stock exchange on the day of the valuation,
the price from the previous trading day will be used. Either the bid or the ask price will be applied
depending on the position. For markets that only publish a single price that price will be used.
Any income from interest, dividends and profits resulting from the lottery of debentures at par
has to be distributed on an annual basis, net of all expenses incurred during the financial year.
Page 102 of 334

Profits from the sale of transferable securities, or other liquid financial instruments after the
deduction of any capital losses may be distributed to unitholders or reinvested at the discretion
of the internally managed VCIC, the UCITS or the management company. Provided that the
regulation or the instruments of incorporation allow for it, these profits may be distributed
during the financial year as an interim dividend.
The internally managed VCIC or a management company and the depositary acting on behalf of a
UCITS may not grant loans or act as a guarantor on behalf of third parties. The UCITS may
purchase transferable securities, money market instruments and other financial instruments
which are not fully paid for. However, neither entity may undertake uncovered sales of these
instruments.
A UCITS unit may only be issued if the equivalent of the net issue price is paid to the UCITS. Units
may be distributed free of charge.
2.1.3. Investor Information
The management company and the VCIC has to submit to CySEC and make available to the
investors in all selling points of units a prospectus, an annual report for each financial year, a
half-yearly report covering the first six months of the financial year, and quarterly summarized
statements of the assets and expenses. The last quarter’s statement must include a profit and
loss account and the distribution of profits for the whole financial year. These reports and statements
should be submitted in accordance with the following schedule:
Report Periodicity Publication Date

Annual report including balance Within four months of the end of the
Yearly
sheet and profit and loss account financial year
Within two months of the end of the

Half-yearly report Yearly
semester they refer to
Summarised statement of assets and First, second and third Within 15 days of the end of the period
expenses quarter they refer to
Summarised statement of assets and

expenses including a profit and loss Within two months of the end of the
Fourth quarter
account and the distribution of profits last quarter
for the financial year
Page 103 of 334

Edition B.Ad.1 / EN
The aforementioned prospectus, reports and statements must be written in Greek or English, or in
both languages.
For UCITS that comprise multiple investment compartments, the aforementioned prospectus, reports
and statements should be provided for each single compartment. The financial year of a UCITS has
the duration of a calendar year which ends on 31 December, irrespective of the operation start date.
The UCITS prospectus must include all information necessary for investors to be able to make
an informed investment decision, including data on risks. A clear and easy-to-understand
description of the fund’s risk profile needs to be included. All essential elements of the prospectus
must be kept up to date. In addition to the essential elements that must be included in
the prospectus, it has to also include the following:
• Categories of assets that a UCITS is permitted to invest in and whether it is allowed to

invest in derivative instruments. In relation to financial derivatives, the prospectus needs
to indicate whether they may be used for efficient portfolio management and hedging, or
as an investment
• When a UCITS mainly invests in other UCITS or collective investment undertakings, deposits
payable on demand, financial derivative instruments or OTC derivatives, the prospectus
needs to draw specific attention to the investment policy.
• When the net asset value (NAV) of a UCITS is likely to have high volatility due to its
portfolio composition or portfolio management techniques, the prospectus needs to
include a statement drawing attention to this possibility.
• Details of the up to date remuneration policy, or a summary referring to the policy that can
be made available on request.
The prospectus must expressly and clearly indicate that it is available to investors at all selling
points of the units as well as the management company’s website. The regulations or instruments
of incorporation are an integral part of the prospectus and either need to be attached to the
prospectus, made available on request or kept in a place where they can be accessed by investors.
The management company is responsible for all losses suffered by investors as a result of false or
misleading information, or because of the failure to mention any information in the prospectus. A
copy of the prospectus and any amendments will be submitted to CySEC at least 15 days before the
new prospectus is made available to the investors. In the event that a UCITS is established in Cyprus
but is managed by a management company of another member state, the management company
must submit the prospectus to CySEC and, upon request, to the competent authorities of the related
member state. After submitting the prospectus and any amendments, CySEC will ensure that it
complies with all requirements. The prospectus may be published on a website or any other durable
medium. Hard copies will be made available to investors, on request and free of charge. Upon the
request of an investor, the management company will also provide supplementary information
relating to the quantitative limits that apply to the risk management of the UCITS, the risk
management methods and the most recent evaluation of the main risks and yields of the investment
instrument categories.
Page 104 of 334

The NAV, number of units, the unit NAV, and the subscription, redemption or purchase price of a
UCITS must be calculated on the first working day of each fortnight and published on the
following business day on the management company’s website. For tradable units, this
information needs to be calculated on a daily basis and made available the next working day.
The unit NAV is determined by dividing the total NAV by the number of units. Subscription and
redemption/repurchase prices may differ from the NAV by the amount of commission of the
management company.
The annual report will include a balance sheet or a statement of asset and liabilities, detailed income
and expenditure account, a report on the activities of the financial year and any other significant
information that will enable investors to make an informed judgement. The accounting
information will be audited, and the auditor’s report including any reservations, will be included in
full in the annual report. In addition, the annual report will also include:
a. the total amount of remuneration, split into fixed and variable, paid to staff and the number
of beneficiaries, and where applicable, any amounts paid directly by the UCITS
including any performance fee
b. the aggregate amount of remuneration broken down by categories of employees or other

staff members
c. a description of the calculations for remuneration and benefits
d. the outcome of reviews of remuneration policies, implementation and irregularities, and
e. the material changes to the remuneration policy.
The half-yearly report includes an interim financial statement at the end of the first semester
of the calendar year. Information regarding interim dividends (if any) needs to be included. The
results will be reported after the deduction of tax, charges, and other rights or expenses. Annual and
half-yearly reports need to be made available to all investors.
The key investor information document needs to be marked as such and must include appropriate
information about the essential characteristics of the UCITS in a clear and transparent way so that
investors are reasonably able to assess the nature and risk of the investment. The information needs
to be fair, clear and not misleading, and the content needs to be consistent with the prospectus. The
key investor information document needs to include an identification of the UCITS, the competent
authority of the UCITS, a short description of the investment objectives and investment policy, past-
performance or performance scenarios, costs and associated charges, and the risk/reward profile of
the investment. In addition, a clear statement must be made as to where and how to obtain additional
information, and a warning that a person does not incur any civil liability solely on the basis of the key
investor information. Furthermore, a clear statement on the most recent remuneration policy. The
key investor information document will be made available on the website and also on paper when
requested. The key investor information document will be provided to CySEC and will need to be
available in Greek or English, or in both. It is the responsibility of the management to ensure that
Page 105 of 334

Edition B.Ad.1 / EN
investors, or persons acting on their behalf, are provided with this information, free of charge, in a
timely manner and in a non-technical language that is comprehensible.
All communications need to be fair, clear and not misleading, and marketing information needs
to clearly be marked as such. Information contained in marketing communications may not
contradict any key investor information. All communications must include a statement that
investment in the units of a UCITS has no guaranteed return, and that past performance is no
guarantee of future performance.
2.2. Marketing Provisions
Learning Objective
Ø Know the special provisions applicable to UCITS that market their units abroad: UCITS
established in the Republic marketing units to other member states (Articles 67–68); UCITS
from other member states marketing units in the Republic (Articles 69–72)
2.2.1. UCITS Established in the Republic Marketing to Other Member

States
A UCITS authorised in the Republic that wants to market units in other EU member states must
submit a notification letter to CySEC prior to doing so. This letter includes the arrangements in
the host member state for the marketing of the units and, if applicable, the categories of units
and whether they are marketed by the management company in the content of its cross-border
business. The regulation or instruments of incorporation, the prospectus, the latest annual and
half-yearly report and key investor information must also be included with the notification letter.
CySEC will verify the completeness of the information, send it to the competent authorities in
the member state within ten w o r k i n g days of receipt, and notify the UCITS. Once the
notification letter has been sent to the competent authorities in the member state, the UCITS
may start marketing its units. CySEC will ensure that the competent authorities of the host
member state have electronic access to the documentation and/or any translations, and that
the UCITS keeps the documents up to date.
The competent authorities will be notified by the UCITS of any amendment in the documentation.
Any changes in the documentation shall thereafter be provided to the competent authorities of the
host member state by the means of a written notification prior implementation. Investors in the
UCITS based in the host member state will be provided with all information that investors in the
Republic are provided with. This information will be provided in the way prescribed by the
legislation in the host member state. Key investor information has to be translated into the official
language of the member state, or into another approved language. Any other information may
Page 106 of 334

be translated at the choice of the UCITS itself, which will remain responsible for the translation.
The frequency of publication of the information will be in accordance with the regulations in the
Republic.
2.2.2. UCITS from Other Member States Marketing Units in the

Republic
An authorised UCITS from another member state may market its units in the Republic after CySEC
has received a notification letter from the competent authorities in the member state. The
notification letter includes the arrangements for the marketing of the units, and, if applicable, the
categories of units and whether they are marketed by the management company in the content
of its cross-border business. The regulation or instruments of incorporation, the prospectus, the
latest and half-yearly reports and key investor information must also be included with the
notification letter.
CySEC will not request any additional information from the competent authorities in the member
state, and will ensure that the electronic transmission and filing is possible.
The UCITS will notify CySEC of any change to its regulation, instrument of incorporation,
prospectus, latest annual and semi-annual reports and key investor information, and will indicate
where these documents can be obtained in electronic form.
During the marketing of its units, an authorised UCITS in a member state other than the Republic, is
obliged to indicate a credit institution in the Republic where it can receive and make payments to
unitholders. All information that must be provided to investors in its home member state must also
be provided to investors in the Republic. The information will be provided as prescribed by the
legislation in the Republic. Key investor information needs to be translated into the official language
of the Republic, or into English. Any other information may be translated at the choice of the UCITS.
The frequency of the publication of the issue, sale, and redemption or repurchase price of the units
in the Republic is subject to the legislation of the UCITS home member state. A UCITS authorised in
another member state may use the same reference to its legal form, such as investment company,
or common fund, in its designation in the Republic as it uses it in its home state.
3. UCITS Structures
Learning Objective
Ø Know the main obligations that apply to master-feeder UCITS structures: investment
policy (Article 73); general operating obligations Article 75); specific obligations of the
feeder UCITS (Article 80); specific obligations of the master UCITS (Article 81)
Page 107 of 334

Edition B.Ad.1 / EN
3.1. Investment Policy
A feeder UCITS is a UCITS, or an investment compartment of a UCITS, that has been approved to
invest at least 85% of its total net assets in other UCITS or other collective investment funds. Up to
15% of its assets may be invested in ancillary liquid assets, and financial derivatives for hedging
purposes. In addition, VCICs may invest in movable or immovable property which is essential
for the direct pursuit of its business.
A master UCITS is a UCITS, or an investment compartment of a UCITS, which has at least one
feeder UCITS under its unitholders, is not itself a feeder UCITS, and does not hold units of a feeder
UCITS.
For a feeder UCITS, the global exposure in financial derivatives is the combination of its own
direct exposure plus either:
1. master UCITS actual exposure to financial derivative instruments in proportion to the

feeder UCITS’ investment into the master UCITS, or
2. master UCITS potential maximum global exposure to financial derivative instruments

provided for in the master UCITS regulation, or instruments of incorporation in proportion
to the feeder UCITS’ investment into the master UCITS.
A master UCITS that has at least two feeder UCITS has the choice of also raising capital from
other investors. If the master UCITS does not raise capital from the public in a member state
other than the one it is established in, but has one or more feeder UCITS established in that
member state, it does not have to provide a notification to market its investments in the other
member state.
3.2. General Obligations
The master UCITS needs to provide the feeder UCITS with all documents and information for the
feeder UCITS to meet its legal obligations. The agreement between the feeder and the master
UCITS must be made available to unitholders of both the feeder and the master UCITS on their
request. In the event that the master and the feeder UCITS are managed by the same management
company, the agreement can be replaced by an internal conduct of business rule governing the
relationship. Until such a time that the agreement is effective, the feeder UCITS must not invest
more than 20% of its assets in the master UCITS. The master and feeder UCITS will co-ordinate
the calculation and publication of the NAV in order to prevent any possibility of arbitrage.
3.3. Special Obligations of the Feeder UCITS

Page 108 of 334
The feeder UCITS needs to effectively monitor the activity of the master UCITS, and in doing so
may rely on information and documents received from the master UCITS or its management
company, depositary or auditor unless it has reason to believe that the information may not be
accurate.
Any distribution fees, commission or other financial benefits received by the feeder UCITS or its
management company will be paid into the assets of the feeder UCITS.
3.4. Specific Obligations of the Master UCITS
A master UCITS established in the Republic needs to inform CySEC immediately of the identity of
each feeder UCITS. In the event that the feeder UCITS is based in another EU member state, CySEC
will report this to the competent authorities of the feeder UCITS home member state.
Master UCITS may not charge subscription, redemption or repurchase fees for the purchase or
transfer of its units from the feeder UCITS. The master UCITS is responsible for the timely availability
of all information that it is to provide in accordance with the laws and regulations.
Page 109 of 334

Edition B.Ad.1 / EN
4. Management Companies
Learning Objective
Ø Know the obligations that apply to the operation of management companies:
permitted activities (Article 109); share capital (Article 110); conditions for granting
an operation licence (Article 111); conditions for the exercise of activities (Article
112); financial submissions (Article 114); delegation arrangements (Article 115);
changes to the management company including revocation of operating licence
(Article 119); code of conduct (Article 123); complaints handling (Article 124)
Ø Know the obligations that apply to the cross-border provision of services by a
management company (Articles 128–133)
4.1. Management Company Operations
4.1.1. Permitted Activities
A management company is a limited company that is governed by company law, and which has its
registered offices and central administration in the Republic. Its main objective is to manage one or
more UCITS. Management companies need to apply for an operating licence with CySEC, which will
be valid in all member states.
The management of the UCITS includes investment management, advertising and administration of
the UCITS including:
• legal and UCITS management accounting services
• provision of information of the UCITS unitholders
• valuation of the portfolio and pricing of the units including taxation issues
• regulatory compliance monitoring
• maintenance of the unitholder register
• distribution of profits
• issue, redemption and repurchase of units
• settlement of contractual obligations, and
Page 110 of 334

• record keeping.
In addition to managing one or more UCITS, a management company may also undertake related
services provided that it has been authorised by CySEC. These activities include servicing of
management of portfolios of investment, providing investment advice, and safekeeping and
administrating in relation to units of undertakings for collective investment.
4.1.2. Share Capital
The management company must have a fully paid up initial capital of at least €125.000,00. In the
event that the management company provides other services, in addition to managing one or more
UCITS, the capital needs to be higher to reflect this, and capital must never fall below the initial capital.
In the event that the value of the portfolio of the management company exceeds €250.000.000,00
the capital of the management company needs to be increased by 0.02% of the additional portfolio
value (ie, the amount of the portfolio value exceeding €250.000.000,00), with a maximum increase of
own funds to
€10.000.000,00. Up to 50% of the additional capital may be provided in the form of a guarantee from
a credit institution operating in the Republic or one of the other member states.
The portfolio value consists of the common funds managed by the management company, common
funds for which the management has been delegated to a third-party service provider, investment
companies for which the management company is the designated management company, and other
collective investment undertakings managed by the management company.
The own funds of the management company may never be less than 25% of its overheads of
the preceding year, or the projected overheads for a company that has been in business for less
than one year.
4.1.3. Conditions for Granting an Operation Licence
An operation licence may be granted when the management company meets the following
conditions:
1 Initial fully paid up capital of at least €125.000,00 in cash.
2 The management company:
3 has the right shareholders
4 is duly organised and staffed, and
Page 111 of 334

Edition B.Ad.1 / EN
5 has the required financial means and technical infrastructure
6 The directors are of sufficiently good repute and are appropriately experience for their
role.
7 A minimum of two directors are appointed.
8 The application includes a business plan and an organisational structure.
9 The registered office and central administration are established within the territory of
the Republic.
In the event that the management company has close links with other natural or legal persons, the
authorisation will only be granted as long as those links do not prevent effective supervision.
In the event that the management company is a subsidiary, or a sister company, of another
management company, investment firm, credit institution or insurance undertaking authorised in
another member state, or controlled by the same natural or legal person in another member state,
CySEC must ask the competent authority of that member state for its opinion.
CySEC must notify the management company of its decision within six months after a full application
has been submitted. In the event of a rejection, CySEC must justify its decision with appropriate
reasoning. The management company can start operating as soon as a licence has been granted.
4.1.4. Conditions for Exercise of Activities
The management company needs to have sound administrative and accounting procedures and
arrangements to control and safeguard electronic data processing, and adequate internal control
mechanisms. These need to include rules for dealing on own account by staff members, and controls
to enable the assessment of the origin, parties, nature, and time and place of execution of each
transaction. The management company needs to be able to ensure that all transactions are in line
with the rules and regulations. It also needs to be able to manage the risks associated with conflicts
of interest between it and its clients, and between clients and other clients.
As part of its ongoing operation, the management company needs to maintain a webpage.
Management companies that also provide portfolio management services may not invest all or part
of the investors’ portfolio in the collective investment undertakings that they manage, unless they
have obtained prior approval from the clients in writing. In addition, the management company will,
in this case, be obliged to be a member of the investor compensation fund for customers of
investment funds.
CySEC is responsible for the supervision of cross-border activity related to other member states as
well as other third countries.
Page 112 of 334
4.1.5. Financial Submissions
Annual and semi-annual reports must be submitted to CySEC, of which only annual reports have
to be audited. The submission dates, from the date of the end of the period, are as:
• annual report – within four months, and
• semi-annual report – within two months
4.1.6. Delegation Arrangements
When a management company wants to outsource some of its tasks and functions to a third party, it
may do so provided that the third party is qualified and capable to undertake the activity. A written
agreement needs to be in place between the management company and the third party to enable the
management company to monitor the activities at any time. The outsourcing agreement may not
hinder effective supervision of the management company. The management company remains
ultimately responsible for the outsourced tasks and functions, and may provide further instructions
to the third party if needed. The management company may not outsource all of its activities.
The management company must inform CySEC of the outsourcing arrangements, who, if applicable,
will inform the competent authorities in the home member state of the UCITS.
The portfolio management activity may only be outsourced to third parties authorised to manage
collective investment funds, or authorised fund managers subject to prudential supervision. In the
latter case, the management company has to seek prior approval from CySEC. In the event that the
third party is based in a third country (ie, a non-member state), effective cooperation needs to be in
place between CySEC and the competent authority of the third party. The third party needs to manage
the portfolio as defined in the investment mandate and investment allocation criteria. Portfolio
management may not be outsourced to the depositary of the UCITS. The management company and
the depositary remain liable even if functions may have been delegated to a third party.
4.1.7. Changing the Management Company
A management company cannot resign from managing the UCITS, or another collective investment
undertaking unless it has obtained permission from CySEC or, if applicable, the competent authority
of the home member state. CySEC will only allow the resignation of the management company if this
does not violate the interests of unitholders and only if a new management has been assigned.
The depositary may request CySEC to replace the management company, if it is of the opinion that
Page 113 of 334

Edition B.Ad.1 / EN
the management company does not work in the best interest of the UCITS and its unitholders, or does
not fulfil its legal obligations. Unitholders cannot request the replacement of the management
company. In case of a VCIC, the replacement of the management company may be requested by the
board of directors who also suggest a new management company. In case of a replacement, the
withdrawing management company remains fully liable, in parallel with the new one, until the new
management company fully undertakes its duties. CySEC may impose any measure or term for the
safeguarding of the interest of unitholders.
The regulation, or the instruments of incorporation, of the UCITS must be amended to reflect the
change in management company.
4.1.8. Revoking the Licence of a Management Company
CySEC must revoke the operating licence of a management company when:
1 the licence has not been used within 12 months of it being granted
2 the company explicitly resigns from it
3 the company has ceased the activity for which the licence was granted for more than
six months
4 the licence was granted on the basis of false statements or by other irregular means
5 the company no longer meets the criteria of the licence
6 the company requests for the licence to be revoked, or
7 the company has seriously and/or repeatedly violated its obligations.
If the amount of the management company’s own funds falls below the minimum capital
requirements, CySEC may set a deadline for the management company to rectify the situation.
If the management company does not increase its capital within the given time frame, CySEC
will revoke the operating licence.
A licence can be partially revoked if it concerns the management of collective investment

undertakings other than UCITS, or one or more specific activities. CySEC notifies the management
company, the registrar of companies and, if applicable, the competent authorities in other member
states. When the licence has been revoked, the management company will immediately cease to
carry out any activities or services for which the licence was revoked. Any remaining obligations
need to be settled within three months of the licence being revoked.
In the event that the licence is fully revoked, CySEC may apply to the courts for the liquidation
of the management company and the appointment of a liquidator.
Page 114 of 334

CySEC will ensure that the operations of the UCITS or collective investment undertaking are not
disrupted.
For VCICs that need to have a management company, CySEC will appoint a new one. In the event
that this is not feasible, CySEC will revoke the operating licence of the VCIC, appoint a liquidator,
nd apply to the courts for the liquidation of the VCIC.
4.1.9. Code of Conduct
The code of conduct issued by CySEC applies to both management companies authorised in
the Republic and to their personnel. The purpose of the code of conduct is to ensure that
management companies:
1 act fairly, lawfully, and with due care and diligence when performing their activities
2 act in the best interests of the UCITS or other collective investment undertaking they
manage and of the integrity and smooth operation of the market
3 employ resources with the appropriate knowledge and expertise
4 act to prevent and manage conflicts of interest
5 comply with all the rules and regulations.
4.1.10. Complaints Handling
The VCIC or the management company need to implement appropriate measures to ensure
that all complaints made against them are assessed and the appropriate action is taken.
4.2. Cross-Border Services
Cross-border services are provided by a company in a country that is not their home country. This
can be undertaken via the establishment of a branch, or by directly offering services in a different
jurisdiction. Different rules apply to member states and third countries.
4.2.1. Establishing a Branch in Another Member State
Page 115 of 334

Edition B.Ad.1 / EN
Management companies authorised in the Republic may establish a branch in another EU member
state, but they must notify CySEC. The notification needs to include the following information:
• The name of the member state.
• Business plan.
• Organisational structure.
• Risk management procedures.
• Address of the management company in its host state.
• Names of the staff members responsible for the management of the branch.
Provided that CySEC has no objection, it will inform both the competent authorities in the member
state and the management company of its approval within two months of receiving all required
information. The management company may start its business immediately thereafter. In the
event CySEC does not approve the operations in the member state, it will inform the
management company of its refusal, including the underlying reasons, within two months of
receiving all required information. Similarly, a management company authorised in another
member state may start a branch in the Republic two months after CySEC has received the
required information from the competent authority in the member state.
The management company will comply with all rules of the host member state, and will be
supervised by the host member states competent authorities. The management company will
notify both CySEC and the competent authorities in the host member state of any changes in its
business plan, organisational structure, risk management procedures, address and staff
members one month prior to the changes being effected.
A management company authorised in the Republic may establish and manage a UCITS in
another member state. Equally, a management company authorised in another member state
may establish and manage a UCITS in the Republic.
When a branch is being established, it subject to the rules of conduct in the member state where
it is established.
Page 116 of 334

4.2.2. Provision of Services in Another Member State Without

Establishing a Branch
Prior to offering services in another member state for the first time, a management company
must notify CySEC of its intentions. The notification must include the following information:
• Activities and services to be provided.
• Description of risk management process.
• Additional processes and procedures.
• Written contract with the UCITS depositary.
• Information on delegation and administration arrangement.
CySEC will inform both the competent authorities of the host member state and the management
company within one month of receiving all required information, and will include details of the
investor compensation fund for clients of investment firms. On request, CySEC will provide any
clarification and information regarding the documentation and attestation provided as well as its
opinion as to whether the specific type of UCITS falls within the activities the management
company may exercise according to its authorisation. In this case CySEC shall provide its opinion
for a matter falling within its competences to the competent authorities of the UCITS home
member state within ten working days of the submission of the relevant request from the
competent authorities of the UCITS home member state.
Upon receipt of the notification from CySEC, the management company may immediately start
providing its services. Similarly, two months after CySEC has received a notification from a
competent authority in another member state, a management company authorised in that member
state may provide services in the Republic as long it is authorised to undertake these services.
Any change in the activities, and services, risk management procedures or any other relevant
processes or procedures must be communicated to both CySEC and to competent authorities of
the host member state prior to implementing the change. The management company needs to
provide the competent authorities in the host member state with all the information they
require. Failure to do so will be reported to CySEC as a whole.
Under the freedom to provide services, the management company follows the rules of conduct
of its home member state. However, the marketing of UCITS units will be in accordance with
the rules and regulations of the EU.
Page 117 of 334

Edition B.Ad.1 / EN
4.2.3. Cross-Border Collective Portfolio Management Services
When offering collective portfolio management services on a cross-border basis, the management
company will be subject to the supervision of the competent authorities of the UCITS home
member state and will apply their rules regarding:
1 set-up and authorisation
2 issuance, redemption and repurchase of units
3 issue, redemption and repurchase price
4 errors in the calculation of net asset value and investor compensation
5 investment policy, investment limits and calculation of exposure and leverage
6 restrictions on borrowing, lending and uncovered selling
7 valuation of assets
8 accounting rules
9 distribution and reinvestment of profits
10 disclosure and reporting obligations
11 marketing and distribution of units
12 relationship with unitholders
13 merging, restructuring, winding up and the liquidation of the UCITS
14 content of the unitholder register
15 licensing and supervision fees, and
16 exercising unitholders’ voting (and other) rights.
The competent authorities in the management company’s home member state will be responsible
for ensuring the adequacy of the organisation of the management company and the application
of the appropriate procedures and arrangements to comply with the UCITS regulations.
The management company must take all necessary actions to ensure that it meets all requirements
as they apply in both the home and host member state as applicable to the management
company and the UCITS.
Page 118 of 334

4.2.4. Rejection of Cross-Border Services
CySEC may reject the request of a management company to undertake the management of a
UCITS authorised in the Republic if the management company:
1 does not comply with the rules of CySEC
2 is not authorised by the competent authorities in its home member state to manage
the type of UCITS it has applied for, or
3 has not provided the necessary information.
4.2.5. Reporting
A management company authorised in another EU member state that undertakes cross-border

services in the Republic periodically needs to submit reports in relation to the activities it
undertakes in the Republic. Similar to management companies authorised in the Republic, it
has to provide CySEC with any information required for the monitoring of its compliance with the
rules and regulations on request.
4.2.6. Breaching the Rules
In the event that a management company that providing cross-border services in the Republic
from another member state breaches one or more rules of the Republic, CySEC will request that the
management company rectifies the situation, and will inform the competent authority in the
management company’s home member state.
In the event that a management company refuses to submit any required information to CySEC, or
fails to take appropriate steps to comply with its rules and regulations, the competent authority of
the home member state will be requested to take the necessary steps to ensure that the
management company provides the required information and complies with the rules and
regulations. In the event that the measures taken by the home member state are inadequate,
or are not applied by the management company, CySEC may, after having informed the competent
authorities in the home member state, stop the management company from undertaking any
other activity within the Republic. If the management company manages a UCITS in the Republic,
CySEC may stop it from managing the UCITS. In the event that the competent authority of the
home member state of the management company does not take the appropriate action, CySEC
may refer the issue to ESMA. At any time during these proceedings CySEC may, in exceptional
circumstances, take any precautionary measures to protect investors and other parties. In this
Page 119 of 334

Edition B.Ad.1 / EN
event, CySEC will inform the management company, the EC, ESMA and the competent authority
in the home member state.
Any actions taken by CySEC will be communicated to the management company.
CySEC will inform the EC and ESMA of any instances in which it has refused authorisation for
cross- border services.
4.2.7. Consultation Between Competent Authorities
In the event that CySEC decides to withdraw the operating licence of a management company,
it will inform the competent authorities of the home member state of any UCITS managed by the
management company. The competent authorities in the home member state of the UCITS may
take any appropriate action to protect the unitholders including preventing the management
company from undertaking any further activity.
Prior to the withdrawal of the authorisation of a management company in the home member state
of a UCITS it manages, CySEC will consult with the competent authorities of the home member
state.
4.2.8. Licencing
Management companies authorised in third-countries, or in EU member states that do not

meet all requirements, may be granted a licence by CySEC to provide collective portfolio
management services in the Republic by establishing a branch. Such a licence shall also be
provided to management companies authorised in the Republic so that they can undertake
portfolio management services in a third country through establishing a branch.
Page 120 of 334

1 What is the definition of a UCITS?

2 What is the definition of a common fund?
Answer reference: Section 1.1.1
3 What is the legal form of a VCIC?
5 What are the functions of a depositary?
7 Describe the process when a depositary resigns.
9 List six instrument types that a UCITS can hold.
10 What is a feeder UCITS?
11 Describe the specific obligations of a master UCITS.
12 Define the permitted activities of a management company.
13 List the conditions for granting a management company license.
14 List the rules that apply to cross-border services.
Page 121 of 334

Chapter 5
Alternative Investments
Learning Objectives
1. Organisation and Operation of AIFs

2. Operational Conditions of AIFMs
4. Investors
The Alternative Investment Fund Managers (AIFMs) Law 2013 (L. 56(I)/2013) as amended by L.
8(I)/2015, L. 97(I)/2015 and L. 133(I)/2019 aims to align the rules and regulations in the Republic
with various European Union (EU) regulations on alternative investment managers (AIMs), and
for the regulation of the tax regime of AIMs.
The Law harmonises the Act of Directive 2011/61/ΕU of the European Parliament and of the Council
of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/ΕC and
2009/65/ ΕC, and Regulations (EC) No 1060/2009 and (ΕU) No 1095/2010 excluding Articles
62 and 63 of this Directive. The Law implements the EU act titled Commission Delegated
Regulation (EU) No 231/2012 of 19 December 2012 supplementing Directive 2011/61/EU of the
European Parliament and of the Council with regard to exemptions, general operating conditions,
depositaries, leverage, transparency and supervision.
With the amendment of L. 56(I)/2013 with L. 8(I)/2015, the Law harmonised Articles 3 and 4 of the
Act of Directive 2013/14/EU of the European Parliament and of the Council of 21 May 2013 amending
Directive 2003/41/EU on the activities and supervision of institutions of occupational retirements
provision, Directive 2009/65/EC on the coordination of laws, regulations and administrative
provisions relating to undertakings for collective investment in transferable securities (UCITS) and
Directive 2011/61/EU on Alternative Investment Fund Managers in respect of over-reliance on credit
ratings. Also, to better apply Articles 6(2), 13(1), 21(4)(b) and (13), 24(1), 29(1) and (2)(c), 30(3)(c)
and 66(4) of the Act of Directive 2011/61/EU of the European Parliament and of the Council of 8 June
2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and
2009/65/EC and Regulations (EC) 1060/2009 and (EU) 1095/2010 as amended by the
aforementioned Directive 2013/14/EU. Furthermore, to exercise the discretion provided by Article
28(1), 2nd subsection, of Directive 2011/61/EE.
With the amendments by L. 97(I)/2015, the Law harmonised Article 92 of the Act of Directive
2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial
instruments and amended Directives 2002/92/EC and 2011/61/EU. Moreover, it harmonised Article
33, paragraph 4, 4th intend of the Act of the Directive 2011/61/EU of the European Parliament and
of the Council of 8 June 2011 on Alternative Investment Fund Managers and amended Directives
2003/41/EC and 2009/65/EC, and Regulations (EC) 1060/2009 and (EU) 1095/2010.
Finally, with the amendments by L. 133(I)/2019, the Law harmonises Article 17 of the Act of the
Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative
Investment Fund Managers and the amended Directives 2003/41/EC and 2009/65/EC, and
Regulations (EC) 1060/2009 and (EU) 1095/2010.
1. Organisation and Operation of AIFs
An AIF relates to a collective investment undertaking, or an investment part of it, which:
• raises funds from a number of investors, for the purpose of investing the funds in accordance
with the defined investment policy for the benefit of the investors, and
• does not have a UCITS operating licence in force under the provisions of Article 9 of the
Undertakings for Collective Investments Law or the provisions of the legislation of another
Member State which harmonizes Article 5 of Directive 2009
AIFs can be formed in one of the following legal forms:
• Mutual company
• Investment company
• Limited partnership
There are two types of AIFs; those that do internal management themselves (given that they have
been established as an investment company) and AIFs that appoint an external manager.
There are several common provisions that apply to AIFs that operate in the Republic including
authorisation, remuneration, conflicts of interest, risk management, liquidity management and
transparency. The regulations related to AIFs are outlined in the Alternative Investment Funds
Law of 2018 (L. 124(I)/2018).
Page 123 of 334

Edition B.Ad.1 / EN
Learning Objective
Ø Know the common provisions regarding the organisation and operation of

Alternative Investment Funds (AIF): retention of minimum assets (Article 14); initial
capital (Article 56); investment policy (Article 15); risk management (Article 16);
management and conduct of business (Article 21)
Ø Know the AIF requirements regarding valuation (Article 17)
Ø Know the AIF requirements regarding transactions (Article 19)
1.1. Initial Capital and Retention of Minimum Assets
The obligation to maintain an initial capital applies only to AIF with internal management and amounts
to €125,000.
The obligation for the retention of minimum assets applies to all AIFs and must be at least €500,000,
and may consist of cash or assets that relate to the investment policy of the AIF. Any assets need
to be free from any kind of charge; and any non-cash components of the capital need to be
valued at the time of payment by an independent valuer.
For AIFs that constitute multiple investment compartments, also known as umbrella AIF, each
of these compartments needs to meet the minimum capital requirements with regards to retaining
the minimum assets.
1.2. Investment Policy
Unlike UCITS, whose investment policy is limited to securities under the European Directive
2009/65/EC, AIFs can invest in both securities and non-securities.
The investment policy of an AIF may be restricted by CySEC by special directive. Restrictions
may be based on the nature of the assets in which the AIF invests and the investors that the
AIF targets. In addition, CySEC restricts specific categories of AIFs in terms of their investment
strategy and the structure of their investments.
In the event that the AIF invests in other collective investment schemes of any type managed
by a connected external manager, or the same manager, the manager of the AIF selling the
units will not receive any remuneration or redemption fees that it would otherwise receive.
1.3. Risk Management

Page 124 of 334
Appropriate risk management systems need to be maintained by internally managed AIFs to

enable them to identify, measure, manage and duly monitor the risks related to the positions that
AIFs undertake and the contribution of these positions to the overall risk profile of the portfolio of
the AIFs.
The organisational structure of an AIF needs to be designed to minimise any conflicts of

interest between it and any person engaged in its activity or is directly or indirectly connected
with it, which could adversely affect the interests of its unitholders. Any conflicts of interest
need to be monitored in such a way that the interests of the AIF’s unitholders of are secured.
1.4. Management and Conduct of Business
The governing body of the internally managed AIF consists of at least four natural persons, of which
at least two perform executive duties. The management and operations of an AIF need to be
undertaken by at least two natural persons, both of whom needs to be sufficiently experienced and
specialised. The persons directing the business of the external manager of the AIF or the internally
managed AIF, must not be part of the governing body or senior management of the AIF’s depositary,
and vice versa. In the event of an externally managed AIF, the members of the governing body and
the persons who conduct the business of the external manager must disclose to the external manager
any information which may result to conflicts of interest related to their duties or positions.
1.5. Valuation
The AIF needs to establish and maintain appropriate and consistent procedures to have a proper and
independent valuation of its assets. The rules to the valuation of assess and the calculation of the
net asset value (NAV) per unit are determined by the relevant legislation for the investment
company, provided that it does not conflict with this Law or the instruments of incorporation. In the
event of a common fund, the valuation is determined by its fund rules. The unit NAV must be
calculated at least once a year. Assets of an AIF need to be valued at a fair price at least:
a. on the dates at which marketing and redemption or repurchase of its units takes
place, and
b. on the dates mentioned in the AIF’s annual and half-yearly reports, respectively,
as the reference dates for the illustrative data.
1.6. Transactions
Page 125 of 334

Edition B.Ad.1 / EN
All transactions need to be undertaken in accordance with the AIF rules and its articles of
incorporation. Any transaction between an AIF and its external manager, its depositary, its
investment adviser, its partner, its unitholders, or any other related person, will require the
assets to be valued by an independent expert, who shall be nominated by the depositary. If the
depositary is a party to the transaction, or in the event that a depositary is not appointed, the
external manager shall nominate an independent expert.
The assets subject to a transaction need to be valued:
a. in terms that shall be usual for the specific transaction, and

b. in the best interests of the unit holders of the AIF.
In the event that this is not practicable, the depositary or the external manager of the AIF will certify
that the valuation is appropriate.
An AIF’s annual and half-yearly reports need to include all necessary information regarding the
transactions conducted in the reference period, sorted by category and by counterparty of the
AIF, and should disclose any remuneration or commissions paid to the counterparties of the AIF
for each transaction separately.
2. Operational Conditions of AIF Managers (AIFMs)

There are a number of general requirements that apply to AIFMs that operate in the Republic
including authorisation, remuneration, conflicts of interest, risk management, liquidity management
and transparency. The regulations related to AIFMs are outlined in the Alternative Investment
Fund Managers Law of 2013 (“AIFM Law”).
The scope of the AIFM Law includes AIFMs that manage AIF portfolios whose assets:
• exceed the total limit of €100,000,000, including leverage data, or

• exceed the total limit of €500,000,000, provided that the portfolios of the AIF do not use
leverage and also investors do not have the right to repurchase their shares in the first
5 years of their initial investment
Therefore, AIFMs managing AIFs whose assets do not exceed the above limits, are not included within
the scope of the AIMF Law, unless they apply for an affiliation.
2.1. Authorisation
Page 126 of 334

Learning Objective
Ø Know the conditions and process of authorisation for alternative investment fund
managers (AIFMs) (Articles 6–12)
AIFMs in the Republic must be limited liability companies with shares, which are covered by the
provisions of the Law, and by those of Company Law with a registered office and central
management in the Republic. An AIFM may manage AIFs only if they are authorised by CySEC to
do so and meet the conditions for authorisation.
Each AIF, which is included in the scope of this Law, has only one AIFM which is responsible for
compliance with the provisions of this Law.
The AIFM is:
• an external administrator, who is the legal entity appointed by the AIF or on behalf of
the AIF, and through this appointment is responsible for the management of the AIF (the
“external AIFM”), or
• if the legal form of the AIF allows internal management and if the governing body of the
AIF chooses not to appoint an external AIFM, the AIF itself obtains, in this case, an
authorisation as an AIFM (the “internally managed AIFM”)
AIFMs that are not of the Republic may only manage AIFs if they are duly authorised according
to national laws or regulation which harmonise Directive 2011/61/EU, and they meet the
conditions for authorisation established in the Directive at all times. In addition to the activities
listed below, external AIFMs may also manage UCITS as long as they have been duly authorised in
accordance with the
Undertakings for Collective Investments Laws or in accordance with the national law of another
EU member state which harmonises the Directive 2009/65/ΕC. Internally managed AIFMs cannot
manage UCITS.
Every AIFM, must at least engage in portfolio management and risk management when
managing an AIF. In addition, they may perform any of the following functions in the course
of the collective management of an AIF:
1. Administration:
a. legal and fund management accounting services
b. customer inquiries
c. valuation and pricing, including tax returns
d. regulatory compliance monitoring
e. maintenance of the unit/shareholder register
f. distribution of income
g. unit/share issues and redemptions
h. contract settlements, including a certificate dispatch
i. recordkeeping.
2. Marketing.
Page 127 of 334

Edition B.Ad.1 / EN
3. Activities related to the assets of the AIF, namely services necessary to meet the fiduciary
duties of the AIFM, facilities management, real estate administration activities, advice to
undertakings on capital structure, industrial strategy, advice and services relating to mergers
and the purchase of undertakings, and other services connected to the management of the
AIF, and the companies and other assets in which it has invested.
In addition, external AIFMs may be authorised to provide any of the following services:
1. Management of investment portfolios, including those owned by pension funds and

institutions for occupational retirement provision in accordance with mandates given by
investors on a discretionary, client-by-client basis.
2. Non-core services comprising:
a. investment advice
b. safekeeping and administration in relation to shares or units of collective investment
undertakings, and
c. reception and transmission of orders in relation to financial instruments. AIFMs are not
authorised to provide:
(1) only the services mentioned in (a) and (b) above, and/or
(2) non-core services referred to in paragraph (b) above, without also being
authorised to provide the services referred to in paragraph (a) above, and/or
(3) only marketing activities, and/or
(4) administration services without also providing marketing activities, and/or
(5) only risk management without portfolio management, and/or
(6) only portfolio management without risk management.
AIFMs of the Republic shall provide CySEC with the information it requires to monitor compliance
with the relevant rules and regulations at all times.
Investment firms authorised in accordance with the Investment Services and Activities and
Regulated Markets Law and credit institutions authorised in accordance with the Banking Law,
shall not be required to obtain an authorisation under their respective Law in order to provide
investment services, such as individual portfolio management in respect of AIFs. However,
investment firms shall (in)directly offer units or shares of AIFs to, or place such units or shares
with, investors in the EU, only to the extent that the units or shares can be marketed in accordance
with the Law.
In order to be duly authorised, an AIFM of the Republic, must submit an application for
authorisation to CySEC accompanied by the following:
a. information on the persons effectively conducting the business of the AIFM
b. information on the identities of the AIFM’s shareholders or members, whether direct or

indirect, natural persons or legal persons, that have qualifying holdings and on the
Page 128 of 334

amounts of those holdings
c. a programme of activity setting out the organisational structure of the AIFM, including
information on how the AIFM intends to comply with its obligations
d. information on the remuneration policies and practises, and
e. information on arrangements made for the delegation and sub-delegation of functions

to third parties.
In addition, an AIFM of the Republic shall provide CySEC with the following information on the AIFs
that it intends to manage the following:
a. Information about the investment strategies, including the types of underlying funds if the
AIF is a fund of funds, and the AIFM’s policy with regard to the use of leverage, the risk profiles
and other characteristics of the AIFs it manages or intends to manage, including information
about the member states or third countries in which such AIFs are established or are expected
to be established.
b. Information on where the master AIF is established, if the AIF is a feeder AIF.
c. The rules or instruments of incorporation of each AIF that the AIFM intends to manage.
d. Information on the arrangements made for the appointment of the depositary for each AIF
that the AIFM intends to manage.
e. Any additional information required by the Law for each AIF that the AIFM intends to manage.
Where a UCITS management company, authorised pursuant to the Undertakings on Collective

Investments Laws, applies for authorisation as an AIFM, CySEC will not request information or
documents which the UCITS management company has already provided when applying for
authorisation for the first licence, providing that such information or documents remain up-to-
date.
CySEC will inform ESMA of the authorisations that are granted or withdrawn on a quarterly basis.
Authorisation will only be granted by CySEC only when the applicant:
• will be able to meet the requirements of the Law
• has sufficient capital and own funds
• is controlled by persons of good repute and sufficient experience
• has shareholders with qualifying holdings that are suitable to ensure sound and
prudent management, and
• has a head office and registered office in the Republic.
In the event that the AIFM is a subsidiary of an institution that is authorised in another member
Page 129 of 334

Edition B.Ad.1 / EN
state, or is controlled by the same natural or legal person that controls another institution authorised
in another member state, CySEC will consult with the competent authorities in the other member
state before granting authorisation. Authorisation will be refused if the effective exercise of
supervision is prevented by close links with other natural or legal persons or the rules and
regulations in their country of authorisation.
CySEC can grant either full or partial authorisation, with particular restrictions to the investment
strategies of the AIF that the AIFM is allowed to manage.
Within three months of receiving the completed application, CySEC will inform the applicant of
its decision in writing. This period may be extended for another three months, if necessary, and
after informing the AIFM accordingly. The AIFM may start managing AIFs in accordance with its
authorisation as soon as it has been granted, but not earlier than one month of submitting
information in relation to the services it is going to provide.
The minimum capital requirements for AIFMs are as follows:
Type of AIFM Portfolio < €250 million Portfolio > €250 million
Internally managed Additional capital of 0.02% of the amount by which

€300.000 the €250 million is exceeded but no more than €10
AIF
million, inclusive of the initial capital
Externally managed Additional capital of 0.02% of the amount by which

€125.000 the €250 million is exceeded but no more than €10
AIF
million, inclusive of the initial capital
The total portfolio value does not include AIF portfolios managed by the AIFM under delegation.
Up to 50% of the capital may be provided in the form of a guarantee from a credit institution or
insurance undertaking with a registered office in a member state or in a third country with
equivalent prudential rules and regulations.
To cover any potential professional liability resulting from their activities, both internally managed
AIFs and external AIFMs must either have additional own funds to cover the risk or hold
professional indemnity insurance.
The own funds of an AIFM will be invested in liquid assets or in assets that can readily be converted
to cash at short notice. Own funds may not be invested in speculative instruments.
2.1.1. Changes to the Scope of Authorisation
Before implementing any material changes to the conditions for initial authorisation, an AIFM
needs to notify CySEC. In case CySEC rejects the changes, or imposes restrictions to the
application of the changes the AIFM will be notified within one month of receipt of the
Page 130 of 334

notification. If necessary, CySEC may extend this period by a further month.
CySEC may fully or partially suspend the authorisation of an AIFM at its own discretion if it is
deemed that continuation of its activities may jeopardise the interests of the AIFs that it manages,
its clients or the investors or, in general, the smooth operation or the integrity of the market:
a. in connection with the procedure of withdrawal of authorisation of the AIFM, for the
time period until a decision regarding the withdrawal is taken, or
b. upon decision of the Chairman or the Vice-Chairman of CySEC, who will notify the board
of CySEC during its upcoming session, when there are suspicions of possible infringement
of the Law or of another legal provision that regulates the provision of services by the
AIFM or of a provision of the relevant legislation, for the time period during which it is
assessed that the above interests are jeopardised. In this case CySEC may set the AIFM a
reasonable deadline to remedy the situation; this deadline may not exceed one month
from the date that the AIFM has been notified of the decision to suspend its license.
In the case of a partial suspension that is related to the management of portfolios, CySEC will
also suspend the non-core services.
In the event that a deadline is set (as noted in point (b) above), the AIFM will inform CySEC of the
remedy within one month. In the event that CySEC judges that the reasons for the suspension of
authorisation no longer exist, it will revoke the suspension and will communicate the fact to the
AIFM. However, in the event that the AIFM omits to notify CySEC within the one month
deadline, or if the Commission judges that the remedy is not sufficient, the suspension period
will be extended, and CySEC will initiate the procedure for the withdrawal of authorisation. The
suspension applies until the decision for the withdrawal of authorisation is taken.
While suspended, the AIFM may not provide those services or perform the activities for which
the authorisation is suspended. In case of an infringement committed by the AIFM, CySEC may
impose an administrative fine of up to €350,000.
In the following cases, the authorisation of an AIFM will be withdrawn by CySEC:
a. The AIFM does not make use of the authorisation within 12 months, expressly renounces
the authorisation, or has ceased the activity covered by the Law for the preceding six
months.
b. The AIFM has obtained authorisation by making false statements, or by any irregular means.
The authorisation of an AIFM may also be withdrawn (although not necessarily) if the AIFM no
longer meets the conditions under which authorisation was granted, or if they no longer comply
with the relevant capital adequacy requirements for investment firms (for AIFMs undertaking
discretionary portfolio management), or if the AIFM has seriously or systematically infringed
the provisions of the Law; or in cases where the national law that the AIFM is subject to
provides for the withdrawal of authorisation.
Page 131 of 334

Edition B.Ad.1 / EN
In the event that the own funds of the AIFM are reduced below the minimum limits, or where
they no longer comply with the capital adequacy requirements, CySEC may impose a deadline
within which the AIFM needs to remedy the issue. In case the AIFM fails to remediate the issue,
CySEC shall withdraw the license.
2.2. General Principles
Learning Objective
Ø Know the ‘general principles’ for AIFMs (Article 13)
AIFMs have to act honestly, fairly and with due skill, care and diligence when conducting their
activities. They need to act both in the best interests of their investors and for the integrity of the
market. To this end, they need to ensure that they employ effective resources and procedures
necessary for the performance of their business activities. AIFMs need to take all reasonable steps to
avoid or, if they cannot be avoided, to manage any conflicts of interest. If necessary, conflicts of
interest need to be disclosed in order to prevent them from adversely affecting the interests of the
AIFMs and their investors, and to ensure the fair treatment of the AIFs under their management.
An AIFM needs to comply with all relevant rules and regulations when conducting its business and
must treat all AIF investors fairly. Investors may not be given preferential treatment, unless such
treatment is disclosed in the AIF’s rules or instruments of incorporation.
An AIFM that is also authorised to undertake discretionary portfolio management services must
not invest all or part of a client’s portfolio in units of AIFs that it manages, unless the client has
provided prior general approval.
2.3. Remuneration
Learning Objective
Ø Know the AIFM requirements regarding remuneration (Article 14)
The remuneration policies of an AIFM need to meet the following requirements:
1. They must be consistent with, and promote, sound and effective risk management.
2. They must not encourage risk taking that is inconsistent with the risk profiles, rules or
instruments of incorporation of the AIFs that it manages.
Page 132 of 334

3. They must apply to those categories of staff whose professional activities have a material
impact on the risk profiles of the AIFM or the AIFs that it manages.
a. In addition, the remuneration policy must also comply with the following principles
in a way and to the extent that is appropriate to the AIFM size, internal organisation
and the nature, scope and complexity of its activities: be in line with the business
strategy, objectives and values
b. includes measures to avoid conflicts of interest
c. be reviewed periodically and be subject to an independent annual review
d. staff in control functions need to be compensated in accordance with the

achievement of the objectives linked to their function, independent of the
business area that they control
e. the remuneration of senior risk and compliance officers is directly overseen by the
remuneration committee
f. performance-related remuneration is based on a combination of the

assessment of the individual as well as the business unit or AIF that they manage
g. performance assessment has to be set in a multi-year framework appropriate to

the life cycle of the AIFs managed by the AIFM to ensure that the assessment is
based on longer-term performance
h. guaranteed variable remuneration is exceptional and may only be paid to new

members of staff in their first year of employment
i. fixed and variable components of total remuneration need to be balanced

appropriately, with the fixed component representing a sufficiently high
proportion of the total remuneration to allow the operation of a fully flexible
policy
j. payments related to the early termination of a contract reflect the performance

achieved over time, and are designed in a way that does not reward failure
k. performance measurement for variable remuneration includes a

comprehensive adjustment mechanism to integrate all relevant types of current
and future risks
l. be subject to the legal structure of the AIF and its rules or instruments of
incorporation, up to 50% of any variable remuneration may consist of shares in
the AIF or similar instruments, unless the management of the AIFs accounts for
less than 50% of the portfolio managed by the AIFM
m. at least 40% of the variable remuneration component needs to be deferred for
Page 133 of 334

Edition B.Ad.1 / EN
a period appropriate in view of the life cycle and redemption policy of the AIF
n. variable remuneration will only be paid or invested if it is sustainable according

to the financial situation of the AIFM, and justified according to the performance
of the business unit, and including clawback arrangements may be included
o. pension policies need to be in line with the business strategy, objectives, values
and long-term interests of the AIFM and the AIFs that it manages
p. staff may not undertake personal hedging strategies or remuneration and

liability-related insurance to undermine the risk alignment effects embedded in
their remuneration arrangements
q. variable remuneration is not paid through vehicles or methods that facilitate the
avoidance of the rules and requirements of the AIFM Law.
Large firms must establish a remuneration committee that is both competent and independent.
The committee will be responsible for the preparation of decisions regarding remuneration,
including those with implications for the risk and risk management of the AIFM or the AIF. The
committee members and chair must be members of the management body but without executive
functions.
Page 134 of 334

2.4. Conflicts of Interest
Learning Objective
Ø Know the AIFM requirements regarding conflicts of interest (Article 15)
AIFMs are responsible for taking reasonable steps to identify conflicts of interest between the
following parties:
Party I Party II
An AIFM, its managers, employees or any person An AIF managed by an AIFM or its investors
(in)directly linked to the AIFM by control
An AIF or its investors Another AIF and its investors
An AIF or its investors Another client of the AIFM
A UCITS fund managed by an AIFM or its investors
An AIF or its investors
A client of the AIFM Another client of the AIFM
The AIFM needs to establish, maintain and operate effective organisational and administrative
arrangements to ensure that it can take all necessary steps to identify, prevent, manage and
monitor any conflicts of interest, and to prevent them from adversely affecting the interests of
the AIFs that it manages and their investors. One of the ways to achieve this is by segregating
tasks and responsibilities which may be regarded as incompatible, and which may potentially
generate systematic conflicts of interest. Any other material conflicts of interest will be disclosed
to the investors of the AIFs.
The general nature and source of any remaining conflicts of interest must be clearly disclosed
by the AIFM to the investors prior to undertaking any business on their behalf, and it must develop
appropriate policies and procedures to overcome or manage such conflicts.
If the AIFM uses the services of a prime broker on behalf of an AIF, the agreement with the prime
broker will define the terms of their cooperation, and will provide for any possible transfer or reuse
of the AIF’s assets and the rules that apply; the depositary must be informed of the contract. The
AIFM must exercise due skill, care and diligence in the selection and appointment of prime brokers.
Page 135 of 334

Edition B.Ad.1 / EN
2.5. Risk Management
Learning Objective
Ø Know the AIFM requirements regarding risk management (Article 16)
The risk management department of an AIFM needs to be functionally segregated from the
operating units. CySEC will review the segregation, taking into consideration the size of the AIFM
and its operations. The AIFM needs to be able to demonstrate that it has procedures in place
to allow the independent performance of its risk management activities, and that the risk
management process satisfies all requirements.
Adequate risk management systems need to be in place to identify, measure, manage and monitor
all risks relevant to each AIF investment strategy and to which each AIF is, or may be, exposed.
The risk management systems will be reviewed at least annually, and amended as and when
required.
The AIFM must implement appropriate, documented and regularly updated due diligence processes
when investing on behalf of an AIF, and which are in line with its investment strategy, objectives
and risk profile.
The AIFM is responsible for ensuring that the risks associated with each investment position of the
AIFs and their overall effect on the portfolio, can be identified, measured, managed and
monitored on an ongoing basis and that the appropriate stress-testing procedures are in place.
In addition, they need to ensure that the risk profile of an AIF corresponds with its size, portfolio
structure, and investment strategies and objectives.
The maximum level of leverage, and the extent of the right to use collateral or guarantees that
may be employed on behalf of each AIF, will be set and monitored by the AIFM, taking into
consideration the type, investment strategy and leverage of each AIF. The need to limit the
exposure to a single counterparty, the extent to which the leverage is collateralised, the asset-
liability ratio, and the scale, nature and extent of the activity of the AIFM are also taken into
consideration when determining the use of leverage and collateral.
Page 136 of 334

2.6. Liquidity Management
Learning Objective
Ø Know the AIFM requirements regarding liquidity management and securitization (Article
17 and 17A)
For each AIF that it manages, with the exception of unleveraged closed-ended AIFs, the AIFM will
employ an adequate liquidity management system and procedures to be able to monitor the
liquidity risk of each AIF, and to ensure that the profiles of the AIF’s investments comply with
its underlying obligations. The AIFM will conduct regular stress tests applying normal and
exceptional liquidity conditions to be able to assess and monitor an AIF’s liquidity risk.
The AIFM will ensure that the investment strategies, liquidity profiles and redemption policies are
consistent for each AIF that it manages.
An AIFM that is subject to securitization and does not meet the requirements set out in Regulation (EU)
2017/2402, if deemed necessary, must act and take corrective actions towards the benefits and general interest
of the AIF investors.
2.7. Transparency
Learning Objective
Ø Understand the transparency requirements for AIFM (Articles 29–31)
The transparency requirements for AIFMs or their branches authorised in the Republic are related
to information that needs to be provided to investors as well as annual reports and information
requirements from CySEC.
Annual Report
For each of the EU AIFs that the AIFM manages, as well as for each AIF that it markets in the EU, it
must prepare an annual report, for each financial year, within six months following the end of
the financial year. The annual report must be provided to CySEC and, if applicable, to the
competent authorities of the home member state of the AIF. The annual report will be made
available to investors on request. When an AIF is required to make an annual financial report
public, in accordance with the transparency requirements or the national legislation of another
member state, only the following additional information has to be made available to investors on
request, either separately or as a part of the annual financial report:
Page 137 of 334

Edition B.Ad.1 / EN
1. The balance sheet or statement of assets and liabilities.
2. The income and expenditure account.
3. A report on the activities.
4. Any material changes to the fund.
5. The total amount of variable and fixed remuneration paid to the AIFM’s staff, the number
of beneficiaries and, if relevant, the carried interest paid.
6. The aggregate amount of remuneration, broken down by senior management and

members of staff whose actions have a material impact on the risk profile of the AIF.
When the above are included in a publicly available annual report, the report will be made
available within four months of the end of the financial year.
The accounting information in the annual report is compiled in accordance with the accounting
standards of the home member state, or the third country where the AIF is based, and the
accounting rules established in the rules or instruments of incorporation of the AIF. The
accounting information must be audited and the auditor’s report included in the annual report.
The annual report of non-EU AIFs will be subject to audit standards in force in the countries
where the AIFs have their registered offices.
Disclosures to Investors
For each of the EU AIFs that it manages, as well as for each AIF AIFs haves their it markets in the
EU, the AIFM needs to disclose the following information prior to investing in the AIF:
1. A description of the investment strategy and objectives, the jurisdiction where any master
AIF and any underlying funds are established, a description of the type of assets, risk
management techniques, any applicable investment restrictions, and rules relating to the
use of leverage, collateral, and guarantees.
2. Procedures for the changing of the investment strategy and/or the investment policy.
3. Main legal implications of the contractual agreement between the AIF and investors.
4. The identity of the AIFM, the depositary, the auditor and any other service providers,
including a description of their duties and the investor’s rights.
5. Cover for potential professional liability.
6. Delegated management functions, any safekeeping function delegated by the depositary,

identification of the delegate, and any conflicts of interest that may arise from the
delegation.
Page 138 of 334

7. The valuation procedure and pricing methodology for valuing assets including methods
to value hard-to-value assets.
8. Liquidity risk management, including redemption rights in normal and exceptional

circumstances, and existing redemption arrangements.
9. Fees, charges, and expenses directly borne by investors and their maximum amounts.
10. Ensuring the fair treatment of investors, when investors obtain preferential treatment, the
right to preferential treatment, and, if applicable, the legal or economic links with the AIF
or the AIFM.
11. The latest annual report.
12. The procedure and conditions for the issue and sale of units.
13. The latest net asset value of the AIF, or the latest market price of a unit.
14. Historical performance, (if applicable).
15. The identity of the prime broker, any material arrangements with the prime broker, and how
potential conflicts of interests are met.
The AIFM will inform investors, prior to their investing in an AIF, of any arrangements by the
depositary to contractually discharge itself from any liability. It will also inform investors of any
changes with respect to depositary liability without delay.
If the AIF is required to publish a prospectus, it must contain all the above-mentioned information.
If this information is not already included in the prospectus, then it needs to be published
separately, or as an addendum to the prospectus.
For each EU AIF, and for each AIF marketed in the EU, the AIFM must periodically disclose to investors
the percentage of the AIF’s assets which is subject to special arrangements arising from their
illiquid nature, any new arrangements for managing liquidity, and the current risk profile and risk
management systems.
When the AIFM manages an EU AIF, or an AIF that markets units of the AIF in the EU, then it
must periodically disclose any changes to the maximum level of leverage that the AIFM may employ
on behalf of the AIF, as well as any right to reuse collateral or any guarantees, and the total amount
of leverage by the AIF.
Reporting Obligations to CySEC
AIFMs regulated in the Republic must regularly report to CySEC on the principal markets and
instruments in which they trade on behalf of the AIFs that they manage. These reports will include
the main instruments in which they are trading on behalf of the AIF, the markets of which they are
Page 139 of 334

Edition B.Ad.1 / EN
a member or where they actively trade, and the principal exposures and concentrations.
For each of the EU AIFs that it manages and for each of the AIFs that it markets in the EU, the AIFM
needs to provide the following information to CySEC:
1. The percentage of the AIF’s assets that are subject to special arrangements arising from their
illiquid nature.
2. Any new arrangements for managing liquidity.
3. The current risk profile, and the risk management systems in place to manage market,
liquidity, counterparty, operational and other risks.
4. The main categories of assets in which the AIF is invested.
5. The results of stress tests.
CySEC may request to receive the following documents:
- An annual report for each EU AIF and each AIF marketed in the Union, for each financial
year
- Quarterly lists of all AIFs which the AIFM manages
AIFMs employing leverage on a substantial basis need to provide CySEC with the following
information:
1. The overall level of leverage employed by each AIF.
2. A breakdown between leverage arising from the borrowing of cash or securities, and leverage
embedded in financial derivatives.
3. The extent to which the AIF’s assets have been reused under leveraging arrangements.
4. The identity of the five largest sources of borrowed cash or securities per AIF and the amounts
of leverage received per source.
A non-EU AIFM with a branch in the Republic only has to report this information for the EU AIFs
that it manages and the non-EU AIFs that it markets in the EU.
CySEC may request additional information that it considers necessary for the effective monitoring
of systemic risk.
Page 140 of 334

Learning Objective
Ø Know the procedures, arrangements and mechanisms that AIFM must implement (Article
18)
The AIFM will, at all times, employ adequate and appropriate human and technical resources
that are necessary for the proper management of the AIFs that it manages. This includes, but is
not restricted to, sound administrative and accounting procedures, control and safeguarding
arrangements for electronic data processing, and adequate internal control mechanisms. Internal
control procedures need to specifically cover the rules for personal transactions by its employees,
and the holding and management of investment for the AIFM’s own account, ensuring at least:
1. that each transaction involving the AIFs may be reconstructed according to its origin, the
parties to it, its nature, and the time and place that the transaction was executed
2. that the assets of the AIFs managed by the AIFM are invested in accordance with the
AIF rules or instruments of incorporation and the legal provisions in force.
AIFMs need to have robust governance procedures in place and should be managed and organised
so as to minimise conflicts of interest. AIFMs should have a well-documented organisational
structure that clearly assigns responsibilities, defines control mechanisms and ensures a good flow
of information between all parties involved. AIFMs should also establish systems to safeguard
information and ensure business continuity. When establishing those procedures and structures,
AIFMs should take into account the principle of proportionality. This allows procedures,
mechanisms and organisational structures to be calibrated to the nature, scale and complexity
of the AIFM’s business and to the nature and range of activities carried out in the course of its
business.
The AIFM is required to establish a permanent and effective compliance function irrespective
of the size and complexity of its business. However, details of the technical and personnel
organisation of the compliance function should be calibrated to the nature, scale and complexity
of the AIFM’s business, and to the nature and range of its services and activities. The AIFM
should not have to establish an independent compliance unit if such a requirement would be
disproportionate in view of the size of the AIFM, or the nature, scale and complexity of its business.
The AIFM shall, when appropriate and proportionate in view of the nature, scale and complexity
of their business and the nature and range of collective portfolio management activities
undertaken in the course of that business, establish and maintain an internal audit function
which is separate and independent from the other its functions and activities. The internal audit
Page 141 of 334

Edition B.Ad.1 / EN
function shall:
a. establish, implement and maintain an audit plan to examine and evaluate the adequacy and
effectiveness of the AIFM’s systems, internal control mechanisms and arrangements
b. issue recommendations based on the results of work carried out
c. verify compliance with recommendations, and
d. report internal audit matters.
Any conflicting duties should be segregated within the organisation.
3.1. Valuation
For each AIF that an AIFM manages, it needs to ensure that there are appropriate and consistent
procedures for the valuation of assets in accordance with the rules and regulations, applicable law,
and the AIF rules or instruments of incorporation. Asset valuation, and the calculation of the net
asset value per unit, is determined by the law of the country where the AIF is established, and/or
in the AIF rules or instruments of incorporation. The valuation procedures must ensure that
assets are valued, and that the net asset value per unit is calculated at least once a year. Investors
will be informed of the valuations and calculations as set out in the AIF rules or instruments of
incorporation. For open-ended AIFs, the valuation and calculation must also be carried out at a
frequency appropriate for the assets held, and its issuance and redemption frequency. For
closed-ended AIFs, the valuation and calculation must also be carried out in the event of an
increase or decrease of the capital by the relevant AIF.
The AIFM must ensure that the valuations are either performed by an independent external
valuer, or by the AIFM itself, providing that the valuation task is functionally independent from
the portfolio management and the remuneration policy, and that conflicts of interest are
mitigated.
The valuation must not be undertaken by the depositary unless it has functionally and
hierarchically separated the performance of its depositary functions from its tasks as external
valuer, and that any potential conflicts of interest are properly identified, managed, monitored
and disclosed to investors of the AIF.
The external valuer needs to be subject to the mandatory professional registration recognised by
law, regulatory provisions or rules of professional conduct. An external valuer needs to be able
to provide sufficient professional guarantees to be able to perform its function effectively. Any
appointment of a valuer needs to comply with the appropriate rules and regulations.
An appointed external valuer must not delegate its responsibility to a third party. AIFMs must
notify CySEC of the appointment of an external valuer. In the event that CySEC does not approve
of the valuer appointed, it may require another to be engaged.
Page 142 of 334

Valuations will be performed with due skill, care, diligence, and impartiality. If the valuation is
undertaken by the AIFM, CySEC may require to have the valuation procedures and/or valuations
to be verified by an external valuer or, if appropriate, an auditor. Even when an external valuer
is appointed, the AIFM is ultimately responsible for the proper valuation of the AIF’s assets, and
the calculation and publication of the net asset value. However, an external valuer will be liable
for any losses suffered by the AIFM as a result of its negligence or the intentional failure to perform
its tasks.
4. Investors
4.1. Marketing of AIFs to Retail Investors in the Republic
Learning Objective
Ø Understand the rules regarding the marketing of AIFs to retail investors in the Republic
(Article 45)
Regulatory requirements apply in different ways to, for example, leveraged AIFs, AIFs acquiring
control of non-listed companies and issuers, and the marketing of EU AIFs in the EU.
CySEC may allow the AIFM to market units of any type of AIF to retail investors in the Republic once
it is authorised to do so. CySEC may impose additional obligations on the AIFM or AIF, although
these may not be stricter than the EU rules and regulations.
CySEC needs to report the types of AIF that may be marketed to retail investors in the Republic,
and the additional requirements they have imposed. CySEC will inform the EC and ESMA of any
changes in the requirements.
Page 143 of 334

Edition B.Ad.1 / EN
1. List the initial capital requirements of AIFs.

2. List the conditions of authorisation.

3. List the requirements for remuneration.

4. Define the requirements for risk management.

5. What are the requirements for liquidity management?

6. List the disclosures to investors.

7. Describe the valuation process.

8. What are the requirements to market an AIF to retail investors?
Page 144 of 334

Chapter 6
The Business of Credit
Institutions Laws of 1997–2016
Learning Objectives
1. General
2. Capital
3. Returns and Accounts
The Business of Credit Institutions Laws of 1997–2016 are a consolidated set of laws issued during
this period to regulate the banking sector in Cyprus. It handles, among other things, licensing, the
allowable use of the word bank, as well as defining deposits, supervision, capital adequacy and the
reporting obligations of banks in the Republic.
1. General
Learning Objective
Ø Understand how the Central Bank of Cyprus supervises banks: ownership and management
(Articles 16–17); supervision and inspection (Article 26); disclosure of information (Article
26A); cooperation with other competent authorities (Article 27); powers of the Central
Bank of Cyprus (Articles 30–32)
Page 145 of 334

Edition B.Ad.1 / EN
Supervision of authorised credit institutions (ACIs) in Cyprus is the responsibility of the Central
Bank of Cyprus (CBC), and includes the execution of regulations regarding the ownership and
management of banks, supervision, disclosure and cooperation with other competent authorities.
1.1. Ownership and Management
ACIs incorporated in the Republic may not dispose of any part of their business by means of a
sale or merger, unless they have prior written approval from the CBC. This also applies to the
operations in the Republic of ACIs incorporated in other jurisdictions.
Prior to acquiring or increasing a controlling stake in an ACI established in the Republic so that
their voting rights reach or exceed the minimum limits of 20%, 30%, 50% or so that the ACI
would become a subsidiary, the person making the acquisition (the acquirer) needs to notify
the CBC of their intent in writing, and needs to obtain its approval. The CBC will confirm the
receipt of the notification and, if applicable, any subsequent information that the CBC may request,
within two working days of receipt of the information. The CBC shall make its decision concerning
he permissibility of the acquisition within 60 working days after it has acknowledged, in writing,
that it has received all information requested. Up until 50 working days into the assessment
period, the CBC may request further information. If, at any time during the assessment, the CBC
requests further information, the assessment period is interrupted until the information is
received, with a maximum interruption of 20 working days. The period of interruption may be
extended to 30 days in the event that the acquirer is situated or regulated outside the Community,
and is a natural or legal person not subject to supervision.
In the event that the CBC decides to oppose the proposed acquisition, it will inform the acquirer
within two working days of reaching the decision, and in any case prior to the end of the
assessment period. The notification will include the reasons for the decision; a statement to this
effect, including the reasons, may be made public. The acquisition is deemed to be approved if
the CBC does not oppose the proposed acquisition within the assessment period.
The acquirer can be an individual person, or it can make the acquisition in combination
with an associate, which for natural persons includes:
• a spouse, or relatives to the first degree
• a company, of which the person is a director or has control over
• any partner of the person, and
• any other person(s) whose interests are interdependent of the person holding shares.
If the acquirer is a company, any director or person with control over the company, subsidiaries,
or any directors of subsidiaries are considered to be associates.
Page 146 of 334

If the acquirer fails to notify the CBC of its intent prior to the acquisition, or in the event that an
acquisition is made against a decision of the CBC, the CBC may impose an administrative fine. In
addition, the CBC may take one or more of the following actions:
• Suspend some or all of the voting rights of the acquiring party.
• Declare the transaction void.
• Prohibit the transaction taking place.
• Prohibit any payments by the ACI relating to the transaction, except in the case of winding
up the ACI.
In the event that the acquirer is a legal person, the fine may be imposed on those members of the
board of directors and/or managers who were responsible, negligent or who failed to act.
1.2. Supervision and Inspection
As the competent authority in the Republic, one of the responsibilities of the CBC is prudential
supervision. As such, the CBC also has to work together with the competent authorities in other
member states, participate in the activities of the European Banking Authority (EBA), and follow the
EBA guidelines and recommendations or provide reasons for not doing so.
In the exercise of its duties, the CBC will always consider the potential impact of its decisions
on the financial stability of the financial system in the Republic and other member states and, in
particular, in emergency situations, based on the information available at the relevant time.
On the request of the CBC, ACIs need to make their liquid and other assets, books, records, accounts
and other documents available for examination. Any CBC official may be assisted by a duly
qualified person appointed by the CBC who shall be bound to the same confidentiality
requirements.
The CBC is authorised to request ACIs to pay it fees in relation to expenses incurred for supervision
and inspection activities.
Any information obtained as part of supervision activities will be kept secret and only used for
the purposes of the CBC Law, or of the Business of Credit Institutions Laws of 1997–2016. The
information may, however, be used to compile and publish statistical aggregates.
As part of the supervision process, the CBC will review the arrangements, strategies, processes
and mechanisms that the ACIs have implemented to comply with the regulatory requirements,
and ensure that they are sufficient to guarantee sound management and the coverage of their risks.
The CBC determines the frequency and intensity of the review taking into consideration the size,
systemic importance, nature, scale and complexity of the activities of the ACI. The reviews and
Page 147 of 334

Edition B.Ad.1 / EN
evaluation must be undertaken at least annually, and will include the ACI’s interest rate
exposures from non-trading book activities.
In case an ACI’s economic value declines by more than 20% of its own capital, as a result of a sudden
and unexpected change in interest rates, the CBC must put special measures in place which will
apply to all ACIs incorporated in the Republic.
The CBC may request, verify and compile information, enter offices and business premises of ACIs
subject to its control, and inspect files, books, accounts and other documents and records. The CBC
has no access to the personal correspondence of employees and/or associates of ACIs.
1.3. Disclosure of Information
The CBC will disclose the text of laws and regulations, directives and other rules, how it has exercised
its options in EC regulation, the general criteria and methodologies used for the review of its
supervision, and aggregate statistical data on key aspects of the prudential framework in the
Republic.
All information must be accessible in a single electronic location, and must be updated regularly.
1.4. Cooperation with Other Competent Authorities
The CBC may cooperate and exchange information, with competent supervisory authorities in the
Republic or third countries for the purpose of supervision, and to support the conduct of their
duties.
When the CBC receives a request for verification of information concerning a specific institution,
it will either carry out the verification itself, or it will allow the verification to be carried out by
the requesting competent authority, an auditor or an expert.
Competent supervisory authorities may carry out inspections of branches of institutions of which
the head office is established in their jurisdiction. Prior to carrying out inspections, they need to
inform the CBC and obtain their consent.
The CBC may agree a cooperation agreement with the EBA providing for the exchange of
information with the competent authorities of third countries, as long as the agreement
guarantees professional secrecy, and that the information is solely used for the undertaking of
supervisory duties.
Information that has originated in another member state will not be disclosed without permission
from the authority in the member state which has disclosed it.
Page 148 of 334

When the CBC undertakes the supervision on a consolidated basis of an EU parent institution,
it is responsible for:
• coordination of the gathering and dissemination of relevant and essential

information in going- concern and emergency situations
• planning and co-ordination of supervisory activities in going-concern situations,

disclosure of information for capital adequacy calculations and technical criteria
concerning the organisation and treatment of risks
• planning and co-ordination of supervisory activities in cooperation with competent

authorities and, if necessary, central banks in preparation for and during emergency
situations including adverse developments in ACIs or financial markets.
When either one of the competent authorities does not cooperate, the matter may be referred
to the EBA.
1.5. Powers of the Central Bank of Cyprus (CBC)
If a bank fails to comply with the rules and regulations, the CBC is of the opinion that the liquidity
and assets have been impaired, that there is a risk that the bank is not in a position to promptly
meet its obligations, or that it is necessary to safeguard the interests of depositors, then the CBC
may:
• require the ACI to take necessary actions to rectify the matter, or restrict its operations
by imposing conditions on their licence
• impose conditions that:
o require the ACI to take certain steps or refrain from adopting or pursuing a
particular course of action
o prohibit the ACI from soliciting deposits from all persons or a particular class of
persons impose limitations on the granting of credit or the making of investments
o prohibit the ACI from entering into any other transaction or class of transactions
require the removal of any director, chief executive or manager
o oblige the ACI to hold own funds in excess of the minimum requirements require
the reinforcement of existing arrangements
o require the ACI to apply a specific provisioning policy
o restrict or limit the business, operations or network of ACIs, and
Page 149 of 334

Edition B.Ad.1 / EN
o require the reduction of the risk inherent in the activities, products and systems of
the ACIs.
Any of these conditions may be varied or withdrawn by the CBC. Before taking any measure
mentioned above, the CBC will provide the ACI with a report inviting its comments, to which the
ACI must reply within three days from its delivery.
• consult with other ACIs with a view to determine the action to be taken
• assume control of the ACI’s business, and continue to run the business on the ACI’s
behalf for as long as is deemed necessary
• revoke the licence of the ACI
• demand that the ACI increases its share capital
• demand that a recovery plan is prepared and submitted and provide information to the
CBC for the preparation of a resolution plan
• demand that dividends are limited or withheld
• demand that remuneration and benefits of the ACI’s advisers and executive directors is
limited.
The CBC may demand that the ACI increases its share capital by a specific date, and on specific
terms. The ACI must submit a recovery plan to the CBC detailing the measures that it will take to
comply with its decisions, including a timetable, and it will convene an extraordinary general
meeting (EGM) of shareholders, and inform the Registrar of Companies of the increase in capital.
Failure to call the EGM or inform the Registrar of Companies may result in a fine of up to e100.000
on each member of the board of directors who failed to comply.
The CBC may request additional information in association with the recovery plan, require the
inclusion of capital restructuring, amend the recovery plan to make it more effective and
dictate a timetable for the execution of the recovery plan. The final recovery plan will be
approved by the ACI’s board of directors, and its content must remain confidential.
Recovery and resolution plans are not binding on the CBC, and only the CBC in its capacity as
resolution authority can demand the execution of the plan.
6
Page 150 of 334

2. Capital
Learning Objective
Ø Know the following capital requirements: minimum capital (Article 20); capital adequacy
(Article 21))
The minimum capital of an ACI incorporated in the Republic is €5 million, unless the CBC
determines that a higher amount of own funds is required.
The CBC sets the minimum capital adequacy ratio by which ACIs incorporated in the Republic
have to abide. For each individual ACI, the minimum capital adequacy ratios may be varied from
time to time. The CBC will notify ACIs in writing.
The capital adequacy ratio maintained by an ACI is in the form of the mandatory amount of own
funds that must be held in relation to total assets, including trading book, off-balance sheet
exposures, operational risk and categories of assets specified by the CBC.
3. Returns and Accounts
Learning Objective
Ø Know the basic responsibilities ACIs must meet with respect to submitting returns and
accounts (Articles 24 and 25)
Within four months of the end of the financial year, every ACI must submit an electronic copy
of its audited annual accounts for the year to the CBC. This has to be in the prescribed format
together with a signed copy of the audit report of the approved auditor. The audit will take place
in accordance with international auditing standards as well as any additional requirements
specified by the CBC.
If an ACI fails to appoint an approved auditor, one may be appointed by the CBC, who will fix
the remuneration to be paid by the ACI.
ACIs incorporated in the Republic need to publish their balance sheet, profit and loss account, and
their auditor’s report within six months of the end of the financial year. All other ACIs need to
publish their balance sheet and profit and loss account for each financial year covering their
business as a whole.
Within 15 days of the end of each month every ACI has to submit a certified statement of its assets
and liabilities as at the end of the month to the CBC.
The CBC may request and compile information that is necessary or useful for the exercising of its
Page 151 of 334

Edition B.Ad.1 / EN
powers. It may request any additional information from ACIs, and any other natural or legal
person under its supervision, to be provided within a specified time frame. The request for
information must include a request to present, submit and file any written records and information,
including client records and other data stored on computers. Any request to provide information
must be kept in the strictest confidence, and any person requested to provide information must
comply with the CBC request.
Every ACI incorporated in the Republic must publicly disclose information concerning its
operation, including:
• targets and qualitative characteristics of the risk management policy
• quantitative information on the risks undertaken
• own funds
• the method of capital adequacy calculation
• large exposure monitoring
• disclosure of whether it complies with the capital adequacy ratio.
1. Describe the responsibilities of the CBC regarding supervision and inspection.

2. List the powers of the CBC.

3. Describe the responsibilities related to returns and accounts.

Page 152 of 334

Chapter 7
The Prevention and Suppression of Money
Laundering and Terrorist Financing Laws
Learning Objectives
Introduction
1. Special Provisions in Respect of Financial and

2. The Responsibilities of Obliged Entities
The Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007–2019 and
CysecDirective regarding the Prevention and Suppression of Money Laundering and Terrorist
Financing outline the regulations for anti-money laundering and terrorist financing in the Republic. In
combination these rules cover, among other things, the appropriate systems and procedures applied
within a risk-based approach in obliged entities financial organisations, the requirements related to
customer identification and due diligence procedures, the responsibilities of the board of directors,
employees’ obligations, education and training, the duties of the compliance officers, and the
recognition and reporting of suspicious transactions/activities.
The Law harmonises:
a. Directive 2014/65/EU of the European Parliament and of the Council of 15 May

2014 on markets in financial instruments and amending Directive 2002/92/EC
and Directive 2011/61/EU
b. European Commission Directive 2006/73/EC of 10 August 2006 implementing
Directive 2004/39/ EC of the European Parliament and of the Council with
Page 153 of 334

Edition B.Ad.1 / EN
regard to organisational requirements and operating conditions for IFs and

defined terms for the purposes of that Directive.
c. Directive (EU) 2015/849 of the European Parliament and of the Council of 20
May 2015 on the prevention of the use of the financial system for the purposes
of money laundering or terrorist financing, amending Regulation (EU) No
648/2012 of the European Parliament and of the Council, and repealing
Directive 2005/60/EC of the European Parliament and of the Council and
Commission Directive 2006/70/EC
d. Directive (EU) 2018/843 of the European Parliament and then Council of 30
May 2018 amending Directive (EU) 2015/849 on the prevention of the use of
the financial system for the purposes of money laundering or terrorist financing,
and amending Directives 2009/138/EC and 2013/36/EU
Introduction
The prevention of money laundering and of the financing of terrorist activities is of significant
importance for the global financial system. Any association with these activities has a negative
impact on the reputation of institutions and, in turn, has the potential to undermine the banking
sector, as well as the local economy. There are three stages to a successful money laundering
operation:
• Placement – the first phase of money laundering process which is the physical disposal of
cash proceeds derived from illegal activity; typically it is the introduction of ‘dirty’ money in
the form of cash or other assets derived from criminal activity into the financial system (such
as a bank, a casino, a cash business or any other form of legitimate business). There are two
techniques used by money launderers during this stage:
§ Structuring - is the process of depositing cash, below the reporting threshold

so it is less likely that such transactions will attract any attention. For
example, a customer breaks a large transaction, which falls outside the
reporting threshold, into smaller ones because if the whole amount of money
would be deposited into one bank, it would create suspicions and trigger an
investigation as well as the possibility of filing a report.
§ Smurfing - Cash from illegal sources is divided between various individuals or

'smurfs' who make multiple deposits into multiple accounts at a number of
financial institutions. In this way, money enters the financial system and is
then available for layering. Suspicion is often avoided as it is difficult to detect
any connection between the ‘smurfs’, deposits and accounts.
• Layering – the second phase of money laundering process involves distancing illegal
proceeds from their source by creating complex levels of financial transactions designed to
disguise the audit trail and to provide anonymity; involves moving the money around in
order to make it difficult for the authorities to link the placed funds with the ultimate
Page 154 of 334

beneficiary of the money. The essence is to disguise the audit trail, the source and the
ownership of funds so as to avoid attracting any attention.
§ Integration – the third phase is the last stage of the money laundering
process and this is the phase of placing laundered funds back into the
economy by re-entering the funds into the financial system and giving them
the appearance of legitimacy; in this stage, it is really difficult to distinguish
between the legal and dirty money.
Many of the requirements of national and international anti-terrorism legislation on financial

services firms are similar to the anti-money laundering provisions described above. They involve:
• customer identification
• recordkeeping
• transaction monitoring, and
• reporting suspicious activity.
A person generally commits an offence if they enter into, or are linked with, an arrangement that
facilitates the retention or control of terrorist funds.
1. Special Provisions in Respect of Financial and Other

Business Activities
This section is related to the regulations outlined in the Prevention and Suppression of Money
Laundering and Terrorist Financing Laws of 2007–2019.
Learning Objective
Ø Understand the provision for obliged entities to apply adequate and appropriate
systems and procedures(Article 58); the penalties for non-compliance (Article
59(6(a)(i-v), 6(a1-a4) and 6A(a)); when to apply customer due diligence measures
(Article 60); the ways to apply identification procedures and customer due
diligence measures (Article 61(1))
Ø Know when simple or enhanced customer due diligence measures may be
applied (Article 63 and 64)
1.1. Systems and Procedures
Page 155 of 334

Edition B.Ad.1 / EN
Obliged Entities must implement adequate and appropriate policies, controls and procedures,
proportionate to their nature and size, in order to mitigate the money laundering and terrorist
financing risks in relation to the following:
• Customer identification and due diligence – know the customer and their business. Due
diligence is carried out at the start, and on a regular basis throughout the business
relationship with a customer. Additional due diligence is required in the event that the
customer carries out transactions for €15.000 or more, whether the transaction is carried
out in a single operation or in several operations which appear to be linked Also, if
constitutes a transfer of over €1.000. Furthermore, due diligence is needed in the event of
suspicion of money laundering or terrorist financing, regardless of the amount of the
transaction, as well as when there are doubts about the veracity or adequacy of previous
customer identification data. For providers of gambling services, due diligence is also
required when carrying out transactions amounting to €2.000 or more, upon the collection
of winnings or the wagering of a stake, or both, in a single or several operations that may be
linked. Lastly, due diligence is needed for persons trading in goods when they carry out
occasional transactions in cash of €10.000 or more, in a single or multiple operation which
seem to be linked. Customer identification procedures and customer due diligence
measures comprise of:
a. identifying the customer and, if applicable, the third-party acting on behalf of the
customer and verifying their identity on the basis of documents, data or
information obtained from a reliable and independent source
b. identifying the beneficial owner and, if applicable, the third-party acting on behalf
of the beneficial owner, and taking risk-based and adequate measures to verify
their identity on the basis of documents, data or information obtained from a
reliable and independent source so that the person carrying on in financial or
other business knows who the beneficial owner is, with regard to legal persons,
trusts and similar legal arrangements, taking risk-based and adequate measures
to understand the ownership and control structure of the customer
c. assessing and obtaining information on the purpose and intended nature of the
business relationship
d. conducting ongoing monitoring of the business relationship including the scrutiny

of transactions undertaken throughout the course of that relationship to ensure
that the transactions being conducted are consistent with the information and
data in the possession of the person engaged in financial or other business in
relation to the customer, the business and risk profile, including, if necessary, the
source of funds and ensuring that the documents, data or information held are
kept up to date.
The extent of these measures and identification procedures may be determined on a risk-
sensitive basis depending on the type of customer, business relationship, product or
Page 156 of 334

transaction. The obliged entities must be able to demonstrate to the competent supervisory
authorities that the extent of the measures taken is appropriate in view of the risks of
money laundering and terrorist financing they are exposed to.
For the purposes of identification procedures and customer due diligence requirements, proof
of identity is satisfactory if it is reasonably possible to establish that the customer is the
person they claim to be; and the person who examines the evidence is satisfied, in
accordance with the procedures followed under this Law, that the customer is actually the
person they claim to be.
Businesses providing life insurance, other investment-related insurance, trusts or similar legal
arrangements must take the necessary measures to establish the identity of the beneficiary at
the times of payout or at the application of vested rights. Obliged entities may be allowed to
avoid certain due diligence measures with respect to electronic money, considering that their
risk assessment has appropriately demonstrated low risk and the following risk-mitigation
conditions have been met:
a. The payment instrument is not reloadable or has a maximum monthly limit of

payment transactions of €250 which can be used for payment transactions only
within the Republic
b. The maximum amount stored electronically does not exceed €250
c. The payment instrument is used exclusively for the purchase of goods or services
d. The payment instrument cannot be financed with anonymous electronic money
e. The issuer possesses appropriate and adequate systems and procedures for
monitoring the transactions or business relationship to enable the detection of
unusual or suspicious transactions
The above provisions do not apply in the case of redemption in cash or cash withdrawal of the
monetary value of electronic money where the amount redeemed exceeds €100. Moreover, the
above exceptions do not include the obligation to monitor transactions and business
relationships on an on-going basis as well as the obligation of detecting and reporting suspicious
transactions.
• Recordkeeping – client and transaction information must be maintained for a

period of five years following the end of the relationship with a customer or after
the date of an occasional transaction. Documents and information include evidence
demonstrating compliance with the customer due diligence requirements, records
of transactions, and related correspondence documents with customers and other
persons with whom a business relationship is maintained.
• Internal reporting and reporting to MOKAS (the Unit for Combating Money
Laundering) – the appointed money laundering compliance officer needs to report
any suspicious transactions both internally and to MOKAS.
Page 157 of 334

Edition B.Ad.1 / EN
• Internal control, risk assessment and risk management in order to prevent money
laundering and terrorism financing.
• Detailed transaction examination on transactions that are considered to be

particularly vulnerable to money laundering and terrorist financing, including
complex, unusually large transactions and transactions with o t h e r unusual
patterns.
• Informing employees – employees must be informed of systems, procedures, and

legal requirements in relation to combating money laundering and terrorist
financing, as well as the relevant requirements for personal data protection
• Training – ongoing relevant training of employees for enhancing their abilities

in the recognition and handing of transactions and activities related to money
laundering and terrorist financing.
• Risk management practices
• Compliance management
• Recruitment and assessment of employees’ integrity
Failure to comply with the AML/CFT Law or the directive issued by CySEC, will subject the Obliged Entities to the
following measures taken against them:
a. To require the Obliged Entity to take such measures within a specified timeframe to remedy
the situation.
b. To impose:
- An administrative fine of not exceeding EUR 1.000.000 (one million euro) having first
given the opportunity to the supervised person to be heard
- in the event that the culpable offender derived a benefit from the breach which
benefit exceeds the administrative fine mentioned above, an administrative fine up to
an amount of at least twice the amount of the benefit derived from the breach
- in the event the breach continues, an administrative fine of up to one thousand euro
(€1.000) for each day the breach continues
c. To amend or suspend or withdraw the operating license of the supervised person
d. A temporary ban on persons discharging managerial duties or any other natural person
found guilty of misconduct in the performance of managerial duties in the obliged entity
e. Impose the aforementioned administrative fine to the person(s) performing managerial
duties in the obliged entity and to any other person who was related to infringement, due to
their fault, intentional omission or negligence.
f. If the obliged entity is a credit or financial institution, the competent Supervisory Authority
may additionally impose administrative pecuniary sanctions to legal and natural persons of a
maximum of €5.000.000. Also, for legal persons, a 10% of the total annual turnover
according to the latest approved accounts.
Page 158 of 334

g. Independent legal professionals or auditors or external accountants who fail to comply with
the related provisions of the Law and the directives issued by CySEC, are referred by CySEC
to the competent Disciplinary Board which will decide accordingly.
CySEC will publish in its official website the administrative fine or the measures taken against the sanctioned
persons immediately after communicating the related decision to them.
1.2. Simplified and Enhanced Customer Due Diligence (CDD)
Obliged entities may apply simplified customer due diligence (SDD) measures if they have previously ascertained
that the business relationship or the transaction presents a lower degree of risk. Furthermore, it is provided
that the obliged entity carries out sufficient monitoring of the transactions and the business relationships to
enable the detection of unusual or suspicious transactions if these occur during a business relationship.
SDD is not an exemption from any of the customer due diligence (CDD) measures; however, obliged entities
may adjust the amount, timing or type of each or all of the CDD measures in a way that is commensurate to the
low risk they have identified.
When assessing the risks of money laundering or terrorist financing which relate to types of customers,
geographical areas and particular products, services, transactions or delivery channels, the obliged entity takes
into account at least the factors of potentially lower risk situations set out in the AML/CFT Law.
In accordance to non-exhaustive list of factors and types of evidence of potentially lower risk, to the following
customers the simplified due diligence may be applicable:
a. public companies listed on a stock exchange and subject to disclosure requirements (either by
stock exchange rules or through law or enforceable means), which impose requirements to
ensure adequate transparency of beneficial ownership,
b. public administrations or enterprises,
c. customers that are resident in geographical areas of lower risk.
SDD may not be appropriate in certain type of industries, products or services or may not be allowed due to the
national legislation.
Customers that pose higher money laundering and terrorist financing risks present increased exposure to
obliged entities. Higher risk customers should be viewed even more closely at account opening and their
transactions should be monitored more closely during the account operation. An obliged entity applies
enhanced customer due diligence (EDD) measures, additionally to the measures referred in the Law, in the
following cases:
a. When it is transacting with a natural person or legal entity with an establishment in a high-risk
third country,
- Enhanced customer due diligence measures need not be invoked automatically with
respect to branches or majority-owned subsidiaries of obliged entities established in
the European Union which are located in high risk third countries, where those
branches or majority-owned subsidiaries fully comply with the group-wide policies and
Page 159 of 334

Edition B.Ad.1 / EN
procedures in accordance with the Law and, in this case, the obliged entity uses risk-
based approach.
b. In cross border correspondent relationships with a third-country respondent institution, a credit
institution and financial institution:
- gather sufficient information about the respondent institution to understand fully the
nature of the respondent's business and to determine from publicly available
information the reputation of the institution and the quality of supervision
- assess the respondent institution's AML/CFT controls
- obtain approval from senior management before establishing new correspondent
relationships
- document the respective responsibilities of each institution
- with respect to payable-through accounts, be satisfied that the respondent institution
has verified the identity of, and performed ongoing due diligence on, the customers
having direct access to accounts of the correspondent institution, and that it is able to
provide relevant CDD data to the correspondent institution, upon request
c. In transactions or business relationships with a politically exposed person (PEP), an obliged entity:
- has in place appropriate risk management systems, including risk-based procedures, to
determine whether the customer or the beneficial owner of the customer is a PEP
- obtains Senior Management (SM) approval for establishing or continuing the business
relationship with such person
- take adequate measures to establish the source of wealth and source of funds that are
involved in business relationships or transactions with such person
- conduct enhanced and on-going monitoring of the business relationship
- In case that the person has ceased to exercise significant public function in the Republic
or in a Member State or in a third country or hold an important public office in an
international organization the obliged entity shall, for at least 12 months, the obliged
entity is required to take into account the continuing risk posed by that person and
apply appropriate and risk- sensitive measures until such time as that person is deemed
to pose no further risk specific to politically exposed persons
- applies the above measures for the immediate family members and close associates of
the PEP
An obliged entity is required to take reasonable measures to determine whether a beneficiary of a life or other
investment related insurance policy and/or, where required, the beneficial owner of the beneficiary is a PEP.
These measures shall be taken no later than at the time of the payout or at the time of the assignment, in whole
or in part, of the policy in the following cases:
a. the beneficiary of a life insurance or other investment-related insurance policy and/or, where
required, the beneficial owner of the beneficiary is a PEP at the time of the pay-out or at the time
of the assignment of the insurance policy; and/or
b. higher risks are detected in transactions or in business relationships with a PEP, in addition to the
application of CDD measures, an obliged entity:
- informs senior management prior to pay-out of insurance policy proceeds
- conducts enhanced scrutiny of the entire business relationship with the policy holder
Page 160 of 334

An obliged entity must apply EDD measures in other situations which by their very nature present a high risk of
money laundering or terrorist financing. When assessing the risks of money laundering and terrorist financing,
obliged entities must consider at least the factors of potentially higher-risk situations as set out in the Law.
In addition to the non-exhaustive list of factors and types of evidence of potentially higher risk, the enhanced
due diligence is applicable:
- when the business relationship is conducted in unusual circumstances

- to customers that are resident in geographical areas of higher risk
- to legal persons or arrangements that are personal asset-holding vehicles
- to companies that have nominee shareholders or shares in bearer form
- to businesses that are cash-intensive
- when the ownership structure of the company appears unusual or excessively complex
given the nature of the company's business
In accordance with the Risk Factors Guidelines, an indication of EDD measures obliged entities should apply,
may include:
- Increasing the quantity of information obtained for CDD purposes

- Additional information about the intended nature of the business relationship
- Obtaining additional information on:
o the number, size and frequency of transactions that are likely to pass
through the account, to enable the firm to spot deviations that might give
rise to suspicion
o why the customer is looking for a specific product or service, in particular
where it is unclear why the customer’s needs cannot be met better in
another way, or in a different jurisdiction,
o the destination of funds
o the nature of the customer’s or beneficial owner’s business, to enable the
firm to better understand the likely nature of the business relationship
- Increasing the quality of information obtained for CDD purposes
- Increasing the frequency of reviews
Page 161 of 334

Edition B.Ad.1 / EN
2. The Responsibilities of Obliged Entities

This section is related to the regulations outlined in C y S E C ’ s Directive for the prevention of
Money Laundering and Terrorist Financing.
Learning Objective
Ø Understand the responsibilities of the board of directors with respect to the

prevention of money laundering and terrorist financing (Article 5)
Ø Understand the obligations of the internal audit department (Article 6)
Ø Learn about the customers’ acceptance policy (Article 7)

Ø Know the minimum duties a compliance officer should exercise with respect to
the prevention of money laundering and terrorist financing (Articles 8–10)
Ø Understand how obliged entities should adopt a risk-based approach to prevent
money laundering and terrorist financing (Article 12)
Ø Know examples of: suspicious transactions; activities related to money laundering
and terrorist financing
2.1. The Responsibility of the Board of Directors
The board of directors of an obliged entity:
• Determines, records and approves the general policy principles of the obliged entity in relation to
the prevention of ML and TF and communicates them to the Compliance Officer.
• Appoints a compliance manager and, and, where necessary, alternate compliance officer, assistant
compliance officers and determines their duties and responsibilities, which are recorded in the risk
management and procedures manual.
• Approves the risk management and procedures manual which is communicated to all employees
that manage, monitor or control in any way the customers’ transactions and have the responsibility
for the application of the practices, measures, procedures and controls that have been determined.
• Ensures that all requirements of the Law and of the CySEC Directive are applied, and assures that
appropriate, effective and sufficient systems and controls are introduced for achieving compliance
with the requirements.
• Assures that the compliance officer, the alternate compliance officer and their assistants, and any
other person who has been assigned with the duty of implementing the procedures for the
prevention of money laundering and terrorist financing, have complete and timely access to all data
and information concerning customers’ identity, transactions’ documents and other relevant files
and information maintained by the obliged entity.
• Ensures that all employees are aware of the persons who have been assigned the duties of the
Page 162 of 334

compliance officer, the alternate compliance officer as well as their assistants, to whom they report
any information concerning transactions and activities for which they have knowledge or suspicion
that might be related to money laundering and terrorist financing.
• Establishes a quick and clear reporting chain based on which information regarding suspicious
transactions is passed without delay to the compliance officer, either directly or through their
assistants and notifies accordingly the compliance officer for its explicit prescription in the risk
• Ensures that the compliance officer and alternate compliance officer have sufficient resources
including competent staff and technological equipment for the effective discharge of their duties.
• Assesses and approves the annual report, and takes actions, as deemed appropriate under the
circumstances, to remedy any weaknesses and/or deficiencies identified in the Annual Report.
The Board of Directors must designate a member who may be executive or non-executive. The member is
responsible for the implementation of the provisions of the AML/CFT Law and of the directives and/or circulars
and/or regulations issued by the Supervisory Authority, pursuant thereto including any relevant acts of the
European Union. The member may perform additional duties, where appropriate, depending on the nature and
size of the activities of the obliged entity.
2.2. Obligations of the Internal Audit department
The internal audit department reviews and evaluates, at least on annual basis, the appropriateness,
effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms
applied within an obliged entity for the prevention of money laundering and terrorist financing.
The findings and observations of the reviews must be submitted to the board of directors in a written
format, in order to decide the necessary measures to be taken for ensuring the rectification of any
weaknesses and/or deficiencies.
The internal audit report and the measures taken are submitted to CySEC.
2.3. Customers’ acceptance policy
A customers’ acceptance policy must be developed according to the provisions of the Law and CySEC’s
directive. The acceptance policy is prepared after detailed assessment of the risks the obliged entity
faces from its customers, their transactions and countries of origin and operations.
The customers’ acceptance policy shall include the criteria for accepting new customers, clarify which
categories of customers cannot be accepted or must not execute occasional transactions, as well as
the customer risk categories, which shall be at minimum three (low, normal and high risk).
Page 163 of 334

Edition B.Ad.1 / EN
2.4. Compliance Officer Duties
A Compliance Officer is appointed by the board of directors and needs to belong to the senior management in
order to possess the necessary authority. The alternate compliance officer takes over the responsibilities of the
compliance officer in case of his/her absence. The alternate compliance officer function may be outsourced to
a natural person and the outsourcing procedure is recorded in the risk management and procedures manual.
Compliance officer assistants may be appointed, if deemed necessary. The assistants report to the compliance
officer. The Obliged Entity communicates immediately to CySEC the names, the positions and the contact details
of the persons it appoints as Compliance Officer, alternate Compliance Officer and assistants of the Compliance
Officer.
The minimum duties of the compliance officer are:
- The design of the internal practices, measures, procedures and controls related to the prevention
of money laundering and terrorist financing based on the policy principles defined by the BoD.
- The allocation of the appropriateness and responsibility limits of each involved department.
- The development and establishment of the customers’ acceptance policy which is submitted to
the BoD for consideration and approval.
- The preparation of the risk management and procedures manual regarding money laundering
and terrorist financing.
- Monitoring and assessment of the correct and effective implementation of the policy, the
practices, measures, procedures and controls and in general the implementation of the risk
- Receives information from the employees which is considered to be knowledge or suspicion of
money laundering or terrorist financing activities or might be related with such activities. The
information is received on the Internal Suspicious report and the compliance officer, together
with the informer and the informer’s superiors, evaluates and examines the provided
information. If MOKAS needs to be notified, the compliance officer prepares the related report
and sends it the soonest possible. On the other hand, if an incident needs not to be reported to
MOKAS, the compliance officer needs to justify the decision.
- Acts as the first point of contact with the MOKAS, upon commencement and during an
investigation as a result of filing a report to the Unit.
- Ensures the preparation and maintenance of the lists of customers in accordance to their assessed
risk level giving amongst others, information for the names of customers, account numbers and
date of the commencement of the business relationships. The compliance officer ensures that
the lists and related information are kept updated for all new and existing clients.
- Detects, records, and evaluates, at least on an annual basis, all risks arising from existing and new
customers, new financial instruments and services and updates and amends the systems and
procedures applied by the obliged entity for the effective management of the aforementioned
risks.
- Evaluates the systems and procedures applied by a third person on whom the obliged entity relies
for customer identification and due diligence purposes.
- Ensures that the branches and subsidiaries of the obliged entity that operate in countries outside
the European Economic Area, have taken all necessary measures for achieving full compliance
with the provisions of the CySEC’s Directive, in relation to customer identification, due diligence
Page 164 of 334

and record keeping procedures.

- Provides advice and guidance to the employees on subjects related to money laundering and
terrorist financing.
- Acquires the required knowledge and skills for the improvement of the appropriate procedures
for recognising, preventing and obstructing any transactions and activities that are suspected to
be associated with money laundering or terrorist financing.
- Determines the obliged entity’s departments and employees that need further training and
education for the purpose of preventing money laundering and terrorist financing, prepares the
related annual staff training program, organises appropriate training sessions/seminars and
assesses the adequacy of the education provided
- Prepares correctly and submits timely CySEC the monthly report statement and the annual report.
- Be the contact point to all requests and queries from MOKAS and CySEC.
- Maintains a registry which includes all related reports, information and documentation as per the
CySEC Directive.
- Obtains and utilizes data, information and reports issued by the related international
organisations.
2.5. Risk-Based Approach (RBA)
An obliged entity takes appropriate steps to identify and assess the risks of money laundering and
terrorist financing which it faces, taking into account the risk factors, including those which relate to
its customers, countries and geographical areas, products, services, transactions or delivery channels
for providing certain services, provided that such measures are proportionate to the nature and size
of the obliged entity.
Certain sectors of a business may pose higher risks than others and will therefore necessitate
additional controls to mitigate those risks, while others may present lower risks that will necessitate
less controls. As a result, an obliged entity should apply appropriate measures and procedures, on
RBA, to focus its effort in those areas where the risk of money laundering and terrorist financing
appears to be higher. In addition, the obliged entity’s resources should be invested and applied
where they are most required. Consequently, the RBA should assist the obliged entity to understand
where its exposure to money laundering and terrorist financing is derived from and to which areas
it should prioritize its efforts.
Risk Based Approach involves specific measures and procedures such as:
• The aforementioned identification and assessment of the money laundering and terrorist
financing risks
• Documenting in the risk management and procedures manual the policies, measures,
procedures and controls to ensure their uniformed application across the obliged entity by
persons specifically appointed for that purpose by the Board of Directors
• Managing and mitigating the assessed risks by the application of appropriate and effective
measures, procedures and controls
Page 165 of 334

Edition B.Ad.1 / EN
• Performing continuous monitoring and improvements in the effective operation of the

policies, procedures and controls
In the event that the services and financial instruments of the obliged entity are simple and involve
relatively few customers or customers with similar characteristics, it should apply procedures to
detect, monitor and report the riskier customers and transactions.
To assist in the identification, recording and evaluation of risks, the obliged entity should consider
the below:
- The risk that is posed by the customers of the obliged entity

- The risk that is posed by a customer’s behaviour, and
- The means used by the customer to contact the obliged entity
The application of appropriate measures and procedures of a risk based approach depends on
different parameters, including:
- The scale and complexity of the services
- Geographical spread of the services and customers
- The nature and economic profile of customers
- The services and financial instruments provided to customers
- The distribution channels and practices
- The volume and size of transactions
- The degree of risk associated with each area of services
- The country of origin and destination of customers’ funds
- Deviations from the anticipated level of transactions
- The nature of business transactions
The obliged entity should take into consideration the Joint Guidelines and the Guidelines issued by
the Financial Action Task Force (FATF) when assessing the risks and applying risk-based measures
and procedures.
2.6. Examples
Money laundering can take many forms depending on the stage.
Examples of placement activity include:
• Mixing of illegitimate funds with funds from legitimate cash-intensive businesses such as
restaurants, hair salons, coffee shops, etc
• Repayment of loans by using laundered cash
• Currency smuggling by moving physical cash cross-border
• Purchasing of foreign exchange with illegal funds
Page 166 of 334

• Creating offshore private investment companies to place assets

• The launderer buys a policy with illicit money and then backs out of the policy requesting a
cancellation of the policy and refund of the money, after paying a penalty
• The launderer invests in Real estate using a method of money laundering known as the
“reverse flip” or ‘’under the table deal’’ where by the launderer pays for the property with a
reported purchase price well below the actual value of the property and then pays the
difference “under the table”
• A launderer provides illegitimate money to an associate and then the associate provides a
“loan or mortgage” back to the trafficker for the same amount with all the necessary “loan
and/or mortgage” documentation
The layering stage can involve transactions such as:
• Sending wire transfers of funds from one bank account to another, from one country to
another etc
• Converting deposited cash into monetary instruments
• Placing money in investments such as shares or bonds in rapid succession, investing in
collective investment scheme or insurance-based investment products
• Buying and selling foreign currencies
• Creating complex shell companies to circulate huge sum of money between companies and
jurisdictions within the network in order to lose audit trail
The “clean” money from the integration stage can involve:
• Investing in real estate

• Buying high luxury items i.e. art work, antiques, jewelry, expensive cars
• Investing in legitimate cash intensive businesses
• Getting into financial arrangements or joint ventures
There are also a number of similarities between money laundering and terrorist financing, such as the
methods used. From a technical perspective, the methods used by terrorists and other criminal
organizations are similar with the methods used to launder funds. Although it would seem logical that
funding from legitimate sources does not need to be laundered, there is a need for the terrorist group
to disguise the link between it and its legitimate funding sources. In doing so, the terrorists use
methods similar to those of criminal organizations: structuring and purchase of monetary
instruments, wire transfers, and use of debit or credit cards.
Although money laundering and terrorist financing have many similarities, they are two separate
crimes. However, there are key distinctions and certain typologies that can help Compliance Officers
understand the differences and distinguish suspicious terrorist financial activity from money
laundering.
Some of their basic differences include:
a. The origin of funds – Terrorist financing often uses clean legal funds to commit a crime with
Page 167 of 334

Edition B.Ad.1 / EN
a political background; hence such funds have not necessarily been obtained illegally. On the
other hand, money laundering involves the use of money derived from illicit proceeds and its
purpose is to use dirty money to perform legitimate activities.
b. Motivation – Criminals perform money laundering to gain profit, whereas terrorist financing
is based on ideological beliefs.
c. The money trail - laundered money eventually end up with the person(s) who initiated the
proceedings (circular process) whereas, in terrorist financing activities, money is used to
commit terrorist attacks and finance terrorist group activities (linear process), and in many
cases are unrelated to the initiator.
d. Money laundering involves large amounts of money which are usually structured but terrorist
financing uses small amounts which are unstructured.
e. The financial activity in money laundering involves complex group structures with shell,
bearer shares and offshore secrecy heavens while in terrorist financing there are no such
group structures and usually there are unrelated parties.
There are a large number of known activities that should arouse suspicion of money laundering
including:
• customers that move frequently without any particular underlying reason

• when an initial deposit is a wire transfer from outside the country, or is a large cash
transaction
• customers with an address at a significant distance from the bank
• overpayments by customers on credit line or credit cards just before going on a
holiday or when other circumstances would normally prevent them from making
payments
• unrelated customers sharing the same street or IP addresses.
However, those who wish to launder funds or finance terrorism are continuously finding new
ways to do so; staff members of financial institutions, therefore, need to be alert to anything
that is out of the ordinary.
Page 168 of 334

1. Describe the appropriate systems that need to be in place to enable the detection of money
laundering and the financing of terrorism.
2. List the clients for whom simplified due diligence is sufficient.

3. List the responsibilities of the board of directors

4. Describe the duties of the compliance function.

Page 169 of 334

Edition B.Ad.1 / EN
Chapter 8
Markets in Financial
Instruments Regulation (MiFIR)
Learning Objectives
1. Special Provisions in Respect of Financial

2. and Other Business Activities
3. Transparency Requirements
4. Reporting Requirements
5. Derivatives
The Markets in Financial Instruments Regulation of 2014 (Regulation EU 600/2014) is also known as
MiFIR and is accompanied by the Markets in Financial Instruments Directive (MiFID). These EU wide
rules, collectively known as MiFID II, apply to all member states and concerns investments firms,
regulated markets and data reporting services. The regulation and the directive aim at smoothening
the function of the internal market.
1. Special Provisions in Respect of Financial and Other

Business Activities
Learning Objective
Ø Know the scope of MiFIR (Article 1)
The MiFIR regulation establishes uniform requirements in relation to:
1. disclosure of trade data to the public
Page 170 of 334

2. reporting of transactions to the competent authorities
3. trading of derivatives on organised venues
4. non-discriminatory access to clearing and trading in benchmarks
5. product intervention powers of competent authorities, ESMA, and EBA
6. powers of ESMA on position management controls and position limits
7. provision of investment services or activities by third-country firms following an

applicable equivalence decision by the European Commission.
MiFIR applies to:
• investment firms
• credit institutions for their investment services and activities
• market operators and the venues they operate
• central counterparties (CCP) and persons with proprietary rights to benchmarks
• third-country firms providing investment services or activities within the EU following an

applicable equivalence decision (with or without a branch).
CCPs and third-country firms are only subject to specific rules (title VI and VIII of the regulations
respectively).
2. Transparency Requirements
Learning Objective
Ø Know transparency requirements for equity instruments: pre-trade (Article 3); waivers
(Article 4); volume cap mechanism (Article 5); post-trade (Article 6); deferred publication
(Article 7)
Ø Know transparency requirements for non-equity instruments: pre-trade (Article 8); waivers
(Article 9); post-trade (Article 10); deferred publication (Article 11)
Ø Know transparency requirements applicable to systematic internalisers and investment
firms trading OTC (Article 14–15)
Page 171 of 334

Edition B.Ad.1 / EN
2.1. Equity Instruments
Equity instruments are subject to transparency requirements. In the context of this section, the term
‘financial instrument’ is used to describe shares, depositary receipts, exchange-traded funds (ETFs),
certificates or other similar financial instruments.
2.1.1. Pre-Trade
Market operators and investment firms operating a trading venue need to make the following
information publicly available for all equity and equity-related instruments traded on their trading
venue:
1. current bid and offer prices
2. depth of trading interest at those prices.
The information needs to be made available to the public on a continuous basis during normal trading
hours, and it needs to be calibrated for different types of trading systems including order-book, quote-
driven, hybrid, and periodic auction trading. The operator shall give access to the arrangements
employed for making this information public on reasonable commercial terms, and on a non-
discriminatory basis.
2.1.2. Waivers
The obligation to make pre-trade information available may be waived in the following examples:
a. A system matching orders based on a trading methodology by which the price of the
financial instrument referred to is derived from:
• the trading venue where the financial instrument was first admitted to trading,
or
• the most relevant market in terms of liquidity.
The reference price needs to be widely published and regarded by market participants as a reliable
reference price.
b. A system that formalises negotiated transactions which are:
• made with the current volume weighted spread reflected on the order book or
the quotes of market makers of the trading venue operating that system
Page 172 of 334

• in illiquid instruments and are dealt within a pre-determined percentage of a

suitable reference price, or
• subject to conditions other than the current market price of the instrument.
c. Orders for which the scale exceeds normal market size.
d. Orders held in an order management facility of the trading venue pending disclosure.
The reference price is typically the midpoint between the current bid price and the offer price or, if a
current price is not available, the midpoint between the closing bid price and the offer price of the
relevant trading session.
Formalised negotiated transactions need to be carried out in accordance with the rules of the trading
venue which shall ensure that appropriate arrangements, systems, and procedures are in place to
province and detect (attempted) market abuse in relation to these transactions. In addition, the
trading venue needs to establish, maintain, and implement systems to detect any attempt to use the
waiver to circumvent any other requirements. Any such attempts need to be reported to CySEC.
The Commission will monitor waivers granted on the basis of the first and third bullet of item (b)
above.
Prior to granting a waiver, CySEC will notify ESMA and other competent authorities of the intended
use of the waiver, and will provide an explanation of its functioning including details of the trading
venue. Notification of the intention to grant a waiver shall be made at least four months prior to the
intended start date. ESMA will issue a non-binding opinion within two months of receipt of the
notification. In the event that another member state disagrees with the waiver, they may refer the
matter back to ESMA. ESMA monitors the application of the waivers and, on an annual basis, submits
a report to the EC.
If it is observed that a waiver is being used in a way that deviates from its original purpose, or if it is
believed that the waiver is used to circumvent the requirements, CySEC may withdraw it, either on
their own initiative or on request from another competent authority. CySEC will notify ESMA.
2.1.3. Volume Cap Mechanism
In order to ensure that waivers (section 2.1.2) do not unduly harm price information, trading under
those waivers on a trading venue is restricted to 4% of total volume in the financial instrument to
which the waiver applies on all trading venues in the EU over the previous 12 months. Overall EU
trading in a financial instrument under a waiver shall not exceed 8% of the total volume of trading in
that financial instrument across the EU over the previous 12 months. The volume cap does not apply
to negotiated financial transactions for which there is no liquid market provided, they are transacted
within a predetermined range of a suitable reference price. In addition, the cap does not apply to
Page 173 of 334

Edition B.Ad.1 / EN
negotiated transactions that are subject to conditions other than current market price.
Once the 4% limit is exceeded, the competent authority that has issued the waiver shall suspend the
use of it for a period of six months within two days of the limit being exceeded.
Once the 8% limit is exceeded across all trading venues in the EU, all competent authorities in the EU
shall suspend the use of the waiver for a period of six months within two days of the limit being
exceeded.
Within five working days of the end of the calendar month, ESMA will publish the total volume per
financial instrument across the EU in the previous 12 months, the percentage of trading in a financial
instrument under those waivers per trading venue in the previous 12 months, and the methodology
used to derive the percentages. Once trading in a financial instrument on a trading venue exceeds
3,75% of total trading in the EU in the previous 12 months, or once trading across the EU exceeds
7,75% of all EU trading in the financial instrument over the previous 12 months, an additional report
will be published within five working days from the 15th of the next month.
In order to facilitate the monitoring of trading volumes and caps, operators of trading venues need to
have systems and procedures in place to enable the identification of all trades at the venue under a
waiver and to ensure that the trading volume does not exceed the permitted percentage of trading.
2.1.4. Post-Trade
Operators of trading venues need to make public the price, volume and time that transactions are
executed, as close to real-time as is technically possible. Under reasonable commercial terms, and on
a non-discriminatory basis, the operator will give access to the arrangements they employ for making
this information public to investment firms who are obliged to publish the details of their transactions.
2.1.5. Deferred Publication
CySEC may authorise the operator of a trading venue to defer the publication of the details of
transactions on the basis of their type or size, in particular transactions that are large in scale
compared to the normal market size for the type of financial instrument. Operators of a trading venue
need to obtain CySECs prior approval to defer publication and they need to disclose these
arrangements to market participants and to the public. ESMA monitors the application of the
arrangement of deferred trade publication and annually submits a report to the EC on this subject. In
the event that a competent authority of another member state disagrees with an authorised deferred
publication, the issue may be referred to ESMA.
Page 174 of 334

2.2. Non-Equity Instruments
Non-equity instruments are subject to transparency requirements as outlined in the sections below.
In the context of this section, the term ‘financial instrument’ is used to describe bonds, structured
finance products, emission allowances and derivatives.
2.2.1. Pre-Trade
Market operators and investment firms operating a trading venue need to make current bid of offer
prices as well as depth of trading interest at those prices, publicly available for all financial instruments
traded on their trading venue; this also applies to actionable indication of interests. The information
needs to be made available to the public on a continuous basis during normal trading hours. The
information needs to be calibrated for different types of trading systems, including order-book,
quote-
Markets in Financial Instruments Regulation (MiFIR)
driven, hybrid, and periodic auction trading. The publication obligation does not apply to derivatives
transactions of non-financial counterparts which are objectively measurable as reducing risks directly
relating to the commercial activity or treasury financing activity of the non-financial counterparty or
of the group. The information needs to be calibrated for different types of trading systems, including
order-book, quote-driven, hybrid, periodic auction trading, and voice trading systems. The operator
shall give access to the arrangements employed for making this information public on reasonable
commercial terms, and on a non-discriminatory basis.
In the event a waiver is granted in line with the rules outlined in section 2.2.2, the trading venue need
to, at a minimum, make public pre-trade bid and offer prices. These prices need to be close to the
price of the trading interest advertised through their systems. This information will be made available
to the public through appropriate electronic means on a continuous basis during normal trading
hours.
2.2.2. Waivers
The obligation to make pre-trade information available may be waived for the following reasons:
a. Orders that are large in scale compared to normal market size orders for the type of
instrument and orders held in an order management facility of the trading venue.
b. Actionable indications of interest in request-for-quote and voice trading systems that

are above a size specific to the financial instrument which would expose liquidity
providers to undue risk and takes into account whether the relevant market
Page 175 of 334

Edition B.Ad.1 / EN
participants are retail or wholesale investors.
c. Derivatives which are not subject to trading on regulated markets, MTFs, OTFs and
other financial instruments for which there is not a liquid market.
Prior to granting a waiver, CySEC will notify ESMA and other competent authorities of the intended
use of the waiver, and will provide an explanation of its functioning including details of the trading
venue. Notification of the intention to grant a waiver shall be made at least four months prior to the
intended start date. ESMA will issue a non-binding opinion within two months of receipt of the
notification. In the event that another member state disagrees with the waiver, they may refer the
matter back to ESMA. ESMA monitors the application of the waivers and, on an annual basis, submits
a report to the EC.
If it is observed that a waiver is used in a way that deviates from its original purpose, or if it is believed
that a waiver is used to circumvent the requirements, CySEC may withdraw a waiver either on its own
initiative or on request from another competent authority. CySEC will notify ESMA.
CySEC may temporarily suspend the pre-trade obligations if the liquidity of a financial instrument falls
below a predetermined threshold. This threshold will be determined on the basis of objective criteria
specific to the market for the financial instrument concerned. Notification of a temporary suspension
will be published on CySEC’s website.
Prior to applying a suspension, or renewing a temporary suspension, CySEC will notify ESMA of its
intentions and will provide an explanation.
2.2.3. Post-Trade
CySEC may authorise the operator of a trading venue to defer publication of the details of transactions
on the basis of their type or size. In particular:
• transactions that are large in scale compared to the normal market size for the type of
class of the financial instrument
• if there is no liquid market,
in the event the size of the trade would expose liquidity providers to undue risk.
When authorising the delay CySEC will need to take into consideration whether the market
participants are retail or wholesale investors.
2.2.4. Deferred Publication
Page 176 of 334

Operators of a trading venue need to obtain CySECs prior approval to defer publication and they need
to disclose these arrangements to market participants and to the public. ESMA monitors the
application of the arrangement of deferred trade publication and annually submits a report to the EC
on this subject. In the event that a competent authority of another member state disagrees with an
authorised deferred publication, the issue may be referred to ESMA.
CySEC may temporarily suspend trading if the liquidity in a specific class of financial instrument falls
below a pre-determined threshold, and it will publish the suspension on its website. A temporary
suspension will be valid for an initial period of up to three months from the date of publication that
appears on the CySEC website. The suspension may be renewed for a further period, not exceeding
three months at a time, if the grounds for the suspension continue to be applicable. If a temporary
suspension is not renewed, it will automatically lapse.
2.3. Systematic Internalisers and Investment Firms Trading OTC
In the context of this section, a financial instrument could be a share, a depositary receipt, an ETF, a
certificate or a similar financial instrument.
Investment firms must make public any quotes for financial instruments traded on a trading venue
for which they are a systematic internaliser, and for which there is a liquid market. In the event that
there is no liquid market, quotes will be made available to clients on request. The transparency
requirements in this section do not apply to systematic internalisers that deal in sizes above standard
market size.
Systemic internalisers may decide the size(s) at which they will quote with the minimum quote size
being 10% or more of the standard market size of the financial instrument traded on a trading venue.
Each quote needs to include a firm bid and offer price(s) for a size or sizes up to the standard market
size for the class of financial instruments. The price(s) will reflect the prevailing market conditions for
the financial instrument.
Financial instruments will be grouped in classes on the basis of the arithmetic averages value of the
orders executed in the market for those financial instruments. The standard size for each class shall
be one that is representative of the arithmetic average value of the orders executed in the market for
the financial instruments included in each class.
The market for each financial instrument is comprised of all the orders executed in the EU in respect
of the financial instrument, excluding those that are large in scale compared to normal market size.
The competent authority will determine the class to which a financial instrument belongs at least
annually on the basis of the arithmetic average value of orders executed in the market in respect of
the financial instrument.
Firms that meet the definition of the term ‘systematic internaliser’ will notify CySEC, who will then
transmit this notification to ESMA, which maintains a list of all systematic internalisers (SIs) in the EU.
Page 177 of 334

Edition B.Ad.1 / EN
Quotes will be made public on a regular and continuous basis during normal trading hours, they may
be updated at any time and, under exceptional market conditions, they may be withdrawn. Quotes
shall be made public in a manner that is easily accessible to other market participants and on a
reasonable commercial basis.
Orders from clients will be executed at the quoted prices at the time they are received. In justified
cases, the order may be executed as a better price providing that the price falls within a public range
close to market conditions. Orders received from professional clients might be executed at prices
different from the quoted prices in respect of transactions where execution in several securities is
part of one transaction, or in respect of orders that are subject to conditions other than the current
market price.
Where a systematic internaliser, quoting only one quote or whose highest quote is lower than the
standard market size, receives an order from a client between the quotation size and the standard
market size, they may decide to execute that part of the order which exceeds the quotation size at
the quoted price. If the systematic internaliser quotes different sizes, and receives an order between
those sizes, they shall execute the order at one of the quoted prices.
3. Reporting Requirements
Learning Objective
Ø Know record keeping requirements for investment firms (Article 25)

Ø Know record keeping requirements for trading venues (Article 25)
Ø Know transaction reporting requirements (Article 26)
Ø Know obligations relating to the supply of reference data for financial instruments
(Article 27)
3.1. Record-Keeping
Investment firms need to keep all relevant data relating to all orders and transactions in financial
instruments that they have carried out for their own account or on behalf of a client for a period of
five years. For client transactions the records need to contain all details of the identity of the clients,
and all information required for anti-money laundering purposes. Information may need to be
provided to CySEC and ESMA on request.
The operator of a trading firm needs to maintain all the relevant data relating to all orders in financial
instruments which are advertised through its systems for a period of at least five years. The records
need to contain all relevant data that constitutes the characteristics of the order, including those that
link an order to one or more executed transactions. Information may need to be provided to CySEC
and ESMA. ESMA will perform a facilitation and coordination role in relation to access to the
information by competent authorities.
Page 178 of 334

3.2. Transaction Reporting
Investment firms that execute transactions in financial instruments shall report complete and
accurate details of such transactions to the competent authority as soon as possible, but no later than
the close of business of the following working day. CySEC will establish the necessary arrangements
to ensure that the competent authorities of the most relevant markets in terms of liquidity for those
financial instruments also receive that information. On request, CySEC will make all information
available to ESMA.
These transaction reporting requirements apply to financial instruments:
1. admitted to trading, or traded on a trading venue for which a request for admission to trading
has been made
2. where the underlying is a financial instrument traded on a trading venue, and
3. where the underlying is an index or basket composed of financial instruments traded on a

trading venue.
The reporting requirement applies irrespective of whether or not such transactions are carried out on
the trading venue.
The transaction report needs to include the:
• names and numbers of the financial instruments bought or sold
• quantity bought or sold
• date and time of the execution of the transaction
• transaction price
• identification of the client on whose behalf the transaction is executed (legal entity
identifiers need to be established to identify clients that are legal persons)
• identification of persons and computer algorithms within the firm responsible for the
investment decision and execution of the transaction
• identification of the applicable waiver under which the trade has taken place
• means of identifying the investment firms concerned, and
• designation to identify a short sale in respect of any shares and sovereign debt.
Page 179 of 334

Edition B.Ad.1 / EN
For transaction executed on a trading venue the report will include a designation identifying the type
of transaction. For commodity derivatives, the report will indicate whether the transaction reduces
risk in an objectively measurable way.
Investment firms that transmit orders shall include all details outlined above in the transmission of
the order. However, instead of including the details when transmitting the order, the firm may choose
to report the order as a transaction once it has been executed.
The reporting requirements also apply to financial instruments executed by a firm not subject to the
regulation.
Reports need to be submitted to CySEC either by the investment firm itself, an advanced reporting
mechanism (ARM) acting on its behalf, or by the trading venue through whose system the transaction
was completed. Either way, the investment firm must take reasonable steps to verify completeness,
accuracy and timeliness of the transaction reports that were submitted on its behalf.
In accordance with EU rules and regulations, CySEC will require trading firms that make reports on
behalf of investment firms to have sound mechanisms in place to:
• guarantee the security and authentication of the means of transfer of information
• minimise the risk of data corruption and unauthorised access, and
• prevent information leakage maintaining the confidentiality of data at all times.
The trading venue needs to maintain adequate resources and have back-up facilities in place in order
to offer and maintain its services at all times.
Trade-matching or reporting systems, including trade repositories appropriately registered or

recognised, may be approved by CySEC as an ARM in order to submit trans-action reports to the
Commission.
An investment firm would be deemed to have fulfilled its transaction reporting requirements if it has
reported a transaction (including all the required details) to a trade repository approved as an ARM,
and the ARM has reported the same to CySEC within the appropriate time limit.
Any errors or omissions will be corrected by the party submitting the report, and a new report will be
submitted to CySEC.
In the event that the Republic is the host member state, CySEC will transmit the information to the
competent authority in the home member state of the investment firm unless the competent
authorities of the home member state have decided that they do not wish to receive this information.
3.3. Reference Data

Page 180 of 334
Trading venues need to disclose transaction data outlined in section 3.2 for financial instruments
admitted to trading on regulated markets or on MTFs or OTFs. Systematic internalisers need to
provide reference data related to the financial instruments defined in section 3.2. Identified reference
data will be submitted to CySEC in an electronic and standardised format before trading commences
in the financial instrument that it refers to. Financial instrument reference data needs to be updated
whenever there are changes. CySEC will, without delay, submit the information to ESMA who will
publish it on their website. ESMA will give competent authorities access to the reference data.
In order for competent authorities to be able to monitor the activities of investment firms to ensure
that they act honestly, fairly and professionally, and in a manner which promotes the integrity of the
market, ESMA and the competent authorities will establish the necessary arrangements to ensure
that they effectively receive the financial instrument reference data, that the quality of the data is
appropriate, and that the data is efficiently exchanged between the relevant competent authorities.
4. Derivatives
Learning Objective
Ø Know the obligation to trade derivatives on (Article 28): regulated markets; MTFs; OTFs;
third- country trading venues
Ø Know obligations relating to the clearing and indirect clearing of derivatives (Article 29–
30)
Ø Know the obligations relating to portfolio compression (Article 31)
4.1. Obligation to Trade on Regulated Markets, MTFs or OTFs
Derivative transactions may only be traded by financial counterparties and non-financial

counterparties permitted to clear futures contracts on regulated markets, MTFs, OTFs, or third-
country trading venues approved by the EC. This also applies to derivative transactions that are
designated as derivative contracts on a third-country exchange outside the EU given that the contract
has a direct, substantial and foreseeable effect within the EU or where a trading obligation is
necessary or appropriate to prevent any evasion of the regulations. Activity in derivatives which have
not been declared shall be monitored by ESMA on a regular basis to identify systemic risk and to
prevent regulatory arbitrage between derivative transactions.
Eligible derivatives may be admitted to trading on regulated markets or trading venues on a non-
exclusive and non-discriminatory basis. Upon careful consideration, the EC may approve trading
venues from third-countries as elite trading venue for derivatives trading. The legal and supervisory
framework of the third county is considered to have equivalent effect where that framework fulfils
all of the following conditions:
a. Trading venues of the third country are subject to authorisation, effective supervision and
Page 181 of 334

Edition B.Ad.1 / EN
enforcement on an ongoing basis.
b. Trading venues have clear and transparent rules regarding the admission of financial
instruments to trading so that they can be traded in a fair, orderly and efficient manner,
and are freely negotiable.
c. Issuers of financial instruments are subject to periodic and ongoing information

requirements ensuring a high level of investor protection.
d. It ensures market transparency and integrity via rules addressing market abuse in the
form of insider dealing and market manipulation.
4.2. Clearing of Derivatives
It is the responsibility of the operator of a regulated market to ensure that all derivatives transactions
are cleared by a CCP. The trading venues, CCPs and investment firms who act as clearing members
need to have effective systems, procedures and arrangements in place in relation to cleared
derivatives to ensure that the transactions are submitted and accepted for clearing as quickly as
technologically practicable as possible using automated systems. In this context, cleared derivatives
are all those that are processed by a regulated market as well as all derivatives for which it is otherwise
agreed between relevant parties that they will be cleared.
Indirect clearing arrangements are permissible providing that they do not increase counterparty risk
and that they ensure that the assets and positions of the counterparty benefit from appropriate
protection.
4.3. Portfolio Compression
When providing portfolio compressions, investment firms and market operators are not subject to
the best execution obligation. Termination or replacement of derivatives in a portfolio component
are not subject to the obligation to trade on regulated markets, MTFs or OTFs. Investment firms and
market operators providing portfolio compression will make the volume of transactions, and the time
they were concluded public through an APA, as close to real time as is technically possible. They shall
keep complete and accurate records of all portfolio compressions which will be made available
promptly to CySEC or ESMA on request.
Page 182 of 334

1. List the areas in which MiFIR establishes uniform requirements.

2. Describe the pre-trade transparency requirements for equity instruments.
3. Describe the volume cap mechanism.
4. List the instances for which the obligation to make pre-trade information available may be
waived for non-equity transactions.
5. Under which circumstances may operators of trading venues be permitted to defer the
publication of transaction details on non-equity transactions?
6. For which period of time does a firm need to maintain transaction records?
7. List the financial instruments to which transaction reporting applies.
8. Which party is responsible for ensuring that all derivative transactions are cleared by a
CCP?
Page 183 of 334

Edition B.Ad.1 / EN
Chapter 9
Capital Adequacy Requirements
Learning Objectives
1. Prudential Regulations, Capital and Own Funds Requirements

2. Risk Management Systems
3. Governance
4. The Supervisory Review and Evaluation Process (SREP)
5. The Purpose of the Internal Capital Adequacy Assessment Process
(ICAAP)
Investment firms operating in the Republic of Cyprus need to meet specific requirements regarding
capital adequacy, professional standards, the compliance function, systems and controls in
automated trading environments and suitability requirements.
1. Prudential Regulations, Capital and Own Funds

Requirements
The Capital Requirements Regulation (CRR) was entered into European Law in 2013 and has been
adopted by all member states. In Cyprus, this is transposed into Directives DI144–2014–14 and DI144–
2014–15. Directive DI144–2014–14 was released for the prudential supervision of investment firms
and Directive DI144–2014–15 on the discretions of the Cyprus Securities and Exchange Commission
arising from Regulation (EU) No 575/2013.
The CRR covers prudential regulations, capital and own funds requirements as well as the calculation
of risk weighted assets and the criteria that need to be met by banks to apply the standardised or
advanced approaches. Unless otherwise indicated, the paragraphs and sections noted behind the
learning objectives refer to Directives DI144–2014–14 and DI144–2014–15 arising from CRR.
The reference to Capital Requirements Regulation should not be EU575/2013 but Regulation (EU)
575/2013.
Page 184 of 334

In the remaining of the text the CRR will be referred to as EU 575/2013.
Learning Objective
Ø Know the prudential consolidation requirements (Part 1, Section 1, Chapter 1)

Ø Know the own funds requirements: Tier 1 capital (Article 25 of EU 575/2013); Tier 2
capital (Article 62 of EU 575/2013); own fund requirements (Article 92 of EU
575/2013); own fund requirements Cyprus (Part 2 of DI 144–2014–15); capital
buffers (Part II, Chapter 3 of DI 144– 2014–15)
Ø Know capital requirements: general requirements, valuation and reporting; capital
requirements for credit risk; own funds requirements for market risk (Part 3,
Sections i–iii)
Ø Know the requirements relating to large exposures: limits; exemptions (Part 4,
Paragraphs 18–19)
Ø Know transitional provisions (Part 5, Section I)
1.1. Prudential Consolidation
In the context of the regulations, CySEC is the consolidating supervisor who may waive the capital
requirements on a consolidated basis provide that:
1. each EU investment firm in the group uses the alternative calculation of total risk exposure;
2. all investment firms in a group that are not authorised to provide the following investment
services and activities:
a. dealing on own account
b. underwriting of financial instruments and/or placing of financial instruments on a firm

commitment basis
c. deal on own account only for the purpose of fulfilling or executing a client order or for
the purpose of gaining entrance to a clearing and settlement system of a recognised
exchange when acting as an agent or executing a client order
d. investment funds that:
i. do not hold client money or securities
ii. undertake only dealing on own account
iii. have no external customers, or
Page 185 of 334

Edition B.Ad.1 / EN
iv. for which the execution and settlement whose transactions take place under
the responsibility of a clearing institution and are guaranteed by that clearing
institution.
e. e. investment funds that meet the requirements in point C or D above on an individual

basis who at the same time deduct from its Common Equity Tier 1 items any contingent
liability in favour of CIFs, financial institutions, asset management companies and
ancillary services undertakings, which would otherwise be consolidated;
f. f. any financial holding company which is the parent financial holding company in a
member state of any CIF in the group holds at least enough capital, to cover the sum of
the following:
v. i. sum of full book value of any holdings, subordinated claims and

instruments in CIFs, financial institutions, asset management companies and
ancillary services undertakings which would otherwise be consolidated, and
vi. ii. the total amount of any contingent liability in favour of CIFs, financial
institutions, asset management companies and ancillary services
undertakings which would otherwise be consolidated
g. the group does not include credit institutions.
Where the above criteria are met, each EU investment firm will have systems in place to monitor and
control the sources of capital and funding of all financial holding companies, investment firms,
financial institutions, asset management companies and ancillary services undertakings within the
group.
On a case-by-case basis, CySEC may apply the waiver if the financial holding companies hold a lower
amount of own funds than the amount calculated under F above, but not lower than the sum of the
own funds requirements imposed on an individual basis to CIFs, financial institutions, asset
management companies and ancillary services undertakings which would otherwise be consolidated
and the total amount of any contingent liability in favour of CIFs, financial institutions, asset
management companies and ancillary services undertakings which would otherwise be consolidated.
The own funds requirement for investment undertakings of third countries, financial institutions,
asset management companies and ancillary services undertakings is a notional own funds
requirement.
Page 186 of 334

1.2. Own Funds Requirements
1.2.1. Types of Capital
Own funds consist of tier 1 and tier 2 capital with tier 1 capital consisting of the sum of common equity
tier 1 (CET1) capital and additional tier 1 capital. Tier 1 capital is the core capital including equity
capital and disclosed reserves.
CET1 items of an institution consist of:
a. capital instruments
b. share premium accounts
c. retained earnings
d. accumulated other comprehensive income
e. other reserves, and
f. funds for general banking risk.
Items C–F may only be recognised as CET1 if they are available for unrestricted and immediate use to
cover losses as soon as they occur. Interim year-end profits may be included under retained earnings
in CET1prior to confirming the final profit and loss provided they have gained permission from CySEC
which will be provided if the profits have been independently verifies, and the institution has satisfied
CySEC that any foreseeable charge or dividend have been deducted.
In order to qualify as CET1, capital instruments need to meet a number of conditions. Capital
instruments need to be fully paid up, perpetual and may not be guaranteed or secured. Capital
instruments absorb the first and proportionately the largest share of losses as they occur and they
rank below all other claims in the event of insolvency or liquidation. Capital instruments entitle the
owners to a claim on residual assets of the institution and are not secured, subject to a guarantee, or
subject to any arrangement that enhances the seniority.
Additional tier 1 capital consists of capital instruments and their associated premium accounts that
generally have the same characteristics as CET1 capital instruments but can have integrated call
options as long they may be exercised at the sole discretion of the issuer. Additional tier 1 capital
ranks after tier 2 capital in case of insolvency.
Tier 2 capital consists of capital instruments and subordinated loans and associated share premium
accounts as well as:
1. for institutions calculating risk-weighted exposure amounts under the standardised

approach: general credit risk adjustments, gross of tax effects, of up to 1,25 % of risk-
Page 187 of 334

Edition B.Ad.1 / EN
weighted exposure amounts
2. for institutions calculating risk-weighted exposure amounts under the advanced approaches:
positive amounts, gross of tax effects, resulting from the calculation laid down in Articles 158
and 159 up to 0,6 % of risk weighted exposure amounts.
1.2.2. Capital Ratios and Capital Buffers
At all times firms must maintain the capital ratios as defined in the table below:
Capital Ratio Calculation

CET1 4,5% CET1 capital expressed as a percentage of the total risk exposure amount
Total Tier 1 6% Tier 1 capital expressed as a percentage of the total risk exposure amount
Total 8% Own funds of the institution expressed as a percentage of the total risk
Capital exposure amount
Total risk exposure is the sum of items 1–6 below after taking into account that the own funds
requirements in points 3–5 below include all those arising from all business activities; and the own
funds requirements in points 2–5 will be multiplied by 12,5.
1. Risk weighted exposure amounts for credit risk and dilution risk in respect of all business
activities excluding the trading book.
2. Own funds requirements for the trading book business for position risk and large exposures
exceeding the large exposure limits.
3. Own funds requirements for foreign exchange risk, settlement risk, and commodities risk.
4. Own funds requirements for credit valuation adjustment risk of OTC derivatives except credit
derivatives recognised to reduce risk-weighted exposure amounts for credit risk.
5. Own funds requirements for operational risk.
6. Risk weighted exposure amounts for counterparty credit risk arising from trading book
business including credit derivatives, repurchase transactions, margin lending, and long
settlement transactions.
In addition to CET1 capital, CIFs can be required to maintain a capital conservation buffer up to 2,5%
of their total risk exposure amount. In addition, according to par. 52(2) of the Directive, the
Macroprudential Authority may exempt small- and medium-sized CIFs from holding a CCB, in addition
Page 188 of 334

to their Common Equity Tier 1 Capital. The Macroprudential Authority has decided not to exempt
small- and medium- sized CIFs. Therefore, the CCB applies to all CIFs that are authorised to provide
the investment services listed in points 3 (dealing on own accounts) and/or 6 (underwriting with firm
commitment) of the Law, irrespective of their size. In the event a CIF fails to meet the capital
conservation buffer requirement, they shall be prohibited from distributing more than the Maximum
Distributable Amount (MDA).
1.2.3. Cyprus Own Fund Requirements
CIFs need to report to CySEC direct, indirect, and synthetic holdings of the common equity and
additional Tier 1 instruments, and Tier 2 instruments of financial sector entities where those entities
have a reciprocal cross holding with the CIF and the Commission considers them to have been
designed to inflate artificially the own funds of the CIF, as memorandum items.
For the purpose of calculating their capital requirements, a risk weight of 1,250%needs to be applied
to the greater of:
1. the amount of qualifying holdings in financial sector entities and non-financial sector entities
that are considered a direct extension, an ancillary of banking, or leasing, factoring,
management of unit trusts or data management in excess of 15% of the CIFs eligible capital
2. total amount of qualifying holdings of an institution in undertakings other than those

referred to in point 1 that exceeds 60% of the CIFs eligible capital.
1.3. Capital Requirements
When the business of an investment firm materially changes, CySEC may adjust the requirements for
own funds based on fixed overheads.
The European Commission may decide whether a third county applies prudential supervisory and
regulatory requirements that are at least equivalent to those applied in the EU. For any third countries
approved by the European Commission (equivalent third country), the CIFs may treat exposures to
these countries’ credit institutions, clearing houses, and exchanges similarly to exposures to
institutions established in Australia, Canada, Japan, Switzerland, USA, and Russia.
When competent authorities in an equivalent third country assign a risk lower than 100% to central
banks or lower than the rate for the quality step in the table below for exposures to their central
government and central bank denominated in domestic currency, CIFs may assign the same risk
weight to these exposures.
Page 189 of 334

Edition B.Ad.1 / EN
Credit quality step 1 2 3 4 5 6

Risk weight 0% 20% 50% 100% 100% 150%
When equivalent third countries treat exposures to regional governments or local authorities as
exposures to their central government and there is no risk between exposures because of the specific
revenue-raising powers of regional government or local authorities and to specific institutional
arrangements to reduce the risk of default, CIFs may risk weight those exposures in the same manner.
In exceptional circumstances exposures to public-sector entities may be treated as exposures to the

central government, regional government or local authority in whose jurisdiction they are established
where in the opinion of the Commission there is no difference in risk between such exposures because
of the existence of an appropriate guarantee by the central government, regional government or local
authority.
When an equivalent third-country treats exposures to public sector entities assign risk weights to
public sector entities in accordance with the table below, CIFs may risk weight their exposures to
these entities in the same way. Otherwise a risk weight of 100%must be applied.
Credit quality step to which central 1 2 3 4 5 6

government is assigned
Risk weight 20% 50% 100% 100% 100% 150%
The risk weight for an equivalent third country CIU may be determined on the basis of a look-through
or the average risk weight for its exposures provided the following eligibility criteria are met and:
1. the CIU is managed by a company that is subject to supervision in a member state or, in the
case of third country CIU, where the following conditions are met:
a. the CIU is managed by a company which is subject to supervision that is considered

equivalent to that laid down in Union law
b. cooperation between competent authorities is sufficiently ensured
2. the CIU’s prospectus or equivalent document includes the following:
a. a. the categories of assets in which the CIU is authorised to invest
b. b. if investment limits apply, the relative limits and the methodologies to calculate them
3. the business of the CIU is reported on at least an annual basis to enable an assessment to be
made of the assets and liabilities, income and operations over the reporting period.
Page 190 of 334

On the basis of the data collected by the competent authorities, in line with the EU Regulations, taking
into account forward-looking immovable property market developments and any other relevant
indicators, CySEC shall at least annually, assess whether the minimum LGD values remain appropriate
for exposures secured by residential property or commercial immovable property located in its
territory. Where appropriate in the context of financial stability, the CySEC may set higher minimum
values of exposure weighted average LGD for exposures secured by immovable property in the
Republic. CySEC shall notify EBA of any changes to the minimum LGD values.
1.4. Large Exposures
After taking into account the effect of credit risk mitigation, exposures to a client or a group of
connected clients may not exceed 25% of a CIFs eligible capital. In the event the client is an institution,
or where a group of connected clients includes one or more institutions, the value of the exposure
may not exceed 25% of the CIFs eligible capital or €150 million (whichever is higher) provided the sum
of the exposure values, after eligible risk mitigation, to all connected clients that are not institutions
does not exceed 25% of the CIF’s eligible capital.
If €150 million is more than 25% of the CIF’s eligible capital the limit shall be amended to a reasonable
level by the CIF. Determination of the limit will be in accordance with the CIF policies and procedures
and to control concentration risk. The limit may not exceed 100% of the CIF’s eligible capital.
The following exposures are exempted by CySEC:
1. Covered bonds.
2. Assets constituting claims on regional government or local authorities of member states,

with a 20% risk weight as well as other exposures to (or guaranteed by) those authorities.
3. Exposures, including participations or other kinds of holdings, incurred by a CIF to:
a. its parent undertaking
b. other subsidiaries of that parent undertaking, or
c. its own subsidiaries.
These undertakings need to be e covered by the supervision on a consolidated basis to which the CIF
itself is subject, or an equivalent third country.
4. Asset items constituting claims and other exposures to CIFs provided those exposures do not
constitute the CIF’s own funds, do not last longer than the following business day and are
not denominated in a major trading currency.
Page 191 of 334

Edition B.Ad.1 / EN
5. 50% of medium/low risk off-balance sheet documentary credits and undrawn credit facilities
and, subject to CySEC agreement, 80% of guarantees other than loan guarantees which have
a legal or regulatory basis and are given for their members by mutual guarantee schemes
possessing the status of CIF.
6. Legally required guarantees used when a mortgage loan financed by issuing mortgage bonds
is paid to the borrower before final registration of the mortgage in the land register provided
the guarantee is not used to reduce the risk in the calculation of risk weighted exposure
amounts.
7. Asset items constituting claims on, and other exposures to, recognised exchanges.
All of the above will be fully exempt until the entry into force of the large exposures regulations, but
not after the 31 December 2028.
1.5. Transitional Provisions
From the 1 January 2015, CySEC requires CIFs to include 100% of unrealised losses measured at fair
value in the calculation of Common Equity Tier 1 (CET1) capital. In addition, CySEC may also permit
CIFs to include 100% of their unrealised gains at fair value. The percentage of unrealised losses
measured at fair value to be included in the calculation of CET1 capital will not exceed the percentage
of unrealised gains measured at fair value to be included.
From the 1 January 2014 until the 31 December 2018, CySEC may permit CIFs that prepare their
accounts conform international accounting standards to add an appropriate amount for their defined
benefit pension plans to their CET1 capital. Between the 1 January and the 31 December 2018, this
amount needs to be multiplied by a factor of 0,2%.
Institutions need to deduct the following from CET1 Capital:
• deferred tax assets that rely on future profitability
• applicable amount of direct, indirect and synthetic holdings of CET1 instruments of financial
sector institutions in which the institution has a significant investment. The deduction is
subject to the following percentages:
Period Percentages
Page 192 of 334

1 January – 31 December 2018 40%

CET1 capital consists of amounts that are regarded under national law as equity capital subscribed by
the shareholders or other proprietors, regardless of their actual designation and includes the nominal
amount of capital and share premium accounts. Related share premium accounts that qualified as
original own funds may be included in Tier 1 capital at a percentage of the nominal amount that
remained issued on the 31 December 2012 against the following limits:
Period Percentage
These items may otherwise be considered as Tier 2 capital.
In addition to regulations regarding capital, own funds, and the calculation of risk weighted assets,
the CRR also specifies requirements in relation to the risk management system in place within
institutions.
2. Risk Management Systems
Learning Objective
Ø Know the arrangements, processes and mechanisms CIFs should have in place for:
recovery and resolution; remuneration; treatment of risks; calculating and benchmarking
own funds requirements (Part II, chapter 1, section 1, paragraph 4–8)
Ø Know the arrangements, processes and mechanisms CIFs should have in place for: credit
and counterparty risk; residual risk; concentration risk; securitisation risk; market risk;
interest risk arising from non-trading activities; operational risk; liquidity risk; risk of
excessive leverage Part II, Chapter 1, section 1, paragraph 9–17)
Page 193 of 334

Edition B.Ad.1 / EN
2.1. Recovery and Resolution
CIFs need to have resolution plans in place as well as recovery plans in place to ensure they can restore
their financial situation after a significant deterioration. These plans need to be proportionate to the
size and business of the CIF. In consultation with CySEC they may be reduced if CySEC considers that
the failure of a specific CIF will not have a negative impact on financial markets, other institutions, or
funding conditions due to its size, business model, or interconnectedness with other institutions or
the financial system in general.
A CIF must cooperate closely with resolution authorities and provide all necessary information for
them to prepare and draft viable plans setting out options for the orderly resolution of a CIF in the
case of failure. The principle of proportionality applies here too.
2.2. Remuneration
CySEC is responsible for the collection of information that needs to be disclosed by institutions in
relation to remuneration of those categories of staff whose professional activities have a material
impact on its risk profile. The following information needs to be disclosed:
1. Information regarding the decision making process for the determination of the
remuneration policy, number of meetings held by the main body overseeing remuneration
during the financial year including (if applicable) information about the composition and
mandate of a remuneration committee, external consultant used for the determination of
the remuneration poly, and the role of relevant stakeholders.
2. Information on the link between pay and performance.
3. Most important characteristics of the remuneration system, including criteria used for
performance measurement and risk adjustment, deferral policy, and vesting criteria.
4. Ratios between fixed and variable remuneration.
5. Performance criteria that form the basis for the entitlement to shares, options, or variable
remuneration.
6. Main parameters and rationale for any variable component scheme and other non-cash
benefits.
7. Aggregate quantitative remuneration by business area.
8. Aggregate quantitative remuneration broken down by senior management and members of

staff whose actions have material impact on the risk profile including:
Page 194 of 334

a. amounts per for the financial year split into fixed and variable components and the
number of beneficiaries
b. amounts and forms of variable remuneration split into cash, shares, share-linked
instruments and others
c. amounts of outstanding deferred remuneration split into vested and unvested
d. amounts of deferred remuneration awarded during the financial year, paid out and
reduced through performance adjustments
e. new sign-on and severance payments made during the financial year and the number
of beneficiaries
9. Number of individuals remunerated €1 million or more per financial year broken down into
pay bands of €1 million including job responsibilities, business area, main elements of salary,
bonus, long-term awards and pension contribution.
10. On demand of CySEC – the total remuneration for each member of the managing body or
senior management.
CySEC will provide this information to the EBA.
2.3. Treatment of Risk
The Board of Directors of a CIF needs to approve and periodically review the strategies and policies
for taking, managing, monitoring, and mitigating the risks a CIF is exposed to including those risks
posed by the macroeconomic environment and the business cycle. The board of directors need to
devote sufficient time to consideration of risk issues and be actively involved in ensuring adequate
resources are allocated to the management of all material risks, the valuation of assets, the use of
external credit ratings, and the use of internal risk models. The CIF must establish reporting lines to
the board of directors covering all material risks and risk management policies (including any
changes).
CIFs that are significant in terms of size, internal organisation, and the nature, scope and complexity
of their activities must establish a risk committee. The risk committee must consist of members of the
board of directors who do not perform any executive function in the CIF. Members of the risk
committee need to have the appropriate knowledge, skills, and expertise to fully understand and
monitor the risk strategy and risk appetite of the CIF. The risk committee advises the board of
directors regarding the overall current and future risk appetite and strategy, and assists with
overseeing the implementation of the strategy by senior management. The board of directors retains
overall responsibility for risks.
Page 195 of 334

Edition B.Ad.1 / EN
The risk committee reviews whether prices of liabilities and assets offered to clients fully take into
account the CIF’s business model and risk strategy. In the event this is not the case, the risk committee
shall present a remediation plan to the board of directors.
A CIF that is not considered significant may be permitted by CySEC to combine the risk committee
with the audit committee in which case the members must have the appropriate knowledge, skills,
and expertise to qualify for both committees.
The board of directors and, if applicable, the risk committee must have adequate access to
information regarding the risks of the CIF, the risk management function, and external expert advice
as appropriate. They must determine the nature, amount, format, and frequency of risk information
they need to receive. Without prejudice to the remuneration committee, they will examine whether
incentives provided by the remuneration system take into consideration risk, capital, liquidity, and
the likelihood and timing of earnings.
CIFs need to ensure they have a risk management function in place that is independent from the
operational functions and which shall have sufficient authority, stature, resources, and access to the
board of directors. The risk management function needs to be proportionate to the size and
complexity of the business. The risk management function is responsible for the identification,
measurement, and appropriate reporting of all risks. They need to be actively involved in elaborating
the risk strategy and all material risk management decisions. The risk management function needs to
be able to deliver a complete overview of the whole range of risks the CIF is subject to.
Where necessary, the risk management function must be able to report directly to the board of
directors, independent from senior management. They need to be able to raise concerns and warn
the board of directors of specific risk developments that (may) affect the CIF. The head of the risk
management function is an independent senior manager with distinct responsibility for the risk
management function. This function may be undertaken by another person within the CIF if the size,
scale and complexity of the organisation do not justify a specially appointed person provided there is
no conflict of interest. The head of risk management may not be removed without prior approval from
the board of directors.
2.4. Calculating Own Funds Requirements
CIFs that are significant in terms of their size, internal organisation and the nature, scale and
complexity of their activities, are encouraged to develop internal credit risk assessment capacity and
to increase use of the internal ratings based approach for calculating their own funds requirements
for credit risk where their exposures are material in absolute terms and where they have at the same
time a large number of material counterparties. In addition, they are encouraged to develop internal
specific risk assessment capacity and to increase use of internal models for calculating own funds
requirements for specific risk of debt instruments in the trading book, together with internal models
to calculate own funds requirements for default and migration risk where their exposures to specific
risk are material in absolute terms and where they have a large number of material positions in debt
Page 196 of 334

instruments of different issuers.
For these CIFs, CySEC shall monitor that they do not solely or mechanistically rely on external credit
ratings for assessing the creditworthiness of an entity or financial instrument.
2.5. Supervisory Benchmarking of Own Funds Requirements
CIFs that are permitted to use internal approaches for the calculation of risk weighted exposure
amounts or own fund requirements except for operational risk, report the results of the calculations
of their internal approaches for the exposures or positions that are included in the benchmark
portfolios. CIFs shall submit the results of their calculations, together with an explanation of the
methodologies used to produce them, to CySEC at least annually. The results of these calculations
must be submitted to CySEC and EBA by means of the appropriate template.
On the basis of the reported information CySEC monitors the range of risk weighted exposure
amounts or own funds requirements, except for operational risk, for the exposures or transactions in
the benchmark portfolio resulting from the internal approaches of those CIFs. At least annually, CySEC
assesses the quality of those approaches paying particular attention to those approaches that exhibit
significant differences in own fund requirements for the same exposure and approaches where there
is particularly high or low diversity, and also where there is a significant and systematic under-
estimation of own funds requirements.
For CIFs that diverge significantly from the majority of their peers, or where there is little commonality
in approach leading to a wide variance of results, CySEC shall investigate the reasons. If it can be
clearly identified that a CIF’s approach leads to an underestimation of own funds requirements which
is not attributable to differences in the underlying risks of the exposures or positions, CySEC shall take
corrective action. CySEC shall ensure their decisions on the appropriateness of corrective actions
comply with the principle that such actions must:
a. maintain the objectives of an internal approach and therefore do not lead to standardisation
or preferred methods
b. create wrong incentives or cause herd behaviour.
2.6. Processes and Procedures for Types of Risk
CIFs must ensure they have appropriate processes and procedures in place to manage all the different
types of risk.
Page 197 of 334

Edition B.Ad.1 / EN
2.6.1. Credit and Counterparty Risk
Credit granting must be based on sound and well-defined criteria. The process for approving,
amending, renewing, and refinancing need to be clearly established. Internal methodologies need to
enable the CIF to assess the credit risk of exposures to individual obligors, securities or securitisation
positions and credit risk at the portfolio level. Internal methodologies may not solely or mechanically
rely on external credit ratings.
When own funds requirements are based on a rating form an External Credit Assessment Institution
(ECAI), or based on the fact that an exposure is unrated, the CIF still needs to consider other relevant
information when assessing their allocation of internal capital.
Credit risk bearing portfolios and exposures need to be monitored on an ongoing basis including the
identification and management of problem credits and making adequate value adjustments and
provisions.
Portfolios need to be adequately diversified given a CIFs target market by applying effective systems
and overall credit strategy.
2.6.2. Residual Risk
Residual risk is the risk that remains when credit mitigation techniques prove less effective than
expected. This risk needs to be addressed and controlled and incorporated in written policies and
procedures.
2.6.3. Concentration Risk
Concentration risk arises from exposures to counterparties, including central counterparties, groups
of connected counterparties, and counterparties in the same economic sector, geographic region, or
from the same activity or commodity. The risk mitigation techniques need to address risks associated
concentration risk, in particular risks with large indirect credit exposures such as a single collateral
issuer and need to be incorporated in written policies and procedures.
2.6.4. Securitisation Risk
Securitisation risk arises from securitisation transaction in which the CIF is an investor, originator or
sponsor and includes reputational risk. These risks arise from the complex structures of the product
and must be evaluated and addressed through the appropriate policies and procedures to ensure the
economic substance of the transaction is fully reflected in the risk assessment and management
Page 198 of 334

decisions.
CIFs who are originators of revolving securitisation transactions with early amortisation provisions
need to have Liquidity plans in place to address the implications of both scheduled and early
amortisation.
2.6.5. Market Risk
Policies and procedures need to be in place for the identification, measurement, and management of
all material sources and effects of market risks. Where short positions fall due before the long
position, CIFs must take measures against the risk of a liquidity shortage.
The internal capital must be adequate to cover all material market risks that are not subject to the
own funds requirements. CIFs that net their positions in one or more of the equities constituting a
stock-index against one or more positions in the stock-index futures or other stock-index products
when calculating the own fund requirements, must have adequate internal capital when they hold
opposite positions in stock-index futures which are not identical in respect of their maturity,
composition, or both.
CIFs that reduce their net underwriting position when calculating their own funds requirements must
ensure they hold sufficient internal capital against the risk of loss which exists between the time of
the initial commitment and the following working day.
2.6.6. Interest Rate Risk Resulting from Non-Trading Activities
CIFs must implement systems to identify, evaluate and manage the risk arising from potential changes
in interest rates that affect a CIF’s non-trading activities.
2.6.7. Operational Risk
Policies and procedures need to be in place to evaluate and manage the exposure to operation risk
including model risk, and to cover low-frequency high-severity events. The policy needs to articulate
what constitutes operational risk for the purpose of the policies. The policies need to include
contingency and business continuity plans to ensure a CIF’s ability to operate on an on-going basis
and limit losses in the event of severe business disruption.
Page 199 of 334

Edition B.Ad.1 / EN
2.6.8. Liquidity Risk
Robust strategies, policies, procedures, and systems need to be in place for the identification,
measurement, management and monitoring of liquidity risk over appropriate time horizons including
intra-day. These policies need to be in place to ensure they maintain adequate levels of liquidity
buffers and need to be tailored to business lines, currencies, branches and legal entity. They need to
include adequate allocation mechanisms of liquidity, costs, benefits and risks. The strategies, policies,
procedures and systems need to be proportional to the complexity, risk profile, scope of operation of
the CIF and the risk tolerance set by the board of directors and reflect the importance of the CIF in
the Republic. CIFs must communicate their risk tolerances to all relevant business lines.
The liquidity risk profile must not be consistent with, but not in excess of, those required of a well-
functioning and robust system while being proportionate to the nature, scale, and complexity of their
activities.
CySEC monitors developments in relation to liquidity risk profiles such as product design and volumes,
risk management, funding policies and funding concentrations. They will take effective action when
any developments may lead to individual CIF or systemic instability and will inform EBA about any
actions carried out.
CIFs must develop methodologies for the identification, measurement, management and monitoring
of funding positions. This includes the current and projected material cash-flows in and arising from
assets, liabilities, off-balance sheet items, including contingent liabilities and the possible impact of
reputational risk. A distinction must be made between pledged and unencumbered assets that are
available at all times, in particular during emergency situations. In addition, CIFs must take into
account:
1. The legal entity in which assets reside, the country where assets are legally recorded either
in a register or in an account and their eligibility and shall monitor how assets can be
mobilised in a timely manner.
2. Existing legal, regulatory, and operational limitations to potential transfers of liquidity and
unencumbered assets among entities, both within and outside the EEA.
3. Different liquidity risk mitigation tools, including a system of limits and liquidity buffers in
order to be able to withstand a range of different stress events and an adequately
diversified funding structure and access to funding sources. Those arrangements shall be
reviewed regularly.
4. Alternative scenarios on liquidity positions and risk mitigants and reviews the assumptions
underlying decisions concerning the funding position at least annually. Alternative
scenarios need to address off-balance sheet items and other contingent liabilities including
those of Securitisation Special Purpose Entities (SSPE) or other special purpose entities.
Taking into account the outcome of these scenarios the CIF must adjust their strategies,
internal policies and limits on liquidity risk and develop effective contingency plans.
Page 200 of 334

5. Potential impact of institution-specific, market-side and combined alternative scenarios

considering different time periods and varying degrees of stress conditions.
Liquidity recovery plans need to be in place setting out adequate strategies and proper
implementation measures to address possible liquidity shortfalls, including in relation to branches in
other member states. Those plans need to be tested at least annually and updated if necessary. The
result of the test needs to be reported to and approved by senior management so that internal
policies and procedures can be adjusted accordingly. The necessary operational steps need to be
taking in advance to ensure liquidity recovery plans can be implemented immediately.
2.6.9. Risk of Excessive Leverage
CIFs must have policies and procedures in place for the identification, management, and monitoring
of the risk of excessive leverage. Indicators of excessive leverage include the leverage ratio calculated
as the institute’s capital measure divided by their total exposure measure expressed as a percentage,
and mismatches between assets and liabilities.
The risk of excessive leverage must be addressed precautionary by taking into account potential
increases in the risk of excessive leverage caused by reductions of the CIF’s own funds through
expected or realised losses, depending on the applicable accounting rules. CIF’s must be able to
withstand a range of different stress events.
3. Governance
Learning Objective
Ø Know the governance requirements relating to: country-to-country reporting; public
disclosure of return on assets (section 2, paragraph 18–19)
Ø Know governance requirements relating to remuneration: remuneration policies; variable
elements of remuneration; remuneration committee (section 2, paragraph 20–22)
3.1. Country-to-Country Reporting and Return on Assets Disclosure
As of the first of January 2015, CIFs need to annually disclose, on a consolidated basis for the financial
year, the following information by Member State and by third country in which it is established:
1. name(s), nature of activities and geographical location
2. turnover
Page 201 of 334

Edition B.Ad.1 / EN
3. number of employees on a full time equivalent basis
4. profit or loss before tax
5. tax on profit or loss
6. public subsidies received.
The information needs to be audited in accordance with the auditors and statutory Audits of Annual
and Consolidated Accounts Law of 2009. Where possible, the information shall be published as an
annex to the annual financial statements or, where applicable to the consolidated financial
statements of the CIF. In addition, the CIF must report key indicators including return on assets
calculated as net profit divided by their total balance sheet.
3.2. Remuneration
The governance requirements related to remuneration apply to CIFs at group, parent company and
subsidiary levels, including those established in offshore financial centres.
Total remuneration includes salaries and discretionary pension benefits. When establishing and
applying the total remuneration policies, for categories of staff including senior management, risk
takers, staff engaged in control functions and any employee receiving total remuneration that takes
them into the same remuneration bracket as senior management and risk takers, whose professional
activities have a material impact on their risk profile, CIFs must comply with the following principles
in a manner and to the extent that is appropriate to their size, internal organisation and the nature,
scope and complexity of their activities:
1. the remuneration policy is consistent with and promotes sound and effective risk
management and does not encourage risk-taking that exceeds the level of tolerated risk of
the CIF
2. the remuneration policy is in line with the business strategy, objectives, values and long-
term interests of the CIF, and incorporates measures to avoid conflicts of interest
3. the CIF’s board of directors adopts and periodically reviews the general principles of the
remuneration policy and is responsible for overseeing its implementation
4. the implementation of the remuneration policy is, at least annually, subject to central and
independent internal review for compliance with policies and procedures for remuneration
adopted by the board of directors
5. staff engaged in control functions are independent from the business units they oversee,
have appropriate authority, and are remunerated in accordance with the achievement of
Page 202 of 334

the objectives linked to their functions, independent of the performance of the business
areas they control;
6. the remuneration of the senior officers in the risk management and compliance functions is
directly overseen by the remuneration committee referred to in paragraph 22 in Directive
DI144–2014–14 or, if such a committee has not been established, by the board of directors
7. the remuneration policy, taking into account national criteria on wage setting, makes a clear
distinction between criteria for setting:
a. basic fixed remuneration, which should primarily reflect relevant professional

experience and organisational responsibility as set out in an employee’s job description
as part of the terms of employment, and
b. variable remuneration which should reflect a sustainable and risk adjusted

performance as well as performance in excess of that required to fulfil the employee’s
job description as part of the terms of employment.
For variable elements, the following additional principles apply:
1. For performance related remuneration, the total remuneration is based on a combination

of the assessment of the performance of the individual and the business unit concerned and
the overall results of the CIF when. When assessing individual performance financial and
non-financial criteria are taken into account.
2. Performance assessment is in a multi-year framework in order to ensure the process is based

on long- term performance and that the actual payment of performance-based components
of remuneration is spread over a period taking into account the underlying business cycle
and business risks.
3. Total variable remuneration does not limit the ability of the CIF to strengthen its capital base.
4. Guaranteed variable remuneration is not consistent with sound risk management or the pay-
for- performance principle and shall not be part of prospective remuneration plans.
5. Guaranteed variable remuneration is exceptional, occurs only when hiring new staff and
where the CIF has a sound and strong capital base and is limited to the first year of
employment.
6. Fixed and variable components of total remuneration are appropriately balanced and the
fixed component represents a sufficiently high proportion of the total remuneration to allow
the operation of a fully flexible policy on variable remuneration components, including the
possibility to pay no variable remuneration component.
7. CIFs must set the appropriate ratios between the fixed and the variable component of the
Page 203 of 334

Edition B.Ad.1 / EN
total remuneration, whereby the following principles shall apply:
a. the variable component shall not exceed 100 % of the fixed component of the total
remuneration for each individual.
b. shareholders of the CIF may approve a higher maximum level of the ratio between the
fixed and variable components of remuneration provided the overall level of the
variable component shall not exceed 200 % of the fixed component of the total
If the CIF was to apply a higher ratio for the fixed and variable compensation as noted in point 7B in
above they need to seek approval from the shareholders and provide a reasonable notice period for
them to act upon a detailed recommendation by the CIF giving the reasons for, and the scope of, an
approval sought, including the number of staff affected, their functions and the expected impact on
the requirement to maintain a sound capital base. At least 50% of the shares or equivalent ownership
rights must vote on the approval and it neds to be passed with a 66% majority, or a 75% majority of
the ownership rights represented if it is below 50%. It is the responsibility of the CIF to inform CySEC
without delay of the recommendation to its shareholders, including the proposed higher maximum
ratio and the reasons therefore. The CIF must be able to demonstrate that the proposed higher ratio
does not conflict with the CIF’s obligations in relation to the CIF’s own funds obligations. The CIF needs
to inform CySEC without delay of the decisions taken by the shareholders. CySEC provides EBA with
this information who will publish it on an aggregate home member state basis in a common reporting
format.
Any staff who are directly concerned by the higher maximum levels of variable remuneration referred
to in point 7B above must not, where applicable, be allowed to exercise, directly or indirectly, any
voting rights they may have as shareholders. CIFs may apply the discount rate to a maximum of 25 %
of total variable remuneration provided it is paid in instruments that are deferred for a period of not
less than five years.
8. Payments relating to the early termination of a contract reflect performance achieved over
time and do not reward failure or misconduct.
9. Remuneration packages relating to compensation or buy out from contracts in previous

employment must align with the long-term interests of the CIF including retention, deferral,
performance and clawback arrangements.
10. The measurement of performance used to calculate variable remuneration components or

pools of variable remuneration components includes an adjustment for all types of current
and future risks and takes into account the cost of the capital and the liquidity required.
11. The allocation of the variable remuneration components within the CIF must also take into
account all types of current and future risks.
12. A substantial portion, and in any event at least 50 %, of any variable remuneration must
Page 204 of 334

consist of a balance of the following:
a. shares or equivalent ownership interests, subject to the legal structure of the CIF
concerned or share- linked instruments or equivalent non-cash instruments, in the case
of a non-listed CIF
b. other capital instruments that can be fully converted to Common Equity Tier 1
instruments. These instruments must be subject to an appropriate retention policy
designed to align incentives with the longer-term interests of the CIF. This point must be
applied to both the portion of the variable remuneration component deferred in
accordance with point (m) and the portion of the variable remuneration component not
deferred;
13. A substantial portion, and in any event at least 40 %, of the variable remuneration
component is deferred over a period which is not less than three to five years and is correctly
aligned with the nature of the business, its risks and the activities of the member of staff in
question. Remuneration payable under deferral arrangements shall vest no faster than on a
pro-rata basis. In the case of a variable remuneration component of a particularly high
amount, at least 60 % of the amount shall be deferred. The length of the deferral period shall
be established in accordance with the business cycle, the nature of the business, its risks and
the activities of the member of staff in question.
14. The variable remuneration, including the deferred portion, is paid or vests only if it is
sustainable according to the financial situation of the CIF as a whole, and justified on the
basis of the performance of the CIF, the business unit and the individual concerned. Without
prejudice to the general principles of national contract and labour law, the total variable
remuneration shall generally be considerably contracted where subdued or negative
financial performance of the CIF occurs, taking into account both current remuneration and
reductions in pay outs of amounts previously earned, including through malus or clawback
arrangements. Up to 100 % of the total variable remuneration shall be subject to malus or
clawback arrangements. CIFs must set specific criteria for the application of malus and
clawback. Such criteria shall in particular cover situations where the staff member:
a. participated in or was responsible for conduct which resulted in significant losses to the
CIF
b. failed to meet appropriate standards of fitness and propriety.
15. The pension policy is in line with the business strategy, objectives, values and long- term
interests of the CIF. If the employee leaves the CIF before retirement, discretionary pension
benefits shall be held by the CIF for a period of five years in the form of instruments referred
to in point (l). Where an employee reaches retirement, discretionary pension benefits must
be paid to the employee in the form of instruments referred to in point (l) subject to a five-
year retention period.
Page 205 of 334

Edition B.Ad.1 / EN
16. Staff members are required to undertake not to use personal hedging strategies or
remuneration- and liability-related insurance to undermine the risk alignment effects
embedded in their remuneration arrangements.
17. Variable remuneration is not paid through vehicles or methods that facilitate the non-
compliance with this Directive or Regulation (EU) No 575/2013.
CIFs which are significant in terms of their size, internal organisation and the nature, scope and
complexity of their activities, must establish a remuneration committee. The remuneration
committee must be constituted in such a way as to enable it to exercise competent and independent
judgment on remuneration policies and practices and the incentives created for managing risk, capital
and liquidity. The remuneration committee is responsible for the preparation of decisions regarding
remuneration, including those which have implications for the risk and risk management of the CIF
concerned and which are to be taken by the board of directors. The Chair and the members of the
remuneration committee must be members of the board of directors who do not perform any
executive function in the CIF concerned. If employee representation on the board of directors is
provided for by Cyprus law, the remuneration committee shall include one or more employee
representatives. When preparing such decisions, the remuneration committee shall take into account
the long-term interests of shareholders, investors and other stakeholders in the CIF and the public
interest.
4. The Supervisory Review and Evaluation Process

(SREP)
The Supervisory Review and Evaluation Process (SREP) is the supervisory tool for establishing the
appropriate level of capital resources that a CIF should hold in order to meet its present and
future capital requirements over a period of up to five years. Circular C027 outlines how CySEC
applies the supervisory review and evaluation process (SREP) when reviewing the CIFs’ internal
capital adequacy assessment processes (ICAAP) under the framework of the relevant paragraph
of the Directive. The Directive is a transposition of the Directive 2006/48/EC and 2006/49/EC of
the European Commission, which are based on the rules set by the Basel II Capital Accord of the
Bank of International Settlements.
4.1. The Five Stages of SREP
Learning Objective
Ø Understand the purpose of SREP (Section 2)
The supervisory review and evaluation process (SREP) comprises the processes and measures
Page 206 of 334

applied by CySEC to ensure that CIFs have sufficient capital to support all material risks to which
their business exposes them and includes:
• the review and evaluation of the CIF’s internal capital adequacy assessment process
(ICAAP) and strategies, as well as its ability to monitor and ensure its compliance with
own funds requirements
• the imposition of supervisory measures in response to identified weaknesses in the

internal control systems and risk management processes of the CIF. These measures
include, among others, the additional capital in order to cover the risks encountered
adequately, and the requirement to reinforce the arrangements, processes, mechanisms
and strategies implemented by the CIF.
In determining the SREP framework, CySEC takes into account the following principles:
• Risk approach – the SREP is an essential part of CySEC’s risk-based overall supervisory
approach.
• Levels of application – all CIFs subject to the directive are required to prepare an ICAAP
report and are subject to the SREP.
• Activities – CySEC considers in the SREP all the activities of the CIF and all business units
that give rise to significant risks, whether these are related to domestic or non-domestic
operations.
• Risks and governance – CySEC formally evaluates the CIF’s business risks and internal
governance (including risk controls, compliance and internal audit). The evaluation will
focus on identifying each CIF’s risk profile and assessing the quality of the CIF’s risk
management system. CySEC reviews the controls that have been put in place to mitigate
risk, as well as the adequacy and composition of capital held against those risks. The
evaluation is forward looking and it will use both qualitative and quantitative techniques.
• Assessment and review – CySEC assesses the CIF’s ICAAP as part of its SREP, including a
consideration of the assumptions, components, methodology, coverage and outcome of
the CIF’s ICAAP.
• Compliance assessment – as part of the SREP, CySEC evaluates the CIF’s compliance with
the minimum requirements under the CRD, in addition to the ICAAP requirement, eg,
large exposures requirements.
• Identification of risks and deficiencies – the SREP identifies existing or potential

problems and key risks faced by the CIF, deficiencies in its control and risk management
frameworks, and assesses the degree of reliance that can be placed on the outputs of
the ICAAP. This enables CySEC to tailor its supervisory approach to each individual CIF,
and encourage CIFs to improve their risk management systems.
Page 207 of 334

Edition B.Ad.1 / EN
• Measures – as part of the SREP, the CySEC needs to have sufficient information to
identify any supervisory actions or prudential measures that need to be applied to the
CIF.
• Communication – as part of the dialogue between the CIF and the supervisory authority,
CySEC will communicate the results of its risk assessment to the management or/and
the board of directors of the CIF, including any supervisory measures that have been
applied. CySEC may also provide qualitative feedback to the CIF about the adequacy of
its risk management and internal controls in relation to its business risk profile.
• Evaluation and revision – the annual review does not constitute a full risk assessment
of the CIF. On a periodic basis, CySEC will assess any significant changes to the overall
risk profile of the CIF. This will take into account the results of any supervisory visits,
inspections and other information received during the period, and will consider whether
the timing of the next full assessment remains appropriate. Any significant new
information received in the course of ongoing monitoring and supervision which may
affect the CIF’s risk profile will trigger consideration of the need for a formal review or
full risk assessment.
4.2. The Five Stages of SREP
Learning Objective
Ø Understand the five key stages of the SREP: planning; review and assessment of ICAAP;
review of additional information; supervisory measures; SREP validation (Section 4)
CySEC has implemented the SREP process as outlined in the diagram below, identifying five stages
from planning through to validation.
• Planning – this phase refers to CySEC’s internal planning of the SREP for each CIF. Part of this
relates to CySEC’s request to a CIF to submit an ICAAP report.
Page 208 of 334

• Review and assessment of ICAAP submission – during this phase CySEC typically undertakes
a desk-based review of the ICAAP, the process followed by the CIF in the preparation and
any additional documentation supporting ICAAP. In addition, this phase may include an on-
site assessment of the implementation of the ICAAP process.
• Review of additional information – this phase includes the outcome of the ongoing
supervision and other inspections or visits that have taken place in the most recent past and
that are relevant to the ICAAP. In addition, the CIF’s controls and governance, as well as the
results of the SREP onsite review and overall compliance with the rules and regulations, may
be subject to review.
• Supervisory measures for risk mitigation – during this phase, CySEC sets the capital resource
requirements for Pillar 2, and imposes any necessary supervisory measures for mitigating
risks.
• SREP validation – CySEC’s internal validation process of the results of the SREP.
Communication between the CIF and CySEC will take place throughout the process.
4.3. SREP Outcomes
Learning Objective
Ø Understand SREP outcomes (Section 7)
The outcome of the SREP should define the level of capital that the CIF should hold, in order to cover
the full spectrum of risks it faces. This level of capital, which may be higher than the capital calculated
in the CIF’s own assessment (ICAAP), will form the CIF’s capital requirement.
The CIF’s management is responsible for monitoring the level of capital resources held against the
capital requirements set at the SREP, and ensuring that it has sufficient capital to cover the
requirements set. The CIF is responsible for informing CySEC if the level of capital resources is below
the capital requirements set at the SREP, or if it is expected to fall below it in the CIF’s planning
horizon.
Once the SREP is completed, subsequent periodic reviews will take place with different frequencies
per CIF depending on their complexity, the nature of their business, risks and systemic importance.
At least annually, any change in circumstances needs to be assessed. In case any of the key
assumptions underpinning the CIF’s ICAAP change, or its risk profile alters, and this results in a
situation in which the capital requirement no longer adequately reflects the underlying risks, the re-
assessment may need to be brought forward. In any event, it is expected that the CIF will notify CySEC
of any such changes.
Page 209 of 334

Edition B.Ad.1 / EN
5. The Purpose of the Internal Capital Adequacy

Assessment Process (ICAAP)
The outcome of the internal capital adequacy assessment process (ICAAP) represents the view of the
CIF on the capital it should hold, given its risk profile and complexity of its business. It serves as input
to the SREP. Circular C026 addresses the distinctive components and framework for the
implementation of the internal capital adequacy assessment process (ICAAP) providing the guidelines
on how the provisions of the Directive in terms of the ICAAP should be interpreted and applied in
practice. Furthermore, this document, in conjunction with the document regarding the supervisory
review and evaluation process (SREP), sets out the principles and methods which the Commission
intends to apply for assessing the capital requirement calculations of the CIFs under its supervision.
The Directive is a transposition of Directives 2006/48/EC and 2006/49/EC of the European
Commission, which are based on the rules set by the Basel II Capital Accord of the Bank of
International Settlements. Although Directives 2006/48/EC and 2006/49/EC have been repealed, they
form part of the historic development of the Directives.
5.1. General Guideline 1 – Compliance Risk Assessment
Learning Objective
Ø Understand the purpose of the ICAAP process (Section 1.3.1)
The ICAAP is a set of processes, procedures and measures implemented by a CIF to ensure:
• appropriate identification and measurement of risks
• appropriate level of internal capital in relation to their risk profile, and
• application and further development of suitable risk management and internal control
systems.
Page 210 of 334

5.2. Principles for Implementation
Learning Objective
Ø Understand the principles for the implementation of an ICAAP (Section 2)
The implementation of an ICAAP process is subject to the following principles:
• Assessment of capital adequacy relative to risk profile – every CIF must have an effective
and sound ICAAP process in place.
• Responsibility for ICAAP – the CIF is responsible for implementing the ICAAP process,
based on regulatory requirements and guidelines, and for setting target levels of own
funds, consistent with its risk profile and operating environment. Even when part or all
of the ICAAP procedures are outsourced, the CIF remains fully responsible for its ICAAP.
• Design, documentation and implementation – the ICAAP’s design should be fully

specified and the capital policy needs to be fully documented. The responsibility for
initiating and designing the ICAAP rests with the board of directors and senior
management of the CIF. The board of directors should approve the design of the ICAAP,
while the detailed implementation is the responsibility of senior management. The CIF’s
ICAAP should be formally documented. The results of the ICAAP should be reported to
the management and the board of directors of the CIF.
• Integral part of management process and decision-making culture – the ICAAP should
form an integral part of the CIF’s management processes, so as to enable the board of
directors and senior management of the CIF to assess, on an ongoing basis, the risks that
are inherent in their activities and material to the CIF.
• Regular review – the ICAAP should be reviewed by the CIF at least annually or, if
required, more frequently to ensure that risks are covered adequately and that capital
coverage reflects their actual risk profile. The ICAAP and its review process should be
subject to independent assessment by a function or person that has not been involved
in the ICAAP process, such as the internal audit function. Any changes in the CIF’s
strategic focus, business plan, operating environment or other factors that materially
affect assumptions or methodologies used in the ICAAP should initiate appropriate
adjustments to the ICAAP.
• Risk-based – the additional capital charge for the CIF will be significantly dependent on
its risk profile and operating environment. All considerations and factors taken into
account for the set of an internal capital target need to be presented through the
dialogue with CySEC and the assessment procedure for each one should be explained
and documented.
Page 211 of 334

Edition B.Ad.1 / EN
• Comprehensive – the ICAAP should capture all material risks to which the CIF is exposed.
Although no standard categorisation of risk types and definition of materiality is
provided, ICAAP should cover risks covered under Pillar 1, risks not fully captured under
Pillar 1 (eg, operational risk, concentration risk) and all risks covered under Pillar 2 (eg,
strategic risk, liquidity risk, reputation risk).
• Forward looking – the ICAAP should be strongly interconnected with the strategic plans
of the CIF and a forward capital plan should be put in place for a three- to five-year
period. The CIF should conduct appropriate stress tests which take into account, all the
material risks identified and analyse the impact of the test to the future capital
requirements of the CIF.
• Measurement and assessment – effective assessment and measurement processes need

to be in place for all risks faced, taking into consideration the complexity of operations
and availability of resources. The approaches and methodologies adopted could either
be quantitative or qualitative.
• Reasonable outcome – the ICAAP should produce a reasonable overall capital number
and assessment. The CIF should be able to provide CySEC with the adequate evidence.
5.3. Pillar 1 Risks
Learning Objective
Ø Understand types of Pillar 1 risk (Section 4.4.3.1)
Under Pillar 1 of the Capital Requirements Directive (CRD) and the Basel Capital Accord, three types
of risks are identified that need to be managed.
5.3.1. Credit Risk
Credit risk is the risk of loss of principal or financial reward caused by the borrower’s failure to repay
a loan or otherwise meet a financial obligation. The percentage interest due on a loan reflects the risk
taken by the lender.
CIFs should ensure that they effectively identify, measure, monitor and control credit risk which could
include an assessment of whether the CIF’s credit risk is fully captured in the capital assessed by Pillar
1. Credit risks that should be assessed include the following:
Page 212 of 334

• granting credit limits to clients for trading purposes
• investments in bonds and other instruments when there is counterparty credit risk
• provision of loans to other entities.
5.3.2. Market Risk
Market risk is the risk to value, earnings, or capital arising from movements of risk factors in financial
markets. This risk includes interest rate risk (including real- and nominal interest rates, credit spreads
and basis spreads), currency risk, equity risk (including dividend risk), and commodity risk (including
precious metals) and risks from changes in volatilities or correlations. Market risk is one of the Pillar
1 risks.
CIFs dealing on their own account are directly exposed to market risk. In addition, indirect exposure
to market risk occurs when the firm acts as an agent to fulfil a customer order in the event that the
transaction does not clear or settle properly.
5.3.3. Operational Risk
Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes,
people and systems or from external events. This definition includes legal risk, but excludes strategic
and reputational risk.
Although operational risk is one of the most significant risks CIFs are exposed to, its calculation under
the Basel Capital Accord is based on approximation, not a true calculation of the actual risk. Therefore,
additional factors need to be considered when determining the exposure of the CIF, including the
impact of the loss of key individuals on the ability to operate normally, consequences of not complying
with conduct of business requirements, and internal or external fraud. In addition, the consequences
of an operational risk event occurring need to be considered, bearing in mind the systems and controls
in place to mitigate these risks. Tolerance for errors and losses needs to be taken into account.
As part of their risk assessment process CIFs should consider historical operational costs arising due
to matters such as trading errors or other unexpected costs. Similarly, the CIF should ensure that it
has adequately tested its business continuity procedures to ensure that they function adequately and
are suitable as risk mitigants.
In order to evidence adequate capital has been earmarked to ensure the continued existence of the
CIF, senior management should be able to demonstrate that the possibility of severe operational risk
losses has been considered. Any deficiencies need to be addressed by applying risk mitigants other
than capital.
Page 213 of 334

Edition B.Ad.1 / EN
Risk resulting from limitations in control and management could be a significant factor for smaller
CIFs. The concept of proportionality means that supervisors will not expect the same degree of
sophistication of governance arrangements and controls that could be found in a large CIF. The overall
risk profile of a smaller CIF may, however, be higher and smaller CIFs are expected to consider the risk
resulting from limitations in control and management as part of their internal capital assessment.
Important focus should be given to the control mechanisms in place to safeguard client’s assets held
by the CIF.
5.4. Risks not Fully Covered in Pillar 1
Learning Objective
Ø Understand risk typologies not fully covered in Pillar 1 (Section 4.4.3.2): credit
concentration risk; residual risk; securitisation risk; settlement risk; foreign exchange risk
There are a number of risk types that are not fully covered within Pillar 1 of the CRD and Basel Capital
Accord.
• Credit concentration risk – a risk concentration is any single exposure or group of similar
exposures (eg, to the same borrower or counterparty, geographic area, industry or other
risk factors) with the potential to produce losses large enough (relative to a CIF’s earnings,
capital, total assets or overall risk level) to threaten a CIF’s ability to maintain its core
operations or a material change in a CIF’s risk profile. Risk concentrations should be
analysed at both a local legal entity level and a consolidated basis. An unmanaged
concentration in a subsidiary may appear immaterial at the consolidated level, but can
still threaten the viability of the subsidiary itself. For most CIFs concentration risk is
significant and is most likely the result of large exposures to a limited number of
counterparties, a large transaction or a single product type.
• Residual risk – occurs, for example, as a result of the low performance or failure of credit
risk mitigation techniques such as ineffective documentation, or delay or inability to
realise payment from a client in a timely manner.
• Securitisation risk – is represented by the effect of a securitisation arrangement failing,

or of the values and risks transferred not emerging as expected on the financial position
of a CIF. When assessing securitisation exposure, a CIF should ensure that it fully
understands the credit quality and risk characteristics of the underlying exposures in
structured credit transactions, including any risk concentrations.
Page 214 of 334

• Settlement risk – is the risk that one party fails to deliver the asset or cash value at the
time of settlement of a trade. This is of particular importance when transferring funds on
behalf of clients.
• Foreign exchange risk – is the risk of movement in foreign exchange rates resulting in a
loss for the CIF. Due to the high liquidity and volatility of the market, these losses can be
significant and it is therefore essential for CIFs to identify, measure and manage their
foreign exchange risk effectively. The risk is not confined to proprietary positions and
extends to known profit flows in foreign currencies, client-driven transactions and
provisions for bad debts denominated in foreign currency.
5.5. Pillar 2 Risks
Learning Objective
Ø Understand types of Pillar 2 risk (Section 4.4.3.3)
In addition to credit, market, and operational risk, there are a number of risks that are identified in
Pillar 2.
5.5.1. Liquidity Risk
Liquidity risk is defined as the risk that a CIF has insufficient financial resources to meet its current
and prospective obligations, as they fall due, or can only secure these resources at excessive costs.
Liquidity risk can arise from:
• inability to manage unplanned decreases or changes in funding sources
• failure to recognise or address changes in market conditions that affect the ability to
liquidate assets quickly and with minimal loss in value.
CIFs need to assess their exposure to liquidity risk, their ability to respond to liquidity drainage in the
market and their ability to repay all their obligations to clients at all times. A liquidity contingency plan
needs to be in place to enable the CIF to handle liquidity shortages.
Page 215 of 334

Edition B.Ad.1 / EN
5.5.2. Business Risk
Capital is risk sensitive and may vary over time as business cycles and conditions change. Deterioration
in business or economic conditions may result in a situation that additional capital is required at a
time when market conditions are unfavourable. In order to assess expected capital requirements over
economic and business cycles, CIFs need to project their financial position forward, taking into
consideration their business strategy, expected growth, an assessment of the changes in economic
and business cycles, and other factors such as competition, and lower than expected performance.
This will enable the CIF to assess the level of changes it can sustain in its environment. Projections will
need to be made for a three- to five-year period to calculate the projected capital resource
requirement. The CIF needs to assess whether it can meet the projected capital requirements from
its expected financial resources.
CIFs are exposed to performance risk and need to assess how they will manage their relationships
with clients during periods of poor performance. In addition, performance risk may affect a CIF’s
ability to generate income.
5.5.3. Legal and Compliance Risk
Legal and compliance risk may arise as a result of breaches or non-compliance with legislation,
regulations, practices or ethical standards:
• investment advice – legal risk of breaching the customer’s obligations, for example, by
providing unsuitable advice
• execution-only services – risk of not executing orders appropriately.
Additionally, non-compliance and possible penalties from CySEC should be taken into consideration
under this risk category. Anti-money laundering practices should also be assessed as part of the
compliance with regulatory requirements.
5.5.4. Reputational Risk
Reputational risk is the adverse perception of the image of the CIF by customers, counterparties,
investors or regulators.
It may arise from providing poor customer service or from fines imposed by CySEC that create a
negative feeling towards the CIF from the market.
Page 216 of 334

5.5.5. Strategic Risk
Strategic risk occurs as a result of adverse business decisions, improper implementation of decisions
or lack of responsiveness to changes in the business environment.
A CIF needs to assess the impact of its business plans on its capital over the time horizon which it uses
in its business plan.
5.5.6. Group Risk
Group risk applies to all subsidiaries that are part of a group which is established either in the Republic,
another member state, or a third country. Group risk relates to the risks that emanate from the
relationship that the CIF has with other group entities. For example, a CIF that has a parent in a third
country which does not apply Basel II rules and has exposure to high political risk, needs to assess the
possibility of being indirectly adversely impacted from a political event in the set-up stage of the
parent company.
CySEC considers this risk of high importance and requires that each CIF which falls into this category
adequately evaluates the risks that could arise from the relationship with other entities of the group
or the parent.
5.5.7. Additional Risks Identified
When assessing the adequacy of their capital, CIFs should consider the impact of external factors.
Material risks arising from the ICAAP review itself should be detailed in the report including the nature
of the risks and their possible impact. The effectiveness of any mitigating controls needs to be
considered and, for Pillar 2 purposes, an adequate amount of capital should be held.
5.6. Risk Register and Stress Testing
Learning Objective
Ø Understand the following risk management tools: risk register (Section 4.4.3.4); stress
testing (Section 4.5)
Page 217 of 334

Edition B.Ad.1 / EN
5.6.1. Risk Register
A risk register is used by a CIF to document and categorise all risks that it is, or could be, exposed to
in the future. The risk register includes an indication of severity of the risk and the adverse impact it
could have had on the CIF if it had remained unidentified.
The impact can be measured either in quantitative or qualitative terms, such as economic loss, capital
loss, reputational loss and loss of human life. The result of the assessment will be the profiling of risks
in different categories of severity.
5.6.2. Stress Testing
Stress testing is a general term, covering quantitative and qualitative techniques and risk
management methodologies that can be applied by financial institutions to obtain an overview of
their exposure or vulnerability to the impacts of exceptional but possible events that may occur due
to rare risk events that can have severe consequences. Stress testing has gained significant
importance as a result of the most recent financial and economic crisis and needs to be an integral
part of the ICAAP and risk management framework of every CIF.
The purpose of stress tests required in the ICAAP is to assess all material risks of the CIF in a
comprehensive, integrated and forward-looking manner. The scope of stress tests includes the
consideration of the impact of all market, economic, institutional or political risk factors which may
have a perceivable, substantial impact on the prudent and solvent operation of the CIF.
CySEC believes that there is no single correct stress testing methodology. The range of approaches
acceptable for a specific CIF depends on its size, activities, risk appetite and the quality of risk
management. The applied stress-testing methodology needs to be sufficiently sophisticated given its
circumstances, and needs to comply with the regulations. Stress tests applied under the framework
of the ICAAP in business and regulatory practice usually relate to three main methods:
• Sensitivity analysis – based on less complex methodologies, the sensitivity analysis

illustrates how a CIF’s position changes in the event a single relevant risk factor is
modified, while all other factors remain equal. The main advantage is that the magnitude
of losses and risks for a specific factor are relatively easy to determine. The main
disadvantage is that sensitivity analysis considers factors in isolation, which is not the
case in real life.
• Scenario analysis – assumes the simultaneous change of several risk factors and
quantifies their combined impact on the position of a CIF. The analysis is based on
expected, hypothetical and historic scenarios. The main advantage is that scenario
analysis takes the relationship between risk factors into consideration, which allows for
an integrated approach to risk. The main disadvantage is that, in the event of a crisis,
interrelations between risk factors are not necessarily stable.
Page 218 of 334

• • Reverse stress testing – primarily designed to be a risk management tool for the
identification of vulnerabilities and defects in the business model, reverse stress testing
requires a CIF to assess scenarios and circumstances that would render its business
models unviable. Reverse stress testing starts with the outcome of a business failure and
identifies the circumstances under which these outcomes might occur. Based on the
analysis of the results, senior management should determine whether triggers are
required for future action in the event a particular scenario would develop.
Stress tests need to meet the following characteristics:
• • must be defined with a view to the CIF’s portfolio characteristics and assumed risks,
and in line with the external environment
• • need to be reviewed annually, as well as at the time of any (expected) changes to the
factors and revised as necessary
• • need to be suitable for the specific circumstances, risk profile and operational model
of the CIF
• • must be forward looking, and therefore take into consideration the current position
as well as any future strategic developments
• • the impact of adverse scenarios must demonstrate any future impacts on the
profitability and capital adequacy of the CIF.
As part of the assessment process, management actions need to be defined and assigned to
responsible people and departments for implementation. Once implemented, the stress test should
be run again to observe any changes on the impact.
Page 219 of 334

Edition B.Ad.1 / EN
1. On which basis may CySEC waive the capital requirements on a consolidated basis?
2. What is an equivalent third country?
3. What are the risk weights and credit quality steps when equivalent third countries assign a
risk lower than 100% to central banks?
4. What is the large exposure limit?
5. Who approves and reviews the risk policies?
6. What is residual risk?
7. List the information that needs to be disclosed on a consolidated basis per member state
and geographical location?
8. Describe the five stages of the SREP process.
Answer reference: Sections 4.1 and 4.2
9. Summarise the SREP outcomes.
10. List the ICAAP principles.
11. Describe the responsibilities of the risk management function in ICAAP.
12. Define operational risk.
13. List the typologies not fully covered in Pillar 1.
14. Describe business risk.
15. Define the three methods of stress testing.
Page 220 of 334

Chapter 10
European Market
Infrastructure Regulation (EMIR)
Learning Objectives
1. European Market Infrastructure Regulation (EMIR)

2. General Requirements
1. European Market Infrastructure Regulation (EMIR)
Learning Objective
Ø Understand the main provisions of EMIR
European Market Infrastructure Regulation (EMIR) came into force in 2012, and is designed to put
into practice several of the commitments made by the G20 leaders to reform derivatives markets in
the EU. It promotes transparency in derivatives markets and aims to reduce systemic risk. EMIR
mandates the central clearing of standardised and liquid OTC derivatives contracts, and sets out the
prudential and operational requirements for derivatives transactions. Counterparties and CCPs are
required to report all details regarding their derivatives contracts to trade repositories. EMIR also
requires CCPs and trade repositories to fulfil prudential minimum requirements.
Derivatives play an important role in the economy, but they also bring certain risks. These risks were
highlighted during the 2008 financial crisis, when significant weaknesses in the OTC derivatives
markets became evident.
Page 221 of 334

Edition B.Ad.1 / EN
EMIR aims to:
• increase transparency in the OTC derivatives markets
• mitigate credit risk, and
• reduce operational risk.
On 17 June 2019, EMIR Refit came into force which brought significant changes to the existing
regulation.
Enhancing Transparency
EMIR introduces reporting requirements to make derivatives markets more transparent. Under the
Regulation:
• detailed information on each derivative contract has to be reported to trade repositories and
made available to supervisory authorities
• trade repositories have to publish aggregate positions by class of derivatives for both OTC and
listed derivatives
• the European Securities and Markets Authority (ESMA) is responsible for the surveillance of
trade repositories and for granting and withdrawing accreditation.
Mitigating Credit Risk
EMIR introduces rules to reduce the counterparty credit risk of derivatives contracts; in particular:
• all standardised OTC derivatives contracts must be centrally cleared through CCPs
• if a contract is not cleared by a CCP, risk mitigation techniques must be applied
• CCPs must comply with stringent prudential, organisational and conduct of business
requirements.
Reducing Operational Risk
EMIR also requires market participants to monitor and mitigate the operational risks associated with
trading in derivatives such as fraud and human error, for example by using electronic means to
promptly confirm the terms of OTC derivatives contracts.
Page 222 of 334

2. General Requirements
Learning Objective
Ø Know the general requirements relating to the Clearing Obligation (Articles 4 and 5)
Ø Know the reporting obligations under EMIR Refit (Article 9) and the amendments to the
CCP regime
Ø Know the general requirements relating to the Risk Mitigation Techniques (Articles 11.5,
11.6, 11.7, 11.8 and 11.10)
Ø Know EMIR regulation relating to capital requirements for CCPs (Article 16)
Ø Know the general requirements relating to large exposures; exposures to transfer credit
risk (ESMA and EBA Guidance on CRR and EMIR)
Ø Know the general requirements relating to liquidity (Article 41, 44)
Ø Know the general requirements relating to leverage
Ø Know the general disclosure requirements (Article 38)
2.1. Clearing Obligation
EMIR includes the obligation to centrally clear certain classes of over-the-counter (OTC) derivative
contracts through Central Counterparty Clearing (CCPs). For non-centrally cleared OTC derivative
contracts, EMIR establishes risk mitigation techniques.
The Regulation (EU) 2019/834 amending EMIR, EMIR Refit, introduces changes in the OTC regulatory
framework. Some of the most relevant aspects include a change on the way to determine which
counterparties are subject to the clearing obligation and the inclusion of a mechanism to suspend the
clearing obligation.
Counterparties subject to the clearing obligation
The clearing obligation applies to EU firms that are counterparties to an OTC derivative contract
including interest rate, foreign exchange, equity, credit and commodity derivatives.
EMIR identifies two categories of counterparties to whom the clearing obligation applies depending
on whether their positions are above or below the clearing thresholds:
• Financial counterparties (FC) such as banks, insurers, asset managers, etc.
• Non-Financial counterparties (NFC), firms taking positions in OTC derivative contracts other
than financial counterparties.
Page 223 of 334

Edition B.Ad.1 / EN
Intra-group transactions are exempted from central clearing under certain conditions, pension funds
included.
Financial counterparties and non-financial counterparties need to inform ESMA and the relevant
national competent authority when they exceed the clearing threshold and when they no longer
exceed it.
Classes of OTC derivatives subject to central clearing obligation
EMIR introduces the obligation to clear certain classes of OTC derivatives in CCPs that have been
authorised (for European CCPs) or recognised (for non-EU CCPs) under the EMIR framework.
EMIR foresees two possible processes for the identification of the relevant classes of OTC derivatives:
1. The “bottom-up” approach described in EMIR Article 5(2), according to which the
determination of the classes to be subject to the clearing obligation will be done based on the
classes which are already cleared by authorised or recognised CCPs.
2. The “top-down” approach described in EMIR Article 5(3), according to which ESMA will on its
own initiative identify classes which should be subject to the clearing obligation but for which
no CCP has yet received authorisation.
Non-EU Counterparties
Under certain conditions, the clearing obligation may also apply to third-country (non-EU)
counterparties including when:
1. EU counterparties trade with entities established outside the EU
2. Two entities established outside the EU trade together, and
3. An impact on EU markets exists (a direct, substantial and foreseeable effect in the EU)
2.2. Reporting Obligations under EMIR Refit and Amendments to CCP

Regime
As of 18 December 2019:
- CCPs are required to provide their clearing members with a simulation tool allowing them to
determine the amount of additional initial margin, on a gross basis, that the CCP may require
Page 224 of 334
upon the clearing of a new transaction.
- member states’ national insolvency laws shall not prevent a CCP from acting in accordance
with certain obligations.
As of 18 June 2020:
- The Financial Counterparty are solely responsible and legally liable for reporting on behalf of
both itself and NFCs that are not subject to the clearing obligation with regard to OTC
derivative contracts entered into by those counterparties, as well as for ensuring the
correctness of the details reported.
- In relation to UCITS and AIFs, the management company of a UCITS and the AIFM,
respectively, are responsible and legally liable for reporting on behalf of that UCITS or AIF with
regard to OTC derivative contracts, to which the UCITS or AIF is a counterparty, as well as for
ensuring the correctness of the details reported.
2.3. Risk Mitigation Techniques
EMIR’s risk mitigation requirements apply to all non-centrally cleared OTC derivative transactions.
Those techniques include timely confirmation, portfolio reconciliation and compression, dispute
resolution procedures and the exchange of collateral.
As a general rule, financial counterparties must have risk management procedures in place that
require the timely, accurate and appropriately segregated exchange of collateral with respect to OTC
derivative transactions. Under EMIR Refit, Investment Funds and Central Securities Depositories have
been added in the definition of Financial Counterparties whereas a new category, that of a “small
financial counterparty” was introduced.
This requirement also applies to non-financial counterparties, but only after the clearing threshold is
exceeded. Under EMIR Refit, the threshold calculation and clearing requirements have been
narrowed. However, NFCs remain subject to the requirement to exchange collateral where any of the
clearing thresholds is exceeded.
This requirement does not apply to intragroup transactions within the EU between financial and/or
non-financial counterparties, providing that there is no foreseen practical or legal impediment to the
prompt transfer of own funds or the repayment of liabilities between parties. In the event that one
of the parties to an intragroup transfer is based in a third-country with equivalent regulations to the
EU, the transfer may be partly or wholly treated in the same way.
In relation to the exchange of collateral for OTC derivatives contracts that are not cleared by a central
counterparty (CCP), the Commission Delegated Regulation 2016/2251 contains the following
provisions:
Page 225 of 334

Edition B.Ad.1 / EN
Counterparties have to exchange both initial and variation margin. These provisions reduce
counterparty credit risk, mitigate any potential systemic risk and ensure alignment with international
standards.
List of eligible collateral for the exchange of margins, the criteria to ensure the collateral is sufficiently
diversified and not subject to wrong-way risk, as well as the methods to determine appropriate
collateral haircuts.
Operational procedures related to documentation, legal assessments of the enforceability of the

agreements and the timing of the collateral exchange.
Procedures for counterparties and competent authorities related to the treatment of intragroup
derivative contracts.
2.4. Capital Requirements for CCPs
A CCP must have at least €7,5 million in capital to be authorised. Its capital, including retained earnings
and reserves, needs to be proportionate to the risk associated with their activities and must, at all
times, be sufficient to:
ensure an orderly wind-down or restructuring of activities over an appropriate time span, and
provide adequate protection of the CCP against credit, counterparty, market, operational, legal, and
business risks not already covered by specific financial resources.
2.5. Large Exposures and Exposures to Transfer Credit Risk
The large exposure regime is captured in the Capital Requirements Regulation (CRR) of the EU. A
specific report, issued by the EBA and ESMA on the functioning of the CRR and EMIR covers the large
exposure regime in light of EMIR.
Under the CRR, institutions may not incur net exposures of a value in excess of 25% of the eligible
capital of the institution. In the event that the client is an institution, or if a group of connected clients
includes one or more institutions, the value of the net exposure may not exceed 25% of the
institution’s eligible capital, or €150 million (whichever is highest). Due to the nature of their business,
CCPs can easily exceed the large exposure limit, and they are explicitly exempted from the large
exposure requirements.
2.6. Liquidity
Page 226 of 334

Access to adequate liquidity is essential for a CCP. Liquidity may derive from access to central bank
liquidity, creditworthy and reliable commercial bank liquidity or both. In assessing the adequacy of
liquidity resources, especially in stress situations, a CCP should take into consideration the risks of
obtaining the liquidity by only relying on commercial banks credit lines. CCPs must measure and assess
their liquidity and credit exposures to each clearing member and (if relevant) other CCPs with whom
they have concluded an interoperability arrangement on a near-time or real-time basis. A CCP needs
to have access to relevant pricing resources in a timely manner and in a non-discriminatory basis,
considering a reasonable cost basis.
At all times, a CCP should have access to adequate liquidity to perform its services and activities. In
order to ensure that its liquidity needs are covered in the event that the financial resources at its
disposal are not immediately available, it will obtain the necessary credit lines or similar
arrangements. A clearing member, parent undertaking or subsidiary of that clearing member together
shall not provide more than 25 % of the credit lines needed by the CCP. On a daily basis the CCP needs
to measure its potential liquidity needs, taking into account the liquidity risk generated by the default
of the two clearing members to whom they have the largest exposures.
2.7. Leverage
Financial stability can be threatened by a number of conditions including highly leveraged and
interconnected institutions for the bank and non-bank sector and failures in the functioning of
financial markets. In the current revision of EMIR, specific attention is paid to the use of
macroprudential policies to mitigate systemic risk from excessive leverage and procyclicality in
collateral requirements.
Margin and haircut practices can exacerbate systemic risks by contributing to the build-up of excessive
leverage in the financial system during upswings and deleveraging during downswings. Margins and
haircuts contribute to financial stability by absorbing losses and helping to manage financial risk.
However, collateral requirements may also be procyclical due to the effects of changes in asset prices
on valuations: as asset prices increase, the valuations of securities that have been provided as
collateral at a CCP or in a bilateral transaction increase. This means that fewer securities are required
to collateralise a given exposure, thereby allowing for the build-up of leverage during upswings.
Conversely, a fall in asset prices triggers automatic calls for more collateral, which might force
deleveraging, thereby amplifying the effects of downswings in asset prices. This procyclicality arising
from automatic valuation effects may be compounded by the characteristics of the risk-based models
used by CCPs and by participants in bilateral markets. These models generally link the calculation of
margins and haircuts to price volatility, which means that margin and haircut requirements will tend
to decrease when conditions in financial markets are benign, and increase when volatility rises. The
procyclical aspect of margin and haircut requirements can exacerbate ‘leverage cycles’ in which
market participants use the collateral freed up by higher asset prices and lower margin and haircut
requirements to increase their borrowing and contingent commitments from derivatives, thereby
accumulating financial and synthetic leverage. This process can lead to a destabilising deleveraging
Page 227 of 334

Edition B.Ad.1 / EN
mechanism when asset prices fall. The reason is that firms that are faced with increasing margin calls
and haircuts at the very time when the value of their collateral declines may have to close positions,
thereby triggering asset fire sales.
2.8. Disclosure
A CCP and its clearing members will publicly disclose the prices and fees for each of its services
individually including discounts and rebates. In the event that they offer discounts or rebates, they
need to publish the conditions to benefit from such a reduction. Costs and revenues of the services
need to be accounted for separately and disclosed to CySEC. A CCP needs to disclose the risks
associated with its services to clearing members and clients. In addition, price information used to
calculate the end-of-day exposures needs to be disclosed to their clearing members and to CySEC.
The technical requirements relating to the communication protocols of content and message formats
used need to be publicly disclosed.
Any breaches by clearing members will need to be disclosed publicly, except in cases where CySEC, in
consultation with ESMA, considers that this would:
• constitute a threat to financial stability
• constitute a threat to market confidence
• seriously jeopardise the financial markets, or
• cause disproportionate damage to the parties involved.
Page 228 of 334

1. List the three main aims of EMIR.

2. The transfer of the own funds limit does not apply to which type of organisations?
3. What is the amount of capital that a CCP must have to be authorised?

4. What are the large exposure limits as they apply to CCPs?

5. Describe the liquidity requirement for CCPs.

6. Which macroprudential measures are used to reduce leverage?

Page 229 of 334

Edition B.Ad.1 / EN
Chapter 11
Recovery and Resolution Laws
Learning Objectives
1. Recovery and Resolution Laws

2. Intra-Group Financial Support
3. Early Intervention
4. Resolution
5. Procedural Obligations
6. Cross-Border Group Resolution
Law 20(I) of 2016 provides for the recovery of Cypriot investment firms (CIFs) and other entities under
the supervision of CySEC. The law applies to CIFs in the Republic, as well as to entities authorised in
third country states that undertake investment business in the Republic, including financial holding
companies, mixed (financial) holding companies, and branches of third-country investment
undertakings. All articles in this chapter refer to Law 20(I) of 2016, unless specified otherwise.
1. Recovery Planning
Learning Objective
Ø Know the recovery planning obligations and the assessment and relevant provisions for CIF
that are not part of a group subject to consolidated supervision (Article 4); CySEC evaluation on
simplified obligations (Article 5); group recovery plan (Article 6)
CIFs that are not part of a group subject to consolidated supervision need to draw up and maintain a
recovery plan providing for measures to be taken by it to restore its financial position following a
significant deterioration of its financial situation. Recovery plans are part of a CIF’s governance
arrangements, and need to include the following:
Page 230 of 334

1. Where applicable, an analysis of how and when an institution may apply for the use of
central bank facilities and identify the assets that would qualify as collateral.
2. A summary of key elements of the plan and overall recovery capacity.
3. A summary of material changes to the CIF since the most recently filed recovery plan.
4. A communication and disclosure plan to deal with potentially negative market reactions.
5. The range of capital and liquidity actions.
6. An estimated timeframe for executing each material aspect of the plan.
7. A detailed description of any material impediment to the timely and effective execution of
the plan.
8. The critical functions.
9. A process for determining value and marketability of core business lines, operations and
assets.
10. A detailed description of the integration of recovery planning in the corporate governance
structure.
11. The arrangements to conserve or restore own funds.
12. The arrangements to ensure adequate access to contingency funding source.
13. The arrangements to recue risk and leverage.
14. The arrangements to restructure liabilities.
15. The arrangements to restructure business lines.
16. The arrangements to maintain continuous access to financial markets.
17. The arrangements to maintain continuous functioning.
18. Preparatory arrangements to facilitate the sale of assets and business lines within an
appropriate time frame.
19. Preparatory measures to facilitate the implementation of the recovery plan.
20. Indicators for appropriate actions.
21. Possible measures for early intervention.
Page 231 of 334

Edition B.Ad.1 / EN
22. The timely implementation of the recovery plan.
23. Provisions considering a range of scenarios.
24. Any other information.
Points 2 to 20 are the minimum requirement.
A recovery plan should not assume access to extraordinary public financial support. It plan needs to
be approved by the management body before being submitted to CySEC, and needs to be reviewed
at least annually, and after any material change of the legal or organisational structure of the CIF.
Any union parent undertakings supervised on a consolidated basis by CySEC need to provide a group
recovery plan that covers the group as a whole, including specific measures that apply to the group
as a whole, and with the aim of stabilising the group as a whole. To this end the group recovery plan
needs to include arrangements that ensure coordination and consistency of measures to be taken at
the level of the union parent undertaking as well as any of its subsidiaries and significant branches.
Both the group recovery plan and the recovery plan of an individual subsidiary need to include all
elements outlined above, where applicable arrangements for intra-group financial support. Any
obstacles to the implementation need to be addressed at both the group and the individual level. The
plan needs to be approved by the management body prior to submission to CySEC who will inform
local competent authorities and competent authorities of member states where significant branches
are located.
CySEC may, after assessing the extent of the impact that an insolvency situation may have on a CIF
and whether its bankruptcy is likely to have a negative effect on the financial markets, other
institutions, the financing conditions, or the wider economy, and after notify the EBA accordingly,
specify by a Directive the simplified obligations of CIFs in relation to:
o the context and details of the recovery plans
o the deadline for drawing up the first recovery plans and how often they shall be updated
o where appropriate, the content and individual data of the required information
CIFs representing a significant share of the financial system in the Republic must prepare the recovery
plans based on the provisions of the legislation. The operations of a CIF are considered to represent
a significant share of the financial system in the Republic, if any of the following conditions are met:
o the total value of its assets exceeds €30 billion, or
o the percentage of its total assets in relation to the GDP of the Member State of establishment
exceeds 20%, unless the total value of its assets does not exceed €5 billion
Page 232 of 334

2. Intra-Group Financial Support
Learning Objective
Ø Know requirements relating to intra-group financial support (Article 11)
Institutions that are part of a union parent undertaking may enter into an agreement to provide intra-
group financial support where the party that receives the support meets the conditions for early
intervention in line with the recovery plan and the regulations. Institutions may provide financial
support to any group entity in financial difficulties without a financial agreement if the institution
decides to do so on a case-by-case basis according to group policies and the support does not
represent a risk for the whole group. The group financial support agreement may cover any
combination of entities that are part of the group (eg, parent to subsidiary and subsidiary to
subsidiary). The agreement needs to specify the principles for the calculation of the consideration for
any transactions made under it whereas the consideration will be set at the time of the provision of
financial support. The intra-group financial agreement needs to comply with the following:
1. Each party freely enters into the agreement.
2. Each party must act in their own best interest.
3. Each party providing support needs to have full disclosure of all relevant information from
the recipient.
4. The consideration may take into account inside information.
5. The calculations for consideration do not take into account any anticipated temporary
impact on market prices.
Intra-group financial agreements are approved by CySEC only if none of the parties complies with the
conditions for early intervention outlined in section 3 below.
3. Early Intervention
Learning Objective
Ø Know measures for early intervention (Article 18)

Ø Understand the appointment of: special administrators (Article 46 of Law 22(I)/2016 of
the Central Bank of Cyprus); temporary administrator (Articles 20–21)
Page 233 of 334

Edition B.Ad.1 / EN
A CIF may infringe the own funds requirements as a result of a rapidly deteriorating financial
condition, deteriorating liquidity, increasing levels of leverage, non-performing loans, or
concentration of exposures. This is typically assessed on the basis of a set of triggers including, for
example, own funds
+1.5%. In the event that the CIF infringes, or is due to infringe, the own funds requirement CySEC may
require the management of the CIF to update its recovery plan if the triggers are not yet described in
the current recovery plan. CySEC may also require the management body to examine the situation
and to identify measures to overcome any problems identified by means of a clear action plan,
including a timetable for implementation. In addition, CySEC may require the following:
1. A meeting of shareholders to be convened with immediate effect.
2. One or more members of the management body or senior management to be removed or

replaced.
3. A plan to be drawn up for negotiation of debt restructuring.
4. Changes to the CIF’s business strategy.
5. Changes to the legal and operational structure.
Finally, CySEC may undertake on-site inspections and provide all the necessary information to the
resolution authority to update the resolution plan and prepare for the possible resolution of the CIF,
and the valuation of the assets and liabilities.
3.1. Administrators
Two types of administrators can be appointed:
• a special administrator
• a temporary administrator
A special administrator is appointed by the resolution authority for a period not exceeding one year,
and assumes the management of the institution. The resolution authority may appoint one or more
persons, strictly based on professional experience, knowledge of banking-related issues, and personal
criteria to ensure the suitability of the appointed person(s). During their term they shall not engage
in any other employment unless this is specifically approved by the resolution authority. The special
administrator will exercise their duties with diligence, professionalism, integrity, discretion and
confidentiality. Their remuneration will be borne by the institution. They shall have access to any data
Page 234 of 334
or information concerning the institution and may, at their discretion:
• increase the capital of the institution
• reorganise the ownership structure
• restrict the scope of operations
• revise or abolish policies and strategic decisions
• revise business services and policies related to granting advances and/or accepting and
attracting deposits
• restrict and/or forbid individual transactions, classes of transactions or specific investments
• remove or replace members of the management body and senior executive director
• maintain specific levels of prudential liquidity and own funds
• allow take-overs by institutions that are financially and organisationally sound, and
• adopt any other measure or actions, or omit any specific actions.
Upon approval from the resolution authority, they may also appoint or place personnel in any organic
or administrative post, and hire external legal or financial consultants, or consultants of any other
professional capacity or qualifications. A full report will be submitted to the resolution authority
within 30 days of the appointment of the special administrator including, among other things, an
updated balance sheet, an assessment of the effectiveness of the resolution measures, and a list of
assets categorised by degree of risk.
A temporary administrator is appointed by CySEC for a period not exceeding one year in the event
that the replacement of senior management is deemed insufficient. They can either temporarily
replace or work with the CIF’s management body. On the basis of want is proportionate given the
circumstances, CySEC specifies their powers at the time of the appointment, and limits their role and
duties. Where the temporary administrator works with the CIF’s management, CySEC will further
clarify the role, duties and powers, as well as any requirements for the CIF’s management body to
consult with, or obtain consent from the temporary administrator. Unless the temporary
administrator does not have the power to represent the CIF, all appointments of temporary
administrators will be made public. It is the responsibility of CySEC to ensure that the temporary
administrator has the appropriate qualifications, ability and knowledge. CySEC has executive powers
to appoint and remove any temporary administrator at any time, or to vary their terms of
appointment; in addition, they may require certain acts to be preapproved by them. CySEC is
responsible for determining whether the conditions are appropriate to maintain a temporary
administrator, and will justify their decision to the CIF’s shareholders.
Page 235 of 334

Edition B.Ad.1 / EN
4. Resolution
Learning Objective
Ø Know the resolution tools: the sale of operations measures (Article 48 of L.22(I)/2016 CBC);
the measure to transfer assets, rights or liabilities to a bridge institution (Article 50 of
L.22(I)/2016 CBC); the measure to transfer assets and rights to an asset management
company (Article 52 of L.22(I)/2016 CBC); the bail-in measure (Article 53 of L.22(I)/2016 CBC)
Ø Know the special resolution requirements: the sale of business measure (Article 23); the asset
transfer measure (Article 24); treatment of shareholders in case of write down or conversion
of capital instruments (Article 25); classification of mutual requirements (Article 41(A))
The resolution tools are outlined in Law 22(I)/2016 (the resolution of credit institutions and
investment firms law 2016) of the Central Bank of Cyprus (CBC).
The Central Bank of Cyprus acts as the resolution authority and has the following measures available:
1. Sale of business – a mechanism to transfer, by the resolution authority, shares or other

instruments of ownership issued by an institution under resolution, or assets, rights or
liabilities of an institution under resolution to an acquirer that is not a bridge institution.
2. Transfer of assets to a bridge institution – a mechanism to transfer, by the resolution

authority, assets, rights or liabilities to a bridge institution; also referred to as the asset
separation tool.
3. Transfer of assets to an asset management company – a mechanism for effecting a transfer

by the resolution authority of assets, rights or liabilities of an institution under resolution to
an asset management company
4. Bail-in – a mechanism for the exercise by the resolution authority of the write-down and
conversion powers in relation to liabilities of an institution under resolution
5. Write down or conversion – a mechanism to write down and convert capital instruments;
common equity tier 1 will be written down, and additional tier 1 and tier 2 will be written
down or converted into common equity tier 1 capital.
For the resolution of CIFs and of other supervised entities, special requirements apply according to
the legal provisions of Law 20(I)/2016.
Sale of business: In the event of the sale of a business tool by the resolution authority, CySEC needs
to check whether the acquirer of the business has the appropriate authorisation to undertake the
business. CySEC will ensure that an application for authorisation associated with the sale of the
enterprise will be considered in a timely manner.
Page 236 of 334

In the event that the transfer of shares or other financial instruments results in the acquisition or
increase of a qualifying holding in a CIF, CySEC will carry out the appropriate assessments in a timely
manner so as not to delay the resolution. In the event that CySEC has not finalised their assessment
by the date of transfer, the transfer will take place with immediate effect, but the voting rights of the
acquirer will be suspended until the assessment is complete. CySEC will promptly finalise their
assessment and will notify the resolution authority and the acquirer whether they oppose or approve
the transfer.
Transfer of assets: CySEC may grant permission for the establishment of a bridge institution without
complying with the Investment Services and Activities and Regulated Markets Law for a short period
of time so that assets can be separated from the institution in resolution. The authorisation will
stipulate for which period the bridge institution is waived from complying to the requirements of the
law.
Bail-in: In the event that CySEC has not completed the assessments required in relation to
shareholders in bail-in, write-down or conversion on the date of application, the transfer will be made
with immediate legal effect, but voting rights will be suspended during the assessment period.
Insolvency proceedings: During the normal insolvency proceedings of a CIF, the provisions for the
verification and classification of claims of article 300 of the Companies Law are applied. In the cases
of unsecured claims, the special provisions of the mentioned Law are followed.
5. Procedural Obligations
Learning Objective
Ø Know the notification requirements pertaining to the expected and actual failure of a CIF
(article 29)
CySEC needs to be notified when it is considered that a CIF is failing, or is likely to fail. They shall, in
turn, notify the relevant resolution authorities including any crisis prevention measures or actions. In
the event that CySEC determines that the conditions for resolution are met, they will inform the
following:
• The resolution authority and the competent authority of the entity and any branch of the
entity.
• The CBC and the competent central bank of the member state (if applicable.
• An appropriate deposit guarantee scheme.
• A body in charge of resolution financing arrangements.
Page 237 of 334

Edition B.Ad.1 / EN
• The group-level resolution authority (if applicable).
• The minister or competent ministry in the member state (if applicable).
• A consolidating supervisor.
• The European Systemic Risk Board (ESRB), and the designated national macro-prudential
authority.
At all times, the appropriate level of confidentiality needs to be maintained and alternatives may need
to be considered for the deposit guarantee scheme and the resolution financing agreement if
confidentiality cannot be ensured.
6. Cross-Border Group Resolution
Learning Objective
Ø Know how the law facilitates cross-border resolution: resolution colleges (Article 33);
cooperation with third country authorities (Article 34); exchange of confidential information
(Article 35)
In its capacity of consolidating supervisor, CySEC performs the following tasks in a resolution college:
1. The exchange of information that is relevant to the development of group resolution plans
including preparatory and preventative powers.
2. The coordination of the public communication of group resolution strategies and schemes.
CySEC will be a member of the resolution college, of which the resolution authority is also a member,
and may be accompanied by a representative of the Central Bank of Cyprus.
CySEC may enter into a memorandum of cooperation with the following third-county authorities:
1. For union subsidiaries established in two or more member states: the relevant authorities of
the third-country where the parent undertaking is established.
2. For an institution operating branches in two or more member states: the relevant authorities
of the third country where the institution is established.
3. For an institution established in a member state with a subsidiary or significant branch in

another member state: the relevant authorities of the third countries where those
subsidiaries are established
4. For institutions for which a subsidiary or significant branch in another member state has
Page 238 of 334
established one or more branches in one or more third countries, the relevant authority of
the third countries where the branches are located.
The framework cooperation agreement establishes the processes and arrangements between the
participating authorities for the sharing of information and for carrying out some, or all, the following:
1. The development of resolution plans.
2. The assessment of resolvability.
3. The application of powers to address or remove impediments to resolvability.
4. The application of early intervention measures.
5. The application of resolution powers (or equivalent).
CySEC may enter into bilateral or multilateral arrangements, and will notify the European Banking
Authority (EBA) of any cooperation arrangements concluded.
As part of a resolution, CySEC will exchange confidential information with third-country authorities,
but only if the professional secrecy standards in the third country are at least equivalent to the EU
standards and any personal data is governed by the applicable Union and national data protection
law. Information will only be shared if it is necessary for the performance of the resolution functions
under national law which are comparable to law 20(I)/2016, and is not used for any other purpose.
Information originated in another member state will not be disclosed by CySEC to a third-country
unless the relevant authority of the member state has agreed and the information is disclosed only
for the original purpose.
Information is considered confidential if it is subject to confidentiality requirements under Union law.
Page 239 of 334

Edition B.Ad.1 / EN
1. List the three main aims of EMIR.

2. List the components of a recovery plan.

Answer reference: Sections 1.
3. Should a recovery plan assume access to extraordinary public financial support?

4. What are the requirements that intra-group financial agreements need to apply with?
5. What may CySEC require for early intervention?

6. Which tools can be used for the resolution of a CIF?

7. List those who need to be informed in case of the failure of a CIF.

8. With which third-county authorities may CySEC enter into a memorandum of cooperation?
Page 240 of 334

Chapter 12
Prospectus Regulation
Learning Objectives
1. Subject Matter and Scope of the Regulation

2. Requirements and Exemptions
3. Drawing up of the Prospectus
4. Approval and Publication of the Prospectus
5. Administrative Sanctions and other Administrative Measures
Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 determines
the requirements for the preparation, approval and distribution of the prospectus to be published
when securities are offered in the public or are admitted to trading on a regulated market in a
Member State. CySEC is the competed authority in the Republic for the performance of the duties
provided by the Regulation as well as for the assurance of its implementation.
Following the full implementation of the Regulation in the Republic on 21 July 2019, Law 114(I)/2005,
which outlines the conditions for making an offer to the public of securities and on the prospectus to
be published when securities are offered to the public or admitted to trading on a regulated market,
is pending for repeal and will be replaced with a new Law related to CySEC’s powers and
responsibilities, responsibilities related to the prospectus, administrative sanctions and other
administrative matters.
Until the enactment of the new Law, the following provisions of Law 114(I)/2015 are in effect:
o Article 4(3)(e) on the obligation to publish a prospectus
o Articles 20 to 24 on the liability for the prospectus
o Article 43 on the fees charged by the supervisory authority of the host Member State
o CySEC Directive (RAD 270/2016) on the language of a Prospectus
Page 241 of 334

Edition B.Ad.1 / EN
1. Subject Matter and Scope of the Regulation
Learning Objective
Ø Know the subject matter and scope of the Regulation (Article 1)
The Regulation lays down requirements for the drawing up, approval and distribution of the
prospectus to be published when securities are offered to the public or are admitted to trading on a
regulated market situated or operating within a Member State.
The Regulation does not apply to the following types of securities:
- units issued by collective investment undertakings other than the closed-end type
- non-equity securities issued by a Member State or by one of a Member State’s regional or

local authorities, by public international bodies of which one or more Member States are
members, by the European Central Bank or by the central banks of the Member States
- shares in the capital of central banks of the Member States
- securities unconditionally and irrevocably guaranteed by a Member State or by one of a

Member State’s regional or local authorities
- securities issued by associations with legal status or non-profit-making bodies, recognized by

a Member State, for the purposes of obtaining the funding necessary to achieve their non-
profit-making objectives
- non-fungible shares of capital whose main purpose is to provide the holder with a right to
occupy an apartment, or other form of immovable property or a part thereof and where the
shares cannot be sold on without that right being given up
Also, the Regulation does not apply to an offer of securities to the public with a total consideration in
the Union of less that €1,000,000 which is calculated over a period of 12 months.
Page 242 of 334

2. Requirements and Exemptions
Learning Objectives
Ø Understand the requirements for publishing a prospectus (Article 3)

Ø Know the exemptions to the obligation to publish a prospectus (Article 4)
2.1. Requirements
It’s not permitted to make a public offer of securities or admit securities to trading on a regulated
market situated or operating within a Member State without prior publication of a prospectus which
has been drawn in accordance with the provisions of the Regulation. In the events that the type of
security is exempted from the Regulation or the obligation to publish a prospectus is waived, a
prospectus may be drawn voluntarily.
2.2. Exemptions from the Obligation to Publish a Prospectus
The obligation to publish a prospectus is not applied to any of the following types of offers of securities
to the public:
o an offer of securities addressed solely to qualified investors
o an offer of securities addressed to fewer than 150 natural or legal persons per Member
State, other than qualified investors
o an offer of securities whose denomination per unit amounts to at least €100,000
o an offer of securities addressed to investors who acquire securities for a total

consideration of at least €100,000 per investor, for each separate offer
o shares issued in substitution for shares of the same class already issued, if the issuing of
such new shares does not involve any increase in the issued capital
o securities offered, allotted or to be allotted in connection with a merger or division,

provided that a document is made available to the public that contains information to
describe the transaction and its impact on the issuer
o dividends paid out to existing shareholders in the form of shares of the same class as the
shares in respect of which such dividends are paid, provided that a document is made
Page 243 of 334

Edition B.Ad.1 / EN
available containing information on the number and nature of the shares and the reasons
for and details of the offer
o securities offered, or to be allotted to existing or former directors or employees by their

employer or by an affiliated undertaking provided that a document is made available
containing information on the number and nature of securities and the reasons for and
details of the offer or allotment
o non-equity securities issued in a continuous or repeated manner by a credit institution,

where the total aggregated consideration in the Union for the securities offered is less
that €75,000,000 per credit institution calculated over a period of 12 months, provided
that those securities are not subordinated, convertible or exchangeable and do not give
a right to subscribe for or acquire other types of securities and are not linked to a
derivative instrument
o an offer of securities, whose total consideration for such offer in the European Union is
less than €5,000,000, which limit must be calculated over a period of 12 months, provided
that such offer is not subject to notification in accordance with the Regulation (Article
4(3)(e) L.114/2005)
The obligation to publish a prospectus is not applied to the admission to trading on a regulated market
of any of the following:
o o securities fungible with securities already admitted to trading on the same regulated
market, provided that they represent, over a period of 12 months, less than 20% of the
number of securities already admitted to trading on the same regulated market
o o shares resulting from the conversion or exchange of other securities or from the
exercise of the rights conferred by other securities, where the resulting shares are of the
same class as the shares already admitted to trading on the same regulated market,
provided that the resulting shares represent, over a period of 12 months, less than 20%
of the number of shares of the same class already admitted to trading on the same
regulated market
o o securities resulting from the conversion or exchange of other securities, own funds,
or eligible liabilities by a resolution authority
o o shares issued in substitution for shares of the same class already admitted to trading
on the same regulated market, where issuing of such shares does not involve any increase
in the issued capital
o o securities offered in connection with a takeover by means of an exchange offer,

provided that a document is made available to the public containing information
describing the transaction and its impact on the issuer
o o securities offered, allotted or to be allotted in connection with a merger or a division,

Page 244 of 334
provided that a document is made available to the public containing information

describing the transaction and its impact on the issuer
o o shares offered, allotted or to be allotted free of charge to existing shareholders, and

dividends paid out in the form of shares of the same class as the shares in respect of which
such dividends are paid, provided that the said shares are of the same class as the shares
already admitted to trading on the same regulated market and that a document is made
available containing information on the number and nature of the shares and the reasons
for and details of the offer or allotment
o o securities offered, allotted or to be allotted to existing or former directors or

employees by their employer or an affiliated undertaking, provided that the said
securities are of the same class as the securities already admitted to trading on the same
regulated market and that a document is made available containing information on the
number and nature of the securities and the reasons for and details of the offer or
allotment
o o non-equity securities issued in a continuous or repeated manner by a credit

institution, where the total aggregated consideration in the Union for the securities
offered is less that €75,000,000 per credit institution calculated over a period of 12
months, provided that those securities are not subordinated, convertible or exchangeable
and do not give a right to subscribe for or acquire other types of securities and are not
linked to a derivative instrument
o o securities already admitted to trading on another regulated market, subject to

specific conditions
3. Drawing up of the Prospectus
Learning Objectives
Ø Understand the general provisions related to drawing up of the prospectus: the context
of the prospectus (Article 6); the prospectus summary (Article 7); supplements to the
prospectus (Article 23); the base prospectus (Article 8); the universal registration
document (Article 9); the validity period (Article 12)
Ø Know the EU growth prospectus (Article 15) and the Simplified Disclosure Regime for
Secondary Issuances (Article 14)
Ø Understand CySEC’s Directive DI114-2005-01 on the language of a prospectus (RAD

270/2016)
Ø Understand the responsibility of the persons signing the prospectus (Articles 20 – 24,
L.144(I)/2005)
Page 245 of 334

Edition B.Ad.1 / EN
3.1. General Provisions for the Drawing Up of the Prospectus
The issuer, offeror or person asking for the admission to trading on a regulated market may draw up
the prospectus as a single document or as separate documents.
A prospectus must contain information which is essential to an investor to make an informed

assessment of:
o the assets and liabilities, profits and losses, financial position, and prospects of the issuer
and any guarantor
o the rights attaching to the securities, and
o the reasons for the issuance and its impact on the issuer
A prospectus which is drawn up as separate documents must include:
o A registration document which contains information relating to the issuer
o A securities note which contains information concerning the securities offered to the
public or to be admitted to training on a regulated market
o A summary which provides key information that investors need to understand the nature
and risks of the issuer, the guarantor and the securities that are being offered or admitted
to trading on a regulated market. A summary is not required when the prospectus related
to the admission to trading on a regulated market of non-equity securities, provided that:
- such securities are to be traded only on a regulated market, or a specific segment

thereof, to which only qualified investors can have access for the purposes of
trading in such securities
- such securities have a denomination per unit of at least €100,000
The content of the prospectus summary must be accurate, fair and clear and must not be misleading.
The prospectus summary is read as an introduction to the prospectus and must be consistent with
the other parts of the prospectus. It is drawn up as a short document, is presented and laid out in a
way that is easy to read and is written with characters of readable size. It is also written in a language
and style that facilitate the understanding of the information, in particular, in a language that is clear,
non-technical, concise and comprehensible for investors. The summary is made up of the following
four sections:
o an introduction, containing warning
o key information on the issuer

Page 246 of 334
o key information on the securities
o key information on the offer of securities to the public and/or the admission to trading
on a regulated market
Every significant new factor, material mistake or material inaccuracy relating to the information
included in a prospectus which may affect the assessment of the securities and which arises or is
noted between the time when the prospectus is approved and the closing of the offer period or the
time when trading on a regulated market begins, whichever occurs later, must be mentioned in a
supplement to the prospectus without undue delay. Such a supplement is approved in the same way
as a prospectus and in a maximum of five working days.
Base prospectus: For non-equity securities, including warrants in any form, the prospectus may, at
the choice of the issuer, offeror or person asking for the admission to trading on a regulated market,
consist of a base prospectus containing the necessary information concerning the issuer and the
securities offered to the public or to be admitted to trading on a regulated market. A base prospectus
must include the following information:
o a template, entitled ‘form of the final terms’, to be filled out for each individual issue and
indicating the available options regarding the information to be determined in the final
terms of the offer
o the address of the website where the final terms will be published
A base prospectus may be drawn up as a single document or as separate documents and will include
a summary once the final terms are included in the base prospectus, or in a supplement, or have been
filed.
Universal registration document: Any issuer whose securities are admitted to trading on a regulated
market or an MTF may draw up every financial year a registration document in the form of a universal
registration document describing the company’s organisation, business, financial position, earnings
and prospects, governance and shareholding structure. An issuer that chooses to draw up a universal
registration document every financial year shall submit it for approval to CySEC or the competent
authority of its home member state. In the event where the issuer has had a universal registration
document approved for two consecutive financial years, subsequent universal registration documents
may be filed with the competent authority without prior approval. The issuer may also file any
amendments. The universal registration document(s) and their amendments must comply with the
format and language provided in the Regulation. Issuers who meet the conditions to have the status
of frequent issuers, and whose prospectus consists of separate documents, can benefit from a faster
approval process which is reduced to 5 working days.
Validity periods: A prospectus, whether a single document or consisting of separate documents, will
be valid for 12 months after its approval for offers to the public or admissions to trading on a regulated
market. Where a prospectus consists of separate documents, the period of validity begins upon
approval of the securities note. A registration document which has been previously approved will be
Page 247 of 334

Edition B.Ad.1 / EN
valid for use as a constituent part of a prospectus for 12 months after its approval. A universal
registration document will be valid for use as a constituent part of a prospectus for 12 months after
its approval.
The European Commission may adopt delegated acts to supplement the Regulation regarding the
format of the prospectus, the base prospectus and the final terms as well as the information
contained in both the prospectus and the universal registration document.
3.2. Simplified Disclosure Regime and EU Growth Prospectus
The following persons may choose to draw up an EU Growth prospectus under the proportionate
disclosure regime in the case of an offer of securities to the public, provided that they have no
securities admitted to trading on a regulated market:
1. SMEs
2. issuers, other than SMEs, whose securities are traded or are to be traded on an SME growth
market capitalisation of less than €500,000 on the basis of end-year quotes for the previous
three calendar years
3. issuers, other than those above, where the offer of securities to the public is of total
consideration in the Union that does not exceed €20,000,000 calculated over a period of 12
months, and provided that such issuers have no securities traded on an MTF and have an
average number of employees during the previous financial year of up to 499
4. issuers, other than SMEs, offering shares to the public at the same time as seeking admission
of those shares to trading on an SME growth market, provided that such issues have no
shares already admitted to trading on an SME growth market and the combined value of (a)
the final offer price, or the maximum price, and (b) the total number of shares outstanding
immediately after the share offer to the public, is less than €200,000,000
5. offerors of securities issued by issuers referred to in points 1 and 2 above.
An EU Growth prospectus under the proportionate disclosure regime is a document of a standardised

format, written in a simple language and which is easy for issuers to complete.
The following persons may choose to draw up a simplified prospectus under the simplified disclosure
regime for secondary issuances, in the case of an offer of securities to the public or of an admission
to trading of securities on a regulated market:
1. issuers whose securities have been admitted to trading on a regulated market or an SME
growth market continuously for at least the last 18 months and (a) who issue securities
fungible with existing securities which have been previously issued, or (b) who issue non-
Page 248 of 334

equity securities or securities giving access to equity securities fungible with the existing
equity securities of the issuer already admitted to trading
2. offerors of securities admitted to trading on a regulated market or an SME growth market

continuously for at least the last 18 months
3. issuers whose securities have been offered to the public and admitted to trading on an SME
growth market continuously for at least 2 years, and who have fully complied with the
reporting and disclosure obligations throughout the period of being admitted to trading, and
who seek admission to trading on a regulated market of securities fungible with existing
securities which have been previously issued
The EU Growth prospectus as well as the simplified prospectus consist of a specific summary, a specific
registration document and a specific securities note.
3.3. Language
According to CySEC’s Directive (R.A.D. 270/2016), the Greek language is the accepted language in the
following cases:
a. In the prospectus draw up, where it is related to a public offering made only in the Republic
or for the listing of securities for trading only on the Stock Exchange or in another regulated
market operating in the Republic and the Republic is the home member state
b. In the prospectus availability, where the home member state is not the Republic and the
securities for which a prospectus is drawn up are publicly offered in the Republic or are to
be admitted to trading on a regulated market of the Republic
c. In the prospectus draw up, where the home member state is the Republic and the securities
are offered exclusively in another member state or their listing is admitted for trading
exclusively on the regulated market of another member state
d. In the prospectus draw up and publication, where it is related to a public offering made in
the Republic and at the same time in another member state, or the securities are admitted
for trading on the Stock Exchange or in another regulated market in the Republic and at the
same time in a regulated market of another member state and where the Republic is the
home member state
e.
In the events referred to (a) and (d), the use of the English language is permitted provided that it does
not involve a public offering in the Republic or in another member state and the issuer has a registered
office in another member state or in a third country.
Page 249 of 334

Edition B.Ad.1 / EN
3.4. Responsibility of Signatories
The issuer, offeror or person asking for the admission of securities to trading on a regulated market,
as the case may be, must sign the prospectus. In the event that the offeror or person asking for the
admission of securities to trading on a regulated market are legal persons, the prospectus must be
signed by the representative(s) and at least three executive members of the Board of the issuer. In
the case of a person asking for the admission of securities to trading on a regulated market, it is also
required by the President of the Board and the Managing Director(s) to sign the prospectus. The
prospectus is also signed by the persons responsible for providing the information. The signatories
are responsible to the accuracy, completeness, clarity and update of the prospectus. All natural and
legal persons signing the prospectus must give a statutory declaration and must exercises in due care
in its preparation. The signatories are fully liable to investors for any loss they have sustained due to
any omissions or imprecisions in the prospectus.
In the event of claims for damages against the prospectus signatories, the burden of proof for the
accuracy, completeness, clarity and update the prospectus or the lack of liability as to any errors in
the prospectus, lies with the persons signing the prospectus. The persons who submitted the
summary note and any of its translations, and asked for its publication or its notification, bear civil
liability only if the said note is misleading, inaccurate or inconsistent when read together with the
main part of the prospectus. No liability arises solely on the basis of the summary note.
Any claim pursuant against the persons signing the prospectus bears a statutory bar of two years from
the date the securities were made available or were admitted to trading on a regulated market. In
case of malicious intention by the persons signing the prospectus, the statutory bar does not apply.
In the event that the persons who must sign the prospectus is not the issuer of the securities offered
to the public nor the maker of the application for admission to trading on a regulated market, the
issuer:
- at the request of the offeror or the person asking for the admission to trading, must make
available to them, at their expense, all relevant information by law necessary for the
preparation of the prospectus, and
- may take a written stand as to the accuracy, completeness, clarity and update of the
prospectus which is submitted for approval.
In every public offer that takes place in the Republic, an underwriter participates who will be
responsible for at least the collection of the purchase value of the securities offered. The underwriter
cares for the safe keeping of the funds paid by the participants to the public offer and ensures that
they are made available to the offeror the soonest alongside with the allotment of the offered
securities to the investors who participated to the public offer.
Additionally, an underwriter must participate in the prospectus draw up and bears responsibility
towards it as well as must be a signatory party. An underwriter responsible for the drawing up of the
prospectus is responsible to its accuracy, completeness, clarity and update, and aims at providing
Page 250 of 334

information that is true, fair and objective. The underwriter responsible for the preparation of the
prospectus is also responsible against the investors, who acquired securities based on erroneous,
deficient or insufficient information. If the underwriter is not responsible for the deficiencies of the
prospectus, will not be held liable.
Any person who, within his/her professional duties, issues any type of statements which constitute a
base for the preparation of the prospectus and the reports contains therein, or is prepared in order
to be taken into account for the preparation of the prospectus, must exercise due care in order to
ensure the accuracy, completeness and clarity of the said statements. Provided that the statements
are mentioned in the prospectus, their author is responsible against the investors for any loss they
may sustain related to any inaccuracies or omissions due to deficiencies in the said statements.
CySEC may allow certain information, that must be included in the prospectus or its components, to
be omitted if:
- The disclosure of such information would be against the public interest
- The disclosure of such information would seriously harm the interests of the issuer or
guarantor, provided that an omission of such information would not mislead the public
- The information is of a minor importance
4. Approval and Publication of the Prospectus
Learning Objectives
Ø Understand the approval procedure (Articles 20, 24, and 28); the publication
procedure (Article 21); and the advertisements (Article 22)
4.1. Approval, Publication and Advertising
A prospectus must not be published unless the related competent authority has approved it and,
where applicable, all its constituent parts. Where the Republic is home member state, the prospectus
is approved by CySEC.
The competent authority will notify the issuer, the offeror or the person asking for admission to
trading on a regulated market of its decision regarding the approval of the prospectus within 10
working days of the submission of the draft prospectus. If the prospectus related to a public offer by
an issuer that does not have any securities admitted to trading on a regulated market and has not
previously offered securities to the public, the notification is extended to 20 working days. The
Page 251 of 334

Edition B.Ad.1 / EN
competent authority will notify ESMA accordingly within 1 working day after approval has been given.
When an offer of securities to the public or admission to trading on a regulated market occurs in one
or more Member States, or in a Member State other than the home Member State, the prospectus
approved by the home Member State and any supplements thereto will be valid for the offer to the
public or the admission to trading in any number of host Member States, provided that ESMA and the
competent authority of each host Member State are notified according to the related provisions of
the Regulation.
Where a third country issuer intends to offer securities to the public in the Union or to seek admission
to trading of securities on a regulated market established in the Union under a prospectus drawn up
in accordance with the Regulation, it must obtain approval of its prospectus from the competent
authority of its home Member State. Once a prospectus is approved, it entails all the rights and
obligations provided for a prospectus and both the prospectus and the issuer are subject to all the
regulatory provisions under the supervision of the competent authority of the home Member State.
The competent authority of the home Member State of a third country issuer may approve a
prospectus for an offer of securities to the public or for admission to trading on a regulated market,
that is drawn up in accordance and is subject to the national laws of the third country issuer, provided
that:
- the information requirements imposed by the third country laws are equivalent to the
requirements of the Regulation, and
- the competent authority of the home Member State has concluded cooperation
arrangements with the relevant supervisory authorities of the third country issuer in
accordance with the related provisions of the Regulation
Once the prospectus is approved, it must be made available to the public by the issuer, the offeror or
the person asking for admission to trading on a regulated market, at a reasonable time in advance of,
and the latest at the beginning of, the offer to the public or the admission to trading of the securities
involved.
In the case of an initial offer to the public of a class of shares that is admitted to trading on a regulated
market for the first time, the prospectus must be made available to the public at least six working
days before the end of the offer.
The competent authority of the home Member State publishes on its website all the prospectuses
approved or at least the list of the prospectuses approved, including a hyperlink to the dedicated
website sections as well as an identification of the host Member State(s) where prospectuses are
notified. In addition, ESMA manages the European electronic database which contains all the
prospectuses approved in the European Economic Area. All approved prospects remain publicly
available in electronic form for at least ten years after their publication.
Any advertisement relating either to an offer of securities to the public or to an admission to trading
on a regulated market must comply with the principles and related provisions of the Regulation.
Page 252 of 334

Advertisements must state that a prospectus has been or will be published, and indicate where
investors are or will be able to obtain it. The information contained in an advertisement must not be
inaccurate or misleading and must be consistent with the information contained in the prospectus or,
where a prospectus has not been published yet, the information required to be in the prospectus.
5. Administrative Sanctions and Other Administrative

Measures
Learning Objectives
Ø Know the administrative sanctions and other administrative measures (Articles 38 – 43)
5.1. Administrative Sanctions and Other Administrative Measures
Member States must ensure that competent authorities have the power to impose administrative
sanctions and take other appropriate administrative measures which shall be effective, proportionate
and dissuasive in the events of non-compliance with the provisions of the Regulation or of a failure to
cooperate or comply in an investigation, inspection or other related requests. Member States may
provide for additional sanctions or measures and for higher levels of administrative pecuniary
sanctions that those provided in the Regulation. However, Member States must ensure that decisions
taken under the Regulation are properly reasoned and subject to a right of appeal before a tribunal.
The competent authorities have the power to impose at least the following administrative sanctions
and other administrative measures related to infringements:
- a public statement indicating the natural person or legal entity responsible and the nature of
the infringement
- an order requiring the natural person or the legal entity responsible to cease the conduct
constituting the infringement
- maximum administrative pecuniary sanctions of at least twice the amount of the profits
gained or losses avoided because of the infringement, where those can be determined
- in the case of a legal person, maximum administrative pecuniary sanctions of at least

€5,000,000, or the corresponding value in the national currency, or 3% of the total annual
turnover of that legal person according to the last available financial statements approved by
the management body
Page 253 of 334

Edition B.Ad.1 / EN
- in the case of a natural person, maximum administrative pecuniary sanctions of at least

€700,000, or the corresponding value in the national currency
Competent authorities establish effective mechanisms to encourage and enable reporting of actual
or potential infringements, including:
- specific procedures for the receipt of reports of actual or potential infringements and their
follow-up, including the establishment of secure communication channels for such reports
- appropriate protections for employees working under a contract of employment who report
infringements at least against retaliation, discrimination and other types of unfair treatment
by their employer or third party
- protection of the identity and personal data of both the person who reports the infringements
and the natural person who is allegedly responsible for an infringement, at all stages of the
procedure unless such disclosure is required by national law in the context of further
investigation or subsequent judicial proceedings
- member states may provide for financial incentives to persons who offer relevant information
about actual or potential infringements
A decision imposing an administrative sanction or other administrative measure for infringement of

the Regulation will be published by competent authorities on their official websites immediately after
the person subject to that decision has been informed of the decision.
Page 254 of 334

1. In which cases is required to draw up a prospectus?

2. Which documents must be included in a prospectus consisting of separate documents?
3. Which persons may issue an EU Growth prospectus and which a simplified prospectus?
4. What are the responsibilities of the prospectus signatories?
5. Who approves the prospectus and any supplements?
Page 255 of 334

Edition B.Ad.1 / EN
Chapter 13
Transparency Laws
Learning Objectives
1. Information Reporting Requirements for Issuers

2. Framework of Communication for Issuers and Holders of Securities
3. Shareholder Obligations
The Transparency Requirements (Securities Admitted to Trading on a Regulated Market) Laws of 2007
to 2017 state the transparency requirements for issuers whose securities are admitted to trading on
a regulated market. All articles mentioned in this chapter’s learning objectives relate to consolidation
of the laws 190(I)/2007, 72(I)/2009, 143(I)/2012, 60(I)/2013, 163(I)/2014, 164(I)/2014, 35(I)/2016 and
56(I)/2017.
6. Information Reporting Requirements for Issuers
Learning Objective
Ø Know issuer reporting requirements for periodic information (Articles 9–11 and 14–16)
Ø Know issuer reporting requirements for ongoing information (Articles 17–19, 21, 23–24)
6.1. Periodic Information
Every issuer and their administrative, management or supervisory bodies are responsible for the
preparation and disclosure of the periodic information required. In the event that the information is
not prepared or disclosed, administrative, management or supervisory bodies of the issuer are
personally liable for and are subject to the following administrative sanctions and measures:
Page 256 of 334

a. A public announcement indicating the person(s) responsible for the breach and the nature
of the breach.
b. The person(s) responsible are ordered to cease the activity and to desist from any repetition.
c. The imposition of an administrative fine on a legal person not exceeding e10.000.000 or

twice the amount of profits gained or losses avoided (whichever is higher).
d. The imposition of an administrative fine on a natural person not exceeding e2.000.000 or

twice the amounts of profits gained or losses avoided (whichever is higher).
6.1.1. Annual Financial Report
Issuers need to disclose their annual financial report as soon as possible, but at the latest four months
after the end of the financial year. The annual financial report needs to be available to the public for
at least ten years, and needs to consist of:
1. annual financial statements
2. a management report, and
3. statements made by board of directors, the chief executive officer (CEO) (or equivalent) and
the chief financial officer (CFO) if they are both not members of the board of directors of the
issuer, and a clear indication of their name and function.
Issuers incorporated in accordance with Companies Law, and who do not need to prepare
consolidated financial statements, need to prepare their annual financial statements in accordance
with the provisions in Companies Law. Issuers incorporated in accordance with the law of another
member state, and who do not need to prepare consolidated accounts, need to prepare their annual
financial statements in accordance with the laws of that member state.
Consolidated financial statements comprise of:
1. consolidated accounts drawn up in accordance with Companies Law or Regulation

1606/2002, and
2. the annual accounts of the parent company in accordance with Companies Law, if
incorporated in the Republic, or the law of the member state in which the parent company
is incorporated.
Annual financial statements of issuers incorporated under Companies Law need to be audited by a
person with the necessary qualifications. These persons need to be appointed as auditors and are
subject to international auditing standards. The audit report is signed by the auditor and is fully
Page 257 of 334

Edition B.Ad.1 / EN
disclosed together with the annual financial report. Other issuers need to be audited in accordance
with the laws of their member state. The audit report needs to be signed by the auditor responsible,
and disclosed in full together with the annual financial report. Issuers with a registered office in a
third- country need to prepare accounts of the parent company in accordance with the EU regulation
on consolidated accounts.
For issuers incorporated under Companies Law, the management report is drawn up in accordance
with the relevant sections of Companies Law. For other issuers, the management report is drawn up
in accordance with the laws of their member state. For issuers whose registered office is in a third-
country, the management report is prepared in accordance with the appropriate regulations. The
annual financial statements include statements by the auditors to the effect that, to the best of their
knowledge, the annual financial statements have been prepared in accordance with the applicable
accounting standards and give a true and fair view of the financial position of the firm. The
management report includes a fair review of the development and performance of the business, the
position of the issuer and the undertakings included in the consolidated accounts, as well as a
description of the principal risks and uncertainties faced.
6.1.2. Half-Yearly Financial Report
Issuers of shares and debt securities need to disclose a half-yearly financial report as soon as possible,
but at the latest within three months after the end of the first six months of the financial year. This
report needs to be available to the public for a period of at least ten years and comprises of:
1. interim financial statements
2. an interim management report, and
3. statements made by the board of directors, the CEO (or equivalent) and the CFO if they are
both not members of the board of directors of the issuer and a clear indication of their name
and function.
Interim financial statements need to be prepared in accordance with the appropriate International
Financial Reporting Standards (IFRSs). In the event that they are audited or reviewed by an auditor,
this audit or review needs to be produced in full in the half-yearly financial report. In the event that
the half- yearly financial statements have not been audited, or that the auditor has refused to issue
their report, this needs to be reported in the interim report.
The interim management report must include, at a minimum:
a. a detailed and extended economic analysis of the results so that readers will be able to assess
and evaluate the course of the results during the period
b. a declaration of any income from non-recurring or extraordinary activities of the issuer
Page 258 of 334

c. a comparative economic analysis of the figures for the period in relation to the previous
corresponding period, this analysis has to be sufficient and extensive in order to identify the
changes and the differences between the results of the two periods
d. an indication of important events that have occurred during the first six months of the
financial year, and their impact on the interim financial statement
e. a description of the principal risks and uncertainties for the remaining six months of the
financial year
f. any other substantial information which affects (could affect) the reader’s assessment or
evaluation of profits and losses for the relevant period or any future periods, the prospects
and trends of the operations and the gain or loss of important contracts or cooperations,
and
g. (for issuers of shares) any related parties’ transactions during the first six months of the
financial year, in accordance with the appropriate IFRSs.
The management statement includes a fair review of the information in points a to g above.
6.1.3. Payments Made to Governments
In preparing the annual and half-yearly accounts, issuers active in the extractive industry or in the
logging of primary forest need to specifically report payments made to governments on a
consolidated basis.
6.1.4. Exemptions
The following issuers are exempt from the publication of yearly and half-yearly financial statements,
disregarding of whether they issue shares or other securities:
1. The Republic or another member state.
2. A regional or local authority of the Republic or of another member state.
3. A public international body of which the Republic or at least another member state is a
member.
4. The European Central Bank (ECB).
5. The Central Bank of Cyprus (CBC).
Page 259 of 334

Edition B.Ad.1 / EN
6. Any other member states’ central bank.
7. The European Financial Stability Facility (EFSF) established by the EFSF framework
agreement and any other mechanism established with the objective of preserving the
financial stability of European Monetary Union (EMU) by providing temporary financial
assistance to the member states whose currency is the euro.
In addition, issuers who exclusively issue debt securities admitted to trading on a regulated market
with a denomination per unit of at least e100.000 (or equivalent) are exempt from the reporting
requirements. Issuers who exclusively issue debt securities that have been admitted to trading on a
regulated market prior to 31 December 2010 are exempt from the reporting requirements for
denominations per unit of at least e50.000 for as long as they are outstanding. For any new debt
securities, a limit of e100.000 will apply.
6.2. Ongoing Information
The following information is subject to ongoing disclosure:
1. The acquisition or disposal of own shares – issuers who (in)directly acquire or dispose of their
own shares need to disclose as soon as possible and at the latest on the next working day,
the total proportion of own shares reaching or exceeding a threshold of 5% or 10% of total
voting rights, calculated on the basis of the total number of shares of the issuer with voting
rights, or where their holding falls below 5% or 10% of total voting rights. The proportion of
shares is calculated on the basis of the total number of shares with voting rights.
2. The total number of acquisition or disposal of voting rights and capital at the end of each
calendar month during which voting rights and/or capital has changed.
3. Notification of voting – issuers need to publish the notification of acquisition or the disposal
of voting rights as soon as possible but at the latest on the next working day.
4. Change in rights – any changes in the rights attached to the various share classes, including
changes in rights attached to derivative securities, need to be disclosed immediately and
without delay. Changes of rights attached to issues other than shares need to be disclosed
immediately and without delay, including changes to the terms and conditions which could
indirectly affect the rights of the holder (eg, changes in loan terms or interest rates).
In the event that an issuer does not comply with the disclosure requirements then the administrative,
management or supervisory bodies of the issuer are presumed personally liable for the omission and
are subject to administrative fines, unless they can prove that the infringement was not due to their
liability, deliberate omission or negligence.
Any issuer who does not comply with the ongoing disclosure requirements for points 1, 3, and 4 above
Page 260 of 334

is subject to the following administrative measures:
a. A public announcement indicating the person(s) responsible for the breach and the nature
of the breach
b. The person(s) responsible are ordered to cease the activity and to desist from any repetition
c. The imposition of an administrative fine on a legal person not exceeding e10.000.000 or

twice the amount of profits gained or losses avoided (whichever is higher)
d. The imposition of an administrative fine on a natural person not exceeding e2.000.000 or

twice the amount of profits gained or losses avoided (whichever is higher).
In relation to a breach of item 2 above, CySEC may impose an administrative fine not exceeding
e85.000 and, in the event of a repetition of the infringement, an amount not exceeding e170.000,
depending on the severity.
7. Framework of Communication for Issuers and Holders of

Securities
Learning Objective
Ø Know issuer obligations relating to shares (Articles 25 and 27)
Ø Know issuer obligations relating to debt securities (Articles 26 and 27)
Any issuer who does not comply with the framework of communication requirements is subject to an
administrative fine not exceeding e85.000 and, in the case of repetition of the infringement, an
administrative fine not exceeding e170.000, depending on the severity.
7.1. Shares
Issuers of shares are obliged to treat all shareholders who are in the same position equally. Their
obligations are as follows:
1. Issuers for whom the Republic is the home member state need to ensure that all necessary
facilities and information is available to enable shareholders to exercise their rights in the
Republic.
2. Ensure that the integrity and safety of data is preserved.
Page 261 of 334

Edition B.Ad.1 / EN
3. Not to prevent the exercise of the rights of the shareholders by proxy.
In addition, share issuers are obliged to provide information on the following:
1. The place, time and agenda of meetings.
2. The total number of shares and voting rights.
3. The rights of shareholders to participate in meetings·
Share issuers need to make available the required proxy form (on paper or electronically) to each
person entitled to vote at a shareholders’ meeting, together with the notice of the meeting and, in
the case of meetings called via announcement without notice to each individual shareholder they
need to:
1. designate a financial institution as its agent for shareholders to exercise their financial rights,
and
2. publish notices or distribute circulars concerning the allocation and payment of dividends or
issuance of new shares, including information of any arrangements for allotment,
subscription, cancellation, or conversion.
Electronic notifications may be used as long as the use of electronic means is taken in a general
meeting of the shareholders and it is not dependent on the residence of the shareholder or their
agent, identification arrangements have been put in place to ensure shareholders or their agents are
effectively informed; written consent has been obtained, and that any costs are determined in
compliance with the principle of equal treatment.
In the event that no objection has been received to the submission by electronic means within a
reasonable period from shareholders, it is presumed that they have consented. At any time in the
future, a shareholder or their agent may request the information to be sent to them in writing.
7.2. Debt Securities
Issuers of debt securities are under the obligation to ensure the equal treatment of all debt securities
holders ranking pari passu, in respect of all the rights attached to those debt securities. Every issuer
has the following obligations:
1. In cases where the Republic is the home member state, ensure all the necessary facilities
and information are available to the Republic to enable debt securities holders to exercise
their rights.
2. To ensure that the integrity and the safety of data is preserved.
Page 262 of 334

3. To not prevent the exercise of the rights by proxy of the debt securities holders. In addition,
every issuer of debt securities is obliged to carry out the following:
4. Publish notices or distribute circulars, concerning:
a. the place, time and agenda of meetings of debt securities holders
b. the payment of interest and the exercise of any conversion, exchange, subscription or
cancellation rights
c. c. repayment, and
d. d. the right of debt securities holders to participate in the meetings.
5. Make available the required proxy form, on paper or electronically to each person entitled
to vote at a debt securities holders’ meeting and, in the case of meetings called via
announcement without notice, to each debt security holder upon request.
6. Designate a financial institution as its agent through which debt securities holders may
exercise their financial rights.
In the event that only the debt securities holders are invited to a general meeting of holders of debt
securities whose denomination per unit is at least e100.000 (or equivalent), the issuer may choose
any member state as venue for the meeting, providing that all the necessary facilities and information
are made available in that member state to enable such holders to exercise their rights. For debt
securities admitted to trading on a regulated market in the EU prior to the 31 December 2010, the
issuer may choose a venue in another member state if only debt security holders are invited whose
domination per unit is at least e50.000 (or equivalent).
Information may be conveyed by electronic means providing that this is not dependent on the
location of the seat or residence of the debt security holder or of their proxy, and identification
arrangements are put in place so that debt securities holders are effectively informed. Debt security
holders need to give written consent to the use of electronic means and any apportionment of the
costs associated with the use of electronic means is determined by the issuer of debt securities, in
compliance with the principle of equal treatment.
In the event that no objection has been received to the submission by electronic means within a
reasonable period from a debt security holder or their proxy, it is presumed that they have consented.
At any time in the future a shareholder or their agent may request the information to be sent to them
in writing.
Page 263 of 334

Edition B.Ad.1 / EN
8. Shareholder Obligations
Learning Objective
Ø Know shareholder threshold notification requirements (Article 28)

Ø Understand exemptions to shareholder notification requirements (Article 29)
Ø Know how the obligations extend to holders of financial instruments (Article 30)
Anyone who acquires shares in an issuer to which voting rights are attached is considered a
shareholder. Notifications of changes in voting rights must be provided to both the issuer and CySEC
if the voting rights held reach or exceed/fall below thresholds of 5%, 10%, 15%, 20%, 25%, 30%, 50%,
or 75% of total voting rights. This obligation exists for initial and subsequent purchases or disposals.
Voting rights are calculated on the basis of all shares of the issuer with voting rights attached on an
aggregate basis, even if the exercise of such rights is suspended. In addition, information of all voting
rights in the same share class needs to be provided.
The following are exempt from the notification:
1. Shares acquired for the sole purpose of the clearing and settling of transactions at the latest
of three working days following the transaction.
2. Custodians holding shares in their custodian capacity, providing that the custodian can only
exercise the voting rights attached to such shares under instructions given in writing or by
electronic means by the beneficiary of the shares.
3. Acquisition or disposal of voting rights by a market maker that reaches or crosses the 5%
threshold of the total voting rights of the issuer, providing that the market maker acts in
their capacity as market maker, and that neither intervenes in the management of the
issuer concerned nor exerts any influence on the issuer to buy such shares or back the share
price.
4. Voting rights held in the trading book of a credit institution or investment firm so long as
the voting rights do not exceed 5% of the total voting rights of the issuer and that the
institution ensures that the voting rights are not exercised nor otherwise used to intervene
in the management of the issuer.
5. Shares provided to, or by, the members of the European System of Central Banks (ESCB) in
carrying out their functions as monetary authorities, including shares provided under a
pledge or repurchase or similar agreement for liquidity granted for monetary policy
purposes or within a payment system, providing that the transactions last for a short period
and that the voting rights attached to such shares are not exercised.
6. Voting rights attached to shares acquired for stabilisation of financial instruments providing
Page 264 of 334

that voting rights are not exercised or otherwise used to intervene in the management of
the issuer.
A person who is entitled to acquire, dispose of or exercise voting rights of the issuer has an obligation
to notify both the issuer and CySEC of the percentage of voting rights held, providing that, as a result
of the acquisition or of the disposal, the exercise, or of the events changing the breakdown of voting
rights of the issuer, percentage reach, exceed or fall below the thresholds noted above and/or in one
or more of the following cases:
1. Voting rights held by a third party with whom that person has concluded an agreement which
obliges the contractual parties to adopt, by concerted exercise of the voting rights they hold,
a lasting common policy towards the management of the issuer.
2. Voting rights held by a third party under an agreement concluded with that person providing
for the temporary transfer for consideration of the exercise of voting rights.
3. Voting rights attaching to shares which are lodged as collateral with that person, providing
that the person controls the voting rights and declares their intention of exercising them.
4. Voting rights attached to shares in which that person has the life interest.
5. Voting rights which are held, or may be exercised within the meaning of points 1–4 above by
an undertaking controlled by that person.
6. Voting rights attached to shares deposited with that person which the person can exercise
at its discretion in the absence of specific instructions from the shareholder.
7. Voting rights held by a third party in their own name on behalf of that person.
8. Voting rights which that person may exercise at their discretion as a proxy of a shareholder
in the absence of specific instructions given from the shareholder.
The circumstances mentioned under point 3 above do not apply to shares provided to, or by, the
members of the ESCB within the framework of carrying out their functions as monetary authorities,
including shares provided to, or by, members of the ESCB within the framework of a pledge or
repurchase or similar agreements for liquidity, granted for monetary policy purposes or within the
framework of a payment system, providing that the transactions are for a short period and providing
that the voting rights attached to such shares are not exercised.
Page 265 of 334

Edition B.Ad.1 / EN
1. List the components of the annual financial report.

2. When does the half-yearly financial report need to be published?
3. Who is exempt from annual and half-yearly financial reports?
4. List the information that is subject to ongoing disclosure.
5. What is the administrative penalty for infringement of the ongoing disclosure
requirements?
6. What information needs to be provided by share issuers?
7. Under which conditions is it permissible to issue electronic notifications?
Answer reference: Section 2.1 and 2.2
Page 266 of 334

Chapter 14
Insider Dealing and Market Manipulation
Regulation (2016)
Learning Objectives
Introduction
1. Inside Information
2. Provisions Relating to Issuers of Financial Instruments
3. Market Manipulation
4. Disseminating Information
5. Administrative Measures and Sanctions
Introduction
EU Regulation 596/2014 deals with market abuse within the European Union (EU). It seeks to ensure
that EU regulation keeps pace with market developments in order to combat the abuse of financial
markets, including commodity and related derivatives markets. The regulation explicitly bans the
manipulation of benchmarks and reinforces the investigative and sanctioning powers of EU
regulators.
The key points covered in the regulations are:
• banning abuse in financial markets
• administrative sanctions, and
• strengthening regulators’ investigative powers.
Abuse in financial markets is related to market manipulation, insider dealing and the unlawful
disclosure in inside information. All article numbers in this chapter refer to Regulation 596/2014.
Page 267 of 334

Edition B.Ad.1 / EN
1. Inside Information
1.1. Inside Information
Learning Objective
Ø Know the definition of inside information (Article 7)

Ø Know which persons are in possession of inside information (Article 8)
Ø Know the obligations for those in possession of inside information: prohibitions (Article
14); legitimate behaviour (Article 9); unlawful disclosure (Article 10); market soundings
(Article 11)
Inside information is defined as:
‘Information of a precise nature, which has not been made public, relating, directly or indirectly, to
one or more issuers or to one or more financial instruments, and which, if it were made public, would
be likely to have a significant effect on the prices of those financial instruments or on the price of
related derivative financial instruments’.
In respect of persons charged with order execution, inside information includes information conveyed
by a client relating to their orders and which would, if made public, have a significant effect on the
prices of financial instruments.
In the context of this definition, financial instruments cover all instruments, including commodities,
emission allowances, and related derivatives.
In the definition of inside information, ‘precise nature’ indicates a set of circumstances which exists,
or may reasonably come into existence, or an event that has occurred, or is reasonably expected to
occur, which is specific enough to enable a conclusion to be drawn as to the possible effect of that set
of circumstances or event on the prices of the financial instruments.
1.2. Insider Dealing
Insider dealing arises:
‘where a person possesses inside information and uses that information by acquiring or disposing of,
for its own account or for the account of a third party, directly or indirectly, financial instruments to
which that information relates’.
Insider dealing also applies when an order concerning a financial instrument previously entered into
Page 268 of 334

is cancelled or amended on the basis of inside information being received after the transaction has
been concluded. Generally, insider dealing applies to any person who uses inside information under
any circumstance not mentioned above and who knows, or ought to know, that the information they
possess is inside information.
In addition, bids for the auction of emission allowances or other products submitted, modified or
withdrawn based on of insider information are also considered to be insider dealing.
Encouraging our inducing another person to engage in insider dealing occurs when a person holding
inside information recommends that the other person, buys or sells a financial instrument, or to
amends an existing order on the basis of inside information. Insider dealing also occurs in the event
the other person acts on this information and knows, or should have known, that the
recommendation was made because of inside information.
Insider dealing applies to any person who possesses inside information because they:
• are a member of the administrative, management or supervisory bodies of the issuer or

emission allowance market participant
• have a holding in the capital of the issuer or emission allowance market participant
• have access to information through their position, or
• are involved in criminal activities.
Information is considered to be made public when:
• it comes to the knowledge of investors inside or outside the Republic, or it may be easily and
legally obtained, or
• it is included in archives or other documents available to the public, or
• it has been derived from public information.
1.3. Obligations
A person shall not engage, or attempt to engage, in insider dealing, recommend or induce another
person to engage in insider dealing, or unlawfully disclose inside information.
Possession of inside information is not in itself a violation. A firm needs to have established,
implemented and maintained adequate and effective internal arrangements to effectively ensure that
transactions are not undertaken or influenced by persons with access to inside information. In
addition, the firm will need to be able to show that they have not encouraged, recommended,
Page 269 of 334

Edition B.Ad.1 / EN
induced, or otherwise influenced a person to enter into a transaction on the basis of inside
information.
In the event that the person is a market maker in the security or is executing transactions on behalf
of a third party with no inside information they may legally transact even when in the possession of
inside information and will not be considered insider dealing. Similarly, obligations that result from
agreements concluded prior to obtaining inside information, or transactions carried out to satisfy a
legal or regulatory obligation prior to having obtained inside information, are not considered to be
insider dealing.
Unlawful disclosure of inside information arises when a person discloses it to another person, unless
it is in the course of their employment, profession, of duties. Onward disclosure or recommendations
and inducement amounts is unlawful if the person passing the information knows, or should know,
that the recommendations or inducement amounts were based on inside information.
1.4. Market Sounding
Market sounding is defined as the communication of information prior to the announcement of a

transaction in order to gauge interest of potential investors in a possible transaction and the
conditions relating to such a transaction such as its potential size and pricing. Market soundings are
sent to potential investors by issuers, secondary offerors for a financial instrument, emission
allowance market participants, or third parties acting on their behalf. Disclosure of inside information
by a person intending to make a takeover bid or a merger is also a market sounding, providing that
the information is necessary to enable parties to form an opinion on the offer, and the willingness of
parties to offer their securities is reasonably required to make the takeover bid or merger. The
disclosing market participant will specifically consider whether to disclose inside information and
record their conclusion in writing. Prior to disclosing the information, the market participant shall:
• obtain consent of the person receiving the market sounding to receive inside information;
• inform the recipient that they are prohibited from using the information in any purchase,
sale, cancellation, or amendment of a transaction, and
• inform the recipient that they are obligated to keep the information confidential.
The disclosing market participant shall record what information has been provided to the person
receiving the sounding. All records need to be maintained for at least five years.
Once information that has been provided as part of a market sounding ceases to be inside
information, the market participants will inform all recipients of the information as soon as possible.
Page 270 of 334

2. Provisions Relating to Issuers of Financial

Instruments
Learning Objective
Ø Know how issuers of financial instruments should manage inside information (Article 17)
Ø Understand the circumstances in which publication of inside information might be
justifiably delayed (Article 17)
Ø Know the importance of keeping an updated insiders’ list (Article 18)
Ø Know the reasons and circumstances when a manager must report his/her transactions
(Article 19)
It is the responsibility of the firm issuing a security or the emission allowance market participant (for
the purpose of this section collectively known as ‘firm’) to inform the public as soon as possible of any
inside information that directly concerns the firm. The information needs to be made public in a
manner that enables fast access and complete, correct and timely assessment of it by the public.
Where applicable, the information needs to be disseminated using the officially appointed
mechanisms by the home member state.
The disclosure requirement does not apply to a participant in the emission allowance market where
the installations or aviation activities owned, controlled, or under their responsibility had no
emissions or thermal inputs over the minimum threshold during the past year.
Firms may, at their own responsibility, delay public disclosures providing that the following conditions
are met:
a. Immediate disclosure is likely to prejudice their legitimate interests.
b. The delay of disclosure is not likely to mislead the public.
c. Confidentiality of the information can be ensured.
d. Competent authorities have consented to the delay.
It is the responsibility of the firm to notify the appropriate authorities of their intention to delay the
disclosure of information. Once the confidentiality of the information is no longer guaranteed, it will
be made public as soon as possible; this is also the case when sufficiently accurate rumours are in
circulation.
When a firm, or someone acting on their behalf, discloses any information to a third party in their
normal course of employment or professional duties, complete and effective public disclosure of the
information will need to be made. The public disclosure needs to be simultaneous in the event of
intentional disclosure and prompt in case of non-intentional disclosure. Public disclosure is not
required in the event that the recipient of the information has a duty of confidentiality based in law,
Page 271 of 334

Edition B.Ad.1 / EN
regulation, articles of association, or a contract.
Insider information related to issuers whose financial instruments are admitted to trading on a small-
and medium-sized enterprise (SME) growth market may be posted on the trading venue’s website
instead of the website of the issuer.
2.1. Insider Lists
Issuers or persons acting on their behalf, need to draw up and maintain a list of all persons employed
by them who have access to inside information; this includes employees, advisers, accountants and
credit rating agencies. This is known as the insider list and it needs to be kept up to date and made
available as soon as possible to the competent authority on request. Persons that are registered on
the insider list need to acknowledge, in writing, that they understand their legal and regulatory duties
and applicable sanctions. Ensuring that the list is up to date and complete remains the responsibility
of the issuer.
The insider list must include at least the following information:
1. The identity of the person with inside information.
2. The reason for inclusion on the insider list.
3. The date and time that the information was obtained.
4. The date when the insider list was drawn up or updated.
An insider list needs to be updated as soon as there is a change in the reason for including a person
on it, when a new person needs to be added, and when a person no longer has access to inside
information. Any insider list needs to be maintained for a period of at least five years from the date
when it is drawn up or amended and/or updated.
Issuers of financial instruments admitted on an SME growth market are exempt from drawing up an
insider list providing that they take all reasonable steps to ensure that any person with access to inside
information acknowledges the legal and regulatory duties of being an insider, and is aware of the
associated sanctions. The issuer will need to be able to provide an insider list to the competent
authority upon request.
The requirement to maintain insider lists applies to all issuers who admit (or have been approved to
admit) financial instruments on regulated markets, multilateral trading facilities (MTFs) or organised
trading facilities (OTFs) in a member state. In addition, these requirements also apply to emission
allowances market participants or emissions auction platforms.
Page 272 of 334

2.2. Managers
Persons that hold a managerial position, and those closely associated with them will need to notify
the issuer, emission market participants, and the competent authority of every transaction conducted
on their own account related to the shares or debt instruments of the issuer, emission allowances, or
any associated derivatives. Any such notification will have to be made immediately, and no later than
three business days after the date of the transaction. The competent authority will need to be notified
of every subsequent transaction once the total transactions in a year exceed e5,000. The threshold
may be increased to e20,000 by the competent authority, who will have to inform the European
Securities and Markets Authority (ESMA) of this change and provide justification for its decision. ESMA
will publish the list of thresholds on their website and the justifications provided by the competent
authorities for these thresholds.
Notifications need to include the following information:
1. The name of the person.
2. The reason for the notification.
3. The name of the relevant issuer or emission allowance market participant.
4. A description and an identifier of the financial instrument.
5. The nature of the transactions (sale or purchase), and whether they are linked to the exercise
of an options programme.
6. The date and place of the transactions.
7. The price and volume of the transaction(s). If a pledge is made that provides its value to
change, this should be disclosed together with its value at the date of the pledge.
Transactions that need to be notified include:
1. pledging or lending financial instruments, except instruments in custody accounts
2. transactions undertaken by persons professionally arranging and executing transactions
3. transactions made under a life insurance policy where the policyholder has a managerial
position or is a close associate, the investment risk is borne by the policyholder, and the
policyholder has the power or discretion to make investment decisions with regard to
instruments in the life insurance policy.
Any such transactions need to be made public within three working days of the transaction and in a
manner that is easily accessible.
Page 273 of 334

Edition B.Ad.1 / EN
The notification requirements apply to issuers whose financial instruments are (approved for) trading
on regulated markets, MTFs or OTFs.
Issuers and emission allowance market participants need to ensure that their managers are aware of
their responsibilities to report any transaction made for their own account.
Notification also apply to managers in auction platforms, auctioneers, auction monitors and persons
closely related to them.
Managers of an issuer may not (in)directly conduct any transaction for their own account or for the
account of a third-party relating to shares or debt instruments (or their derivatives) of the issuer
during a closed period of 30 days before the announcement of an interim financial report or a year-
end report. Issuers may allow a manager to trade during this period on a case-by-case basis in
exceptional. Circumstances such as financial difficulties, or for specific transactions such as employee
share saving schemes, qualifications or entitlements, or transactions where the beneficial interest in
the relevant security does not change.
3. Market Manipulation
Learning Objective
Ø Know which acts are considered to constitute market manipulation (Article 12)
Ø Understand how market operators help to detect and prevent market manipulation
(Article 16)
Ø Know accepted market practices (Article 13)
Market manipulation is related to entering into transactions, the dissemination of false or misleading
information through the media, including the internet, or the transmitting of false information or
inputs related to a financial instrument or a benchmark with the intention of giving false or misleading
signals to the market with regard to supply, demand, or the price of an instrument, or to secure a
price at an abnormal or artificial level. This does not apply to market makers whose orders are
undertaken for legitimate reasons.
Behaviour that constitutes market manipulation is defined as (unless noted otherwise, these apply to
financial instruments, emission allowances and related derivatives) the following:
• Conduct by a person alone, or in collaboration with another, to secure a dominant

position over the supply or demand of a financial instrument with the likely effect of
(in)directly fixing the purchase or sale prices or creating unfair trading conditions.
• The buying or selling of financial instruments at the closing of the market with the
intention to mislead investors acting on the basis of the prices displayed including the
Page 274 of 334

opening or closing prices.
• The placing of orders to a trading venue (including amendments and cancellations) with
the intent to manipulate the price or to create unfair trading conditions by:
• disrupting or delaying the functions of the trading system or trading venue making it more
difficult to distinguish between genuine and false orders, or creating a false or misleading
signal about supply, demand, or price.
• Taking advantage of official or regular access to traditional or electronic media by voicing

an opinion about the instrument having previously taken positions on that financial
instrument and subsequently profiting from the impact of the opinions voiced on the
price of that instrument without having disclosed previously the conflict of interest to the
public.
• The buying or selling of emission allowances on the secondary market prior to an auction
taking place in order to fix the clearing price at an abnormal level.
3.1. Prevention and Detection of Market Abuse
Market operators and investment firms operating a trading venue need to establish and maintain
effective arrangements, systems and procedures aimed at preventing and detecting (attempted)
insider dealing or market manipulation. Any orders, amendments and cancellations that may
constitute (attempted) insider dealing or market manipulation will immediately be reported to the
competent authority of the trading venue.
Any person professionally arranging or executing transactions will establish and maintain effective
arrangements, systems and procedures to detect and report suspicious orders and transactions. In
the
event that they have reasonable suspicions about a transaction related to insider dealing or market
manipulation, they will immediately notify the competent authority in the member state in which
they are registered; the competent authority will then pass on any such information to the competent
authority of the trading venue.
3.2. Accepted Market Practices
Accepted market practices established by a competent authority need to take into consideration
whether the market practice:
• provides for a substantial level of transparency to the market
Page 275 of 334

Edition B.Ad.1 / EN
• ensures a high degree of safeguards to the operation of market forces and the mechanism
of supply and demand
• has a positive impact on market liquidity and efficiency
• takes into account the trading mechanism of the relevant market and enables
participants to react properly and in a timely manner
• does not create risk for the integrity of (in)directly related regulated and unregulated
markets in the relevant financial instruments
• is designed not to infringe rules or regulations designed to prevent market abuse or codes
of conduct.
In addition, the market practices need to take into consideration the structural characteristics of the
relevant markets and products.
The competent authority will notify ESMA of their intention to establish an accepted market practice
at least three months before the accepted market is intended to become active. Within two months
of receipt of the notification, ESMA will issue an opinion assessing the market practice to ensure that
it conforms with the regulations. In addition, market practices will be reviewed every two years by
the competent authority, and a report will be submitted to ESMA.
4. Disseminating Information
Learning Objective
Ø Know provisions relating to persons and institutions who: produce or disseminate

investment recommendations (Article 20); disseminate statistics and forecasts (Article
20); disclose or disseminate information to the media (Article 21)
Persons who produce or disseminate an investment recommendation or other information

recommending or suggesting an investment strategy, need to take reasonable care that the
information is objectively presented and that they disclose their interests and any potential conflicts
of interest. Any statistics or forecasts liable to have a significant effect on financial markets will be
disseminated in an objective and transparent way.
With the exception of a situation where the person (in)directly derives an advantage or profit from
the disclosure of the information, or where disclosure is made with the intention of misleading the
market with regard to the supply and demand or price for the financial instruments, any information
disclosed or disseminated to the media needs to be assessed, taking into account the rules governing
the freedom of the press, freedom of expression, and the rules and codes governing journalists.
Page 276 of 334

5. Administrative Measures and Sanctions
Learning Objective
Ø Know the administrative measures and sanctions in relation to market abuse (Article 30)
Within the context of the EU Market Abuse Law, infringement of the following articles of the
regulation are subject to administrative measures and sanctions:
• The prohibition of insider dealing and unlawful disclosure of inside information.
• Then prohibition of market abuse.
• The prevention and detection of market abuse.
• Public disclosure of inside information (unless delays are preapproved).
• Insider lists.
• Managers’ transactions.
• Investment recommendations and statistics.
In addition, failure to cooperate or comply with an investigation, inspection or information request is

subject to penalties.
The following administrative measures and penalties apply:
1. Order requiring the person responsible for the infringement to cease the conduct and to
desist from a repetition of that conduct.
2. A penalty equal to the profits gained or losses avoided.
3. A public warning noting the person responsible for, and the nature of the infringement.
4. Withdrawal or suspension of the authorisation of an investment firm.
5. Temporary ban of a person discharging managerial responsibilities within an investment firm

or any other natural person responsible for the infringement from exercising management
functions in investment firms.
6. In the event of repeated infringements related to insider dealing, unlawful disclosure of

inside information, or market manipulation a permanent ban of any person discharging
Page 277 of 334

Edition B.Ad.1 / EN
managerial responsibilities within an investment firm or any other natural person who is held
responsible for the infringement, from exercising management functions in investment
firms.
7. The temporary ban of a person discharging managerial responsibilities within an investment

firm or another natural person held responsible for the infringement from dealing on own
account.
8. Maximum administrative pecuniary sanctions of at least three times the amount of the
profits gained or the losses avoided because of the infringement, where those can be
determined.
The following penalties apply:
Infringements Type of person Penalty

Insider dealing, unlawful disclosure, market Natural person e5.000.000
manipulation Legal person e15.000.000 or 15% of total
annual turnover
Prevention of detection of market abuse, Natural person e1.000.000
public disclosure of inside information Legal person e2.500.000 or 2% of total annual
turnover
Insider lists, managers’ transactions, Natural person e500.000

investment recommendations and statistics Legal person e1.000.000
Page 278 of 334

1. What is the definition of inside information?

2. Insider dealing occurs in relation to which account types?
3. When does possession of inside information not result in a violation?
4. What constitutes market sounding?
5. Under which conditions may public disclosures be delayed?
6. What is required to be included on insider lists?
7. What information needs to be included in a transaction notification from a manager?
8. What constitutes market manipulation?
9. What are the considerations for accepted market practices related to market
manipulation?
10. What needs to be considered when disseminating investment recommendations?
Page 279 of 334

Edition B.Ad.1 / EN
Glossary
• Alternative Investment Fund (AIF) A company that is:

A collective investment scheme (CIS) as
defined by the Alternative Investment Fund • established in Cyprus, and
Manager Directive (AIFMD). • authorised by the Cyprus Securities and
Exchange Commission (CySEC) to provide
• Alternative Investment Fund one or more investment services to third
Manager (AIFM) parties and/or perform one or more
A firm authorised and regulated by CySEC investment activities.
for the provision of fund management • Cyprus Securities and Exchange
control of an alternative investment fund. Commission (CySEC)
CySEC operates on the basis of the Cyprus
• Best Execution Securities and Exchange Commission
The financial institution needs to obtain the (establishment and responsibilities) law and is
best price for a trade in the shortest possible the supervisory authority of investment firms
time. It is a precautionary measure placed on (IFs).
financial institutions to ensure they meet
their clients’ best interests. • Depositary
Party assigned with the safekeeping of the
• Capital Adequacy
assets. The depositary has the function of the
Amount of capital a financial institution is treasurer.
required to hold as prescribed by the
regulator. • Disaster Recovery
The process of regaining access to the data,
• Collective Investment Scheme (CIS) hardware and software necessary to resume
A generic term encompassing authorised critical business operations after a natural or
unit trusts, common investment funds, human-induced disaster.
CISs and investment trust companies.
• Eligible Counterparties
• Compliance Function CIFs, IFs, credit institutions, insurance
Operates independently and is responsible undertakings, Undertakings for Collective
for: Investment in Transferable Securities (UCITS)
and their management companies, pension
• monitoring and assessing the adequacy
funds and their management companies and
and effectiveness of the policies and
other financial institutions authorised by a
procedures, and
member state or regulated under community
• advising and assisting of the relevant
legislation or the national law of a member
persons responsible for carrying out
state, national governments, central banks
investment services and activities.
and supranational organisations.
• Cypriot Investment Firm (CIF)
Page 280 of 334

• European Securities and Markets • Layering

Authority (ESMA) Second stage of the money laundering
An EU authority which is responsible both for process. Involves moving the money around
drafting the legislation and for guiding it in order to make it difficult for the authorities
through EU implementation, overseeing to link the placed funds with the ultimate
national implementation and enforcement. beneficiary of the money. This may involve
buying and selling foreign currencies, shares
• Feeder Undertaking for Collective or bonds in rapid succession, investing in
Investment in Transferable Securities CISs, or insurance-based investment products,
(UCITS) or moving the money from one country to
UCITS or investment compartment of a UCITS another.
that has been approved to invest at least 85%
of its total net assets in UCITS or other • Management Company
collective investment funds. Company managing one or more UCITS,
collective investment schemes, or VCICs.
• Inducement
Receipt of a fee, commission, or non- • Market Manipulation
monetary benefit specifically aimed at the a. Transactions or orders that give, or are
bank making an investment decision without likely to give, false or misleading signals
consideration whether this is in the best regarding the demand, supply or price
interest of the client. of financial instruments.
b. Transactions or orders that secure, or are
• Inside Information likely to secure, an abnormal or artificial
Information of a precise nature which has not price level for a financial instrument.
been made public, relating, directly or
c. Transactions or orders which employ
indirectly, to one or more issuers of financial
fictitious devices or any other form of
instruments or to one or more financial
deception or contrivance.
instruments and which, if it were made public,
d. Dissemination of information which gives,
would be likely to have in the opinion of
or is intended to give, false or misleading
CySEC, a significant effect on the prices of
signals in relation to a financial instrument
those financial instruments or on the price of and when the person knew, or ought to
related derivative financial instruments. have known that the information was
false or misleading.
• Integration
Third and final step in the money laundering • Master Undertaking for Collective
process. At this final stage, the layering has Investment in Transferable Securities
been successful and the ultimate beneficiary (UCITS)
appears to be holding legitimate funds (clean UCITS or investment compartment of a UCITS
money rather than dirty money). The money which has at least one feeder UCITS under its
is regarded as integrated into the legitimate unitholders, is not a feeder UCITS, and does
financial system. not hold units of a feeder UCITS.
• Investor Compensation Fund • Member State

Fund to secure the claims of the covered State within the European Union (EU).
clients against the members of the fund
through the payment of compensation. • Pillar 1
Page 281 of 334

Edition B.Ad.1 / EN
The rules in the New Basel Capital Accord financial instruments.

that define the minimum ratio of capital to
risk- weighted assets. • Risk Management
The risk management function is responsible
• Pillar 2 for the implementation and maintenance of
The supervisory review pillar of the New Basel adequate risk management policies and
Capital Accord which requires supervisors to procedures that enable the bank to identify
undertake a qualitative review of a bank’s all risks they are subject to and risk tolerance
capital allocation techniques and compliance levels will be set.
with relevant standards.
• Senior management
• Placement Persons who are in the position to (in)directly
First stage of a money laundering process. exercise significant influence over
Introduction of the money into the financial management.
system; typically, this involves placing the
criminally derived cash into a bank or a • Supervisory Review and
cooperative credit institution account, a Evaluation Process (SREP)
bureau de change or any other type of The processes and measures applied to ensure
enterprise which can accept cash, such as a that CIFs have sufficient capital to support all
casino. material risks to which their business exposes
• Professional Clients them.
Clients that meet the following criteria:
1. Entities required to be authorised or

regulated to operate in the financial
markets, including those authorised by an
EU member state.
2. Large undertakings meeting two of
the following size requirements:
a. balance sheet total at least
€20.000.000
b. net turnover at least €40.000.000
c. own funds at least €2.000.000.
3. National and regional governments,
public bodies managing public debt,
central banks, international and
supranational institutions and other
similar international organisations.
4. Other institutional investors whose main
activity is to invest in financial
instruments.
• Regulated Markets
Multilateral system managed or operated by a
market operator that brings together, or
facilitates the bringing together, of multiple
third-party buying and/or selling interests in
Page 282 of 334

Multiple Choice Questions
The following additional questions have been compiled to reflect as closely as possible the
examination standard that you will experience in your examination. Please note, however, they
are not the CySEC examination questions themselves.
1. CySEC and the CBC are responsible for supervision under whose directives?
a. European Central Bank
b. European Union
c. European Community
d. European Economic Area
2. CySEC reviews the arrangements, strategies and processes of a CIF to ensure they meet the
regular requirements and to evaluate the risks the CIF may be exposed to. These reviews are:
a. Independent of the complexity of the CIF
b. Representative of a risk based approach
c. Undertaken at least annually
d. Only applied to large CIFs
3. Under which circumstances may a CIF undertake services outside their authorisation?
a. It is a regulatory requirement in a third country
b. It is used to avoid a conflict of interest
c. It directly benefits another service offered
d. It is in the interest of the client
4. Law 87(I)/2017 provides for the provision of investment services, exercised of investment
activities and the operation or regulated markets. As such, the law regulates the
authorisation conditions for:
a. Market operators
b. Third country firms
c. Investment advisors
d. CIFs
Page 283 of 334
Edition B.Ad.1 / EN
5. One of the main concerns from a regulatory perspective are conflicts of interest between:
a. Different CIFs
b. Clients from different CIFs
c. CYSEC and CIF
d. CIF and their client
6. Remuneration policy for persons involved in the provision of services to clients should aim:
a. to encourage responsible conduct
b. for revenue maximisation
c. to ensure balanced pay-outs to staff
d. to ignore conflicts of interest
7. An eligible counterparty is:

a. a professional client
b. a retail client
c. an authorised financial institution
d. a supervisory authority
8. A market may apply to be an SME growth market if at least:

a. one third of the issuers admitted to trading are SMEs
b. 50% of the issuers admitted to trading are SMEs
c. two thirds of the issuers admitted to trading are SMEs
d. 100% of the issuers admitted to trading are SMEs
9. CySEC may withdraw the authorisation of a regulated market when the regulated market does
not use its authorisation within how many months of the date of issue?
a. 3 months
b. 6 months
c. 9 months
d. 12 months
10. Which of the following measures can be used to manage any disorderly trading conditions
that may arise by the use of algorithm trading systems?
a. Introduce maximum tick size
b. Limit the level of executed transactions
c. Impose the same fee to all operators
Page 284 of 334
d. Slow down order flow
11. The main aim of compliance with organisational requirements is to establish, implement and
maintain:
a. decision-making procedures
b. adequate external control mechanisms
c. training procedures
d. adequate external communication systems
12. The adequacy and effectiveness of the measures, policies and procedures put in place, and
the actions taken to address any deficiencies in the firm’s compliance with its obligations
should be:
a. monitored on a regular basis and assessed, on a permanent basis
b. monitored on a permanent basis and assessed, on a regular basis
c. monitored and assessed on a permanent basis
d. monitored and assessed on a regular basis
13. The risk management function of a firm needs to be established taking into consideration:
a. nature of their clients
b. structure of the organisation
c. nature and range of the services
d. financial stability of the markets
14. When considering conflict of interests to clients, investments firms should:

a. disclose them every time a conflict of interest is discovered
b. disclose them only if they have no other choice
c. disclose them after other administrative measures have been applied
d. never disclose them
15. Which of the following large undertakings could be considered as a professional client?
a. Balance sheet of €2.000.000 and own funds of €41,000,000
b. Net turnover of €20.000.000 and Own funds of €2,000,000
c. Balance sheet of €22.500.000 and Net turnover of €42,000,000
d. Balance sheet of €42.000.000 and own funds €1,000,000
16. In the event the firm provides advice to the same client on an independent and non-
independent basis the firm needs to explain:
Page 285 of 334
Edition B.Ad.1 / EN
a. explain the scope of both services

b. give prominence to the independent investment advice service
c. present themselves as an independent investment adviser for the overall activity
d. present themselves as a non-independent investment advisor for the overall activity
17. The reason for assessing suitability of an investment for a client is to ensure the firm:
a. earns the maximum possible profit for the client
b. can act in the best interest of the client
c. receives the appropriate performance fee
d. can pass responsibility for the investment results to the client
18. When executing a client order, the firm needs to take into account the:
a. terms and conditions of the trading venue
b. fee and pricing structures
c. financial instruments available in the market
d. characteristics of the client order
19. Up to which percentage of their assets may a UCITS invest in transferable securities?
a. 5%
b. 10%
c. 20%
d. 25%
20. Transferable securities and money market instruments listed in a regulated market held by
UCITS are valued as follows:
a. most recently published price for same-day transactions
b. most recent closing price
c. opening price
d. current trade price
21. The UCITS need to produce its half-yearly report within:

a. 15 days of the end of the period
b. 1 month after the end of the period
c. 2 months after the end of the period
d. 3 months after the end of the period
Page 286 of 334

22. A feeder UCITS is a UCITS that has been approved to invest:

a. at least 85% of its total net assets in UCITS or other collective investment funds
b. at least 15% of its total net assets in UCITS or other collective investment funds
c. at least 85% of its total net assets in ancillary liquid assets
d. at least 15% if its total net assets in ancillary liquid assets
23. Which of the following is a condition the management company must meet in order for
an operation licence to be granted to a management company?
a. Completed business plan without organisational
b. Fully paid up capital is at least €125.000,00
c. Appointment of one director
d. Registered office in an approved country
24. When a management company wants to establish a branch in another EU country, they need
to notify CySEC and provide the following information:
a. Market research of the host country
b. Audited business plan
c. List of client names
d. Risk management process
25. Which of the following is a general principle for AIFMs?

a. Act honestly, fairly, and with due skill
b. Act in best interest of the AIFM
c. Not disclose conflicts of interest
d. Invest client portfolio in units of AIFs it manages
26. AIFMs are responsible for taking reasonable steps to identify conflicts of interest between:
a. customers of an AIF not managed by the AIFM
b. the AIFM and an AIF managed by another AIFM
c. unrelated clients of different AIFMs
d. employees of the AIFM and customers of another AIFM
27. The risk management of an AIFM needs to:
Page 287 of 334

Edition B.Ad.1 / EN
a. avoid using collateral and guarantees

b. focus only on the main risks associated with the AIFs
c. have a generic risk management system
d. be functionally segregated from the operating units
28. AIFs must prepare an annual report for each financial year:
a. within three months following the end of the period
b. within six months following the end of the period
c. within nine months following the end of the period
d. as soon as possible after the end of the period
29. AIFMs need to have a permanent and effective compliance function in place. The details of
the technical and personnel organisation of the compliance functions should be calibrated to
the:
a. nature, scale and complexity of the AIFM’s
b. number of services it provides
c. number of AIFs it manages
d. number of employees it has in its AIFs
30. CySEC may allow the AIFM to market units of any type of AIF to retail investors in the
Republic once:
a. the AIFM has applied for authorisation to market units
b. the AIF has been approved
c. the AIFM is authorised to do so
d. the shareholders have approved
31. The Central Bank of Cyprus is the competent authority of the Republic and is, among others,
responsible for:
a. audit financial institutions
b. providing liquid assets
c. prudential supervision
d. financial stability of the eurozone
32. The minimum capital of an ACI incorporated in the Republic is:

a. €1 million
b. €3 million
c. €5 million
d. €10 million
Page 288 of 334
33. In order to be able to detect money laundering and terrorist financing, the firm needs to
undertake customer due diligence:
a. at the start of the relationship
b. after the first transaction
c. at the end of the relationship
d. periodically throughout the relationship
34. Simplified due diligence is appropriate for customers that are:

a. corporate clients
b. highly educated in finance
c. sufficiently regulated
d. private individuals
35. The compliance officer is responsible for:

a. policies preventing the use of new systems
b. customer acceptance
c. the definition of strategic direction of the bank
d. the design of risk management procedures manual
36. The risk-based approach to the prevention of money laundering and terrorist financing means
that the procedures implemented by a CIF must consider:
a. the regulations
b. risk taken by the organisation
c. similar to the procedures in other CIFs
d. financial stability
37. Which of the following makes identification and tracking of terrorism money more difficult
than that of money laundering:
a. no layering
b. use of money mules
c. only cash deposits
d. small amounts of money
Page 289 of 334
Edition B.Ad.1 / EN
38. The Markets in Financial Instruments Regulation (MiFIR) establishes uniform requirements in
relation to:
a. reporting of transactions to competent authorities
b. reporting of the financial position of the instruments
c. disclosure of trade data to selected groups
d. discriminatory access to clearing and trading benchmarks
39. Investment firms operating a trading venue need to make current bid of offer prices available
to the public:
a. on continues basis at all time
b. on continues basis during normal trading hours
c. only at the end of the normal trading hours
d. only when there is a significant change in the bid of offer prices
40. Trading firms that make reports on behalf of investment firms are required to:
a. certify the security and authentication of the means of transfer of information
b. minimise information leakage maintaining the confidentiality of data at all times
c. minimise the risk of data corruption and unauthorised access
d. certify the information access methods
41. Which party is responsible for ensuring that all derivative transactions are cleared by a CCP?
a. The derivative issuer
b. The operator of the derivative platform
c. The operator of the automated systems
d. The operator of a regulated market
42. The capital ratios the firms must maintain at all time are:
a. CET1 – 4.5% Total Tier 1 – 6% Total Capital 8%

b. CET1 – 6% Total Tier 1 – 4.5% Total Capital 8%
c. CET1 – 6% Total Tier 1 – 8% Total Capital 4.5%
d. CET1 – 4.5% Total Tier 1 – 8% Total Capital 6%
43. When assessing the allocation of own funds requirements for credit and counterparty risk
Page 290 of 334
based on a rating from an ECAI also need to include a consideration of:

a. how the client differs from other clients
b. other relevant information
c. a second ECAI assessment
d. client credit rating
44. When CIF’s set the ratio between the fixed and variable part of the total remuneration, the
variable component must be below which percentage of the fixed component?
a. 25%
b. 50%
c. 75%
d. 100%
45. The purpose of the SREP is to ensure that CIFs have sufficient capital to support all:
a. market risk
b. immaterial risk
c. material risk
d. operational risk
46. The outcome of the SREP is to determine that the CIF holds sufficient capital, and:
a. is always the same as the ICAAP
b. is always lower than the ICAAP
c. may be higher than the ICAAP
d. is unrelated to the ICAAP
47. A purpose of the ICAAP is to ensure the CIF holds the appropriate level of:
a. external capital in relation to liquidity risk
b. regulatory capital in relation to market risk
c. equity capital in relation to credit risk
d. internal capital in relation to its risk profile
48. Credit concentration risk is a risk type not fully covered by the Basel Accord which is related to:
a. risk on a single exposure
b. ineffective credit risk mitigation
c. incomplete transfer of credit risk
Page 291 of 334

Edition B.Ad.1 / EN
d. excessive credit risk in foreign exchange
49. The risk that a CIF can not meet their financial obligations when they fall due is:
a. reputational risk
b. liquidity risk
c. operational risk
d. concentration risk
50. European Market Infrastructure Regulation (EMIR) is designed to:

a. enhance transparency
b. increase reporting
c. remove risk
d. increase liquidity
51. For a CCP to be authorised it must have at least:

a. €5 million
b. €7.5 million
c. €10 million
d. €12.5 million
52. CCP’s liquidity may derive from:

a. trading venues
b. clients
c. central banks
d. market makers
53. Breaches by clearing members need to be disclosed publically, except when the breach:
a. is minimal
b. involves more than one party
c. is not recent
d. constitutes a threat to market confidence
54. Recovery plans are part of which part of a CIF’s processes and procedures?
a. governance arrangements
b. contractual arrangements
c. remuneration arrangements
Page 292 of 334

d. insolvency arrangements
55. Which of the following is TRUE when considering intra-group financial agreement?
a. Parties act in the best interest of their clients
b. Anticipated impact on market price is irrelevant
c. Only high level information needs to be disclosed
d. Each party freely enters into the agreement
56. The administrator that is appointed by the resolution authority for a period not exceeding one
year and assumes the management of the institution is called:
a. a temporary administrator
b. a special administrator
c. an extraordinary administrator
d. a periodic administrator
57. The mechanism by which an institution is recapitalised, or some or all of their debt is
converted to equity is called:
a. write down or conversion
b. transfer of assets
c. bail in
d. sales of business
58. In the event that CySEC determines that the conditions for resolution are met, they should
inform the:
a. European Securities and Markets Authority (ESMA)
b. European Banking Association (EBA)
c. European Central Bank (ECB)
d. European Systemic Risk Board (ESRB)
59. The obligation to draw up a prospectus is not applied:

a. to securities admitted to trading
b. to securities in central banks
c. during the public offer of securities
d. to the public offer of securities valued at €5,000,000
60. Frequent issuers of securities may submit to CySEC the universal registration document to secure
Page 293 of 334

Edition B.Ad.1 / EN
the approval of a prospectus, if used within the eligibility limitations and within:
a. 5 months
b. 5 weeks
c. 5 days
d. 5 hours
61. In the event of a public offer of securities prior to admitting them for trading on a regulated
market, the prospectus must be publicly available:
a. at least 6 working days prior to the public offer
b. the latest 6 working days after the public offer has been made
c. at the beginning of the public offering
d. at least 6 working days prior to the end of the public offer
62. Natural persons who do not comply with the obligations towards publishing a prospectus, are
subject to an administrative fine of:
a. €500,000
b. €700,000
c. €2,000,000
d. €5,000,000
63. The annual financial report needs to be available to the public for at least:
a. one year
b. five years
c. eight years
d. ten years
64. Issuers of shares who do not comply with the framework of communication requirements are
subject to an administrative fine of at most:
a. €50.000 b. €85.000 c. €100.000 d. €170.000
65. Notification of changes in voting rights must be provided when specific thresholds are reached
by:
a. issuer
b. CySEC
c. acquirer
d. seller
Page 294 of 334

66. Information of a precise nature which has not been made public is considered inside
information if it is likely to have:
a. no effect on the price of a financial instrument
b. minimal effect on the price of a financial instrument
c. average effect on the price of a financial instrument
d. significant effect on the price of a financial instrument
67. A person engages in insider dealing when they possess information by virtue of the fact that
they:
a. are related to a staff member of CySEC
b. have their portfolio managed by a CIF
c. are studying financial management
d. participate in the capital of the issuer
68. Inside information and significant changes to previously disclosed information needs to be
made available by the issuer:
a. as soon as possible
b. immediately after issuance of the financial instrument
c. within 30 days after informing CySEC
d. after five years
69. Which of the following constitutes stock market manipulation?

a. Actively interfering with the demand and supply of the securities and derivatives
b. Publically disclosing sensitive company information
c. Unintentional disclosure of unfavourable information
d. Trading stocks without the clients’ consent or knowledge
70. The following penalty applies for insider dealing, unlawful disclosure and market manipulation
by a natural person:
a. €1.000.000
b. €2.500.000
c. €5.000.000
d. €15.000.000
Page 295 of 334

Edition B.Ad.1 / EN
Answers to Multiple Choice Questions

1. B Chapter 1, Section 1.4
Each of the supervisory authorities (CySEC and the Central Bank) is responsible for supervision
under the European Union (EU) directives and regulations including the exchange of any information
that is essential or relevant to the exercise of their functions and competencies.
2. C Chapter 1, Section 2
CySEC shall review the arrangements, strategies, processes and mechanisms implemented by CIFs
to meet supervisory requirements and evaluate the risks that the CIFs may be exposed to. The
frequency and intensity of the reviews will be established based on size, systemic importance,
nature, scale and complexity of the activities, taking into account the principle of proportionality;
reviews will take place at least annually.
3. C Chapter 2, Section 1.1

A CIF may not undertake any services or activities outside its authorisation unless it directly benefits
another service it is authorised to undertake or it has received specific permission from CySEC, which
is granted in exceptional circumstances.
4. D Chapter 2, Section 1
A CIF is a firm that provides professional investment services to clients in the Republic and abroad. Law
87(I)/2017 includes specific provisions related to the capital requirements, establishment of branches
and licencing.
5. D Chapter 2, Section 1.2
One of the main concerns from a regulatory perspective is associated with the management of
conflicts of interest between the CIF (including its manager, employees, tied agents, and other
relevant persons) and its clients or between two clients.
6. A Chapter 2, Section 2.2

The governance arrangements need to ensure remuneration policy for persons involved in the
provision of services to clients aiming to encourage responsible conduct, fair treatment of clients as
well as avoiding conflict of interest in the relationship with clients.
Page 296 of 334

The eligible counterparties are CIFs, IFs, credit institutions, insurance undertakings, Undertakings for
Collective Investment in Transferable Securities (UCITS) and their management companies, pension
funds and their management companies and other financial institutions authorised by a member state
or regulated under community legislation or the national law of a member state, national governments,
central banks and supranational organisations.
8. B Chapter 2, Section 5
A market may apply to be an SME growth market if at least 50% of the issuers admitted to trading
are SMEs. In order to assess whether at least 50% of the issuers are SMEs, CySEC will calculate the
average ratio of SMEs over the total number of issuers whose financial instruments are admitted
to trading on that market. The average ratio shall be calculated on 31 December of the previous
calendar year as the average of the 12 end-of-month ratios of that calendar year.
CySEC may withdraw the authorisation when the regulated market:
• does not make use of its authorisation within 12 months from the date of issue of the
relevant authorisation
• expressly renounces its authorisation
• has not operated for the preceding six months
• has submitted false or misleading information as part of the application or has generally
provided false or misleading information, details or documents
• no longer meets the conditions for authorisation
• has seriously and/or systematically infringed the regulations, or
• falls within any of the cases provided in other Cypriot legislation which provides for
withdrawal of authorisation.

A regulated market needs to be able to manage any disorderly trading conditions that may arise by,
for example, limiting the ratio of unexecuted transactions that may be entered into the system by
a market participant, slowing down the flow of orders, or limit and enforce minimum tick size.
A regulated market may impose a higher fee on operators of a high-frequency algorithmic trading
technique.
Page 297 of 334

Edition B.Ad.1 / EN
11. A Chapter 3, Section 1

Investment firms shall comply with the following organisational requirements to:
• establish, implement and maintain decision-making procedures and an organisational

structure which clearly and in documented manner specifies reporting lines and
allocates functions and responsibilities
• ensure their relevant persons are aware of the procedures which must be followed for
the proper discharge of their responsibilities
• establish, implement and maintain adequate internal control mechanisms designed to secure
compliance with decisions and procedures at all levels of the investment firm
• employ personnel with the skills, knowledge and expertise necessary for the discharge of the
responsibilities allocated to them
• establish, implement and maintain effective internal reporting and communication of
information at all relevant levels of the investment firm
• maintain adequate and orderly records of their business and internal organisation
• ensure that the performance of multiple functions by their relevant persons does not and
is not likely to prevent those persons from discharging any particular function soundly,
honestly, and professionally.

They need to establish and maintain a permanent and effective compliance function which operates
independently and has the following responsibilities to:
o monitor on a permanent basis and to assess, on a regular basis, the adequacy and
effectiveness of the measures, policies and procedures put in place, and the actions
taken to address any deficiencies in the firm’s compliance with its obligations.

Where appropriate and proportionate in view of the nature, scale and complexity of their business
and the nature and range of the investment services and activities undertaken in the course of that
business, firms shall establish and maintain a risk management function that operates independently

Investment firms need to ensure that disclosure to clients is a measure of last resort that shall be
used only where the effective organisational and administrative arrangements established by the
investment firm to prevent or manage its conflicts of interest are not sufficient to ensure, with
reasonable confidence, that risks of damage to the interests of the client will be prevented.
Page 298 of 334

In order to be considered a professional client, the client must comply with the following criteria:
Entities required to be authorised or regulated to operate in the financial markets, including those
authorised by an EC member state.
Large undertakings meeting two of the following size requirements:
• balance sheet total at least €20.000.000

• net turnover at least €40.000.000
• own funds at least €2.000.000.
National and regional governments, public bodies managing public debt, central banks,
international and supranational institutions and other similar international organisations.
Other institutional investors whose main activity is to invest in financial instruments.

Firms need to explain in a clear and concise way whether and why investment advice qualifies
as independent or non-independent and the type and nature of the restrictions that apply. In
the event the firm provides advice to the same client on an independent and non-independent
basis the firm needs to explain the scope of both services to allow investors to understand the
differences between the types of advise and to make sure they do not present themselves as
an independent investment adviser for the overall activity. Firms shall not give undue prominence
to their independent investment advice services over the non-independent advice.
Investment firms should inform clients, clearly and simply, that the reason for assessing suitability
is to enable the firm to act in the client’s best interest.
Page 299 of 334

Edition B.Ad.1 / EN
When executing client orders, the firm needs to take into account the characteristics of the client
including the categorisation of the client as retail or professional; the characteristics of the client
order, including where the order involves a securities financing transaction (SFT); the characteristics
of financial instruments that are the subject of that order; and the characteristics of the execution
venues to which that order can be directed.
19. B Chapter 4, Section 2.1.1
A UCITS fund may not invest more than 10% of its assets in transferable securities, except for
those mentioned, and may not acquire precious metals, or certificates representing them.
Type of asset Valuation method

Closing price of stock exchange transactions in cash on the
same day. In the event this is not possible due to time
Transferable securities and money differences (for assets outside the EU), the previous working
market instruments listed in a regulated day’s closing price will be used.
market
21. C Chapter 4, Section 2.1.3
Report Periodicity Publication Date

Annual report including balance sheet Within four months after the
and profit and loss account 31 December
Yearly
Within 2 months after the 30

June
Half-yearly report Yearly
Summarised statement of assets and First, second, and third Within 15 days of the end of
expenses quarter the period
Summarised statement of assets and

expenses including a profit and loss
account and the distribution of profits for Within two months of the
the financial year end of the last quarter
4th quarter
Page 300 of 334

A feeder UCITS is a UCITS, or an investment compartment of a UCITS, that has been approved to invest
at least 85% of its total net assets in UCITS or other collective investment funds. Up to 15% of its
assets may be invested in ancillary liquid assets, and financial derivatives for hedging purposes. In
addition, VCICs may invest in (im)movable property.

An operation licence may be granted when the management company meets the following
conditions:
1. Initial fully paid up capital of at least €125.000,00.

2. The management company:
a. has the right shareholders
b. is duly organised and staffed, and
c. has the required financial means and technical infrastructure
3. The directors are of sufficiently good repute and are appropriately experience for their role.
4. A minimum of two directors are appointed.

5. The application includes a business plan and an organisational structure.
6. The registered office and central administration are established within the territory of the
Republic.
24. D Chapter 4, Section 4.2.1

Management companies authorised in the Republic may establish a branch in another EU member
state, but they must notify CySEC. The notification needs to include the following information:

• Business plan.
• Organisational structure.
• Risk management procedures.
• Address of the management company in its host state.
• Names of the staff members responsible for the management of the branch.
Page 301 of 334

Edition B.Ad.1 / EN

AIFMs have to act honestly, fairly and with due skill, care and diligence when conducting their
activities. They need to act both in the best interests of their investors and for the integrity of
the market. To this end, they need to ensure that they employ effective resources and procedures
necessary for the performance of their business activities. AIFMs need to take all reasonable
steps to avoid or, if they cannot be avoided, to manage any conflicts of interest. If necessary,
conflicts of interest need to be disclosed in order to prevent them from adversely affecting the
interests of the AIFs and their investors, and to ensure the fair treatment of the AIFs under their
management.
An AIFM needs to comply with all relevant rules and regulations when conducting its business and
must treat all AIF investors fairly. Investors may not be given preferential treatment, unless such
treatment is disclosed in the AIF’s rules or instruments of incorporation.
An AIFM that is also authorised to undertake discretionary portfolio management services must
not invest all or part of a client’s portfolio in units of AIFs that it manages, unless the client has
provided prior general approval

AIFMs are responsible for taking reasonable steps to identify conflicts of interest between the
following parties:
Party I Party II
An AIFM, its managers, employees or any person
(in)directly linked to the AIFM by control
An AIF managed by an AIFM or its investors
An AIF or its investors Another AIF and its investors
An AIF or its investors Another client of the AIFM
A UCITS fund managed by an AIFM or its

investors
An AIF or its investors
A client of the AIFM Another client of the AIFM
Page 302 of 334


The risk management department of an AIFM needs to be functionally segregated from the operating
units. Adequate risk management systems need to be in place to identify, measure, manage, and
monitor all risks.

AIFs that the AIFM manages, as well as for each AIF that it markets in the EU, it must prepare an
annual report, for each financial year, within six months following the end of the period

The AIFM is required to establish a permanent and effective compliance function irrespective of
the size and complexity of its business. However, details of the technical and personnel organisation
of the compliance function should be calibrated to the nature, scale and complexity of the AIFM’s
business, and to the nature and range of its services and activities. The AIFM should not have to
establish an independent compliance unit if such a requirement would be disproportionate in view
of the size of the AIFM, or the nature, scale and complexity of its business.

CySEC may allow the AIFM to market units of any type of AIF to retail investors in the Republic once
it is authorised to do so. CySEC may impose additional obligations on the AIFM or AIF, although
these may not be stricter than the EU rules and regulations.
As the competent authority in the Republic, one of the responsibilities of the CBC is prudential
supervision. As such, the CBC also has to work together with the competent authorities in other
member states, participate in the activities of the European Banking Authority (EBA), and follow the
EBA guidelines and recommendations or provide reasons for not doing so.
The minimum capital of an ACI incorporated in the Republic is €5 million, unless the CBC determines
that a higher amount of own funds is required.
Page 303 of 334

Edition B.Ad.1 / EN

Recordkeeping – client and transaction information needs to be maintained for a period of five
years following the end of a relationship with a customer.

Simplified customer due diligence (CDD) procedures may be applied to customers who, it can
reasonably be assumed, are sufficiently regulated.
The compliance officer is responsible for the design of the internal practice, measures, procedures,
and controls related to the prevention of money laundering and terrorist financing based on the
policy principles defined by the board of directors. The policies and procedures need to include
measures to prevent abuse of new technologies and systems for the purpose of money laundering
and terrorist financing. The compliance function is responsible for the preparation of a risk
management procedures manual covering the risk the organisation faces regarding money
laundering and terrorist financing. The procedures need to include appropriate monitoring
mechanisms so that the compliance function will receive all necessary information to be able to
assess the level of compliance of the relevant employees and departments.

This allows the institution to focus on the areas where the organisation runs the highest risk of
being used for money laundering and terrorist financing activities.
There are two main differences to note, however, between terrorist financing and money
laundering activities:
• Often, only small sums of money are required to commit terrorist acts, making identification
and tracking more difficult.
• If legitimate funds are used to fund terrorist activities, it is difficult to identify when the funds
become ‘terrorist funds’.
• Terrorist organisations can, however, require significant funding and will employ modern
techniques to manage them and transfer funds between jurisdictions, hence the similarities
Page 304 of 334
with money laundering.

The MiFIR regulation establishes uniform requirements in relation to:
1. disclosure of trade data to the public

2. reporting of transactions to the competent authorities
3. trading of derivatives on organised venues
4. non-discriminatory access to clearing and trading in benchmarks
5. product intervention powers of competent authorities, ESMA, and EBA
6. powers of ESMA on position management controls and position limits
7. provision of investment services or activities by third-country firms following an
applicable equivalence decision by the European Commission.

Market operators and investment firms operating a trading venue need to make current bid of
offer prices as well as depth of trading interest at those prices, publicly available for all financial
instruments traded on their trading venue; this also applies to actionable indication of interests.
The information needs to be made available to the public on a continuous basis during normal
trading hours

In accordance with EU rules and regulations, CySEC will require trading firms that make reports on
behalf of investment firms to have sound mechanisms in place to:
• guarantee the security and authentication of the means of transfer of information

• minimise the risk of data corruption and unauthorised access, and
• prevent information leakage maintaining the confidentiality of data at all times.
The trading venue needs to maintain adequate resources and have back-up facilities in place, in order
to offer and maintain its services at all times.

It is the responsibility of the operator of a regulated market to ensure that all derivatives transactions
are cleared by a CCP.
Page 305 of 334

Edition B.Ad.1 / EN
42. A Chapter 9, Section 1.2.2

At all times firms must maintain the capital ratios as defined in the table below:
Capital Ratio Calculation
CET1 4,5% CET1 capital expressed as a percentage of the total risk exposure amount
Total Tier 1 6% Tier 1 capital expressed as a percentage of the total risk exposure amount
Total 8% Own funds of the institution expressed as a percentage of the total risk
Capital exposure amount
When own funds requirements are based on a rating form an External Credit Assessment Institution
(ECAI), or based on the fact that an exposure is unrated, the CIF still needs to consider other relevant
information when assessing their allocation of internal capital.

CIFs must set the appropriate ratios between the fixed and the variable component of the total
remuneration, whereby the following principles shall apply:
a. the variable component shall not exceed 100 % of the fixed component of the total
b. shareholders of the CIF may approve a higher maximum level of the ratio between the fixed and
variable components of remuneration provided the overall level of the variable component shall
not exceed 200 % of the fixed component of the total remuneration for each individual.

The supervisory review and evaluation process (SREP) comprises the processes and measures
applied by CySEC to ensure that CIFs have sufficient capital to support all material risks to which
their business exposes them.
Page 306 of 334

The outcome of the SREP should define the level of capital that the CIF should hold, in order to cover
the full spectrum of risks it faces. This level of capital, which may be higher than the capital calculated
in the CIF’s own assessment (ICAAP), will form the CIF’s capital requirement.
The ICAAP is a set of processes, procedures and measures implemented by a CIF to ensure an
appropriate level of internal capital in relation to their risk profile.

Typologies not fully covered in Pillar 1 are credit concentration risk, residual risk, securitisation
risk settlement risk, and foreign exchange risk.
Liquidity risk is defined as the risk that a CIF has insufficient financial resources to meet its current
and prospective obligations, as they fall due, or can only secure these resources at excessive costs.

European Market Infrastructure Regulation (EMIR) came into force in 2012, and is designed to put
into practice several of the commitments made by the G20 leaders to reform derivatives markets
in the EU including enhancing transparency.
A CCP must have at least €7,5 million in capital to be authorised. Its capital, including retained
earnings and reserves, needs to be proportionate to the risk associated with their activities and must,
at all times, be sufficient to:

Access to adequate liquidity is essential for a CCP. Liquidity may derive from access to central
Page 307 of 334
Edition B.Ad.1 / EN
bank liquidity, creditworthy and reliable commercial bank liquidity or both. In assessing the adequacy
of liquidity resources, especially in stress situations, a CCP should take into consideration the risks of
obtaining the liquidity by only relying on commercial banks credit lines.
Any breaches by clearing members will need to be disclosed publicly, except in cases where CySEC,
in consultation with ESMA, considers that this would:
• constitute a threat to financial stability

• constitute a threat to market confidence
• seriously jeopardise the financial markets, or
• cause disproportionate damage to the parties involved.

Recovery plans are part of a CIF’s governance arrangements.
The intra-group financial agreement needs to comply with the following:
1. Each party freely enters into the agreement.

2. Each party must act in their own best interest.
3. Each party providing support needs to have full disclosure of all relevant information from the
recipient.
4. The consideration may take into account inside information.
5. The calculations for consideration do not take into account any anticipated temporary
impact on market prices.

Two types of administrators can be appointed:
• a special administrator
• a temporary administrator
A special administrator is appointed by the resolution authority for a period not exceeding one
year, and assumes the management of the institution. The resolution authority may appoint one
or more persons, strictly based on professional experience, knowledge of banking-related issues,
and personal criteria to ensure the suitability of the appointed person(s).
Page 308 of 334

The Central Bank of Cyprus acts as the resolution authority and has the following measures available:
Bail-in – a mechanism for the exercise by the resolution authority of the write-down and
conversion powers in relation to liabilities of an institution under resolution

CySEC needs to be notified when it is considered that a CIF is failing, or is likely to fail. They shall, in
turn, notify the relevant resolution authorities including any crisis prevention measures or
actions. In the event that CySEC determines that the conditions for resolution are met, they will
inform the following:
• The resolution authority and the competent authority of the entity and any branch of the
entity.
• The CBC and the competent central bank of the member state (if applicable.
• An appropriate deposit guarantee scheme.
• A body in charge of resolution financing arrangements.
• The group-level resolution authority (if applicable).
• The minister or competent ministry in the member state (if applicable).
• A consolidating supervisor.
• The European Systemic Risk Board (ESRB), and the designated national macro-prudential
authority.

The Regulation does not apply to the following types of securities:
• units issued by collective investment undertakings other than the closed-end type
• non-equity securities issued by a Member State or by one of a Member State’s regional or local
authorities, by public international bodies of which one or more Member States are members,
by the European Central Bank or by the central banks of the Member States
• shares in the capital of central banks of the Member States
Page 309 of 334

Edition B.Ad.1 / EN

Issuers who meet the conditions to have the status of frequent issuers, and whose prospectus
consists of separate documents, can benefit from a faster approval process which is reduced to
5 working days.
In the case of an initial offer to the public of a class of shares that is admitted to trading on a regulated
market for the first time, the prospectus must be made available to the public at least six working days
before the end of the offer.

The competent authorities have the power to impose at least the following administrative sanctions and
other administrative measures related to infringements:
- in the case of a natural person, maximum administrative pecuniary sanctions of at least

€700,000, or the corresponding value in the national currency
63. D Chapter 13, Section 1.1.1

The annual financial report needs to be available to the public for at least ten years, and needs to consist of:
1. annual financial statements

2. a management report, and
3. statements made by the board of directors, the chief executive officer (CEO) (or equivalent) and the chief
financial officer (CFO) if they are both not members of the board of directors of the issuer, and a clear
indication of their name and function.

Any issuer who does not comply with the framework of communication requirements is subject to an
administrative fine not exceeding €85.000 and, in the case of repetition of the infringement, an administrative fine
not exceeding €170.000, depending on the severity.
Page 310 of 334

Anyone who acquires shares in an issuer to which voting rights are attached is considered a
shareholder. Notifications of changes in voting rights must be provided to both the issuer and
CySEC if the voting rights held reach or exceed/fall below thresholds of 5%, 10%, 15%, 20%, 25%,
30%, 50%, or 75% of total voting rights. This obligation exists for initial and subsequent purchases
or disposals.
Inside information is information of a precise nature, which has not been made public, relating,
directly or indirectly, to one or more issuers or to one or more financial instruments, and which, if it
were made public, would be likely to have a significant effect on the prices of those financial
instruments or on the price of related derivative financial instruments
Insider dealing applies to any person who possesses inside information because they:
- are a member of the administrative, management or supervisory bodies of the issuer or

emission allowance market participant
- have a holding in the capital of the issuer or emission allowance market participant
- have access to information through their position, or
- are involved in criminal activities.
It is the responsibility of the firm issuing a security or the emission allowance market participant (for
the purpose of this section collectively known as ‘firm’) to inform the public as soon as possible of
any inside information that directly concerns the firm.

Market manipulation is related to entering into transactions, the dissemination of false or misleading
information through the media, including the internet, or the transmitting of false information or
inputs related to a financial instrument or a benchmark with the intention of giving false or
misleading signals to the market with regard to supply, demand, or the price of an instrument, or
to secure a price at an abnormal or artificial level. This does not apply to market makers whose
orders are undertaken for legitimate reasons.
Page 311 of 334

Edition B.Ad.1 / EN

The following penalties apply:
Infringements Type of person Penalty

Insider dealing, unlawful disclosure, market Natural person €5.000.000
manipulation Legal person €15.000.000 or 15% of total
annual turnover
Prevention of detection of market abuse, Natural person €1.000.000
public disclosure of inside information Legal person €2.500.000 or 2% of total annual
turnover
Insider lists, managers’ transactions, Natural person €500.000

investment recommendations and statistics Legal person €1.000.000
Page 312 of 334

Syllabus Learning Map
Page 313 of 334

Edition B.Ad / EN
Intentionally blank page
Page 314 of 334

Edition B.Ad / EN
Syllabus Unit/ Element Chapter/

Element Number Section
Investment Services Law 2017:

Element 1 Scope/Powers/Offences Chapter 1
Scope, Application and Competent Authorities

1.1 On completion, the candidate should:
1.1.1 Know the scope and application of the law 1.1
Know the provision of investment services by third

1.1.2 1.2
country firms
Know the exemptions from the scope of the laws

1.1.3 1.3
application
1.1.4 Know the competent authorities in the Republic 1.4
The Cyprus Securities and Exchange Commission

Know the responsibilities of the Cyprus Securities

1.2.1 and Exchange Commission (the Commission) 2
Know how the Commission cooperates with other

1.2.2 competent authorities 2
Know the extent of the Commission’s power to

1.2.3 collect information and carry out inspections and 2
investigations
Know the extent of the Commission’s power to
impose sanctions for non-compliance with a request
1.2.4 from the Commission to: 2
• Submit information
• Cooperate in an on-site inspection/investigation
Investor Compensation Fund (ICF)

1.3
On completion, the candidate should:
1.3.1 Know the objective and the members of the ICF 3.1
Page 315 of 334

Edition B.Ad / EN
1.3.2 Know the funds and resources 3.2
1.3.3 Understand the compensation procedure 3.3
Offences
Know which violation constitutes both a criminal and

1.4.1 an administrative offence 4
Element 2 Cypriot Investment Firms (CIFs) Chapter 2
Authorisation
Know the conditions and procedures for granting CIF

2.1.1 1.1
authorisation
Know the continuous CIF obligations:
2.1.2 • Regular internal review 1.2
• Conflicts of interest
Know the circumstances under which CIF
2.1.3 authorisation may be withdrawn, suspended and 1.3
their procedures
Conduct of Business Obligations
Know requirements relating to:
• Management body
2.2.1 2
• Governance arrangements
• Responsibility of senior management
General CIF Obligations

Understand the obligations relating to the
appointment and use of tied agents:
2.3.1 3.1
• Public register
• Responsibility and monitoring
Know the rules relating to eligible counterparties:
• Relevance of conduct of business obligations
2.3.2 3.2
• Scope
• Express confirmation
Page 316 of 334

Know the conditions and requirements regarding the

provision of participatory financial services
2.3.3 3.3
(crowdfunding) in securities through crowdfunding
platforms
Specific Restrictions
Know the marketing, purchase, distribution and selling

2.4.1 4
restrictions on binary options and CFDs
SME Growth Markets

Know regulations relating to the operation of SME

2.5.1 5
growth markets
Regulated Markets
Know how the obligations apply to regulated markets
• Application and authorisation process
2.6.1 • Senior management requirements 6.1
• Organisational requirements
• Obligations
Know obligations relating to:
2.6.2 • Direct electronic access
6.2
• Algorithmic trading systems
Understand rules relating to the admission of financial

2.6.3 instruments to trading 6.3
Understand the obligation of a regulated market to

2.6.4 maintain transparent and non-discriminatory rules 6.4
2.6.5 Know how regulated markets monitor compliance 6.5
Know how transparency requirements apply to

2.6.6 6.5
regulated markets
Data Reporting Service Providers (DRSPs)

Page 317 of 334

Edition B.Ad / EN
Know requirements for DRSPs:

• Approved publication arrangements (APAs)
2.7.1 • Approved reporting mechanisms (ARMs) 7
• Consolidated tape providers (CTPs)
• Obligations for DRSPs
Element 3 Cypriot Investment Firms (CIFs) and Banks Chapter 3
Organisational Requirements
Know the organisational requirements for CIFs and

3.1.1 1
Banks
Specific Requirements
3.2.1 Know the requirements relating to compliance 2.1
Understand the requirements relating to telephone

3.2.2 recordings and electronic communications 2.2
3.2.3 Understand the requirements regarding outsourcing 2.3
Know the requirements regarding the safeguarding of

3.2.4 2.4
client assets
Know the requirements relating to:
3.2.5 • Risk management 2.5
• Internal audit
Conflicts of Interest
3.3.1 Know examples where a conflict of interest may occur 3
3.3.2 Know the requirements relating to conflicts of interest 3
Provisions to Ensure Investor Protection

Know the general principles regarding information to

3.4.1 4
clients:
Page 318 of 334

• Information requirements
• Information about the CIF
• Information about the client
• Client categorisation and professional clients
Know the requirements regarding information about
3.4.2 4.2
financial instruments
Know the information requirements relating to costs

3.4.3 and associated charges 4.3
Investment Advice
Know t h e requirements regarding investment advice:
3.5.1 • Information about investment advice 5
• Investment advice on an independent basis
Suitability
Know t h e s u i t a b i l i t y requirements:
• Assessment of suitability and suitability reports
3.6.1 • Common assessment provisions 6
• Assessment of appropriateness and related record-
keeping obligations
Know the obligations for CIFs who provide
3.6.2 services through the medium of another IF 6
Best Execution
3.7.1 Understand best execution criteria 7
3.7.2 Know the obligations regarding best execution 7
3.7.3 Understand how client order handling rules are applied 7
Open-Ended Undertakings for Collective

Element 4 Investment (UCI) Laws (2012–2019) Chapter 5
Undertakings for Collective Investment in

4.1 Transferable Securities (UCITS)
Page 319 of 334

Edition B.Ad / EN
4.1.1 Know the definition and types of UCITS 1
Know provisions applicable to the operation of UCITS:

4.1.2 • Common funds 1.1
• Variable capital investment companies
Know the duties and requirements applicable to

4.1.3 1.2
depositaries
Obligations of UCITS
Know the obligations of UCITS:
• Investment policy
4.2.1 2.1
• Standing obligations
• Investor information
Know the special provisions applicable to UCITS that
market their units abroad:
• UCITS established in the Republic marketing units
4.2.2 2.2
to other member states
• UCITS from other member states marketing units in
the Republic
UCITS Structures
Know the main obligations that apply to master-feeder
UCITS structures:
4.3.1 3
• General operating obligations
• Specific obligations of the feeder UCITS
• Specific obligations of the master UCITS
Management Companies
Page 320 of 334

Know the obligations that apply to the operation of

management companies:
• Permitted activities
• Share capital
• Conditions for granting an operation license
• Conditions for the exercise of activities
4.4.1 • Financial submissions 4.1
• Delegation arrangements
• Changes to the management company including
revocation of operating license
• Code of conduct
• Complaints handling
Know the obligations that apply to the cross-
4.4.2 border provision of services by a management 4.2
company
Element 5 Alternative Investments Chapter 5
The Alternative Investment Funds Law

Know common provisions regarding the organisation
and operation of Alternative Investment Funds
(AIFs):
5.1.1 • Initial capital and retention of minimum assets 1
• Risk management
• Management and conduct of business
5.1.2 Know the AIF requirements regarding valuation 1
5.1.3 Know the AIF requirements regarding transactions 1
Operational Conditions of AIFMs

Know the conditions and process of authorisation for

5.2.1 2.1
AIFMs
5.2.2 Know the ‘general principles’ for AIFM 2.2
5.2.3 Know the AIFM requirements regarding remuneration 2.3
Page 321 of 334

Edition B.Ad / EN
Know the AIFM requirements regarding conflicts of

5.2.4 2.4
interest
Know the AIFM requirements regarding risk

5.2.5 2.5
management
Know the AIFM requirements regarding liquidity

5.2.6 2.6
management and securitization
5.2.7 Understand the transparency requirements for AIFM 2.7
Organisational Requirements
Know the procedures, arrangements and mechanisms

5.3.1 that AIFM must implement 3
Investors
Understand the rules regarding the marketing of AIFs

5.4.1 to retail investors in the Republic 4.1
The Business of Credit Institutions Laws of 1997–

Element 6 Chapter 6
2016
General
Understand how the Central Bank of Cyprus (CBC)
supervises banks:
• Ownership and management
6.1.1 • Supervision and inspection 1
• Disclosure of information
• Cooperation with other competent authorities
• Powers of the Central Bank of Cyprus (CBC)
Liquidity and Capital

Know the following capital requirements:
6.2.1 • Minimum capital 2
• Capital adequacy
Returns and Accounts

Page 322 of 334

Know the basic responsibilities ACIs must meet

6.3.1 with respect to submitting returns and accounts 3
The Prevention and Suppression of Money

Element 7 Laundering and Terrorist Financing Laws Chapter 7
Special Provisions in Respect of Financial and

7.1 Other Business Activities
Understand the provision for obliged entities to apply
adequate and appropriate systems and procedures,
the penalties for non-compliance, when to apply
7.1.1 1.1
customer due diligence measures, the ways to apply
identification procedures and customer due diligence
measures
Know when simple or enhanced customer due
7.1.2 diligence (CDD) measures may be applied 1.2
The Responsibilities of Obliged Entities

Understand the responsibilities of the board of

7.2.1 directors with respect to the prevention of money 2.1
laundering and terrorist financing
Understand the obligations of the internal audit

7.2.2 2.2
department
7.2.3 Learn about the customers’ acceptance policy 2.3
Know the minimum duties a compliance officer

7.2.4 should exercise with respect to the prevention of 2.4
money laundering and terrorist financing
Understand how obliged entities should adopt a

7.2.5 risk-based approach to prevent money laundering 2.5
and terrorist financing
Know examples of:
• Suspicious transactions
7.2.6 2.6
• Activities related to money laundering and terrorist
financing
Markets in Financial Instruments Regulation
Element 8 Chapter 8
(MiFIR)
Page 323 of 334

Edition B.Ad / EN
Special Provisions in respect of Financial and

8.1 other Business Activities
8.1.1 Know the scope of MiFIR 1
Transparency Requirements
Know transparency requirements for equity
instruments
• Pre-trade
8.2.1 • Waivers 2.1
• Volume cap mechanism
• Post trade
• Deferred publication
Know transparency requirements for non-equity
instruments
• Pre-trade
8.2.2 2.2
• Waivers
• Post trade
• Deferred publication
Know transparency requirements
8.2.3 applicable to systematic internalisers and 2.3
investment firms trading OTC
Reporting Requirements
Know record-keeping requirements for investment

8.3.1 3.1
firms
8.3.2 Know record-keeping requirements for trading venues 3.1
8.3.3 Know transaction reporting requirements 3.2
Know obligations relating to the supply of reference

8.3.4 data for financial instruments 3.3
Derivatives
Know the obligation to trade derivatives on:
8.4.1 • Regulated markets 4.1
• MTFs
Page 324 of 334

• OTFs
• Third-country trading venues
Know obligations relating to the clearing and

8.4.2 indirect clearing of derivatives 4.2
8.4.3 Know the obligations relating to portfolio compression 4.3
Element 9 Capital Adequacy Requirements Chapter 9
Directive DI144-2014-15 arising from

9.1 EU575/2013
9.1.1 Know prudential consolidation requirements 1
9.1.2 Know own funds requirements 1
Know capital requirements:

• General requirements, valuation and reporting
9.1.3 1
• Capital requirements for credit risk
• Own funds requirements for market risk
Know requirements relating to large exposures:
9.1.4 • Limits 1
• Exemptions
9.1.5 Know transitional provisions 1
Directive DI144-2014-14 and Directive DI144-

9.2 2014-14(A)
Know the arrangements, processes and mechanisms
CIF’s should have in place for:
• Recovery and resolution
9.2.1 • Remuneration 2
• Treatment of risks
• Calculating and benchmarking own funds
requirements
Know the arrangements, processes and mechanisms
CIFs should have in place for:
9.2.2 • Credit and counterparty risk 2
• Residual risk
• Concentration risk
Page 325 of 334

Edition B.Ad / EN
• Securitisation risk
• Market risk
• Interest risk arising from non-trading activities
• Operational risk
• Liquidity risk
• Risk of excessive leverage
Governance
Know governance requirements relating to:
9.3.1 • Country-by-country reporting 3
• Public disclosure of return on assets
Know governance requirements relating to
remuneration:
9.3.2 • Remuneration policies 3
• Variable elements of remuneration
• Remuneration committee
Supervisory Review and Evaluation Process
9.4 (SREP)
9.4.1 Understand the purpose of SREP 4.1
Understand the five key stages of the SREP:

• Planning
• Review and assessment of ICAAP
9.4.2 4.2
• Review of additional information
• Supervisory measures
• SREP validation
9.4.3 Understand SREP outcomes 4.3
The Internal Capital Adequacy Assessment

9.5 Process (ICAAP)
9.5.1 Understand the purpose of the ICAAP process 5.1
Understand the principles for the implementation of an

9.5.2 5.2
ICAAP
9.5.3 Understand types of Pillar 1 risk 5.3
Page 326 of 334

Understand risk typologies not fully covered in Pillar 1:

• Credit concentration risk
• Residual risk
9.5.4 5.4
• Securitisation risk
• Settlement risk
• Foreign exchange risk
9.5.5 Understand types of Pillar 2 risk 5.5
Understand the following risk management tools:

9.5.6 • Risk register 5.6
• Stress testing
European Market Infrastructure Regulation

Element 10 Chapter 10
(EMIR)
EMIR
10.1.1 Understand the main provisions of EMIR 1
General Requirements
Know the general requirements relating to clearing

10.2.1 2.1
obligation
Know the reporting obligations under EMIR Refit and the

10.2.2 2.2
amendments to the CCP regime
Know the general requirements relating to the risk

10.2.3 2.3
mitigation techniques
Know EMIR regulation relating to capital requirements

10.2.4 2.4
for CCPs
Know the general requirements relating to:

10.2.5 • Large exposures 2.5
• Exposures to transferred credit risk
10.2.6 Know the general requirements relating to liquidity 2.6
Page 327 of 334

Edition B.Ad / EN
10.2.7 Know thegeneral requirements relating to leverage 2.7
10.2.8 Know the general disclosure requirements 2.8
Element 11 Recovery and Resolution Laws Chapter 11
Recovery Planning
Know recovery planning obligations and the
assessment and relevant provisions for:
• CIF that are not part of a group subject to
11.1.1 1
consolidated supervision
• CySEC evaluation on simplified obligations
• Group recovery plan
Intra-Group Financial Support

Know requirements relating to intra-group financial

11.2.1 2
support
Early Intervention
11.3.1 Know measures for early intervention 3
Understand the appointment of:

11.3.2 • Special administrators 3.1
• Temporary administrators
Resolution
Know resolution tools:
• The sale of operations measure
• The measure to transfer assets, rights or liabilities to
11.4.1 a bridge institution 4
• The measure to transfer assets and rights to an asset
management company
• The bail-in measure
Know the special resolution requirements:
• The sale of business measure
11.4.2 4
• The asset transfer measure
• Treatment of shareholders in case of write down or
Page 328 of 334

conversion of capital instruments

• Classification of mutual requirements
Procedural Obligations
Know the notification requirements pertaining to the

11.5.1 expected and actual failure of a CIF 5
Cross-Border Group Resolution

Know how the law facilitates cross-border resolution
• Resolution colleges
11.6.1 6
• Cooperation with third-country authorities
• Exchange of confidential information
Element 12 Prospectus Law Chapter 12
Subject Matter and Scope of the Regulation

12.1.1 Know the subject matter and scope of the Regulation 1
Requirements and Exemptions

Understand the requirements for publishing a

12.2.1 2.1
prospectus
Know the exemptions to the obligation to publish a

12.2.2 prospectus 2.2
Drawing up of the Prospectus

Understand the general provisions related to drawing up

12.3.1 3.1
of the prospectus
Know the EU growth prospectus and the simplified

12.3.2 3.2
disclosure regime for secondary issuances
Understand CySEC’s Directive on the language of a

12.3.3 3.3
prospectus
Page 329 of 334

Edition B.Ad / EN
Understand the responsibility of the persons signing the

12.3.4 3.4
prospectus
Drawing up of the Prospectus

Understand the approval procedure, the publication

12.4.1 4
procedure and the advertisements
Administrative Sanctions and other

12.5 Administrative Measures
Know the administrative sanctions and other
12.5.1 5
administrative measures
Element 13 Transparency Laws Chapter 13
Information Reporting Requirements for Issuers

Know issuer reporting requirements for periodic

13.1.1 1.1
information
Know issuer reporting requirements for ongoing

13.1.2 1.2
information
Framework of Communication for Issuers and

Holders of Securities
13.2
13.2.1 Know issuer obligations relating to shares 2.1
13.2.2 Know issuer obligations relating to debt securities 2.2
Shareholder obligations
13.3.1 Know shareholder threshold notification requirements 3
Understand exemptions to shareholder notification

13.3.2 3
requirements
Know how the obligations extend to holders of financial

13.3.3 3
instruments
Page 330 of 334

Insider Dealing and Market Manipulation

Element 14 Chapter 14
Regulation (2016)
Inside Information
Know the definition of inside information (Article 8 EU

14.1.1 1.1
596/2014)
Know which persons are in possession of inside

14.1.2 information (Article 8 EU 596/2014) 1.1
Know the obligations for those in possession of inside

information
• Prohibitions (Article 14 EU 596/2014)
14.1.3 1.1
• Legitimate behaviour (Article 9 EU 596/2014)
• Unlawful disclosure (Article 10 EU 596/2014)
• Market soundings (Article 11 EU 596/2014)
Provisions Relating to Issuers of Financial
14.2 Instruments
Know how issuers of financial instruments should

14.2.1 manage inside information (Article 17 EU 596/2014) 2
Understand the circumstances in which publication of

14.2.2 inside information might be justifiably delayed (Article 2
17 EU 596/2014)
Know the importance of keeping an updated insiders
14.2.3 list (Article 18 EU 596/2014) 2
Know the reasons and circumstances when a

14.2.4 manager must report his/her transactions (Article 19 2
EU 596/2014)
Market Manipulation
Know which acts are considered to constitute market

14.3.1 3
manipulation
Understand how market operators help to detect and

14.3.2 prevent market manipulation 3
14.3.3 Know accepted market practices 3
Page 331 of 334

Edition B.Ad / EN
Disseminating Information
Know provisions relating to persons and institutions
who:
• Produce or disseminate investment
recommendations (Article 20 EU 596/2014)
14.4.1 4
• Disseminate statistics and forecasts (Article 20 EU
596/2014)
• Disclose or disseminate information to the media
(Article 21 EU 596/2014)
Administrative Measures and Sanctions
Know the administrative measures and sanctions in

14.5.1 relation to market abuse (Article 30): 5
Page 332 of 334

Examination Specification
Each examination paper is constructed from a specification that determines

the weightings that will be given to each element. The specification is given
below.
It is important to note that the numbers quoted may vary slightly from
examination to examination as there is some flexibility to ensure that each
examination has a consistent level of difficulty. However, the number of
questions tested in each element should not change by more than plus or
minus 2.
Element
Element Questions
Number
1 Investment Services Law: Scope/Power Offences 4
2 Cypriot Investment Firms (CIFs) 8
3 Cypriot Investment Firms (CIFs) and Banks 8

Open-ended Undertakings for Collective Investment (UCI)
4
Laws (2012–2019) 6
5 Alternative Investments 6
6 The Business of Credit Institutions Laws of 1997–2016 2
7 The Prevention and Suppression of Money Laundering

and Terrorist Financing Laws 5
8 Markets in Financial Instruments Regulation (2014) (MiFiR) 4
9 Capital Adequacy Requirements 8
10 European Market Infrastructure Regulation (EMIR) 4
Page 333 of 334

Edition B.Ad / EN
11 Recovery and Resolution Laws 5
12 Prospectus Regulation 2
13 Transparency Laws 3
14 Insider Dealing and Market Manipulation Regulation (2016) 5
Total 70
Page 334 of 334

English Advanced Workbook

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

English Advanced Workbook

Uploaded by

Copyright:

Available Formats

Financial Services Regulatory Framework:

This learning manual relates to syllabus version 4.0 and

Intentionally blank page

Cyprus Securities & Exchange Commission

19 Diagorou St., 1097 Nicosia, Cyprus

Learning Manual Version 4: Issued in November 2020

We would like to wish you every success in your studies.

Chairman, Cyprus Securities and Exchange Commission

CHAPTER 1 INVESTMENT SERVICES LAW 2017: SCOPE/POWERS/OFFENCES ................................................. 13

1. SCOPE,APPLICATION AND COMPETENT AUTHORITIES .................................................................................... 13

1.1. Scope and Application.................................................................................................................. 14

1.2. Investment Services by third-country firms .............................................................................. 15

1.3. Exemptions ..................................................................................................................................... 16

1.4. Competent Authorities .................................................................................................................... 19

2. THE CYPRUS SECURITIES AND EXCHANGE COMMISSION (CY SEC) .................................................................... 20

3. INVESTOR COMPENSATION FUND (ICF).......................................................................................................... 22

3.1. ICF Objectives and Members .......................................................................................................... 22

3.2. Funds and Resources ...................................................................................................................... 23

3.3. Compensation ................................................................................................................................. 25

CHAPTER 2 CYPRIOT INVESTMENT FIRMS (CIFS) ........................................................................................... 29

1.1. Initial Authorisation of a Firm ......................................................................................................... 29

1.2. Continuous CIF Obligations ............................................................................................................. 30

1.3. Suspension and Termination of Authorisation of a Firm ................................................................ 31

2. CONDUCT OF BUSINESS OBLIGATIONS .......................................................................................................... 33

2.1. Management Body ......................................................................................................................... 33

2.2. Governance ..................................................................................................................................... 35

2.3. Responsibility of Senior Management ............................................................................................ 36

3. GENERAL CIF OBLIGATIONS ........................................................................................................................ 37

3.1. Tied Agents ..................................................................................................................................... 37

3.2. EligibleCounterparties ................................................................................................................. 39

3.3. Crowdfunding ............................................................................................................................... 39

4. SPECIFIC RESTRICTIONS ................................................................................................................................ 41

5. SME GROWTH MARKETS ............................................................................................................................ 42

6. REGULATED MARKETS ................................................................................................................................ 44

6.1. Application and Authorisation Requirements .......................................................................... 44

6.2. Direct Electronic Access and Algorithmic Trading........................................................................... 53

6.3. Admission of Financial Instruments to Trading ......................................................................... 54

6.4. Transparent and Non-Discriminatory Rules ............................................................................... 55

6.5. Compliance and Trade Transparency.............................................................................................. 55

CHAPTER 3 CYPRIOT INVESTMENT FIRMS (CIFS) AND BANKS ....................................................................... 60

1. ORGANISATIONAL REQUIREMENTS ................................................................................................................ 60

2. SPECIFIC REQUIREMENTS ............................................................................................................................. 62

2.1. Compliance ..................................................................................................................................... 62

2.2. Electronic Communications ............................................................................................................ 63

2.3. Outsourcing .................................................................................................................................... 65

2.4. Client Assets .................................................................................................................................... 68

2.5. Risk Management and Internal Audit .......................................................................................... 68

3. CONFLICTS OF INTEREST ............................................................................................................................. 69

4. PROVISION TO ENSURE INVESTOR PROTECTION ............................................................................................ 72

4.1. Professional Clients ......................................................................................................................... 74

4.2. Information about Financial Instruments ....................................................................................... 76

4.3. Costs and Charges........................................................................................................................... 77

5. INVESTMENT ADVICE ................................................................................................................................. 78

6.1. Suitability Requirements ................................................................................................................. 80

7. BEST EXECUTION ........................................................................................................................................ 83

7.1. Client Order Handling .................................................................................................................. 85

1. UNDERTAKINGSFORCOLLECTIVEINVESTMENTIN TRANSFERABLESECURITIES(UCITS) ...................................... 90

1.1. Specific Types of UCITS ................................................................................................................ 91

1.2. Depositaries ................................................................................................................................... 92

2. OBLIGATIONS OF UCITS ............................................................................................................................. 97

2.1. UCITS Obligations ........................................................................................................................... 97

2.2. Marketing Provisions .................................................................................................................... 106

3. UCITSSTRUCTURES ................................................................................................................................. 107

3.1. Investment Policy .......................................................................................................................... 108