REGULATORY Archives - Andria Papageorgiou

Cryptocurrencies: Evaluating Risks and Assessing Their Future in Digital Banking

A. Introduction:

The emergence of cryptocurrencies has disrupted traditional financial systems, offering decentralized and secure alternatives to conventional banking. However, as with any financial innovation, cryptocurrencies come with inherent risks. In this article, we will delve into the risks associated with cryptocurrencies and explore their potential future in the realm of digital banking.

B. Cryptocurrency Risks:

Price Volatility: One of the primary risks associated with cryptocurrencies is their extreme price volatility. The value of cryptocurrencies can experience significant fluctuations within short periods. Investors must be prepared for the possibility of substantial gains or losses in their cryptocurrency holdings.
Regulatory Uncertainty: Cryptocurrencies operate in a regulatory landscape that is still evolving. The lack of standardized regulations across jurisdictions introduces uncertainties regarding their legal status, taxation, and consumer protection. Regulatory changes can impact the viability, adoption, and usage of cryptocurrencies, leading to potential risks for investors and digital banking institutions.
Cybersecurity Vulnerabilities: Cryptocurrencies face cybersecurity threats due to their digital nature. Hacking attempts, phishing attacks, and theft pose significant risks to individuals and digital banking platforms that deal with cryptocurrencies. Robust security measures, such as secure wallets and strong authentication protocols, are essential to safeguard against these risks.
Market Liquidity: Cryptocurrency markets may experience liquidity challenges, particularly for less-established or low-volume cryptocurrencies. Limited liquidity can impact the ability to buy or sell cryptocurrencies at desired prices, leading to potential trading difficulties and increased transaction costs.
Technological Risks: Cryptocurrencies rely on underlying technologies, such as blockchain, which are still evolving. Technical vulnerabilities, software bugs, and network disruptions can pose risks to the stability and reliability of cryptocurrencies. Ongoing technological advancements and upgrades are necessary to mitigate such risks.

C. The Future of Cryptocurrencies in Digital Banking:

Despite the risks, cryptocurrencies have the potential to shape the future of digital banking in several ways:

Increased Financial Inclusion: Cryptocurrencies can provide access to financial services for the unbanked and underbanked populations, enabling secure and efficient cross-border transactions without the need for traditional banking intermediaries.
Streamlined Cross-Border Payments: Cryptocurrencies can facilitate faster and cheaper cross-border transactions, eliminating intermediaries and reducing transaction fees. Digital banking institutions can leverage cryptocurrencies to offer efficient global payment solutions to their customers.
Decentralized Finance (DeFi): Cryptocurrencies underpin the growth of decentralized finance, enabling various financial services, including lending, borrowing, and yield farming, without traditional intermediaries. DeFi platforms can integrate cryptocurrencies to provide innovative financial products to users.
Central Bank Digital Currencies (CBDCs): Several central banks worldwide are exploring the development of CBDCs, which are digital currencies issued and regulated by central authorities. CBDCs can potentially enhance the efficiency and transparency of digital banking systems, bridging the gap between traditional currencies and cryptocurrencies.

D. Conclusion:

Cryptocurrencies have emerged as a disruptive force in the financial industry, offering unique advantages and challenges. Understanding the risks associated with cryptocurrencies is crucial for individuals and digital banking institutions venturing into this domain. While risks such as price volatility and regulatory uncertainties persist, cryptocurrencies hold the potential to transform digital banking by enabling financial inclusion, streamlining cross-border payments, fostering decentralized finance, and paving the way for central bank digital currencies.

As the digital banking landscape continues to evolve, carefully navigating the risks and leveraging the opportunities presented by cryptocurrencies will be pivotal for the future of the industry.

Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.

Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. It is important to conduct thorough research and consult with financial professionals before making any investment decisions related to cryptocurrencies or digital banking. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.

COMPLIANCE, News, REGULATORYMay 19, 20230 comments

by Andria Papageorgiou

CySEC Circular C533 on the guidelines on certain aspects of the compliance function requirements

Cyprus Securities and Exchange Commission (the “CySEC”) issued the Circular C553 (the “Circular”) on the 14^th of March 2023, for the provision of guidance on the application of certain aspects of the compliance function requirements provided in Article 17(2) of the Investment Services and Activities and Regulated Markets Law (the “Law”) and Article 22 of the MiFID II Delegated Regulation 2017/565 (the “Delegated Regulation 565”).

It shall be noted, that Circulars C030 and C050 are repealed and replaced by this Circular, and that this Circular should be read with Circular C447 on the ESMA’s Guidelines (ESMA35-36-1952) on certain aspects of the MiFID II compliance function requirements (the “Compliance Function Guidelines”).

The Circular issued by CySEC provides a summary of the Compliance Function Guidelines, alongside with further guidance from the Commission (please refer to statements in italics) so as to ensure the common, uniform and consistent application of the relevant legal requirements, as these are outlined above. In brief, we would like to note the following:

A. Guidelines on the responsibilities of the Compliance Function:

Guideline 1 – Compliance risk assessment:

A risk assessment must be conducted by adopting a risk-based monitoring program to determine its priorities and the focus on monitoring, advisory, and assistance activities. In addition, based on the new provisions of the Guidelines, the following are expected:

The findings of the compliance risk assessment should be used to set the work programme of the Compliance Function and to allocate the function’s resources efficiently.
The compliance risk assessment should be reviewed on a regular basis, and, when necessary, updated to ensure that the objectives, focus and the scope of compliance monitoring and advisory activities remain valid.

Guideline 2 – Monitoring obligations of the Compliance Function:

The aim of the risk-based monitoring program should be to evaluate whether the firm’s business is conducted in compliance with its obligations under the Law and that the internal policies and procedures, organization, and control measures remain effective and appropriate to ensure that compliance risk is comprehensively monitored. The risk-based approach to compliance shall form the basis for determining the appropriate tools and methodologies used by the Compliance Function, as well as the extent of the monitoring program and the frequency of monitoring activities performed by the Compliance Function. Also, the monitoring program should reflect changes to the firm’s risk profile as well as, extend to the implementation and effectiveness of any remedial measures taken by the firm in response to breaches of the Law.

Guideline 3 – Reporting obligations of the Compliance Function:

The mandatory compliance reports should cover all business units involved in the provision of investment services, activities and ancillary services provided by a firm. The mandatory compliance reports is expected to include general information, manner of monitoring and reviewing, findings, actions taken and other information. The relevant report should also cover the firm’s product governance arrangement (e.g. role of Compliance Function, monitoring of the firm’s product governance by the Compliance Function, information about the financial instruments manufactured / distributed, including information on the distribution strategy). Additionally, the Compliance Function and the Complaints Management Function should be properly segregated, subject to the principle of proportionality.

Investment Firms should submit to CySEC the annual reports mentioned in Article 25 of the Delegated Regulation 565 within twenty (20) days from the date the reports are discussed by the Board of Directors and not later than four (4) months from the end of the calendar year. The Board of Directors should also provide CySEC with explanations of the Compliance Function’s findings (e.g. corrective measures in response to the identified deficiencies and timetable for their implementation). It is provided that the annual report is a standalone document and cannot be part of another report that the Investment Firm is obliged to prepare (e.g. anti-money laundering compliance function report).

Guidelines 4 – Advisory and assistance obligations of the Compliance Function:

In general, pursuant to the Guideline 4, it is expected that the Compliance Function to fulfil its advisory and assistance responsibility, including providing support for staff and management training, providing day-to-day assistance for staff and management and participating in the establishment of policies and procedures within the firm (e.g. the firm’s remuneration policy or the firm’s product governance policies and procedures).

B. Guidelines on the responsibilities of the Compliance Function:

Guideline 5 – Effectiveness of the Compliance Function:

The firm should ensure that the Compliance Function is allocated with the appropriate human and other resources by taking into account the scale and types of investment services, activities and ancillary services undertaken by the firm, as well as any changes to the firm’s compliance risk in case its business unit activities are significantly extended (e.g. establishment of branches, use of affiliates, cross border activities). The said guideline was further enhanced so as to be clearly indicated that it is of vital importance for the firms to have in place the necessary arrangements to ensure an effective exchange of information between the Compliance Function and other control functions (such as the internal audit and risk management) as well as with any internal and external auditors.

Guideline 6 – Skills, knowledge, expertise and authority of the Compliance Function:

Guideline 6 outlines the requirements related with the skills, knowledge, expertise and authority of the Compliance Function (e.g. sufficiently broad knowledge and experience, sufficiently high level of expertise etc.). The senior management should assess the prospective Compliance Officer’s qualifications prior appointment, ensures that he/she has integrity, morals and credibility, as well as that he/she is a holder of the CySEC’s Advanced Certificate and registered in the Public Register. CySEC also performs an assessment of the qualification of the nominated Compliance Officer during the authorisation process and/or in the context of ongoing supervision, which includes the analysis of his/hers curriculum vitae, as well as an interview.

Guideline 7 – Permanence of the Compliance Function:

The firm should establish adequate arrangements for ensuring that the Compliance Function performs its tasks and responsibilities on a permanent basis and are fulfilled when the Compliance Officer is absent. The responsibilities, competences and the authority of the Compliance Function should be set out in a “compliance policy” or other general policies or internal rules that consider the scope and nature of the firm’s services and activities, which should include information on the monitoring programme, the reporting duties of the Compliance Function and its risk-based approach to monitoring activities.

Guideline 8 – Independence of the Compliance Function:

Guideline 8 highlights that the Compliance Function holds a position in the firm’s organisational structure that ensures that the Compliance Officer and other compliance staff act independently when performing their tasks. The tasks performed by the Compliance Function should be carried out independently from the senior management and other units of the firm. Where the senior management deviates from important recommendations or assessments issued by the Compliance Function, the Compliance Officer should document this accordingly and present it in the compliance reports, and if deemed necessary, inform CySEC the soonest possible.

Guideline 9 – Proportionality with regard to the effectiveness of the Compliance Function:

The firm should decide which measures, including organisational measures and the level of resources, are best suited for ensuring the effectiveness of the Compliance Function in the firm’s particular circumstances. The firm may fall under the proportionality exemption if the performance of the necessary compliance task does not require a full-time position due to the nature, scale and complexity of the firm’s business, and the nature and rage of the investment/ancillary services and activities, but should ensure that any conflicts of interests are minimised. Where a firm makes use of the proportionality exemption, it should record how this is justified, so that the CySEC is able to assess this.

The Compliance Function should also ensure that all employees that fall under the Directive regarding the Certification of Persons and the Certification Registers of 2019 to 2021 hold the relevant certificate and are registered in the public register, as well as that the content of the CIF Electronic Record is complete and accurate and where amendments are required, that these are done immediately.

Guideline 10 – Combining the Compliance Function with other internal control functions:

Generally, firms should ensure that the control functions are properly segregated (e.g. the compliance staff shall not be involved in the activities they monitor). Nevertheless, a combination of the Compliance Function with other control units at the same level (such as money laundering prevention) may be acceptable if this does not generate conflicts of interests or compromise its effectiveness. Any such combination should be documented, including the rationale behind it, so that CySEC is able to assess whether such a combination is appropriate. Based on the provisions of the Guideline 10, the following should be noted:

Where an internal audit function has been established and is maintained, such function may not be combined with other control functions such as the Compliance Function;
Where the Compliance Officer is not appointed as the Single Officer (referred to in Article 9 of the Directive DI87-01), both the Single Officer and the Compliance Officer should act independently and the Compliance Officer should not supervise and/or issue any instruction to the Single Officer; and
Where the Compliance Function is combined with other control functions or where it is also responsible for other tasks (for example anti-money laundering), the firm should ensure that it allocates enough resources for MiFID II compliance at all times.

Guideline 11 – Outsourcing of the Compliance Function:

In accordance with Guideline 11, which outlines the requirements related with the outsourcing of tasks undertaken by the Compliance Officer and not the outsourcing of the relevant responsibilities, the following shall be noted:

In all cases, outsourcing the Compliance Function should not undermine its quality and independence, create undue additional operational risks, impair the activities of internal controls or impair the ability of the firm and the relevant competent authority to supervise compliance with the applicable requirements;
The outsourcing to non-EU entities may potentially make oversight and supervision of the Compliance Function more difficult and should therefore be subject to a closer monitoring; and
Upon the termination of the outsourcing arrangement related with the Compliance Function, firms should ensure the continuity by transferring the Compliance Function back to the firm or outsourcing it to another provider.

C. Guidelines on the competent authority review of the Compliance Function:

Guideline 12 – Review of the Compliance Function by the competent authority:

Generally, the competent authorities should assess whether a firm’s Compliance Function is adequately resourced and organised and whether adequate reporting lines have been established. With respect to the CySEC’s expectations and clarifications provided:

It is required, as a condition for authorisation, that any necessary amendments to the Compliance Function are notified to CySEC.
Also, as part of the ongoing supervisory process, CySEC assesses whether the measures implemented by the firm for the Compliance Function are adequate, and whether it fulfils its responsibilities appropriately.
The Compliance Function must immediately disclose to CySEC every important development that may substantially affect its ability to effectively perform the Compliance Function and to fulfil its responsibilities appropriately.

Finally, without prejudice to the provisions of Guideline 6, a person may be nominated as Compliance Officer, even if not registered in the Public Register provided that, following an assessment of his/her qualifications, CySEC is satisfied that the person has the relevant knowledge and expertise and will succeed in the Advanced Examination and be registered in the Public Register within a determined time period decided by CySEC. The firm should notify CySEC of both the appointment and replacement of the Compliance Officer and the later may require a detailed statement on the grounds for the replacement.

In case you have any questions, please do not hesitate to contact us for further professional assistance.

Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.

COMPLIANCE, CYSEC, REGULATORYMarch 16, 20230 comments

by Andria Papageorgiou

Financial Action Task Force Statement Publications – February 2023

Paris, 24 February 2023 – The second Plenary of the FATF under the Presidency of T. Raja Kumar of Singapore concluded on 24/2/2023. Delegates from over 200 jurisdictions of the Global Network participated in these discussions at the FATF headquarters in Paris.

Following the statements issued since March 2022, the FATF reiterates that all jurisdictions should be vigilant to current and emerging risks from the circumvention of measures taken against the Russian Federation in order to protect the international financial system. The outcomes of the FATF Plenary, 22-23 February 2023 relate among others to the following matters:

FATF Statement on High-Risk Jurisdictions subject to a Call for Action:

Following FAFT’s statement of October 2022 on the list of “High-Risk Jurisdictions subject to a Call for Action- October 2022”, the latter proceeded with the issuance of a Publication on the 24^th of February 2023, through which it urges all jurisdictions to apply enhanced due diligence, and, in the most serious cases, countries are called upon to apply counter-measures to protect the international financial systems from the money laundering, terrorist financing, and proliferation financing (the “ML/TF/PF”) risks emanating from the country. In particular, the FATF’s call for action on the following high-risk jurisdictions remains in effect:

A. Jurisdictions subject to a FATF call on its members and other jurisdictions to apply countermeasures.

- Democratic People’s Republic of Korea (DPRK)
- Iran

B. Jurisdiction subject to a FATF call on its members and other jurisdictions to apply enhanced due diligence measures proportionate to the risks arising from the jurisdiction.

- Myanmar

FATF Statement on Jurisdictions under Increased Monitoring:

On the 24^th of February 2023, the FAFT issued a Publication in relation to the results of the progress review to identify new countries with strategic AML/CFT deficiencies, despite the challenged posed by Covid-19, based on which:

A. Jurisdictions no longer subject to increased monitoring:

- Cambodia
- Morocco

B. Jurisdictions with strategic deficiencies:

- Albania
- Barbados
- Burkina Faso
- The Cayman Islands
- (*) Democratic Republic of the Congo
- Gibraltar
- Haiti
- Jamaica
- Jordan
- Mali
- (*) Mozambique
- Nigeria (new)
- Panama
- Philippines
- Senegal
- South Africa (new)
- South Sudan
- Syria
- (*) Tanzania
- Turkey
- Uganda
- United Arab Emirates
- Yemen

* Chose to defer reporting; thus, the relevant Statements available, issued in October 2022 may not necessarily reflect the most recent status of the jurisdictions’ AML/CFT regimes.

FATF Statement on the Russian Federation:

On the 24^th of February 2023, the FAFT issued a Statement in relation to its decision to suspend the membership of the Russian Federation, as the latter’s continuing and intensifying war of aggression against Ukraine runs counter to FATF’s core principles aiming to promote security, safety and the integrity of the global financial system. In particular, Russian Federation can no longer hold any leadership or advisory roles or take part in decision-making on standard-setting, FATF peer review processes, governance, and membership matters.

Other matters:

Mutual Evaluation Reports: FATF has adopted a mutual evaluation report of Indonesia and Qatar that will be published by May 2023 following the completion of its quality and consistency review.
Beneficial Ownership of Legal Persons: FATF Plenary has finalised a guidance document which will help countries implement the revised requirements of Recommendation 24 which requires countries to ensure that beneficial ownership information is held by a public authority or body functioning as a beneficial ownership registry or an alternative mechanism they will use to enable efficient access. The guidance will be published in March 2023.
Beneficial Ownership of Legal Arrangements: FATF Plenary also agreed on enhancements to Recommendation 25 on legal arrangements to bring its requirements broadly in line with those for Recommendation 24 on legal persons to ensure a balanced and coherent set of FATF standards on beneficial ownership.
Disrupting the financial flows from ransomware: FATF completed research that analyses the methods that criminals use to carry out their ransomware attacks and how they launder ransom payments. Relevant research will be published in March 2023 and will include a list of risk indicators that can help public and private sector entities identify suspicious activities related to ransomware.
Improving implementation of FATF requirements for virtual assets and virtual asset service providers: Plenary agreed on a roadmap to strengthen the implementation of FATF Standards on virtual assets and virtual asset service providers, which will include a stocktake of current levels of implementation across the global network. In the first half of 2024, the FATF will report on steps FATF members and FSRB countries with materially important virtual asset activity have taken to regulate and supervise virtual asset service providers.
Money Laundering and Terrorist Financing in the Art and Antiquities Markets: FATF has also finalised a report that explores the link between money laundering and art and antiquities which was published on the 27^th of February 2023.

In case you have any questions, please do not hesitate to contact us for further professional assistance.

AML, COMPLIANCE, CYSEC, News, REGULATORYMarch 7, 20230 comments

by Andria Papageorgiou

Procedures for the receipt of reports of infringement of Regulation (EU) No. 596/2014 on market abuse

We would like to draw your attention to the Circular C488 (the “Circular”) issued by the Cyprus Securities and Exchange Commission (the “CySEC” of the “Commission”) on the 17^th of February 2021, under the provisions of Article 2(1) of the Regulation (EU) No 596/2014 as amended (the “Market Abuse Regulation”), in relation to the updated procedures in force regarding the receipt of reports of infringement pursuant to the provisions of Article 32 of the Market Abuse Regulation.

In brief, please note the following:

A. Reporting Requirements:

The staff members of the Market Surveillance and Investigations Department of CySEC dedicated to the handling of the reports of infringements (the “Competent Department”) have been assigned with specific duties in order to assist and provide information on the procedures for reporting infringements to any interested person.
The report of infringement can be submitted either by name or anonymously, through the communication channels of the Competent Department as further specified under point A3 of the Circular.
A person who is accused of having committed an actual or potential infringement of the Market Abuse Regulation (the “Reporting Person”), may proceed with the submission of a written report of infringement by completing the “Whistleblowing External Disclosure Form” (the “Form”) which is available as an Appendix within the Circular.
In cases when the identity of the Reporting Person has been disclosed, CySEC may request further information.
Upon the submission of the infringement report, either orally or written, CySEC notifies the Reporting Person in writing within how many days will be notified about the results of his/her inquiry and ensures that the relevant notification will be sent within the timeframe set.

B. Record Keeping of the Infringement Reports:

Unless otherwise requested by the Reporting Person, a receipt of a confirmation is sent by CySEC.
In cases where reporting of infringements has been performed through the use of a telephone line, CySEC has the right to document the oral reporting, except the cases where Reporting Person’s prion consent is not provided.
In cases where Reporting Person’s consent is not provided for the reporting of infringements, CySEC has the right to document the conversation in the form of accurate minutes.
In cases where a person requests a physical meeting with the Competent Department for the purposes of reporting the infringement, CySEC ensures that complete and accurate records of the meeting are kept in a durable and retrievable form.
In cases where the confidentiality regime is used, CySEC notes that under certain circumstances as those explained in point C of the Circular, confidential information of the Reporting Person may be published.

To this end and as per Article 6(6) of the Market Abuse Law of 2016, a person providing information to CySEC, in accordance with the Market Abuse Regulation, is not considered to be infringing any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, nor will the said person have the liability of any kind related to such disclosure.

In case you have any questions, please do not hesitate to contact us for further professional assistance.

COMPLIANCE, CYSEC, News, REGULATORYFebruary 22, 20220 comments

by Andria Papageorgiou

Supervisory briefing in relation to firms using tied agents in the MiFID II framework

A. INTRODUCTION

In accordance with the Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority) amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC as amended by Regulation (EU) 2019/2175, one of European Securities and Markets Authority (the “ESMA“)’s objectives is to actively foster supervisory convergence across the Union with the aim of establishing a common supervisory culture.

B. OVERVIEW AND SCOPE

Following the UK withdrawal from the EU, ESMA has been monitoring the behaviour of firms in order to understand whether their interaction with EU-based clients is done in a way that is compliant with the MiFIR and MiFID legislation (including the regimes providing the conditions for third-country firms to provide investment services and activities in the Union). In this context, some practices concerning investment firms using tied agents recently emerged as a potential source of circumvention of the abovementioned legal framework.

Furthermore, ESMA believes that these issues have more general relevance, and it is thereby important to identify the supervisory expectations on firms using tied agents in a convergent manner across the Union. Therefore, this supervisory briefing takes into account all cases where an EU firm uses tied agents; a specific focus is given to cases where tied agents are legal persons that are controlled or have close ties with other entities or third-country entities.

The purpose of the Briefing is to give indications and information on supervisory expectations of ESMA and National Competent Authorities (the “NCAs”) to market participants of compliant implementation of the MiFID II provisions relating to tied agents and aims at contributing to the development of a convergent supervisory culture across the European Union (the “EU”).

The Briefing has been designed to be used in the way that best fits with supervisory methodologies. It is noted that the Briefing covers the aspects mentioned under Points [B] and [C] below.

C. SUPERVISORY EXPECTATIONS WHEN FIRMS APPOINT TIED AGENTS

Before the appointment of a tied agent, it is expected that a firm:

Has a clear understanding of how the tied agent will contribute to the strategy of the firm, what types of clients the tied agent will be dealing with and how the firm will obtain and deal with these clients.
Assesses, inter alia, the following:

The tied agent is suitable to promote or provide activities on behalf of the firm, is of sufficiently good repute, and possesses the necessary knowledge and competence (e. tied agent should be included in the assessment of knowledge and competence of staff in accordance with the ESMA Guidelines);
The tied agent has the ability, capacity, sufficient resources, appropriate organisational structure to support the performance of activities on behalf of the firm, and that the firm has a good understanding and is satisfied that the tied agent is able to ensure compliance with MiFID II requirements (e. assess the organizational structure of tied agent, assess the existence of appropriate mechanisms that the tied agent will use to report to the firm, assess the good repute and suitability of the persons responsible for the management and internal control of the tied agent, etc.);
The tied agent (if a legal person) has anticipated the number of natural persons that will be involved in the provision of activities on behalf of the firm, the place from which those persons will provide services to the firm as well as how they will be monitored;
In the case where under the national legislation a tied agent is allowed to hold money and/or financial instruments of clients as per Article 29(2) of MiFID II, then it is expected that the firm will assess the financial situation and the arrangements performed in regards to safeguarding of clients’ funds;
The appointment of the tied agent does not prevent the firm from complying with the MiFID II legislative framework (e. verification that the organisational settings of tied agents do not prevent their effective supervision by firms).

Ensures that the tied agent clearly agrees with the respective rights and obligations. Thus instructions and termination rights shall be provided by firms through an agreement between the relevant parties. The aspects that the relevant agreement is expected to cover are available under Point [22] of the Briefing.
Avoids appointing a tied agent which is a legal person and whose employees involved in the provision of the activities on behalf of the firm (e.g. sales staff) are also at the disposal or under the control of other entities (including third-country entities) as such entities could exercise inappropriate influence over the way in which the tied agent carries out the activities on behalf of the firm or may prevent the firm from effectively monitoring the activities of their tied agent.

D. SUPERVISORY EXPECTATIONS ON FIRMS USING TIED AGENTS IN THEIR ONGOING ACTIVITIES

Pursuant to the provisions of Article 29(2) of MiFID II, firms are required to monitor the activities of their tied agents to ensure that they continue to comply with MiFID II when acting through tied agents. Thus, once a firm appoints a tied agent, it is expected to ensure the following:

It has in place adequate internal measures and processes to appropriately oversight the activity that the tied agent carries out on its behalf, such as the following:

The Compliance Function shall advise and assist the persons responsible to carry out investment services and activities to comply with the firm’s obligation under MiFID II.
With respect to risk management, a firm shall monitor, inter alia:
- the level of compliance by the firm’s relevant persons with the arrangements, processes and mechanisms adopted by the firm to manage the risks relating to the firm’s activities
- the adequacy and effectiveness of measures taken to address any deficiencies in the policies, procedures, arrangements and mechanisms adopted by the firm to manage the risks, including failures by the relevant persons to comply with such arrangements, processes and mechanisms
The remuneration policies and procedures are not incentivising relevant persons to favour their own interests to the potential detriment of any client.
The Conflict of Interest Policy shall include procedures and measures to ensure that relevant persons carry on their activities at an appropriate level of independence.

Adoption of appropriate and proportionate governance arrangements by firms to monitor the activities carried out by the tied agents, such as for example:

The appointment of one or more independent or non-executive directors in charge of monitoring the activities of the tied agents;
To carry out an independent (external) review of the internal control framework (and staff) in charge of monitoring the tied agents.

Consequently, in order to monitor the tied agent’s activity, NCAs should be satisfied that a firm has in place, inter alia, adequate:

Organisational arrangements in order to monitor the skills and experience of the tied agent;
Appropriate reporting mechanisms (e.g. firms to engage in face-to-face meeting/discussions with tied agents to avoid excessive reliance when it comes to high-level attestation from the tied agent, receipt of specific information from the tied agent on a regular basis);
Mechanisms to assess the quality of services provided by the tied agent, as well as the consistency of the tied agent with the relevant EU legislative framework;
Mechanisms for the identification of conflicts of interest, which may arise from the relationship between the appointed tied agent and other entities or third-country entities with which the tied agent has the close link.

Regular monitoring of the tied agents’ financial situation through experienced persons (e.g. financial accountants).
Dealing with the complaints concerning the activities of the appointed tied agents.
Has the ability to terminate the relationship with a tied agent, where necessary, with immediate effect (e.g. when this is in the interest of clients) without determinant the continuity and quality of the provision of activities to clients.
When the relationship between a firm and a tied agent is terminated:

Immediate notification of the NCA of the home Member State specifying if the said termination is due to matters having a serious regulatory impact or involving an offence or a breach of MiFID II requirements;
Notification of all relevant clients in order to avoid any future interaction with the tied agent; and
Completion and fulfilment of all outstanding activities and obligations to clients either by the firm itself or another tied agent.

In case you have any questions, please do not hesitate to contact us for further professional assistance.

Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.

COMPLIANCE, REGULATORYFebruary 11, 20220 comments

by Andria Papageorgiou

Legal Opinions For Financial Institutions

Legal opinion is a piece of professional legal advice on a specific subject. Lawyers have an exclusive right to prepare such a document at the request of the person concerned. A correctly drafted opinion letter will ensure the benefit of your side to all parties to the dispute and confirm the transparency of the contract or the legality of certain legal actions.

Navigating through complex and uncertain legal provisions, Andria Papageorgiou Law Firm provides qualified third-party opinions on an array of subjects, with our expertise lying in financial services to assist you to come to the right conclusion whilst allowing you to have a clear understanding of the law.

We can assist with drafting legal opinions in Cyprus and over 100 other jurisdictions through our network of associates.

Regulators, payment service providers, and other methods of payment such as Visa and Mastercard are now requiring investment firms and other financial institutions to show that the provision of services in European or non-European countries, is permitted and in line with local country rules and regulations.

It is important to remember that in drawing up a Legal Opinion on any issue, Lawyers are responsible for their opinions, as they conduct legal and factual research, analysis, and verification and it is for this reason that providing Legal Opinions can be a rather expensive process at times.

Our global network of associates has been vetted to ensure that quality Opinions are prepared with investment issues distinguished by strict language, clarity of circumstances provided, and presence of transparent and understandable conclusions.

We have assisted investment firms and other financial institutions globally, including Cyprus, South Africa, Belize, New Zealand, Australia, Thailand, Malaysia, Taiwan, Singapore, and more, to attain Legal Opinions in over 100 countries.

Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.

COMPLIANCE, REGULATORYNovember 1, 20210 comments

by Andria Papageorgiou

CySEC New Directive for the Registration of Crypto Providers

The Cyprus Securities and Exchange Commission (CySEC) issued on Friday a directive about the registration and operating conditions of providers of services related to cryptocurrencies. According to the guidelines, published only in the Greek language, CySEC provides certain procedures to follow in order to comply with the recent transposition of AMLD5 measures taken in the European Union (EU) to combat Anti-Money Laundering and Counter-Terrorist Financing.

The registration fee for the providers who want to apply before CySEC for authorization under the said directive would be EUR 10,000, and the renewal fee shall be EUR 50,000. In terms of the board’s composition, there should be a minimum of four members: two executives and two non-executives. Furthermore, among the conditions set out in the said directive, the companies should comply with some requirements such as good reputation, appropriate policies, systems and procedures, relevant security policies, and remuneration requirements, as specified by the CySEC.

In addition to the said directive, it is expected that the CySEC will issue a policy statement very soon clarifying other relevant matters. Additionally, there is a CySEC application file available with the updated regulatory requirements to follow the AMLD5 rulings.

It is well admitted by CySEC, who shares the position of the European Securities and Markets Authority (ESMA), that some crypto assets, including the so-called virtual currencies, such as Bitcoin, are highly risky and speculative, and investors must be alert to the high risks of buying and/or holding these instruments, including the possibility of losing all their money. Crypto assets come in many forms but the majority of them remain unregulated in the EU including Cyprus.

In light of all the above, it is quite evident that the incorporation of crypto-asset businesses under the scope of the EU AML legislation under the amended 5th AML Law in Cyprus is a very significant step.

Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.

Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.

COMPLIANCE, News, REGULATORYJune 29, 20210 comments

by Andria Papageorgiou

The Use of Electronic Signature

Undoubtedly and unsurprisingly, the COVID-19 pandemic has affected businesses and individuals in a variety of ways. One aspect, which has been discussed to a great extent, is the use of electronic signatures in Cyprus and the legal implications of their use.

The Regulation (EU) N 910/2014

In an aim to improve trust in EU-wide electronic transactions and to increase the effectiveness of public and private online services and e-commerce, Regulation (EU) N 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the “eIDAS Regulation”) created a new system for secure electronic interactions across the EU between businesses, citizens and public authorities, setting out the conditions under which Member States recognize electronic identification means of natural and legal persons falling under a notified electronic identification scheme of another Member State, rules for trust services (for the verification of the identity of individuals and businesses online, as well as authenticity of documents) and establishing a legal framework for electronic signatures, seals, time stamps, documents, registered delivery services and certificate services for website authentication.

The Cyprus Law 55(I)/2018

The eIDAS Regulation has been incorporated into Cyprus law in 2018 through Law 55(I)/2018 (the “Law”).

The three types of electronic signatures

Three types of electronic signatures, each with different judicial value, are distinguished by the Regulation, as follows:
1. an “electronic signature” is defined by the Regulation as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”;
2. an “advanced electronic signature” is “an electronic signature which is uniquely linked to the signatory, is capable of identifying the signatory, is created by using electronic signature creation data that the signatory can, with a high level of confidence, use under their sole control and is linked to the data therewith in such a way that any subsequent change in the data is detectable”; and
3. a “qualified electronic signature”, which is an advanced electronic signature created by a qualified electronic signature creation device having the added comfort of being based on a qualified certificate for electronic signatures.

Admissibility and legal validity of electronic signatures

The Regulation specifies that an electronic signature cannot be denied legal effect or be deemed inadmissible as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures. However, it grants the “qualified electronic signature” the most significant judicial value deeming that it shall be equivalent to a handwritten signature.

Obtaining a qualified electronic signature

The procedure of obtaining a qualified electronic signature under Cyprus law was announced in May, amidst the COVD-19 pandemic, by the Deputy Ministry of Research, Innovation and Digital Policy of Cyprus. The Cyprus Stock Exchange has been authorised as a Certification Service Provider to issue qualified certificates on electronic signatures, though the government has already signed a Memorandum of Understanding with commercial banks that will enable and promote electronic signatures in the banking sector.

The validity period of such qualified e-signatures is currently set at one year from the date of issuance of the qualified certificate.

The sole Qualified Trust Service Provider (QTSP) currently registered in Cyprus is JCC Payment Services Ltd and, there are just two other Greek Companies, registered in Europe, carrying out activities in Cyprus: Byte Computer ΑΕ and ADACOM S.A. However, with the passing of the new legislation it is likely that these companies will face competition.

Difficulties and complications

While electronic signatures and even advanced electronic signatures were occasionally used prior to the COVID-19 pandemic, an increase in their use was noticed under the current circumstances. Such increased use of digital signatures has highlighted certain issues with their applicability and implementation. One such problem arises with documents that require witnessing. Common law provisions, applicable in Cyprus, require the physical presence of witnesses in the same location as the signatory. Therefore, a witnessing and attestation requirement is only satisfied in the case of an electronically executed document where the witness is physically present in the same location as the signatory. While the witness can still attest the document via a digital signature from the same location as the signatory, “remote” witnessing (e.g. by video link) is not permitted.

However, it is worth mentioning that certain, if not all, local authorities and institutions are still reluctant in accepting the digital signatures. In addition, it is evident that there are still no judicial decisions in relation to the use and implementation of electronic signatures, in order to see how the Cypriot courts would interpret and apply the relevant regulatory and legal provisions.

Last but not least is the fact that heavy dependence on electronic means will bring a higher demand for cyber security which may include a requirement for the use of electronic passports. Steps such as the creation of an electronic passport are likely to meet with resistance from some sectors of society, since, whilst they are superficially equivalent to a biometric identity card, they include continuously updated real data about an individual.

Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.

News, REGULATORYJune 28, 20210 comments

by Andria Papageorgiou

ESMA Guidelines (ESMA35-36-1952) on certain aspects of the MiFID II compliance function requirements

The European Securities and Markets Authority (ESMA) has published the Guidelines on certain aspects of the MiFID II compliance function requirements (‘the Guidelines’), on 6 April 2021 translated in all official languages of the EU. These Guidelines, replace the previous ESMA guidelines on the same topic issued in 2012.

The Guidelines apply in relation to the requirement of the Regulated Entities who, as part of their obligations under the Investment Services and Activities and Regulated Markets Law of 2017 (‘the Law’), must ensure that the compliance function fulfils the requirements set out in Article 22 of MiFID II Delegated Regulation 565/2017 by maintaining an efficient compliance function in accordance with Article 17(2) of the Law.

The Guidelines’ objective is the establishment of consistent, efficient and effective supervisory practices and to ensure the common, uniform and consistent application of certain aspects of the MiFID II compliance function.

Therefore, these Guidelines aim at requiring the Regulated Entities to have a robust governance framework by implementing systems and controls, policies and procedures, establishing an independent and effective compliance function to manage risks and ensure compliance with their regulatory obligations.

In brief, the said Guidelines focus on the below areas:

Guideline on the compliance risk assessment;
Guideline on the monitoring obligations of the compliance function;
Guideline on the reporting obligations of the compliance function;
Guideline on the advisory and assistance obligations of the compliance function;
Guideline on the effectiveness of the compliance function;
Guideline on the skills, knowledge, expertise and authority of the compliance function;
Guideline on the permanence of the compliance function;
Guideline on the Independence of the compliance function;
Guideline regarding the proportionality with regard to the effectiveness of the compliance function;
Guidelines on combining the compliance function with other internal control functions;
Guidelines on outsourcing of the compliance function;
Guidelines on the review of the compliance function by competent authorities;

The Guidelines apply from two months of the date of publication of the guidelines on ESMA’s website in all EU official languages, i.e. 07 June 2021.

CySEC adopts these Guidelines by incorporating them into its supervisory practices and regulatory approach.

Regulated Entities must take the necessary actions in order to ensure their compliance with the Guidelines.

Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.

COMPLIANCE, News, REGULATORYJune 2, 20210 comments

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.