Cyprus caps large cash transactions
Cyprus lawmakers have approved a crucial amendment to the Law on the Prevention and Combating of Money Laundering, introducing restrictions on large cash transactions. The legislation passed with 24 votes in favor and two against, is aimed at curbing money laundering and illegal activities.
Under the new law, cash payments for goods, services, and property transactions are capped at 10,000 euros or equivalent in other currencies. Violators of this limit could face severe penalties, including substantial fines or imprisonment for up to five years.
The law also extends to cash equivalents such as bearer negotiable instruments, highly liquid goods, and prepaid cards, tightening measures to combat money laundering and terrorist financing. These changes align Cyprus with European regulations designed to enhance the integrity of the financial system.
A provision in the law allows for temporary suspension of these restrictions if electronic payment systems become inaccessible due to unforeseen circumstances. Offenders may incur fines of up to 10% of the amount involved in illegal transactions.
A Quick Guide to IP Rights for Fintech Companies in Cyprus
A. IP Protection for Software
Under Cyprus law, software or computer programs are considered literary works protected by copyright, specifically under article 7B of the Law on Copyright and Related Rights of 1976 (Law No. 59/1976). The underlying ideas and principles of any component of a computer program, including the system interfaces, are not covered by intellectual property rights (article 7B(2)).
Copyright protection extends to preparatory design materials (if they can be turned into a computer program), source code, object code, and software architecture. Simply replicating an existing program or draft will not qualify for copyright protection.
Cyprus law does not require a formal registration for copyright, as it is automatically granted. Nevertheless, it is advisable to include the author’s name and creation date within the software’s source code.
Business methods and software programs are not eligible for patent protection, which is reserved for innovative inventions, new processes, and novel ways of operating products. However, this exclusion only applies to software as a standalone entity; inventions incorporating software may still qualify for a patent. Additionally, software code can be safeguarded as confidential information if kept secret, and confidentiality agreements should be used when third parties have access to the code.
B. IP Developed by Employees and Contractors
In Cyprus, intellectual property rights are generally owned by the creator or inventor. However, if an employee develops work as part of their employment contract, ownership typically transfers to the employer unless otherwise agreed. This is outlined in article 11(1)b of the Law on Copyright and Related Rights of 1976 (Law No. 59/1976).
Similarly, if an invention is created under an order or work contract, the patent rights usually belong to the person or entity that commissioned the work or the employer, unless a different arrangement is specified in the contract, as per article 11(1) of the Patents Law of 1998 (Law No. 16(I)/1998).
C. Joint Ownership
Joint owners of intellectual property are not restricted by law from using, licensing, charging, or transferring their rights. However, joint owners generally need to reach an agreement on how to exercise their rights. There may be exceptions depending on the type of intellectual property involved.
D. Trade Secrets
Trade secrets in Cyprus are protected under Law 164(I)/2020, which safeguards confidential business information from unauthorized access, use, or disclosure. To qualify as a trade secret, the information must be confidential, valuable, and protected by reasonable efforts to maintain secrecy. Unlawful actions include unauthorized access, misappropriation, or breaching confidentiality agreements. Trade secret holders can seek court remedies, including provisional measures or compensation for damages. Non-disclosure agreements and internal policies are recommended for protection.
Courts in Cyprus can ensure trade secret confidentiality during proceedings. Under Article 9(4) of Law 164(I)/2020, courts may restrict access to sensitive information and issue confidentiality orders, balancing this with the need for a fair trial.
E. Branding
Brand protection in Cyprus can be achieved through registering a Cypriot trademark or an EU trademark, which provides broader protection across the EU. Trademark registration is done through the Cypriot Intellectual Property Office or the EU Intellectual Property Office (EUIPO). A strong brand reputation can also offer protection against exploitation by third parties.
Logos and slogans that are original may qualify for copyright protection. Additionally, brand designs can be protected as industrial designs if they are new and unique. Fintech businesses should consult public trademark databases to ensure they do not infringe on existing trademarks or designs. A thorough trademark and design search is recommended to identify any potential conflicts.
F. Remedies for IP Infringement
Fintech businesses and individuals in Cyprus whose intellectual property rights have been infringed have several legal remedies at their disposal. These remedies are designed to protect their rights and mitigate the damage caused by the infringement:
- Injunctions: Courts can issue injunctions to immediately halt the infringing activities. This may include preliminary or interim injunctions, which are essential to prevent further damage while the case is being resolved, and permanent injunctions once a judgment is made.
- Damages: The aggrieved party may be entitled to monetary compensation for any financial loss or harm suffered as a result of the infringement. Damages can be calculated based on lost profits, a reasonable royalty, or the infringer’s unjust enrichment, ensuring the affected party is fairly compensated.
- Cease and Desist Orders: Courts may issue orders requiring the infringing party to cease all unauthorized use of the intellectual property. This includes removing or destroying infringing materials, discontinuing the production or sale of infringing goods, and taking measures to prevent future violations.
In addition to these primary remedies, courts may also grant additional relief, such as the seizure or destruction of infringing goods, publication of the judgment to restore reputation, and reimbursement of legal costs incurred by the intellectual property holder.
In case you have any questions or need any assistance, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
New Rules for Crypto-Asset Service Providers (CASPs) in Cyprus: Key Updates
The Cyprus Securities and Exchange Commission (CySEC) has made an important announcement regarding regulating Crypto-Asset Service Providers (CASPs). Here’s what you need to know:
- Transition to EU’s MiCA Regulation As of 30/12/2024, the European Union’s Markets in Crypto-Assets Regulation (MiCA) will come into full effect for CASPs. This regulation aims to create a clear framework across the EU for the operation of crypto-asset services, enhancing investor protection and market integrity.
- What Happens During the Transitional Period? CySEC has set a transitional period for CASPs already operating under current national rules. Suppose a CASP is registered before 30/12/2024. In that case, it can continue to offer services until 1/7/2026, or until it receives a decision on its application for authorization under MiCA, whichever comes first.
- No New Applications Under National Rules Starting from 17/10/2024, CySEC will no longer accept new applications for CASP registration under the existing national framework. All new applications will need to comply with the MiCA requirements once the regulation is fully in place.
- Preparation for MiCA Applications CySEC is awaiting the finalization of the Regulatory and Implementing Technical Standards (RTS and ITS) by the European Commission. Once these are released, CySEC will publish guidelines on how to apply for authorization under MiCA. In the meantime, interested parties can refer to draft technical standards by the European Securities and Markets Authority (ESMA) to get a head start on their preparations.
- Cross-Border Services For entities that are already providing crypto-asset services across the European Economic Area (EEA), the deadline to submit notifications to CySEC under the current rules is 30/10/2024. After this date, new cross-border service notifications will not be processed until MiCA is fully in effect.
These changes mark a significant shift in how crypto-asset services are regulated, aiming for more consistent rules across Europe. Entities currently offering these services should make sure they understand the new requirements and prepare for the transition to ensure compliance. For more details, you can refer to CySEC’s official announcement.
These updates represent a key step in aligning Cyprus’s crypto regulations with the broader EU framework, ensuring a smooth transition for CASPs and enhanced protection for users across the region.
In case you have any questions or need any assistance, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
The EU’s Digital Operational Resilience Act 2022/2554 (DORA)
Financial regulators have long faced the challenge of ensuring stability in financial markets, especially given the growing reliance on third-party systems, technology, and platforms. The integration of cloud solutions has heightened these complexities, and the potential risk to financial markets increases if a technology provider experiences a cyber incident.
In today’s interconnected financial ecosystem, long chains of IT subcontractors can make it difficult for institutions to fully understand the vulnerabilities in their systems. This is further complicated when key functions are outsourced to entities without direct contractual ties to the financial institution.
The EU introduced the Digital Operational Resilience Act (DORA) with these issues in mind. DORA mandates that financial institutions identify ICT services supporting critical functions and strengthen their contractual protections. It became effective in January 2023, and affected financial entities and ICT providers have until January 2025 to ensure full compliance. After that, regulators will have the power to impose fines and require firms to remedy security vulnerabilities.
DORA has implications beyond the EU, as it also applies to non-EU companies providing ICT services to EU-based financial institutions.
Key stakeholders in the financial industry must prepare for compliance by aligning their contracts with the new standards, as non-compliance can result in severe penalties, including fines, sanctions for board members, reputational damage, and even criminal liability.
Key Dates:
- January 2023: DORA came into force.
- January 2024: Technical standards to be finalized.
- July 2024: Final set of standards published.
- January 2025: Full compliance required.
Who Will Be Affected?
DORA applies to a broad range of financial entities, such as banks, investment firms, and insurance companies, as well as certain ICT service providers who meet specific criteria outlined in the regulation. Some providers will be classified as critical, subjecting them to oversight by EU regulatory authorities.
ICT Services Defined:
ICT services encompass digital and data services provided via IT systems, including hardware, software, and support services. Critical providers are identified based on their impact on the stability and quality of financial services.
Impact and Compliance:
Financial institutions must ensure robust ICT risk management frameworks, incident reporting protocols, and resilience testing. Contracts with third-party ICT providers must meet DORA’s standards, including pre-contractual due diligence, monitoring service levels, and planning for termination or exit strategies.
While DORA applies to the EU, it has a similar counterpart in the UK, with regulations designed to align with global standards on operational resilience. Firms in both regions should ensure they meet impact tolerances for critical services by March 2025.
With the compliance deadline fast approaching, it is crucial for affected organizations to identify gaps in their processes, update their policies, and negotiate contracts that reflect the new requirements.
In case you have any questions or need any assistance, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
EU Financial Services: Key points to watch for the rest of 2024
Last week, Maria Luís Albuquerque from Portugal was appointed as the new EU Commissioner for Financial Services and the Savings and Investment Union. With her appointment, alongside Mario Draghi’s report on European competitiveness, the EU is set to focus on significant developments in the financial services sector in the coming months.
Key priorities include scaling up sustainable finance, with a focus on transition finance and climate resilience. This aligns with the recommendations from the European Supervisory Authorities (ESAs) and the European Securities and Markets Authority (ESMA) to introduce a product categorization system for financial products with sustainability features. Additionally, digital finance will be a major theme, with a push for an open-access framework and the use of AI in financial services.
Other areas of focus include revitalizing securitization markets and addressing macroprudential concerns with non-bank financial institutions (NBFIs). Upcoming consultations, including one on securitization regulations and another on macroprudential policies for NBFIs, are expected to bring significant regulatory changes.
While work will continue by the Commission and the ESAs to prepare Level 2 and Level 3 measures under key financial services mandates over the coming months (in particular MiCA, DORA, the new AML/CFT package and the EU Banking Package), a number of Level 1 measures (directives and regulations) actioned during the term of the last Commission still need to be finalised.
Several important legislative proposals, such as EMIR 3.0, the ESG Ratings Regulation, and amendments to Solvency II, are expected to be published by the end of 2024. Additionally, trilogue negotiations on key regulations like Payment Services Directive 3 (PSD3) and the retail investment package are set to commence soon.
The move towards a T+1 settlement cycle and developments in short-term funding instruments, such as commercial paper, are also worth monitoring, though immediate changes are not expected.
This period marks a transformative time for EU financial services as the region aims to strengthen its competitive edge and regulatory framework.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.