ASIC Wins Landmark Case Against Kraken Crypto Exchange Operator for Compliance Failures
In a landmark decision, the Australian Securities and Investments Commission (ASIC) successfully sued Bit Trade Pty Ltd, the operator of the Kraken cryptocurrency exchange in Australia, for failing to meet its design and distribution obligations under the Corporations Act 2001. This court ruling sends a clear message to the cryptocurrency industry about the importance of regulatory compliance and the need to protect consumers from potentially risky financial products.
A. Background of the Case
The case revolves around the “margin extension” product offered by Bit Trade Pty Ltd to Australian customers on the Kraken platform. This product, which allowed users to extend their margin for trading digital assets or national currencies, was offered without a proper target market determination—a requirement under Australian law since October 2021. By failing to comply with these design and distribution obligations (DDO), Bit Trade was found to have breached Section 994B(2) of the Corporations Act each time the product was made available.
B. Court’s Findings
Justice Nicholas of the Federal Court highlighted that the failure to establish a target market determination was a significant violation. Although Bit Trade argued that the obligations related to margin extensions did not constitute a “deferred debt” or a credit facility, the court ruled otherwise. It was determined that when margin extensions were provided in a national currency like US dollars, they indeed created a deferred debt, making the product a credit facility under the law.
The court further clarified that while digital assets might not be considered money, margin extensions involving national currencies fall under the definition of a financial product that requires a target market determination. As a result, the court concluded that Bit Trade had breached its obligations under the Corporations Act, and the company now faces potential financial penalties pending further court orders.
You can read the full Judgement here.
C. Implications for the Crypto Industry
This ruling is a wake-up call for all entities operating within the crypto space. ASIC Deputy Chair Sarah Court emphasized the importance of compliance with legal requirements to protect consumers. She stated, “Today’s outcome sends a salient reminder to the crypto industry about the importance of compliance with the design and distribution obligations.”
The decision underlines that financial products, including those involving digital assets, must be distributed appropriately to consumers who understand the risks involved. It also reaffirms ASIC’s commitment to scrutinizing the design and distribution of financial products in the crypto sector to ensure they meet regulatory standards.
D. What’s Next for Bit Trade and Kraken?
Following the court’s decision, ASIC and Bit Trade have been given seven days to agree on declarations and injunctions. ASIC has also indicated its intent to seek financial penalties against Bit Trade, with the details of these penalties to be determined at a later date.
For Kraken and its operator, Bit Trade, this ruling could lead to significant operational changes, especially regarding how they offer products to Australian customers. The company may need to reassess its product offerings and ensure full compliance with Australian financial regulations.
E. Conclusion
This case is a significant victory for ASIC and a crucial moment for the crypto industry in Australia. It highlights the importance of compliance with financial regulations and the need for transparent and responsible distribution of financial products. As the crypto market continues to evolve, regulatory bodies like ASIC will undoubtedly continue to play a pivotal role in shaping the future of the industry, ensuring it operates in a manner that is fair and safe for all participants.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
CySEC Policy Statement on the enhancement of the non-face-to-face customer onboarding process with electronic methods
In today’s fast-paced digital landscape, the need for efficient and secure customer onboarding processes has never been more critical. Recognizing this, the Cyprus Securities and Exchange Commission (CySEC) has introduced a groundbreaking Policy Statement (PS-01-2024), designed to revolutionize the way financial institutions onboard non-face-to-face (NFTF) customers.
A. A New Era for Remote Customer Onboarding
The new policy marks a significant step forward in integrating electronic methods and technologies within the customer due diligence (CDD) process. CySEC’s policy is built on the principle of technological neutrality, giving financial institutions the flexibility to choose the most appropriate Remote Customer Onboarding Solutions (RCOS) that suit their operational needs.
This policy is not just a regulatory update; it is a roadmap for the future of digital finance in Cyprus. It aligns with the European Banking Authority (EBA) Guidelines and leverages lessons learned during the COVID-19 pandemic, ensuring that the financial industry remains robust, secure, and resilient in the face of evolving challenges.
B. Key Highlights of the Policy
- Technological Neutrality: CySEC encourages the use of diverse RCOS, whether through video calls, dynamic selfies, or other innovative technologies. The policy does not favor any specific technology, allowing businesses to adapt and innovate as they see fit.
- Mandatory Risk Assessments: Before implementing any RCOS, financial institutions are required to conduct comprehensive risk assessments. This ensures that the chosen technologies are not only compliant with existing regulations but also robust enough to handle potential security threats.
- Supervisory Guidance: CySEC has provided detailed guidelines to help institutions navigate the complex regulatory environment. These guidelines ensure that all remote onboarding processes meet the highest standards of security, reliability, and customer protection.
- Ongoing Compliance and Monitoring: The policy emphasizes the need for continuous monitoring and assessment of RCOS, ensuring that they remain effective and compliant with all relevant laws and regulations.
C. How We Can Help
At Andria Papageorgiou Law Firm, we have over a decade of experience in the fintech industry, specializing in regulatory compliance and innovative financial solutions. Our team of experts is ready to assist your business in implementing these new onboarding requirements seamlessly.
Whether you need help with risk assessments, compliance checks, or choosing the right RCOS for your business, we are here to guide you every step of the way. We understand the complexities of the fintech landscape and are committed to helping you stay ahead in this dynamic industry.
D. Last word
CySEC’s new policy is a significant development for the financial industry, offering both opportunities and challenges. By embracing these changes and leveraging the right expertise, your business can not only comply with the new regulations but also thrive in the digital age.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
CySEC Circular C556 on addressing AML/CFT Compliance – Insights from CySEC’s Recent Inspections
The Cyprus Securities and Exchange Commission (CySEC) has recently issued a Circular C656 highlighting the findings from its inspections of various regulated entities over the past two years. These inspections assessed compliance with the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 and CySEC’s Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing. The circular provides valuable insights into good practices and common deficiencies observed, offering a roadmap for entities to enhance their Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) frameworks.
A. Good Practices Identified
CySEC’s inspections revealed several commendable practices among regulated entities, which can serve as benchmarks for others aiming to strengthen their AML/CFT controls:
- Utilization of Local Knowledge: Supplementing commercially available databases with local knowledge and open-source internet checks proved effective in researching potential high-risk customers, including Politically Exposed Persons (PEPs).
- Clear Escalation Processes: Establishing clear processes for escalating the review and approval of high-risk and PEP customer relationships to senior management.
- Face-to-Face Interactions: Conducting face-to-face meetings with high-risk and PEP prospects before onboarding them as customers.
- Comprehensive Customer Files: Maintaining detailed customer files that cover risk assessment, documentation, verification, expected account activity, and profiles of the customer or business relationship.
- Robust Transaction Monitoring: Ensuring transaction and account monitoring considers up-to-date Customer Due Diligence (CDD) information, including expected activity, source of wealth, and source of funds.
- Active Involvement of Senior Management: Involving senior management and AML/CFT staff in decisions regarding the maintenance or termination of high-risk relationships.
- Updated Policies and Procedures: Keeping AML/CFT policies and procedures current to comply with evolving legal and regulatory obligations.
B. Common Weaknesses and Deficiencies
Despite the good practices, several weaknesses were commonly identified, which need immediate attention to mitigate AML/CFT risks:
- Risk Management and Procedures Manual: Manuals often contained generic descriptions rather than tailored procedures specific to the entity’s risks. In some cases, procedures for identifying and detecting unusual cash transactions were inadequate.
- Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD): Entities sometimes failed to construct comprehensive customer economic profiles or verify the identity of beneficial owners adequately. There was also a lack of additional information for high-risk customers.
- AML/CFT Risk Assessments: Risk assessments often did not consider guidelines from the European Banking Authority (EBA) or the Financial Action Task Force (FATF). In some instances, entities did not account for the risks posed by customers with Cypriot citizenship acquired through the Cyprus Investment Program.
- Source of Funds and Transactions Monitoring: Insufficient documentation to support customer transactions and initial source of funds was a recurrent issue. Entities need to gather detailed evidence and maintain updated customer profiles.
- Reporting of Suspicious Transactions: Compliance officers sometimes failed to examine internal reports adequately to determine if there was a suspicion of money laundering or terrorist financing.
- Record Keeping: Entities did not always ensure prompt availability of documents and information required by CySEC for regulatory duties.
CySEC’s circular serves as a crucial reminder for all regulated entities to review and enhance their AML/CFT policies, controls, and procedures. By addressing the identified deficiencies and adopting the highlighted good practices, entities can better align with regulatory expectations and effectively mitigate the risks associated with money laundering and terrorist financing.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
CySEC Circular C655: Findings of the assessment of Compliance Officers’ Annual Reports and Internal Audit Reports on the prevention of money laundering and terrorist financing, for the year 2022
The Cyprus Securities and Exchange Commission (CySEC) has published Circular No. C655, summarizing the findings from its 2023 assessment of Compliance Officers’ Annual Reports and Internal Audit Reports submitted by various regulated entities for the year 2022. The report underscores critical areas of non-compliance and provides detailed recommendations for improvement.
A. Targeted Entities
The circular addresses the following regulated entities:
- Crypto Asset Service Providers (CASPs)
- Cyprus Investment Firms (CIFs)
- Administrative Service Providers (ASPs)
- UCITS Management Companies (UCITS MC)
- Self-Managed UCITS (SM UCITS)
- Alternative Investment Fund Managers (AIFMs)
- Self-Managed Alternative Investment Funds (SM AIFs)
- Self-Managed Alternative Investment Funds with Limited Number of Persons (SM AIFLNP)
- Companies managing AIFLNPs
- Small Alternative Investment Fund Managers (Small AIFMs)
B. Scope of the Assessment
The assessment aimed to evaluate compliance with the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, and the CySEC Directive for the Prevention of Money Laundering and Terrorist Financing. The evaluation included the review of Compliance Officers’ Annual Reports and Internal Audit Reports submitted in 2023, reflecting the activities of the previous year.
C. Key Findings
CySEC identified several common weaknesses and deficiencies across the reports:
- Lack of Detailed Analysis: Many reports lacked sufficient analysis of the inspection methods used by Compliance Officers. Reports often provided results without explaining the methodologies, sample sizes, and the specifics of the inspections and reviews conducted.
- General Overviews: Some reports offered only general overviews rather than detailed descriptions of identified deficiencies, their seriousness, risk implications, and recommended corrective actions.
- Inadequate Customer Monitoring: Reports frequently did not provide adequate details on ongoing monitoring systems for customer accounts, including methods used and variations in monitoring based on customer risk categories.
- Insufficient Organizational Structure Information: The organizational structure and duties of the Compliance Officer’s department were often not sufficiently detailed.
- Incomplete Training Program Information: Information on recommended training programs for the upcoming year was frequently inadequate.
- Late Submissions: There were late submissions of Compliance Officers’ Annual Reports, Internal Audit Reports, and relevant Board of Directors (BoD) minutes.
D. Recommendations
CySEC has outlined several recommendations to address these deficiencies:
- Enhance Report Preparation: Ensure detailed and methodologically sound preparation of both Compliance Officers’ Annual Reports and Internal Audit Reports, including a thorough analysis of inspection methods and results.
- Improve Monitoring Systems: Establish robust systems for ongoing monitoring of customer accounts and transactions, providing detailed documentation of methods and findings.
- Detail Organizational Structure and Training: Include comprehensive information on the Compliance Department’s structure and staff duties, and clearly outline training programs for the next year.
- Adhere to Submission Deadlines: Comply with the specified timeframes for submitting reports and BoD minutes.
E. CySEC’s Expectations
CySEC expects all regulated entities to consider these findings and recommendations seriously when preparing their reports for 2023 and beyond. The Commission has emphasized that recurring weaknesses will be subject to rigorous compliance checks, and strict administrative sanctions may be imposed for non-compliance with the Law and Directive.
D. Conclusion
CySEC’s 2023 assessment report highlights significant areas for improvement in AML compliance and overall governance among regulated entities. By addressing the identified deficiencies and adhering to CySEC’s recommendations, entities can ensure robust compliance frameworks, thereby enhancing the integrity and trustworthiness of Cyprus’s financial sector.
E. How we can assist you
With ten years of experience in the financial services industry, our law firm is well-equipped to assist you with outsourced legal and compliance services. We provide comprehensive support and guidance for the preparation of annual CySEC reports, ensuring your compliance with all regulatory requirements.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
The EU’s Regulatory Framework for Artificial Intelligence: A New Era for AI Governance
The European Union (EU) is pioneering a comprehensive approach to artificial intelligence (AI) regulation with the introduction of the AI Act. This landmark legislation, the first of its kind globally, aims to balance innovation and safety, ensuring AI systems are trustworthy, transparent, and respect fundamental rights.
A. Core Objectives of the AI Act
The AI Act establishes a risk-based framework to regulate AI technologies across the EU. It categorizes AI systems into four risk levels:
- Unacceptable Risk: AI systems that pose a significant threat to safety, livelihood, or rights, such as those used for social scoring or cognitive behavioral manipulation, are banned.
- High Risk: These systems, which include applications in critical infrastructure, education, and employment, must meet stringent requirements before they can be marketed. This includes obtaining a CE marking to ensure compliance with EU standards.
- Limited Risk: AI systems in this category are subject to specific transparency obligations, such as informing users they are interacting with an AI system.
- Minimal or No Risk: These are largely exempt from additional regulatory burdens.
The Regulatory Framework defines 4 levels of risk for AI systems:
B. How does it all work in practice for providers of high-risk AI systems?
Once an AI system is on the market, authorities are in charge of market surveillance, deployers ensure human oversight and monitoring, and providers have a post-market monitoring system in place. Providers and deployers will also report serious incidents and malfunctioning.
C. Ensuring Trustworthy AI
To foster trust and transparency, the AI Act mandates several key measures:
- Pre-Market Conformity Assessments: High-risk AI systems must undergo thorough evaluations to ensure they meet EU standards for safety, security, and ethical considerations.
- CE Marking: Similar to other products within the European Economic Area, AI systems will require CE marking to indicate conformity with health, safety, and environmental protection standards.
- Transparency and Accountability: Developers must provide clear information on the AI system’s capabilities and limitations, ensuring users are well-informed.
D. Supporting Innovation
The EU aims to promote innovation without compromising safety through mechanisms such as:
- AI Regulatory Sandboxes: These allow developers to test AI systems in a controlled environment, facilitating innovation while ensuring regulatory compliance.
- Proportional Penalties: Fines for non-compliance are scaled based on the company’s size and revenue, ensuring that penalties are fair and encourage adherence to the regulations.
E. Governance and Enforcement
A robust governance structure will oversee the implementation of the AI Act:
- European Artificial Intelligence Board (EAIB): This new body will ensure consistent application of the rules across the EU.
- National Supervisory Authorities: These bodies will work alongside the EAIB to monitor compliance at the member state level.
F. Impact and Future Outlook
The AI Act is set to transform the AI landscape in Europe, creating a unified legal framework that not only protects consumers and citizens but also encourages technological advancement and market growth. By setting high standards for AI development and deployment, the EU aims to lead the world in ethical and innovative AI practices.
This pioneering regulation underscores the EU’s commitment to harnessing the benefits of AI while safeguarding its citizens’ rights and promoting a thriving digital economy.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
ESMA’s Opinion on Ensuring Consistent Application of MiCA for Crypto-Asset Brokers
The European Securities and Markets Authority (ESMA) issued an opinion on 31/7/2024, to support the consistent application of the Markets in Crypto-Assets Regulation (MiCA) across the European Union.
Here are the key points from the opinion, useful for a blog post:
1. Legal Framework and Background:
- MiCA Overview: MiCA, published in June 2023, establishes obligations for crypto-asset issuers and service providers, aiming to enhance investor protection, market integrity, and financial stability.
- Importance of Trading Platforms: Trading platforms, particularly Multifunction Crypto-asset Intermediaries (MCIs), are pivotal in the crypto ecosystem. The collapse of FTX highlighted the potential risks posed by these platforms.
2. Regulatory Arbitrage Concerns:
- MCIs and EU Market Access: Some MCIs may try to bypass EU regulations by structuring their businesses to maintain access to EU clients without fully adhering to MiCA, leading to regulatory arbitrage and an unlevel playing field.
- Reverse Solicitation: MiCA allows third-country firms to provide services to EU clients only if initiated by the client, known as “reverse solicitation.” ESMA stresses this should be narrowly applied to prevent circumvention of MiCA regulations.
3. Supervisory Guidance and Practices:
- Assessment of Business Models: ESMA advises national competent authorities (NCAs) to scrutinize the business models of crypto firms, ensuring they comply with MiCA and do not exploit regulatory loopholes.
- Conflict of Interest: MCIs must manage conflicts of interest, especially when offering both brokerage and trading platform services. NCAs should ensure these conflicts are adequately managed to protect clients’ interests.
- Best Execution: EU brokers must ensure the best possible execution of client orders, considering various factors like price, costs, and execution speed. Reliance on a single non-EU execution venue without proper justification is discouraged.
4. Custody and Administration of Assets:
- Custody Rules: EU brokers must ensure that non-EU execution venues do not take custody of EU clients’ assets, complying with MiCA’s stringent custody requirements.
ESMA is committed to promoting common supervisory approaches across the EU, and developing new tools and forums to ensure the effective application of MiCA. This proactive stance aims to foster a secure and transparent crypto-asset market, benefitting both investors and market participants.
At Andria Papageorgiou Law Firm, we specialize in navigating the complex regulatory landscape of the crypto-asset market. Our experienced legal team can provide comprehensive guidance on MiCA compliance, helping your organisation adapt to the new regulations effectively. Whether you need assistance with authorization processes, managing conflicts of interest, or ensuring best execution practices, we are here to support you.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
The Future of Prop Trading Regulation: An Industry in Transition
The rising popularity of proprietary trading firms, where traders use the firm’s capital to trade, has drawn the scrutiny of global regulators. Recent reports indicate that the European Securities and Markets Authority (ESMA) and other regulatory bodies are conducting preliminary reviews and consultations to understand the implications of prop trading and potentially introduce regulations. This move aims to enhance transparency and investor protection within the industry. While some jurisdictions, like Belgium, have taken a firm stance, the overall regulatory landscape remains uncertain, with further clarity expected by the end of the year.
In Europe, proposed regulations may require prop trading firms to be authorized under the Markets in Financial Instruments Directive (MiFID), aligning their operations with broader financial regulatory frameworks. Industry experts anticipate that new rules could enforce stricter operational requirements and transparency, potentially treating some aspects of prop trading similarly to financial services.
The regulatory drive is partly fueled by high-profile enforcement actions and growing concerns over the unregulated nature of many prop trading activities, which often operate on demo accounts. The lack of regulation has led to numerous firms entering the market, some of which have faced allegations of unethical practices, such as denying payouts.
As the industry evolves, it remains to be seen how regulators will balance the need for oversight with the innovative nature of prop trading. Stakeholders are advised to stay informed and prepared for impending regulatory changes.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
For further details, please refer to the original articles on Finance Magnates.
AI Act Set to Come into Force on 1 August 2024
The countdown to compliance with the Artificial Intelligence Act (“AI Act”) has started. Signed into law on June 13, 2024, the AI Act was set for publication in the EU Official Journal on July 12, 2024, and will enter into force on August 1, 2024.
Background
The AI Act establishes a legal framework aimed at achieving human-centric AI, protecting health, safety, and fundamental rights from the harmful effects of AI, while promoting innovation.
Scope of the AI Act
The AI Act applies to all stakeholders in the AI value chain, including AI providers (such as those of general-purpose AI, or “GPAI”), users, importers, distributors, manufacturers, and authorized representatives. Exemptions exist for AI systems used in scientific research, military, defense, or international cooperation, provided fundamental rights safeguards are in place.
Extra-Territorial Scope
The AI Act has extra-territorial reach, impacting organizations inside and outside the EU. It applies to entities placing AI on the EU market, using AI outputs within the EU, or providers of AI systems and general AI models outside the EU, who must appoint an EU-based representative.
Risk Categories
The AI Act adopts a risk-based approach, with regulations varying based on the severity and likelihood of harm:
- Prohibited: AI systems for social scoring, cognitive behavioral manipulation, biometric categorization.
- High: AI in employment, credit decisions, health/life insurance risk assessment.
- GPAI: Large language models like ChatGPT.
- Limited: Chatbots.
- Minimal: Spam filters, video games.
High Risk Providers
High-risk AI system providers must adhere to various obligations:
- Risk management systems
- Data governance
- Technical documentation
- Record-keeping
- Transparency
- Human oversight
- Accuracy, robustness, and cybersecurity
- Quality management systems
- Documentation and log generation
- Cooperation with authorities
- Displaying the CE Mark
- Registering with the EU database
GPAI Providers
GPAI providers must prepare technical documentation, copyright policies, and publish training data. They may adhere to voluntary codes of practice for compliance. GPAI systems posing systemic risks must undergo model evaluation, ongoing assessment, risk mitigation, and incident reporting.
User Obligations
AI users have fewer obligations but must ensure staff have AI literacy. Users of high-risk AI must implement technical and organizational measures, human oversight, monitoring, and data protection impact assessments. Transparency rules apply to AI systems creating deep fakes or involving emotion recognition.
Enforcement
The EU AI Office will regulate the AI Act’s implementation, supported by the AI Board and national supervisory authorities. National authorities will oversee enforcement, appointing a public authority to supervise fundamental rights.
Fines
The AI Act imposes significant fines:
- Up to €35 million or 7% of annual global turnover for breaches of prohibited AI provisions.
- Up to €15 million or 3% of annual global turnover for other breaches.
- SME fines will consider economic viability, applying the lower of the percentages or amounts mentioned.
SME Support
Special provisions help SMEs boost innovation:
- Priority access to AI regulatory sandboxes free of charge.
- Tailored training on the AI Act.
- Information and templates for documentation.
- Simplified technical documentation for high-risk AI system providers.
Timeline
Key dates for compliance:
- November 1, 2024: Identify and notify the Commission of the national public authority for fundamental rights.
- February 1, 2025: Scope, definitions, and prohibited AI systems provisions apply.
- August 1, 2025: GPAI, penalties, and EU governance provisions apply.
- August 1, 2027: Safety components and specific high-risk products (Annex I) provisions apply.
Future Developments
The AI Act is part of the EU’s broader legal approach, including the proposed AI Liability Directive and the Product Liability Directive, addressing procedural rules for civil claims and compensation for defective AI systems.
What to Do Now
Organizations should proactively:
- Identify AI used in the business and the applicable risk category.
- Implement an AI governance framework with policies, staff training, and vendor due diligence.
- Communicate compliance measures to stakeholders.
Developing an AI compliance program is time-consuming, and businesses must start early to meet the deadlines. Detailed guidance will take months to emerge, so a risk-based approach and benchmarking against industry practices are essential in the meantime.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
A practical guide on CySEC Regulatory Sandbox
The Cyprus Securities and Exchange Commission (CySEC) has taken a significant leap forward with the launch of its Regulatory Sandbox. This initiative builds upon CySEC’s ongoing dialogue with market participants and experts since the inception of the Innovation Hub. The Regulatory Sandbox aims to strike a balance between fostering technological innovation, ensuring investor protection, and maintaining market integrity.
Overview & Objectives
CySEC’s Regulatory Sandbox is designed to provide a controlled testing environment where both regulated and unregulated firms can trial their technologically innovative solutions. The primary objectives are to build a transparent channel of cooperation between entities developing tech-based solutions in the financial services sector and to ensure that the regulatory landscape evolves with technological advancements. This initiative is poised to enhance CySEC’s understanding of innovative technologies and facilitate continuous regulatory adaptation to new market developments.
Why Join the CySEC Regulatory Sandbox?
Participation in the Sandbox offers an unparalleled opportunity for firms to test their innovative products and services on a small scale within a controlled environment. Under CySEC’s close monitoring and guidance, participants will receive constructive feedback on how the regulatory framework applies to their innovations. This guidance can prove invaluable in refining products to meet regulatory standards and achieving successful market entry.
Eligibility Criteria
The CySEC Regulatory Sandbox is open to regulated and unregulated entities engaging in financial innovation through technology. To participate, unregulated entities must:
- Obtain prior CySEC authorization for the regulated services they intend to engage in.
- Test innovative solutions solely within their corporate group or use any other exemption provided under the applicable framework.
- Perform demo services.
- Enter into a collaboration agreement with a CySEC-regulated entity.
It is important to note that the Sandbox is not a space for “light touch” regulation. Any unregulated entities providing regulated services must secure CySEC authorization before participating.
Additionally, applicants must ensure their proposed innovative solution:
- Directly or indirectly facilitates activities within CySEC’s supervisory scope.
- Introduces authentic innovation in terms of product, service, or business model.
- Is ready for testing in a production environment.
- Benefits the financial services industry.
The Four Phases of the Sandbox
- Application Phase: Interested firms must complete and submit the application form available on CySEC’s website. CySEC will assess applications based on the eligibility criteria and inform applicants of the results within 6-8 weeks.
- Preparation Phase: Successful applicants will collaborate with CySEC to agree on specific testing parameters, which will be documented in a testing agreement. A dedicated case officer will be assigned to guide the participant through the testing phase, with a communication and reporting plan established.
- Testing Phase: Lasting typically six months, this phase allows participants to conduct small-scale testing of their innovative solutions within a controlled environment. CySEC will monitor progress and compliance through interim reports submitted by participants.
- Evaluation/Exit Phase: After testing, participants must prepare a comprehensive exit report analyzing the test’s milestones and key performance indicators. These reports, which reflect participants’ views on the testing process, will be used by CySEC for internal assessment and feedback.
Conclusion
The CySEC Regulatory Sandbox represents a significant advancement in fostering financial innovation while ensuring regulatory compliance and market integrity. By providing a structured and supportive environment, CySEC is enabling firms to develop and refine innovative financial solutions that can meet the challenges of tomorrow’s financial landscape.
For any professional assisstance, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
CySEC launches its regulatory sandbox
The Cyprus Securities and Exchange Commission (CySEC) has successfully launched its Regulatory Sandbox during an online event held on the 11th of June 2024. This initiative marks a significant milestone in the advancement of financial, regulatory, and supervisory technologies (FinTech, RegTech, and SupTech) in Cyprus.
The Regulatory Sandbox is a crucial step in promoting responsible innovation in the financial services sector. Dr. George Theocharides, Chairman of CySEC, highlighted the importance of this initiative: “With the introduction of the Regulatory Sandbox, we are taking another major step in fostering responsible innovation in the financial services sector. Our goal is to support the development of cutting-edge solutions that meet technological advancements, without compromising market integrity and investor protection.”
Event Highlights
The virtual launch event attracted over 500 stakeholders from the financial sector, including representatives from regulatory bodies, financial institutions, and technologically innovative firms. Attendees were briefed on the Sandbox’s operational framework and the potential benefits for market participants.
The event underscored CySEC’s commitment to striking a balance between technological innovation, investor protection, and market integrity. Building upon CySEC’s ongoing dialogue with market participants and experts since the launch of the Innovation Hub, CySEC has established the Regulatory Sandbox to support this balanced approach.
Objectives of the Regulatory Sandbox
The Regulatory Sandbox aims to:
- Build a transparent channel of cooperation between entities developing technology-based solutions in the financial services falling within CySEC’s supervisory mandate and CySEC.
- Ensure that the regulatory landscape evolves in line with technological developments in the financial services sector.
Designed for both regulated and unregulated firms, the CySEC Regulatory Sandbox allows companies to test their technologically innovative solutions and/or products related to financial activities subject to CySEC’s supervision. This controlled, time-bound testing environment will enhance CySEC’s understanding of innovative technologies and facilitate continuous regulatory adaptation to new market developments.
Participation and Benefits
For firms interested in participating, the Regulatory Sandbox offers a unique opportunity to develop and refine their products while ensuring compliance with regulatory standards. This initiative not only supports innovation but also helps maintain the integrity and safety of the financial market.
Participants in the Sandbox will benefit from:
- Direct engagement with CySEC to ensure their solutions meet regulatory requirements.
- A structured environment to test and validate new technologies and business models.
- Insights and feedback from CySEC to improve their products and services.
For more information on the Regulatory Sandbox and how to participate, please visit the Cyprus Securities and Exchange Commission’s website.
Conclusion
The launch of CySEC’s Regulatory Sandbox is a pivotal development for the financial services sector in Cyprus. By providing a supportive environment for innovation, CySEC is helping to drive technological advancement while safeguarding market integrity and investor protection. This initiative is set to position Cyprus as a leader in financial innovation and regulatory excellence.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.