Supervisory priorities for 2024, targets CIFs providing services on a cross border basis
In a recent announcement, the Cyprus Securities and Exchange Commission (CySEC) has outlined its focus areas for 2024, intending to guide and support regulated entities amidst evolving regulatory landscapes. As trusted advisors, we aim to elucidate these priorities for our esteemed clients, including Cyprus Investment Firms (CIFs) and asset managers, providing clear guidance and actionable insights.
CySEC’s objectives for 2024 revolve around preserving market integrity and safeguarding investor interests. Informed by ongoing market evaluations and regulatory updates, these priorities serve as a compass for regulated entities, steering them towards excellence in compliance amid shifting regulatory dynamics.
A. Key Highlights:
Enhanced Supervision: CySEC stresses the significance of vigilant oversight, particularly for firms involved in cross-border activities with intricate financial products such as Contracts for Difference (CFDs). This heightened scrutiny is designed to mitigate risks and uphold market stability.
Promoting Compliance Culture: Nurturing a culture of compliance is imperative. CySEC urges firms to reinforce governance structures and control functions, fostering a sustainable approach to regulatory adherence.
Proactive Risk Management: Prompt identification and mitigation of risks are paramount. Regulated entities are encouraged to proactively address emerging threats, ensuring business resilience and investor protection.
B. Focus Areas for Regulated Entities:
Investment Services: CIFs are required to adhere to professional conduct rules, enhance organizational arrangements, and embrace technological advancements. Additionally, robust governance frameworks and proactive risk management are emphasized.
Asset Management: Asset managers should prioritize compliance with regulatory mandates, including sustainability requirements and effective asset valuation procedures. Thorough data analysis and oversight of derivative contracts are vital for maintaining financial stability.
C. What Firms Need To Do:
- Review policies, procedures and internal controls arrangements put in place to ensure compliance with the regulatory requirements.
- Implement effective and prudent management practices, with active oversight from the management body.
- Evaluate the adequacy of governance structures and the effectiveness of control functions such as compliance, internal audit and risk management.
- Improve monitoring of marketing communications.
- Implement measures to address risks in the field of ICT and prepare for compliance with DORA.
- Consider investing in technology solutions/tools that complement firms’ efforts to ensure business resilience and regulatory compliance.
D. Next Steps: Firms should expect ongoing engagement from supervisory teams on the areas mentioned above as well as specific feedback, including communication with the board of directors. CySEC aims to take in a timely way, actions commensurate to the problems and shortcomings identified, to effectively prevent, mitigate or bring them to an end, considering repetition or continuation over time as aggravating factors.
Andria Papageorgiou Law Frim is a reputable Firm specializing in regulatory compliance and risk management solutions. With a dedication to empowering clients through tailored strategies and innovative tools, we are poised to support our clients’ journey toward compliance excellence.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
ESAs public consultation on DORA
We would like to draw your attention that the European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) launched yesterday, 19th of June 2023, a public consultation on the first batch of policy products under the DORA.
This includes four draft regulatory technical standards (RTS) and one set of draft implementing technical standards (ITS). These technical standards aim to ensure a consistent and harmonized legal framework in the areas of ICT risk management, major ICT-related incident reporting, and ICT third-party risk management.
DORA entered into force on the 16th of January 2023 and will apply from the 17th of January 2025 aiming to enhance the digital operational resilience of entities across the EU sector and to further harmonize key digital operational resilience requirements for all EU financial entities.
This regulatory framework covers key areas such as:
- ICT risk management,
- ICT-related incident management and reporting,
- digital operational resilience testing and
- management of ICT third-party risk.
DORA has mandated the ESAs to jointly develop altogether 13 policy instruments in two batches. The first batch of technical standards, are the following:
- RTS on ICT risk management framework and RTS on simplified ICT risk management framework;
- RTS on criteria for the classification of ICT-related incidents;
- ITS to establish the templates for the register of information;
- RTS to specify the policy on ICT services performed by ICT third-party providers.
The ESAs expect to submit these draft technical standards to the European Commission by 17 January 2024.
Comments to this consultation can be sent to the ESAS by the 11th of September 2023.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
CySEC Circular C576 – Adoption of the European Banking Authority Guidelines
We would like to draw your attention to Circular C576 (the “Circular”) issued by the Cyprus Securities and Exchange Commission (the “CySEC”) on the 2nd of June 2023, for the purposes of informing the Cyprus Investment Firms (the “CIFs”) about its decision to adopt the following European Banking Authority’s (the “EBA”) guidelines, that have been previously published within 2022, by incorporating them into its supervisory practices and regulatory approach:
- (a) Guidelines on the benchmarking exercises on remuneration practices and the gender pay gap under the Directive (EU) 2019/2034 (the “Guidelines on benchmarking”). Our previous notification email is attached herein; and
- (b) Guidelines on data collection exercises regarding high earners under Directive 2013/36/EU and under Directive (EU) 2019/2024 (the “Guidelines on high earners”). Our previous notification email is attached herein.
In brief, kindly note the below:
1. Guidelines on benchmarking:
The relevant guidelines specify how competent authorities shall collect from investment firms the remuneration and the gender pay gap data and how they will then submit them to EBA. It is noted that the said data shall be collected and submitted at the individual level whereas where Article 7 of IFR applies, this data shall be collected and submitted only at the level of consolidation set out therein. Please note that the Guidelines on benchmarking should be read in conjunction with the EBA Guidelines on sound remuneration policies under IFD.
In view of the above and pursuant to Section 28(1) of the Prudential Supervision of Investment Services Law of 2021 (the “Prudential Supervision Law”), CySEC shall collect the information disclosed in accordance with Article 51(1)(c) and (d) of IFR as well as the information provided by CIFs on the gender pay gap and use that information to benchmark remuneration trends and practices. Pursuant to Section 28(4) of the Prudential Supervision Law, CySEC shall provide the collected information to EBA in order to benchmark remuneration trends and practices at the Union level.
Therefore, the following actions should be taken by CIFs in regard to the topics presented below:
Related Topic | Information to be submitted | Deadline |
Remuneration Data | o Information on the remuneration of all staff, as set out in Annex I of Guidelines on benchmarking | 15th of June of each calendar year* |
o Additional information on remuneration for identified staff, as set out in Annex II and Annex III of Guidelines on benchmarking | ||
o Information on derogation as specified in Annex IV of Guidelines on benchmarking | ||
Gender Pay Gap | o Information set out in Annex V of Guidelines on benchmarking regarding the financial year 2023 | 15th of June every three years, starting from 2024 |
*It is clarified that the remuneration data outlined above should be submitted by the 31st of August 2023 the latest, regarding the financial year 2022.
2. Guidelines on high earners:
The objective of the data collected on high earners is to analyse and publish year-to-year developments in the number of individuals in institutions and investment firms earning at least EUR 1 million within the European Union (the “EU”) and the European Economic Area (the “EEA”), and within the different Member States, and to assess the major components of remuneration awarded to high earners in different business areas. The said information can be used together with other remuneration benchmarking data to analyse the application of remuneration policies within the EU and EEA and the trends in remuneration practices so as to improve the relevant legal framework.
In view of the above, CIFs should submit to CySEC data regarding high earners (i.e. staff member(s) earning a remuneration of at least EUR 1 million in the reported financial year) so as for the latter to submit such information to EBA.
Please note that high earners data should be reported, as applicable, at the level of consolidation set out in Article 7 of IFR and should concern all the high earners’ data for all entities and branches within the highest level of prudential consolidation. In the case of standalone investment firms, high earner’s data should be reported on an individual basis. The data submitted should also include data relevant to EU/EEA branches.
In this respect, please note the following:
- Where CIFs do not have high earners to report, it is not necessary to submit this information, unless explicitly requested by the CySEC.
- High earners data should be submitted to CySEC each year for any given financial year by the 15th of June of the next calendar year.
- It is clarified that high earners’ data should be submitted by the 31st of August 2023 the latest, regarding the financial year 2022.
3. Method of submission:
The information outlined in points 1 and 2 above should be submitted through CySEC’s XBRL Portal only, which is expected to be updated by the 30th of June 2023.
CIFs are urged to consider the Guidelines on benchmarking & Guidelines on high earners and where necessary, take actions to ensure compliance with their provisions.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.