George Theocharides: Accountability and transparency constitute core pillars of CySEC’s operation

"Developments at European and international level, rapid technological progress, as well as geopolitical and macroeconomic uncertainties, are shaping an environment of increased demands but also significant opportunities. Consequently, the supervision of markets and investment services is becoming increasingly complex for supervisors across Europe," the Chairman of the Cyprus Securities and Exchange Commission (CySEC) Dr George Theocharides has said.

He was speaking to the media during a presentation of CySEC's work in 2025 and aims for the new year.

Among other things, Theocharides reported that administrative fines totaling €2.3 million were imposed by CySEC in 2025 as a result of its supervisory inspections.

More specifically, he noted that CySEC had conducted approximately 600 on-site and off-site inspections of Cyprus Investment Firms (CIFs), as well as extensive reviews of asset managers and collective investment entities, issuers, and market infrastructures.

According to Theocharides, supervision focused on professional conduct, sustainability risks, data quality, capital adequacy, and compliance with the MiFID II, DORA, and MiCA, as well as emerging challenges such as the promotion of investment products through "finfluencers".

In addition, the CySEC Chairman pointed out that special attention had been given to preventing money laundering, with 43 thematic inspections and enhanced monitoring of compliance with EU restrictive measures, especially those related to Russia.

 

Theocharides' full speech, translated from the original Greek, can be read below:

Ladies and gentlemen, representatives of the Mass Media,

Good morning,

I would like to welcome you and thank you for your presence at today’s established annual meeting with you, which is held within the framework of our policy on accountability and transparency.

Developments at European and international level, rapid technological progress, as well as geopolitical and macroeconomic uncertainties, are shaping an environment of increased demands but also significant opportunities. Consequently, the supervision of markets and investment services is becoming increasingly complex for supervisors across Europe.

The Cyprus Securities and Exchange Commission (CySEC) remains committed to its mission of protecting investors and further developing a sound market through preventive supervision.

In 2026, the revisions to the framework for investment services known as MiFID II/MiFIR (Markets in Financial Instruments Directive II / Regulation), for alternative investment fund managers (AIFMD II) and UCITS (Undertakings for Collective Investment in Transferable Securities), combined with the implementation of the Digital Operational Resilience Act (DORA), the Markets in Crypto-Assets Regulation (MiCA), as well as the Distributed Ledger Technology Pilot Regime (DLT Pilot Regime) in 2025, enhance investor protection, market transparency, and the sector’s digital resilience.

Preparation for the EU Presidency 

The assumption of the Presidency of the Council of the European Union by the Republic of Cyprus in the first half of 2026 constitutes a particularly important milestone, both for our country and for CySEC. As early as the beginning of 2025, CySEC entered an intensive period of preparation, coordination and substantive engagement, in order to successfully meet the role assigned to it.

In close cooperation with the Ministry of Finance, more than fifteen CySEC officials have been designated to actively contribute to the work of the Presidency, undertaking duties as experts on significant and interrelated legislative files. At the same time, CySEC, as one of the supervisory authorities of the presiding country, is called upon to meet important protocol and organisational obligations at European level.

Within this context, CySEC undertook the organisation of high-level meetings of the European Securities and Markets Authority (ESMA), namely the ESMA Management Board and the ESMA Board of Supervisors. Significant time was devoted during 2025 to timely planning and intensive preparation for the successful hosting of these meetings, particularly in view of the increased demand for venues and support services during the Presidency period. Through systematic coordination and timely arrangements in 2025, CySEC is today fully prepared to successfully host the meetings scheduled to take place in April 2026.

As regards legislative matters, CySEC officials are actively involved in managing important legislative initiatives shaping the future of European capital markets. These include the Market Infrastructure Package, which αφορά a set of legislative proposals aimed at modernising and strengthening capital market infrastructures in the European Union, as well as the Retail Investment Strategy, which aims to enhance transparency, investor protection and the quality of information on investment products. Also significant are the Savings and Investments Union and the legislative proposal under revision concerning the Sustainable Finance Disclosure Regulation (SFDR), which forms part of the broader European vision for strengthening capital markets. The common denominator of all these initiatives is the simplification of the regulatory framework, the strengthening of trust in the markets, and ultimately the substantive protection of investors.

CySEC approaches the Cyprus Presidency as yet another opportunity for meaningful contribution to the European dialogue on shaping a modern, reliable and resilient framework for the European Union’s capital markets.

Supervision and sanctions

In 2025, the supervisory departments of CySEC continued intensive supervisory inspections, always with the effective protection of the investing public as their guiding principle.

In 2026, CySEC will continue to closely monitor the activities of supervised entities, particularly those of high and medium-high risk, carry out on-site inspections, and implement further thematic and remote inspections to ensure the continuous compliance of all supervised entities with their regulatory obligations.

Supervision will focus, inter alia, on:

• the ongoing obligations of supervised entities,

• organisational requirements, including risk management and depositary requirements for collective investment undertakings,

• conduct of business rules (such as information addressed to prospective clients, advertising communications, client onboarding and conflicts of interest),

• sustainability risks and related disclosure obligations,

• capital adequacy, early warning indicators of financial distress, governance frameworks with emphasis on effective risk identification, management and monitoring procedures, and group-level supervision,

• and improving the completeness, accuracy and quality of data reported under MiFIR, EMIR, CSDR and SFTR.

Furthermore, CySEC will monitor compliance with the requirements of the DORA and MiCA Regulations.

Emphasis will also be placed on assessing the adequacy and suitability of the relevant policies, controls and procedures applied by supervised entities in the effective management and mitigation of risks related to money laundering and terrorist financing. Inspections will also continue for supervised entities that have or had business relationships with persons subject to restrictive measures of the Council of the European Union against Russia and/or are affected by prohibitions arising from such restrictive measures, as well as thematic inspections of systems used to identify sanctioned persons.

In addition, work will be carried out to prepare a specialised Directive to supervised entities on the implementation of sanctions, in accordance with the new legislative framework on Restrictive Measures/Sanctions in force in Cyprus since July 2025, following the establishment of the National Sanctions Implementation Unit (NSIU), as well as the provision of guidance through circulars, notices and practical guides.

The implementation of an Action Plan based on the findings and recommendations of the MONEYVAL evaluation report on Cyprus will also continue.

Supervision Department

During 2025, within the framework of the ongoing (day-to-day) supervision of Cyprus Investment Firms (CIFs) classified as medium and high risk, the Department implemented a systematic and comprehensive framework for monitoring their activities. Supervision included the review of data and disclosures submitted through CySEC’s Portal, monitoring investor complaints and information received from other competent authorities, oversight of online and cross-border presence, assessment of onboarding procedures and conduct towards clients, as well as the identification of emerging risks through risk-analysis tools. Similar checks were also carried out on a sample of medium-low and low-risk CIFs.

In particular, during 2025 the Supervision Department conducted approximately 600 on-site and remote thematic inspections of CIFs focusing on organisational requirements and conduct of business issues, as defined under MiFID II.

At the same time, the Department continued monitoring the promotion of advertising material by CIFs, focusing on medium- and high-risk entities, through a specialised system that enables the collection and analysis of relevant information.

Furthermore, the Department carried out a thematic inspection concerning information addressed to clients or prospective clients through individuals of influence (“finfluencers”) who are active and use social media platforms and digital channels in relation to the products offered by CIFs.

Additionally, on a systematic basis, remote inspections were conducted, both on an individual and consolidated basis, of the prudential supervision data submitted by CIFs, as well as checks for compliance with the limits arising from the prudential supervision framework. For this purpose, the Supervision Department developed advanced data-analysis tools.

Reviews were also carried out of disclosures arising from the prudential framework. Furthermore, inspections were conducted on remuneration policies that CIFs are required to apply to all staff members, as well as to staff whose professional activities have a material impact on their risk profile, and on the governance framework of CIFs, including their organisational structure and corresponding lines of responsibility, as well as procedures for identifying, managing, monitoring and reporting all risks they undertake or may undertake.

With regard to Collective Investment Undertakings, in 2025 the Supervision Department carried out, inter alia, inspections of a number of Managers of Collective Investment Undertakings (MCIs) and Collective Investment Undertakings (CIUs) concerning capital raising within a defined timeframe and compliance with assets-under-management thresholds. It also conducted inspections of five MCIs for compliance with requirements relating to compliance and internal audit functions, and completed inspections regarding compliance with sustainability risk and disclosure requirements. Furthermore, it carried out compliance checks on a number of MCIs with the ESMA Guidelines on fund names using sustainability-related terms. Finally, recognising the essential role of the Depositary of Collective Investment Undertakings in enhancing integrity, transparency, trust and stability in the collective investment market, December 2025 marked the laying of the foundation for a series of related supervisory actions to be implemented during 2026.

Regarding the assessment of potential systemic risk arising from the Alternative Investment Funds (AIFs) sector, the Supervision Department assesses on an annual basis whether investments in the real estate sector are material and whether measures are required to enhance the resilience of investment funds and mitigate vulnerabilities in the commercial real estate sector as a source of risk to financial stability. Furthermore, on an annual basis, the Department assesses whether the use of leverage by AIFs may give rise to systemic risk to the financial system, risks to the orderly functioning of markets, or risks to the long-term growth of the economy of Cyprus and the European Union.

The Supervision Department also conducted a remote inspection of the Central Securities Depository (CSD), assessing the adequacy of the arrangements, strategies, procedures and mechanisms established and applied, as well as the existence of risks to which the CSD is exposed or may be exposed.

In addition, remote inspections were conducted to assess compliance with requirements arising from transaction and derivatives reporting to CySEC.

 

 

Department for the Prevention of Money Laundering

During 2025, the Department for the Prevention of Money Laundering conducted and/or completed 43 on-site and remote thematic inspections of supervised entities, aimed at assessing the adequacy and appropriateness of the policies, controls and procedures they apply for the effective management and mitigation of money laundering and terrorist financing risks. On-site inspections focused primarily on due diligence, risk assessment and management, as well as internal reporting and reporting to MOKAS.

These included on-site and remote inspections of supervised entities with business relationships involving persons subject to EU restrictive measures against Russia, as well as thematic inspections concerning prohibitions arising from restrictive measures. Following the completion of specific inspections and relevant decisions by the CySEC Council, the Department referred cases to the Police and the Attorney General for further investigation of potential violations of EU restrictive measures, and provided relevant information to the National Sanctions Implementation Unit.

Inspections were also conducted on trustees to determine whether their express trusts were registered in the Register of Beneficial Owners of Express Trusts and Similar Legal Arrangements maintained by CySEC through the CyTBOR system. Following these inspections, the Department transmitted relevant information to the Attorney General regarding trustees who appeared to have failed or neglected to submit and/or disclose information to the Register, for further investigation into potential criminal offences.

The Department also reviewed 276 Annual Reports of Compliance Officers and Internal Audit Reports submitted to CySEC on matters relating to the prevention of money laundering and terrorist financing, as well as the relevant minutes of Boards of Directors submitted by CIFs, Investment Firms, Managers of Collective Investment Undertakings and Administrative Service Providers.

Investigations and Market Surveillance Department 

During 2025, the Investigations and Market Surveillance Department carried out 20 on-site entries and investigations and completed 53 investigations involving supervised entities. At the end of 2025, 83 investigations concerning various supervised entities were ongoing.

In addition, following investor complaints against entities allegedly providing investment services illegally, the Department, inter alia, conducted on-site inspections of premises to determine whether the entities had a physical presence in Cyprus, as well as checks of their websites to ascertain whether they appeared to be providing investment services from Cyprus without holding a CIF licence.

Issuers Department 

The Issuers Department examined, inter alia, issuers’ compliance with their obligation to publish the Annual Financial Report for the financial years 2023 and 2024 and the Half-Yearly Financial Report for the first half of 2024 and 2025, and whether such financial information was prepared and published in accordance with the Transparency Requirements Law (Securities Admitted to Trading on a Regulated Market). Within the framework of these checks, CySEC investigated 34 cases concerning potential violations of the Law and decided on the imposition of administrative sanctions.

The Issuers Department also examined four applications for approval of a prospectus for the public offer of securities or for the admission of securities to trading on a regulated market, as well as four Public Offer documents for the acquisition of 100% of the share capital of an equivalent number of issuers with securities listed on the Cyprus Stock Exchange (CSE). In addition, it examined six applications for exemption from the obligation to submit a Public Takeover Offer.

Supervisory measures 

As a result of supervisory inspections, administrative sanctions amounting to approximately €2.3 million were imposed in 2025, of which €1.3 million related to CIFs. Over the past three years, administrative sanctions totalling approximately €7.3 million have been imposed, of which €5.3 million concerned CIFs, for breaches of the applicable legislation. All amounts are deposited into the Consolidated Fund of the Republic of Cyprus.

Beyond fines and settlements, CySEC also imposed other supervisory measures. Specifically, corrective actions were requested in more than 170 cases, while representations were requested in a number of other cases. Furthermore, the operating licence of CIFs was revoked or suspended in four cases.

In addition, for five issuers, CySEC decided to request the CSE Council to suspend the trading of their securities on the CSE regulated markets until compliance with their ongoing obligations or until a specific date set by CySEC.

During 2025, CySEC referred two cases to the Police and five cases to the Attorney General for investigation of potential criminal offences. In two further cases, information was transmitted to MOKAS.

Warnings and other actions for public protection

In 2025, a significant number of warnings were issued to the investing public regarding websites that do not belong to entities licensed by CySEC to provide investment services and/or carry out investment activities.

Furthermore, CySEC, either independently or in cooperation with ESMA and other European supervisory authorities, issued publications and conducted specialised awareness campaigns on social media for the protection of the public.

Taking into account investor complaints during 2025 relating to attempts at electronic fraud, CySEC analysed and managed these incidents. Particular attention was given to cases where entities or individuals maliciously exploited CySEC’s identity in an attempt to mislead investors for financial gain. This phenomenon constitutes a challenge for supervisory authorities internationally, as it continues to increase.

Beyond investor complaints, systematic monitoring of the internet led to the identification of dozens of fake websites, fraudulent electronic communications and accounts impersonating CySEC. In cooperation with other competent authorities, complaints were submitted and targeted actions were implemented to restrict the activity of these malicious entities, contributing to enhanced investor protection and safeguarding institutional credibility.

Sector development

With regard to sector development, during 2025 the examination of applications for the licensing of new supervised entities continued uninterrupted. In total, 47 entities were approved, of which 26 were active in collective investments, 12 in the provision of investment services, 8 in the provision of crypto-asset services, and one in the provision of administrative services. In addition, one application for the granting of a CIF licence was rejected by CySEC. Furthermore, five applications were withdrawn, three of which concerned applications for a CIF licence and two concerned the provision of crypto-asset services.

At the end of 2025, the number of supervised entities amounted to 808, as during the year there were restructurings and changes among supervised entities, while some surrendered their licences either because they could no longer meet their ongoing obligations under the applicable legislation, because they had completed their operational cycle, or because they did not have a significant number of clients.

Nevertheless, it should be noted that despite the challenging economic environment, mainly due to external factors, over the last five years (2020–2025) the number of supervised entities recorded an increase of 2.53%, indicating that Cyprus continues to offer substantial advantages as an investment destination.

During 2026, further progress will be made in automating the submission of requests to CySEC, whether relating to applications for the granting of licences, material changes, or the submission of notifications for the cross-border provision of services. Upon completion of these projects, a number of procedures of the Licensing Department relating to the submission, assessment and archiving of requests submitted to CySEC are expected to be automated.

Based on the most recent available data as at December 2025, as presented in the table provided to you, 61 applications are currently under evaluation for licensing.

According to the same data (December 2025), CySEC supervises 252 Cyprus Investment Firms (CIFs), with total assets amounting to €4.5 billion at the end of the third quarter of 2025, and 128 Administrative Service Providers, whose total assets amounted to €134.79 million at the end of the third quarter of 2025.

With regard to the Collective Investments sector, CySEC supervises a total of 312 Management Companies and Collective Investment Undertakings (CIUs), with total Assets Under Management amounting to €11.4 billion in the third quarter of 2025, approximately 25% of which are invested in the Cypriot economy.

In December, CySEC also supervised 19 Crypto-Asset Service Providers.

As is well known, CySEC also supervises the Cyprus Stock Exchange (CSE), as well as 47 companies with the Republic of Cyprus as their home Member State whose securities are listed on it, and 12 companies with the Republic as their home Member State whose securities are traded on regulated markets of other Member States. It also supervises one Multilateral Trading Facility, as well as the 54 companies listed on it.

CySEC also continued to receive applications and provide information through the Regulatory Sandbox.

Legislation and other matters

During 2025, CySEC focused on the implementation of key European Union legislative initiatives, including the Markets in Crypto-Assets Regulation (MiCAR), the Digital Operational Resilience Act (DORA), and the Distributed Ledger Technology Pilot Regime. At the same time, CySEC officers participated in high-level discussions and exchanges of views within the various standing committees of ESMA in which they take part on these matters.

In parallel, CySEC engaged in the assessment of new and emerging business models and financial instruments, particularly in relation to entities governed by the MiFID framework.

Furthermore, within the framework of the operation of the new European Anti-Money Laundering Authority (AMLA), during 2025 officers of the competent department participated on a continuous basis in four Working Groups and regularly in eight Expert Network Groups. These groups focus on preparing for the forthcoming supervisory activities of AMLA and the implementation of the new European framework for the prevention of money laundering and terrorist financing.

During 2025, CySEC also focused on the completion and implementation of the Law regulating the provision of management services to collective investment undertakings, while at the same time finalising its new approach regarding amendments to the accepted languages for the issuance of a prospectus.

In parallel, it advanced its work on establishing a new framework for fees and charges, defining material changes subject to CySEC approval, and preparing a consultation document within the framework of the revision of its pricing policy.

In addition, CySEC provided expertise and advisory support to the Ministry of Finance, as well as to other government departments of the Republic, in relation to new and forthcoming EU legislation in the financial sector. At the same time, it represented the Republic in working groups of the Council of the European Union and participated actively in ESMA studies and initiatives focusing on the regulatory framework for investment services, as well as on technology and innovation issues.

Furthermore, in July 2025, the new legislative framework on Restrictive Measures and Sanctions entered into force in Cyprus, which, inter alia, established the National Sanctions Implementation Unit (NSIU) and created the Sanctions Advisory Committee with the participation of supervisory authorities (Law 150(I)/2025). CySEC is represented on the Sanctions Advisory Committee by two officers from the AML Department.

 

 

Technological and human resources upgrade 

With regard to technological upgrading, CySEC will continue to strengthen supervision, digital resilience and cybersecurity and will adopt additional innovative electronic security systems, utilising advanced technologies, including artificial intelligence.

Within the framework of various regulations and other legislative requirements, CySEC acquired and utilised specialised tools and support mechanisms aimed at the systematic collection, analysis and assessment of data relating to cybersecurity, IT risk management and the overall digital resilience of supervised entities. In this way, the uniform, consistent and effective implementation of the regulatory framework is strengthened.

At the same time, during 2025 the study for the development of an information system to support and automate the licensing process for companies, as well as a modern platform for managing examinations conducted by CySEC, was completed. Subsequently, CySEC proceeded with the relevant tender, which was completed with the award of the implementation of the systems to a contractor, with an expected implementation horizon of three years. These projects form part of CySEC’s broader digital transformation strategy and aim at automating core processes, enhancing transparency, and overall improving the efficiency of administrative and supervisory functions.

Furthermore, as part of strengthening cybersecurity, CySEC awarded a tender to a specialised company to support the implementation and certification of an Information Security Management System (ISMS), in accordance with the international ISO/IEC 27001 standard. The standard covers, inter alia, systematic risk identification and assessment, implementation of technical and organisational security measures, incident management, access control, and continuous monitoring and improvement of information security levels.

At the same time, the process of reviewing and updating the RBS-F Supervisory Framework continues, including in the area of the prevention of money laundering and terrorist financing, in line with the guidelines of the European Banking Authority. During 2025, Phase I of the project was completed, while significant progress was also made in part of Phase II, which focuses on risk assessment at sector/subsector level as well as at supervised-entity level. In parallel, the Early Warning Tool (EWT) for CIFs was upgraded, contributing to the strengthening of the supervisory framework for identifying potential risks with greater ease and speed. Close monitoring of emerging risks also continues, with particular emphasis on those arising from digitalisation and the use of artificial intelligence in the financial sector.

During 2026, work is also expected to be completed on the framework of the European Programme “ESG Risk Management Framework in the Financial Sector”, funded by the Directorate-General for Structural Reform Support (DG REFORM). The programme, which began in 2023 and has a total duration of three years, includes three interrelated projects covering a wide range of ESG risk management and supervision issues.

Beyond technological upgrading, during 2026 CySEC will further strengthen its human resources, which will be utilised to enhance its supervisory departments and optimise organisational effectiveness. Specifically, the recruitment of 31 new officers and five assistant clerical officers is planned. In parallel, three IT technician positions will be advertised during the year. Particular emphasis is also placed on strengthening the organisational hierarchy, through the implementation of promotions to Senior Officer and Officer A positions, with the aim of ensuring clear lines of responsibility and creating the necessary intermediate management level for the effective guidance of departments and their teams. In parallel, the advertisement of First Officer positions is planned, with the aim of ensuring effective operation and coordination of Directorates.

Investor education 

Significant emphasis was also placed in 2025 on financial education for the public. Through targeted initiatives, campaigns and multifaceted actions, CySEC reached different social groups and age categories, strengthening knowledge, prevention and responsible financial decision-making.

Rapid technological developments have increased public access to high-risk investment options and products, making it imperative to inform and enhance financial decision-making skills. Particular emphasis was placed on the risks of the digital financial environment and artificial intelligence, in line with the priorities of international organisations such as IOSCO, ESMA and the OECD.

CySEC participated in the international campaigns Global Money Week and World Investor Week, reinforcing efforts for financial education and public awareness in alignment with international best practices. At the same time, it actively participated in the European Commission’s Financial Services User Group (FSUG), contributing to policy formulation, legislative advice and the highlighting of key financial services issues.

During 2025, two new cycles of school and academic lectures were conducted, focusing on financial literacy among pupils and students, the opportunities and challenges of the digital environment, and sound money management. CySEC officers visited 44 schools across all districts, educating more than 1,700 students.

CySEC strengthened its presence on social media, television programmes and podcasts, providing reliable information and practical advice to the investing public. Throughout the year, its representatives participated in conferences, seminars, educational workshops and events in Cyprus and abroad.

The Financial Education Portal was enriched with new material, including thematic Guides such as the “Investor Guide: Safe Navigation in the Digital Financial World”, as well as a dedicated section for teachers and parents, strengthening their role in promoting financial literacy.

In 2025, a new knowledge quiz was created to enhance investors’ ability to identify risks and misleading content in the digital environment. In addition, the initiative “Financial Lessons from Past Mistakes” was completed, which included the collection of real-life stories from citizens through an online questionnaire in cooperation with the Department of Accounting and Finance of the University of Cyprus. The results were published in the media, uploaded to the Financial Education Portal and utilised as educational material and for campaigns promoting responsible investment choices.

CySEC actively participates in the actions of KECHAP, which include conferences, educational workshops and training programmes for children and adults, further strengthening efforts for financial education across the entire spectrum of the public.

In conclusion 

Everything presented today reflects both the complexity and the responsibility of CySEC’s role in a constantly evolving European and international environment. CySEC continues to approach supervision with consistency, evidence-based decision-making and adaptability, investing in strengthening its regulatory and supervisory framework, as well as in transparency, technology and financial education.

The assumption of the Presidency of the Council of the European Union in 2026, significant regulatory reforms at European level and the acceleration of digital transformation render the forthcoming period particularly demanding. CySEC remains fully committed to its mission of protecting investors, ensuring the orderly functioning of the market and supporting the sustainable development of the investment sector.

I would like to thank you warmly for your presence here today and for your ongoing cooperation. Accountability and transparency constitute core pillars of CySEC’s operation, and we are committed to continuing with the same responsibility and dedication in the years ahead.