Strict supervision of CIFs based on European standards

In an era where transparency, accountability, and compliance with current European directives and regulations are at the centre of regulatory and supervisory developments, the Cyprus Securities and Exchange Commission (CySEC) continues its work unimpeded to exercise effective supervision that ensures the orderly and healthy development of the Cypriot capital market, with the ultimate goal of protecting investors.

The investment services sector in Cyprus has undergone significant transformation and growth since the country joined the European Union in 2004. During this time, CySEC has modernised the regulatory framework governing the investment sector, enriching it with a series of new legislative measures to ensure investor protection and the unimpeded development of the market through the provision of new investment services and products.

Inter alia, CySEC fully implements the provisions of the Investment Services Law, the Market Abuse Law, and the Anti-Money Laundering Law, while conducting regular and thorough inspections of supervised entities under the Risk-Based Supervision Framework (RBS-F), introduced around the end of 2015 and continuously updated. The framework focuses on sectors and entities with the highest risk exposure.

Furthermore, CySEC invests in preventive supervision, developing a series of specialised systems that allow it to keep pace with the rapid digitisation of the sector, ensuring a strong protective framework for investors and smooth market operation.

From MiFID I to MiFID II

The investment services sector has undergone significant changes, especially since Cyprus joined the EU in 2004, recording notable growth and contributing to the wider financial services sector and the Cypriot economy. The harmonisation of national legislation with the European acquis played a pivotal role in modernising the regulatory and supervisory framework of the capital market.

In 2007, Cyprus adopted the European directive on investment services MiFID I, which radically changed the investment landscape across Europe. With its adoption, a uniform regulatory framework for Investment Firms (CIFs) was implemented across the EU. This meant the same rules applied for licensing and supervision, while also allowing cross-border investment services within the EU.

As a result, CIFs gained the ability to offer services througout the EU, transitioning the sector from a local to a European and then international scope.

In 2018, Cyprus incorporated MiFID II, introducing stricter rules for licensing and supervision. The IRR and IRD for preventive supervision were also adopted and enforced, along with all AML/CFT regulations.

In 2024, the Digital Operational Resilience Act (DORA) was also implemented, further aligning Cyprus' framework with the rest of the EU in protecting the investing public.

The CIFs

Today, most CIFs are fintech firms, part of the global evolution in financial technology. They form a unique ecosystem offering products like bonds, stocks, and tech-based instruments. This sector has significantly contributed to Cyprus' economic growth and employment over the past 17 years.

To obtain a licence, as in the rest of Europe, a CIF must submit an application to the competent authority — CySEC. This includes extensive information and documentation, which requires time for evaluation. It involves assessing owners, directors and key staff, the business model, constitutional documents, funding sources, and group relationships.

CySEC also conducts on-site inspections at company premises and evaluates their systems before issuing a licence.

Due to globalisation and technology, many CIFs or related firms are licensed in third-country jurisdictions. CySEC collaborates closely with other supervisory authorities via MoUs, especially regarding third-country oversight. When negative findings arise, CySEC takes action, as has already occurred in several cases.

Targeted supervisory strategy

CySEC implements a continuous, targeted supervisory strategy including:

  • Intensive on-site and remote inspections
  • Increased staffing in supervisory departments
  • Specialised supervisory systems
  • Active participation in bodies like ESMA, IOSCO, MONEYVAL, FATF, and cooperation with other national regulators
  • Issuance of circulars, directives, and policies for compliance
  • Educational actions for supervised entities
  • Financial literacy campaigns aimed at educating investors and potential investors

Annually, CySEC conducts hundreds of inspections, especially of CIFs, with findings published on its website. Remote compliance checks are also performed systematically, based on prudential rules and EBA guidelines, covering compensation policies, internal risk, and business models.

Additionally, compliance officers’ and internal audit annual reports are examined regarding AML/CFT issues and practices of Boards of Directors, including in CIFs.

ESMA measures and investor protection

Given the growing international interest in high-risk investment products by retail investors, since 2018, all European regulators — including CySEC — adopted intervention measures imposed by ESMA.

Among other things:

  • CIFs must inform investors of product risks
  • Investment options must match investor profiles
  • Leverage limits are enforced based on underlying assets
  • Offering of incentives to investors is prohibited
  • CIFs' marketing policies are strictly monitored, with specialised CySEC systems in place

Administrative sanctions

Following supervisory checks, CySEC announces all administrative sanctions. In the past three years, fines have totalled approximately €8 million, of which €6.3 million was imposed on CIFs for legal violations. In one case, a €1 million fine was imposed for breaches in another EU jurisdiction.

Beyond fines and settlements, CySEC takes corrective actions as per legislation. In 2024, corrective measures were requested in 321 cases, and over 70 entities were given specific timelines for compliance with AML/CFT laws.

CySEC summoned six companies for hearings and revoked or suspended the licences of seven CIFs.

Where necessary, cases are referred to the Attorney General, particularly if criminal offenses may be involved. In 2024, nine cases were referred.

A pillar of financial integrity

CySEC’s commitment to continuous, strict supervision — ensuring full compliance with EU and other standards, and enhancing transparency — remains a cornerstone of its strategy to safeguard Cyprus’ financial sector and maintain its credibility as an international financial hub.

  • By Dr George Theocharides, Chairman of the Cyprus Securities and Exchange Commission (CySEC)

Read More

Strict supervision of CIFs based on European standards
Technical debt in the digital transformation era: Management and prevention as key allies of progress
The CEO playbook for a new era
Understanding DDoS Assessment and its importance
AI, Chip Design, and Strategic Autonomy: Legal and policy developments in the European Union and Cyprus
Pillar Two: A new era in Global Tax Compliance
Why London’s real estate market remains one of the most liquid in the world
Family Businesses in the New Era: Challenges and Opportunities
Digital euro: safeguarding the existing order of our financial system
Digital money – Cyprus’ strategic opportunity to lead