On 11 November 2022, the Cyprus Securities and Exchange Commission (CySEC) issued Directive DI87-05 regarding the procedure for the suspension and withdrawal of authorisation.

The Directive applies to CIFs and third country firms with a branch in the Republic and regulates the procedure followed in cases of withdrawal or suspension of authorisation.

In summary, the Directive regulates the procedure followed in cases of withdrawal or suspension of authorisation as well as related matters. More specifically on the:

1. Notification regarding Renunciation of operating licence
2. Return of funds to clients
3. Supervision by the Commission
4. Suspension of authorisation
5. Immediate suspension of authorisation
6. Extension of time period for record-keeping

The Directive enters into force from its publication in the Official Gazette of the Republic.

On 29 November 2022, the Cyprus Securities and Exchange Commission (CySEC) issued Circular C534 regarding the provision of investment and ancillary services and/or performance of investment activities in third countries.

The present Circular is replacing Circular C256 after the decision made by CySEC's Board meeting held on 24 October 2022.

In summary, the Circular requires the following actions:

• In cases where Cyprus Investment Firms (CIFs) wish to provide and/or perform investment and ancillary services and/or activities in third countries, they must notify CySEC via letter, prior to providing/performing the said services/activities in third countries, including:

• their intention to do so;
• a list of the third countries;
• a certified copy of the authorisation for the provision of these services by the Competent Authority of the third country.

• Exception: In the case that the third country does not require such authorisation, the CIF must provide CySEC with a relevant certificate form the Competent Authority of the third country, stating that the legislation does not require such authorisation for the services/activities to be carried out.

• All CIFs (existing and newly established) must declare on their websites the names of all the third countries in which they provide/perform services/activities.
• CIFs must also file this information in the Portal and notify CySEC in writing of any subsequent changes to the third countries in which they operate.
• CIFs that are already providing services in the third countries should ensure that they comply with the Legislative Framework applicable in the relevant third country.

CIFs are exclusively responsible for acquiring such authorisation by the Competent Authorities of the third countries.

On 29 November 2022, the Cyprus Securities and Exchange Commission (CySEC) published Circular C535 to remind the Regulated Entities that the Guidelines issued on 14 June 2022 by the European Banking Authority (EBA) - Guidelines EBA/GL/2022/05 apply as of 1 December 2022.

In summary, the EBA Guidelines will assist to create a common understanding regarding the following:

• Guideline 4.1 - The role and responsibilities of the management body in the AML/CFT framework and of the senior manager responsible for AML/CFT
• Guideline 4.2 - The role and responsibilities of the AML/CFT compliance officer
• Guideline 4.3 - The organisation of the AML/CFT compliance function at group level

The Guidelines complement and interplay with, but do not replace, very relevant guidelines issued by the European Supervisory Authorities on wider governance arrangements and suitability checks.

To conclude, CySEC calls upon the Regulated Entities to comply with the Guidelines and be able to establish sound policies, controls and procedures.

On 29 November 2022, the Cyprus Securities and Exchange Commission (CySEC) issued Circular C536 regarding the requirements of the Portuguese Securities and Exchange Commission (the CMVM) for the promotion, distribution and marketing of PRIIPS and the appointment of tied agents in the territory of Portugal.

This Circular is a reminder for the below two Circulars:

• C430 (issued by CySEC on 10 March 2021) - CMVM's current regulatory framework with regards to promoting, distributing, marketing and/or making packaged retail investment and insurance products (the "PRIIPS") available in Portugal and/or to investors in Portugal (requirements in relation to the prior submission of KIDS to CMVM and regarding marketing communications);
• C433 (issued by CySEC on 16 March 2021) - Requirements of the CMVM regarding the appointment of tied agents in the territory of Portugal.

On 30 November 2022, the Cyprus Securities and Exchange Commission (CySEC) issued Circular C537 to introduce a reporting template (Excel Form) regarding the collection of data from investment firms with cross border activity (freedom to provide investment services and activities) to their retail clients (and clients treated as professional on request according to Section II of Annex II of MiFID II), analysed per each Member State.

On 14 November 2022, the European Banking Authority (EBA) published its final Regulatory Technical Standards (RTS) on specific liquidity measurement for investment firms under the Investment Firms Directive (IFD).

These RTS are going to make certain that all competent authorities follow the same harmonised approach when adopting the decision to impose further liquidity requirements to an investment firm.

Competent authorities are allowed by the IFD to increase an investment firm's liquidity requirements if, following the assessment of liquidity risk according to the supervisory review and evaluation process (SREP), they conclude that the investment firm is exposed to material liquidity risks, which are not sufficiently covered by the minimum liquidity requirements set out in the Investment Firms Regulation (IFR).

The aforementioned RTS address in detail the main elements that may affect the liquidity risk of an investment firm, in order to have a harmonised application of the specific liquidity requirements. More specifically, competent authorities will have to access:

• All elements specific to each service provided by the investment firm under MiFID
• Other elements that could have a material impact, such as external factors, group structure, operational or reputational risks.

Competent authorities will be expected to assess only a limited set of these elements in small and non-interconnected investment firms. This aims at preserving the proportional approach envisaged by the IFR and IFD.

On 17 November 2022, the European Securities and Markets Authority (ESMA) launched a consultation paper on a review of the technical standards under Article 34 of MiFID II covering the provision of investment services across the EU.

Through this consultation paper ESMA wants to invite comments on all matters and in particular on the specific questions summarized in Annex 1.

The key amendments proposed include the following items to the information that investment firms are required to provide at the passporting stage:

• The marketing means the firm will use in host Member States
• The language(s) for which the investment firm has the necessary arrangements to deal with complaints from clients from each of the host Member States in which it provides services
• In which Member States the firm will actively use its passport as well as the categories of clients targeted, and
• The investment firm's internal organisation in relation to the cross-border activities of the firm.

This paper is mainly of interest to competent authorities and investment firms that are subject to Directive 2014/65/EU of the European Parliament and of the Council (MiFID II). Particularly, it is addressed to investment firms that provide or may provide in the future investment services and activities on a cross-border basis in accordance with Article 34 of MiFID II.

ESMA will consider all comments received by 3 months after publication and will expect to publish a final report and submission of the draft technical standards to the European Commission for endorsement by the end of 2023.

On 21 November 2022, the European Securities and Markets Authority (ESMA) published its Annual Report on waivers and deferrals. In the report, a picture of the European trading landscape in 2021 is provided by ESMA, encompassing the net effect of Brexit and the relocation process from the UK to the European Union (EU).

ESMA, under Article 4(4) and 9(2) is required to monitor the application of pre-trade transparency waivers and to submit an annual report to the European Commission (EC) on how equity and non-equity waivers are applied in practice. Also, ESMA, under Article 7(1) and 11(1) is required to monitor the application of deferred trade-publication and to submit an annual report to the EC on how they are used in practice.

The report includes an analysis based on waivers for both equity and non-equity instruments from which ESMA issued an opinion to the competent authority (CA) in the period between 1 January and 31 December 2021 and covers an overview of the deferral regime applied by CAs.

The analysis of non-equity instruments is limited to the trading activity under waivers and deferrals. ESMA, taking note of these data quality issues, added a recommendation in the report to amend MiFIR to allow ESMA to request data on the use of waivers and deferrals via the Financial Instruments Transparency System (FITRS) also for non-equity instruments.

ESMA also added other recommendations such as streamlining the current deferral regime via a targeted set of amendments, deleting the SSTI waiver and deferral for non-equity instruments, and increasing the pre- and post-trade transparency LIS threshold for Exchange-Traded Funds.

On 22 November 2022, the European Banking Authority (EBA) published guidelines relating to the use of Remote Customer Onboarding Solutions under Article 13 (1) of Directive (EU) 2015/849.

EBA emphasizes on:

• Credit and financial institutions should apply a pre-implementation assessment of the remote customer onboarding solution.
• Credit and financial institutions should put in place and maintain policies and procedures to comply with their obligations under Article 13(1) (a) and (c) of Directive (EU) 2015/849, i.e. (a) identifying the customer and verifying the customer's identity on the basis of documents, data or information obtained from a reliable and independent source; in situations where the customer is onboarded remotely. These policies and procedures should be risk-sensitive.
• The AMLCO should, as part of their general duty to prepare policies and procedures to comply with the CDD requirements, make sure that remote customer onboarding policies and procedures are implemented effectively, reviewed regularly and amended where necessary.
• The management body of the credit and financial institution should approve remote customer onboarding policies and procedures and oversee their correct implementation.

On 18 November 2022, European Securities and Markets Authority (ESMA) published its annual report on administrative and criminal sanctions, and other administrative measures imposed under the Market Abuse Regulation in 2021.

In 2021, National Competent Authorities (NCAs) reported in total 366 administrative sanctions and measures and 29 criminal sanctions for infringements of Regulation (EU) No 596/2014 on Market Abuse (MAR). The value of the financial penalties imposed for the administrative sanctions reached EUR 54,273,686.97, while the financial penalties in relation to criminal infringements of MAR amounted to EUR 5,340,879.

Although the number of administrative sanctions and measures under MAR significantly decreased compared to 2020, the financial penalties significantly increased. Regarding the criminal sanctions under MAR, both the number of sanctions and the aggregated value of the imposed sanctions decreased compared to 2020.

On 25 November 2022, European Securities and Markets Authority (ESMA) published its updated Q&As on the Market Abuse Regulation.

This version has been updated with a revised Q&A regarding the prevention and detection of market abuse (person professionally arranging or executing transactions).

More specifically, the revised question concerns whether the obligation to detect and report market abuse under Article 16(2) of MAR applies to investment firms under MiFID only or also to UCITS management companies, AIFMD managers or firms professionally engaged in trading on own account.

On 21 November 2022, the Financial Conduct Authority (FCA) published an article to warn stock app operators to review design features, including those with game-like elements, which risk prompting consumers to take actions against their own interest.

There are apps with features that include frequent notifications with the latest market news and providing consumers with in-app points, badges and celebratory messages for making trades, which according to the FCA are more likely to lead consumers in products beyond their risk appetite.

The FCA also published research which raises concerns that customers using such trading apps are exposed to high-risk investments, and that some appear to exhibit behaviours similar to problem-gambling.

While gamification is positively engaging consumers, the FCA found it being used in ways that may mislead consumers or lead to poor outcomes and problem behaviours.

The FCA's intention is to do further research into trading app use and design features and in particular to understand some wider financial vulnerabilities for the users of these apps.

In order to ensure customers are being treated fairly and ahead of the new Consumer Duty coming into force next year, all firms should be reviewing their products now to ensure they are fit for purpose.

Firms are required by the Consumer Duty to design services so that consumers can make effective, timely and properly informed decisions about financial products and services.