Interview: CySEC's Demetra Kalogerou on Crypto, EU, Future Policy and More

Finance Magnates got the opportunity recently to interview Mrs Demetra Kalogerou, Chairwoman of CySEC CySEC The Cyprus Securities and Exchange Commission (CySEC) is a financial regulatory authority of Cyprus. CySEC is one of the key watchdog authorities for brokerages in Europe, whose financial regulations and operations comply with the European MiFID financial harmonization law.Founded in 2001, CySEC is instrumental in providing licensing and registration for forex brokers and previously binary options providers.CySEC is responsible for a variety of different functions, which includes the supervision The Cyprus Securities and Exchange Commission (CySEC) is a financial regulatory authority of Cyprus. CySEC is one of the key watchdog authorities for brokerages in Europe, whose financial regulations and operations comply with the European MiFID financial harmonization law.Founded in 2001, CySEC is instrumental in providing licensing and registration for forex brokers and previously binary options providers.CySEC is responsible for a variety of different functions, which includes the supervision Read this Term. A respected voice in the global financial services industry, Demetra is approaching a full decade as Chairwoman of CySEC, having been first elected in September 2011. During this time, the CySec Chair has steered Cyprus through an ever-changing financial services environment to become a leader in supervising the online trading industry.

After a challenging twelve months involving pandemics, regulations and Brexit Brexit Brexit stands for British Exit, or in reference to the United Kingdom’s decision to formally leave the European Union (EU) as declared in a June 23, 2016 referendum. In a more immediate sense, a tight vote and unexpected result helped drive British pound (GBP) to lows that had not been seen in decades.The day following the referendum, former Prime Minister David Cameron resigned from office where he was replaced by Theresa May, who later resigned from office on June 7th, 2019. Active Prime Minis Brexit stands for British Exit, or in reference to the United Kingdom’s decision to formally leave the European Union (EU) as declared in a June 23, 2016 referendum. In a more immediate sense, a tight vote and unexpected result helped drive British pound (GBP) to lows that had not been seen in decades.The day following the referendum, former Prime Minister David Cameron resigned from office where he was replaced by Theresa May, who later resigned from office on June 7th, 2019. Active Prime Minis Read this Term, Mrs Kalogerou opens up on the key subjects past, present and future affecting financial services.

• After the suspension of passporting rights, many financial services companies have been looking for a new home in Europe. What has been the impact of Brexit on CySEC?

In order to ensure a smooth post-Brexit transition period for the UK companies that provide investment services exclusively to professional clients and eligible counterparties in Cyprus, we established a temporary licensing regime. The number of companies that applied (94) reflects the keen interest of these companies to continue their activities in Cyprus.

This temporary status enables UK financial services firms that do not have a physical presence in Cyprus to provide investment services to counterparties in Cyprus until 31 December 2021. If these companies would like to continue to provide investment services in Cyprus after that date, they will have to apply for licensing to CySEC. It is worth noting that beyond the companies that are already active in the Cypriot market, a number of companies from England have expressed interest in acquiring a licence to provide investment services in Cyprus. Any companies wishing to continue providing investment services in Cyprus or that are exploring their post-Brexit options, can find more comprehensive information on Cyprus’ supervisory environment through the information hub we have set up especially for Brexit on CySEC’s website.

• European regulators, including the ones in Spain and Germany, have publicly criticized the practices of Cypriot brokers as some avoid local regulations. What is your response to the criticisms, are they justified, and what are the steps CySEC is taking to prevent further local regulatory breaches?

The EU financial regulation applies uniformly to all EU Member States, including Cyprus, save for certain minor Member State discretions provided for in the respective EU legislation. As a result, investment firms domiciled in any of the EU Member States must abide by the same rules and in return, benefit from the right to freely provide their services throughout the EU. Additionally, ESMA’s Intervention Measures on the retail CFD sector have resulted in the fundamental reform in the standards of conduct of business by CIFs, aiming for a stronger, safer, more responsible market both in Cyprus and across Europe.

There is no doubt that CySEC’s role in supervising the online trading industry has been an important factor in the challenges Europe faces in ensuring highly speculative, risky financial instruments are well monitored according to the European rules and regulations.

In addition, a number of companies offer their products in other jurisdictions through cross boarding or by the establishment of branches or tied agents. In these cases, they have to comply with the local laws and regulations of the jurisdiction in which they operate, and in many cases, they differ from the European Directives.

Since 2015, CySEC has been enforcing a strict supervisory action plan to fundamentally reform the industry and ensure full compliance with the highest standards. CySEC applies a risk-based supervisory approach, which governs how we determine the entities and market segments that pose the greatest risks to investors, and which will be subject to the closest scrutiny.

Our risk-based supervisory approach follows the same blueprint for supervision of other European supervisors, and we have been in constant and close collaboration with ESMA and IOSCO.

According to annual Supervisory Action Plans, each year both on-site inspections and desk-top reviews are undertaken on supervised entities, together with full audit inspections on a thematic or targeted basis.

CySEC cooperates closely with the rest of the European national competent authorities on the basis of the:

• ESMA Multilateral Memorandum of Understanding on Cooperation Arrangements and Exchange of Information.
• IOSCO Multilateral Memorandum of Understanding concerning Consultation and Cooperation and the exchange of information.
• Bilateral Memorandum of Understanding between CySEC and European National Competent Authorities.

• CySec has been one of the most forward-thinking regulatory bodies in the fx space over the last few years, yet still has not embraced the burgeoning crypto sector. Whilst countries such as Malta have benefited from the crypto boom, Cyprus has not. Why is that, and is this something that will change soon? Could and should Cyprus be a crypto hub too?

CySEC shares ESMA’s position on the inherent risks the Crypto Assets pose for investor protection. Some crypto assets, including so-called virtual currencies such as Bitcoin, are highly risky and speculative and investors must be alert to the high risks of buying and/or holding these instruments, including the possibility of losing all their money. Crypto assets come in many forms but the majority of them remain unregulated in the EU including Cyprus. This means that Investors buying and/or holding these instruments do not benefit from the guarantees and safeguards associated with regulated financial services.

Specifically, the crypto assets market is highly volatile and highly unpredictable. Certain crypto assets experience high levels of intraday volatility and in some cases high levels of intra-hour or even intra-minute volatility, leading to price gaps. Such price gaps render crypto assets as high-risk collateral and can result in unintentional margin close-outs for investors' trading margin.

Secondly, and in contrast to cash transactions - which are also high-risk transactions -, which require the physical presence of the respective person, crypto-asset transactions are performed remotely. This lowers the barrier for this type of transaction to be carried out, thereby increasing the frequency of a high-risk transaction. This poses a significant operational risk to the system.

Lastly, where crypto assets are being used as a form of payment, there is an increased risk of money laundering and terrorist financing.

However, CySEC constantly re-evaluates this rapidly evolving sector. The incorporation of crypto-asset businesses under the scope of the EU AML legislation by means of the 5th EU AML Directive and the introduction of the Virtual Assets Service Providers under the scope of the amended 5th AML Law in Cyprus is a very important first step. The Virtual Assets Service Providers that offer services from or in Cyprus must be registered in a registry to be kept by CySEC and will be supervised only in terms of AML issues. Soon we will issue directions of the requirements for the registration of such providers and the approval procedures of the directors and their shareholders.

It Is also important to remind the readers that in September 2020, the European Commission presented a legislative proposal for a regulation on markets in crypto assets (MiCA). The proposal remains subject to the outcome of the co-legislative process, and so investors do not currently benefit from any of the safeguards foreseen in that proposal because it is not yet EU law. The proposal is comprehensive and should certainly achieve the objective of mitigating risks and better protecting consumers. It is likely that MiCA’s official enforcement by 2024 will spell an end to all EU member states’ national crypto policies, in favor of a single, focused regulatory framework that should allow EU crypto-asset service providers to operate with greater ease across all EU markets, albeit under stricter rules.

• The amount of fraud and clones of genuine companies appears to be on the rise. Whilst CySEC has been commendably actively red-flagging such domains, other European counterparts are taking further actions such as blocking domains. Do you think CySEC needs more authoritative power to tackle the growing fraud?

The most important thing investors must do when considering an investment is to do some research into the company offering the product or service and consider whether seeking independent professional advice from another regulated entity might be appropriate. CySEC has a full list of all the companies it regulates on its website, which is easy to check. If a company is not listed by CySEC or another EU competent authority and is fraudulently claiming to be a licensed firm, investors will not have the same protections they would with a regulated entity.

CySEC regularly updates its ‘Warnings’ page on the back of the most recent information we have on prevalent scams and nefarious operators. Investors are encouraged to keep an eye on this page, so they are aware of what types of fraud and scams are being tried. We have also observed cases where people are fraudulently presenting themselves as CySEC Officers or representatives in an effort to defraud investors. For this reason, CySEC has issued several announcements, informing the public that it never sends unsolicited correspondence to investors or members of the public, nor does it ever request any personal data, financial or otherwise. CySEC currently has the necessary enforcement powers as a national regulator, though the need for additional enforcement powers is always something that CySEC assesses regularly.

• Having recently revealed yourselves a number of compliance lapses on the part of regulated entities, some are as serious as AML/CFT framework breaches do you think more could be done in the way of punishment?

CySEC’s Board takes into consideration the seriousness and the severity of the violations according to the AML Law provisions. Specifically, CySEC when determining the type and level of administrative sanctions or measures takes into account the specific circumstances provided in the AML/CFT Law, such as the gravity and duration of the breach; previous breaches committed; the degree of responsibility of the natural or legal person held responsible; measures taken in order to remedy the situation. In cases of infringement of the law, CySEC may

• Impose administrative fines. These are published on the website of CySEC https://www.cysec.gov.cy/en-GB/home/.
• Revoke, Recall or renounce a CIF’s licence. These actions are published on the website of CySEC.
• Request the CIF to take a series of measures for the purpose of correcting its internal procedures, arrangements and practices, in order to fully comply with its legal obligations. In this case, CIFs have to take appropriate action within the deadline set by CySEC, and at the end of which CySEC will reassess their compliance. Our supervisory approach, encompassing a thorough regime of on-site visits, thematic reviews, desk-based research and digital monitoring, has significantly improved the behaviour of investment firms regulated in Cyprus. Marketing communications, governance, organisational requirements and risk processes, client onboarding and appropriateness requirements, and AML procedures have been the priority areas of CySEC’s scrutiny.

As a result over the last 8 years, CySEC has imposed, in general, €30.74 million of fines, suspended more than 25 investment companies, closed more than 12 companies and banned 8 individuals from operating in the sector for up to 10 years, depending on each individual case and the severity of their respective infringement. A large part of the supervisory action undertaken since 2015 was against the binary options trading industry, and specifically on high priority CIFs which provided investment services in binary options. As a result of our action, binary options in their historical form are now banned in Cyprus and across the EU. Those CIFs have now ceased operating, or they have changed their business orientation.

• Last year, CySEC added a new regulatory category ‘Mini-Managers’, and a new investment product, Crowdfunding. What has been the reaction to these and have the goals been achieved. Is there scope to introduce other new regulatory categories?

Finding new ways of investment will be crucial as we will pursue a balanced economic recovery post-Covid. The crowdfunding regime, which has been introduced last year by CySEC, facilitates capital raising of up to €5 million for which there isn’t a requirement to publish a prospectus in accordance with the Prospectus Regulation. This opens a meaningful alternative to traditional bank finance for SMEs and start-ups and allows public investors to have an active stake in the business's future. The first application is under examination. Also, the Regulation (EU2020 / 1503) on European Crowdfunding Services Providers is expected to enter into force this coming November. The Regulation lays down uniform requirements for the provision of crowdfunding services in the European territory and determines the mode of operation, organization, licensing and supervision of the providers of such services. On 3 July 2020, we introduced a new national regulatory category of the so-called ‘Mini-Managers’ that can manage alternative funds under the threshold of 100million having less burdensome rules compared to the big managers, though not at the expense of the protection of the investors. The first application of the mini manager is preliminarily approved by the board. In addition, CySEC is making additional refinements to the legal framework concerning the fund administrators. Within the new regulatory framework, fund managers will have the right to delegate the administration of Alternative Investment Funds to third party Fund Administrators, who will be regulated and supervised by CySEC. We hope that very soon we will have this paper out for general consultation. CySEC is currently reviewing the permissible investment strategies for fund managers and the applicable rules, focusing on the area of Loan Origination and Loan Participation.

• What impact do you expect to see on investment firms when the new prudential supervision framework comes into force this month?

The new prudential framework for investment firms takes into account the particular business practices of different types of investment firms and especially their size and interconnectedness with other financial and economic factors. The new prudential requirements are calibrated in a manner proportionate to the type of investment firm, the best interests of the clients of that type of investment firm and the promotion of the smooth and orderly functioning of the markets in which that type of investment firm operates. They also mitigate identified areas of risk and help ensure that, if an investment firm fails, it can be wound down in an orderly manner with minimal disruption to the stability of financial markets. CySEC has issued a relevant circular on April (C442) to inform the CIFs regarding the new prudential supervision framework and launches a Data Collection Exercise addressed to all CIFs, in order to determine the Class that each CIF will be categorized at, as from 26th June 2021, when the IFR/IFD comes into force.

• Lastly, after a difficult 2020, what are the areas of focus for CySec in 2021 and beyond?

CySEC’s main goal in 2021, is to develop procedures and a methodology to conduct data-driven supervision, which will allow it to identify any irregularities and risks in the market at an early stage. Another important change is the introduction of the Virtual Assets Service Providers under the amended 5th AML Law in February. The Virtual Assets Service Providers that offer services from or in Cyprus must be registered in a registry to be kept by CySEC and will be supervised only in terms of AML issues. Soon we will issue directions of the requirements for the registration of such providers and the approval procedures of the directors and their shareholders. Also, CySEC is responsible for the creation and maintenance of the Trusts’ Register in which information as to the UBOs of express trusts and other legal arrangements similar to trusts must be included. This month, we will publish the relevant directive for consultation, which will include among others registration procedures, access and fees to the Register.

In addition, CySEC will actively support firms and entrepreneurs who are developing greener fintech solutions that seek to automate and enhance the analytical capabilities of firms to handle ESG information under our innovation hub and regtech solutions that help the firms to be compliant with CySEC regulations. Currently, we are looking into the possibility to transform the Innovation Hub we established in September 2018 into a Regulatory Sandbox. In this case, innovative products or services will be provided as part of a controlled environment, on a trial basis and on a limited scale.

Also, a new policy that is going to be put forward by CySEC, is the regulation of the services provided by promoters. The submission and promotion of applications to CySEC for the granting of a license to a regulated entity will be classified as an administrative service that will fall under the ASP Law. In order for entities to act as promoters of applications towards CySEC, they will need to have an ASP license and comply with the ASP Law provisions. CySEC will eventually launch a Register for such entities and ensure that when they provide services in relation to the promotion of applications, they comply with anti-money laundering rules and carry out due diligence checks when promoting the application of their clients. CySEC also plans to publish a Code of Conduct for the provision of this service.

By the end of 2021, we will introduce new examinations and requirements for the employees that conduct clients of CIFs, enhancing our goal that only professionals with knowledge of the relevant regulatory framework will be certified for employment in the financial services sector. CySEC’s regulatory agenda is based on maintaining high standards of investor protection and investor confidence, which will lead to the healthy development of the market with new products and services using financial technology and innovation, and we look forward to the future with great confidence.

Thanks to Mrs Demetra Kalogerou, Chairwoman of CySEC for granting this interview, and we look forward to what is ahead for Cyprus.