September/October 2025 Regulatory Roundup

INVESTMENT SERVICES & CAPITAL MARKETS

MIFID and MIFIR 

European Commission draft delegated regulation on providing market data, what constitutes a liquid market for equity instruments, and PTRR disclosures under MIFIR

On 8 August 2025, the European Commission published a draft delegated regulation amending Delegated Regulation 2017/567 as regards the obligation to provide market data on a reasonable commercial basis, the determination of what constitutes a liquid market for equity instruments, and the definition of and disclosure for post-trade risk reduction (PTRR) services under MIFIR.

The proposed amendments follow and seek to reflect the MIFIR reform aimed at enhancing data transparency, removing obstacles to the emergence of consolidated tapes, optimising the trading obligations and prohibiting receiving payment for order flow and parallel amendments to MIFID II.

The deadline for comments was 5 September 2025, and the European Commission plans to adopt the delegated regulation in Q4.

Central Securities Depositories Regulation (CSDR)

European Parliament adopts position for shortening the settlement cycle to T+1 under CSDR

On 10 September 2025, the European Parliament adopted its position at first reading on the proposed Regulation to amend the Central Securities Depositories Regulation (CSDR), which introduces a shorter settlement cycle for transferable securities transactions within the EU.

The proposed Regulation will reduce the settlement period from two business days after trading takes place (T+2) to one business day (T+1), with the aim of promoting settlement efficiency, improving the liquidity of capital markets and eliminating costs linked to the misalignment of settlement cycles between the EU and other jurisdictions. A provisional agreement on the proposal was reached in June between the Council of the EU and the European Parliament, under which they agreed certain securities financing transactions (SFTs) will be exempt from the T+1 settlement cycle requirement. The exemption will only apply to SFTs that are formally documented as single transactions comprising two linked operations, in order to prevent the potential circumvention of the T+1 rule.

The next step is for the Council of the EU to formally adopt the agreed text. Once adopted, the Regulation will be published in the Official Journal of the European Union and enter into force on the twentieth day following its publication. It will apply from 11 October 2027.

Risk monitoring

ESMA second risk monitoring report of 2025

On 9 September 2025, ESMA, the EU’s financial markets regulator and supervisor, published its second risk monitoring report of 2025, setting out the key risk drivers currently facing EU financial markets.

Geopolitical events continue to have a strong impact on the evolution of financial markets. In the first half of 2025 securities markets experienced pronounced volatility as global uncertainties intensified, notably with escalating trade conflicts. Investor risks have also risen in crypto-asset markets, where exuberance has been fuelled by political developments in the US and the emergence of new, high-risk business models. Overall, ESMA sees high or very high risks in the markets within its remit, and retail and institutional investors should remain alert to potential sharp market corrections, and to the liquidity strains they could entail.

Beyond the general risk drivers, ESMA’s report provides an update on structural developments and the status of key sectors of financial markets, during the first half of 2025.

ESAs issue Autumn 2025 Joint Committee Report on risks and vulnerabilities in the EU financial system

On 19 September 2025, the ESAs issued their Autumn 2025 Joint Committee Report on risks and vulnerabilities in the EU financial system.

The Report highlights how tensions in global trade and the global security architecture have deepened geopolitical uncertainties. The authorities call for increased vigilance and urge financial entities to maintain adequate provisions in today’s tense and unpredictable environment.

The ESAs caution that sudden structural changes in global trade and security have led to a deterioration in the economic outlook in the first half of 2025. Despite the initial moderate impact of the US–EU preliminary trade agreement, risks to financial stability and the risk of further corrections remain.

The European financial system has demonstrated its resilience. Banks continue to generate solid profits, insurers hold strong solvency positions, and pension funds remain well-funded. Market infrastructures and money market funds have also proven robust in the face of volatility.

Growing transatlantic tensions, however, are reshaping the risk landscape. Tariffs and currency shifts are impacting commodities and foreign exchange markets and create new channels through which risks can spread to financial institutions. Strong interlinkages with US financial markets deepen undertakings’ sensitivity to these risks. 

Against this background, the ESAs advise national supervisors, financial institutions and market participants to:

• continue embedding geopolitical risks in their day-to-day business operations and risk assessments, including their dependencies on non-EU markets and service providers,
• prepare for short- and medium-term challenges amid high uncertainties, such as market corrections, by maintaining adequate provisions and stress testing their liquidity positions,
• strengthen vigilance against cyber risks and their potential impact on operational and financial stability, also via third-party service providers,
• monitor contagion risks from crypto assets as the market expands and interlinkages between crypto markets and the traditional financial sectors deepen,
• play an active role in supporting the Savings and Investments Union (SIU) initiative while duly considering the liquidity characteristics and risk profiles of alternative investments and their suitability for retail investors.

[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

OPERATIONAL RESILIENCE

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Digital Operational Resilience Act (DORA)

EBA publishes new Q&A on DORA

On 8 August 2025, the European Banking Authority published single rulebook Q&A relating to DORA. The answers to the questions were given by the joint European Supervisory Authorities. The Q&A cover:

• the identification of ICT service providers (2024_7089)
• guidance on completing the “refPeriod” field of the parameters.csv file for the DORA register of information (2025_7387)
• the obligation to maintain a register of information for FEs exempt under article 16, DORA (2025_7388).

ESMA cloud outsourcing guidelines published in all official EU languages

On 30 September 2025, ESMA published official translations of its final report updating the 2021 guidelines on outsourcing to cloud service providers.

The updated guidelines, initially published in July, narrow the scope to exclude entities covered by DORA, ensuring they remain applicable only to financial entities outside DORA’s remit, specifically, certain types of depositary under AIFMD and the UCITS Directive. The revision aims to prevent regulatory overlap, as DORA now governs ICT third-party risk for most financial entities. The revised guidelines apply from 30 September 2025. National competent authorities must notify ESMA by 30 November 2025 whether they comply or intend to comply with the guidelines, and must inform ESMA of their reasons for non-compliance. Firms are not required to report on whether they comply.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

SUSTAINABLE FINANCE

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]EU Green Bonds

European Commission adopts Delegated Regulation on external review regime under the EU Green Bonds Regulation

On 12 September 2025, the European Commission adopted a Delegated Regulation supplementing the EU Green Bonds Regulation (Regulation (EU) 2023/2631) (EUGB) regarding regulatory technical standards (RTS) on the external review regime.

From 21 June 2026, any entity wishing to provide external review services under the EUGB must be registered with and supervised by ESMA, which is also tasked with developing the relevant RTS/ITS specifying certain provisions for external reviewers. This Delegated Regulation sets out RTS relating to: (i) the conditions for the registration of external reviewers; (ii) the criteria for assessing the sound and prudent management of external reviewers; (iii) the knowledge, experience and training of the external reviewers’ employees; and (iv) the conditions under which external reviewers can outsource their assessment activities.

The Delegated Regulation will enter into force once it is published in the Official Journal of the European Union.

Sustainable Finance Disclosure Regulation (SFDR)

ESAs update SFDR Q&As

On 4 August 2025, the European Supervisory Authorities—the European Banking Authority, European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority—published an updated version of its consolidated Q&A document (JC 2023 18) on SFDR and on Commission Delegated Regulation (EU) 2022/1288 supplementing the SFDR.

The latest update includes four new Q&As addressing:

• the definition of the term “water usage”;
• how to calculate useful internal floor area for owned real estate assets;
• best practice about disclosure of percentages for environmentally and socially sustainable investments; and
• whether financial products should calculate top investments or shares of investments in periodic disclosures in a specific way over the reference period.

ESAs publish fourth annual report Principal Adverse Impacts disclosures under SFDR

On 9 September 2025, the Joint Committee of the three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published their fourth annual Report on the extent of voluntary disclosure of principal adverse impacts (PAIs) under SFDR.

The ESAs have observed a steady improvement in the quality of the PAI voluntary disclosures at both entity and product level.   Similar to previous years, the ESAs surveyed National Competent Authorities and conducted staff-level analysis of publicly available PAI statements from the asset management, insurance and occupational pension sectors and of a sample of financial products’ PAI disclosures. 

The 2025 Report notes an effort from financial market participants to publish more complete information in compliance with SFDR disclosure requirements, with a general improvement in the quality of information provided.

In line with previous years, the findings also confirm that financial market participants within larger multinational groups tend to provide more detailed disclosure, while smaller entities often combine general ESG or marketing information with their SFDR disclosures.

Surveyed National Competent Authorities affirmed that some financial market participants have taken onboard the good practices included in the previous reports and have improved their disclosures.

Additionally, the 2025 Report also includes recommendations for National Competent Authorities to support their supervision of PAI disclosures and for the European Commission to consider ahead of the forthcoming review of the SFDR.[/vc_column_text][/vc_column][/vc_row][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

FUND REGULATION

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]ESMA publishes consolidated overview of rules on cross-border distribution of investment funds

On 21 August 2025, ESMA published an updated document under Regulation (EU) 2019/1156 concerning the cross-border distribution of collective investment undertakings, including UCITS and AIFs. The publication compiles links to the national competent authorities’ (NCAs) websites where up-to-date national rules on marketing requirements are hosted, together with summaries of those national rules across EU and EEA jurisdictions.

This initiative aims to enhance transparency and facilitate cross-border fund distribution by providing fund managers with a centralised reference point on marketing regimes applicable in each Member State. The document outlines, for every jurisdiction, the relevant national legislation, notification procedures, prior approval requirements for marketing communications, language rules, and applicable supervisory fees. It also highlights differences among Member States, such as whether prior approval of marketing materials is required, the conditions for marketing to retail investors, and the approach taken to translations and fee structures.

The update primarily affects fund managers and management companies that market UCITS or AIFs on a cross-border basis, as well as NCAs responsible for maintaining and publishing national marketing rules and fees. Investors and intermediaries also benefit from greater transparency and accessibility of this information.

Firms engaged in cross-border distribution should review the updated national summaries to ensure that their marketing activities comply with host state requirements. Internal procedures and compliance checklists should be adjusted to reflect the most recent national rules, notification processes, and language or approval obligations.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

ESMA

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]ESMA publishes its 2026 Annual Work Programme

On 3 October 2025, ESMA published its 2026 Annual Work Programme. Guided by its multi-annual strategy for 2023–2028 which sets out three strategic priorities and two thematic drivers, ESMA’s 2026 work programme focuses on delivering on core policy and supervisory mandates while contributing to ambitious reforms for more integrated, accessible, and innovative EU capital markets.

Supporting the Saving and Investments Union (SIU)

In 2026, ESMA will continue to build on existing priorities, supporting the forthcoming strategic developments set out by the Commission’s Saving and Investments Union (SIU) Strategy. This includes aligning supervisory practices across Member States, enhancing market data capabilities, and actively contributing to upcoming reforms designed to create a more integrated and globally competitive EU financial system. ESMA also aims at seizing opportunities arising from digitalisation, for example by facilitating the simplification and use of clear language in disclosures.

Other regulatory and supervisory priorities for 2026

Beyond the priorities coming from the SIU strategy, ESMA will continue supporting implementation of key legislative files agreed under the previous legislature, notably the European Market Infrastructure Regulation (EMIR 3) and the European Single Access Point (ESAP).

Other ongoing legislative files which, depending on progress, may require ESMA’s attention in 2026 are the Retail Investment Strategy (RIS), as well as the review of the PRIIPS, SFDR and Securitisation Regulation. ESMA will ensure that it integrates the principles of Simplification and Burden Reduction across all its activities and will follow up on the 2025 ‘flagship’ projects seeking simplification and efficiencies in disclosure and reporting frameworks.

Driving data innovation and market integration

ESMA will focus on enhancing data capabilities and promoting innovation across the EU financial sector. Key projects for 2026 include the rollout of the ESMA Data Platform, centralisation studies, and the development of AI-powered supervisory tools. These initiatives will bring common benefits to both ESMA and the National Competent Authorities, improving market efficiency and transparency through the support that data provides for risk-based and data-driven supervision across Europe. 

In the digital finance sector ESMA will continue to focus on the effective implementation of MiCA, as it is key to ensuring investor protection and the orderly functioning of crypto-asset markets. ESMA’s supervisory convergence efforts will remain focused notably on the authorisation and supervision of CASPs.

Finally, in line with the EU’s ambition to accelerate the settlement cycle to T+1 by 11 October 2027, ESMA will also coordinate closely with market participants to ensure the smooth transition and preparedness of the financial sector for this event.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

CySEC DEVELOPMENTS

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”8217″ img_size=”full” alignment=”center”][vc_column_text]Circular C723: EBA’s Opinion on money laundering and terrorist financing risks affecting the EU’s financial sector

On 1 August 2025, CySEC issued Circular C723 to inform Regulated Entities that the European Banking Authority (the ‘EBA’) has published its fifth Opinion on money laundering and terrorist financing risks affecting the EU’s financial sector (the ‘Opinion’). The Opinion is based on data from January 2022 to December 2024.

The Opinion identifies increasing risks due to rapid innovation in financial products and technology, particularly in crypto-assets and cross-sector interconnectivity. Key findings include:

• FinTech: 70% of competent authorities report high or increasing ML/TF risks, citing poor AML controls and governance.
• RegTech: Over half of major compliance failures involved poor RegTech implementation, mainly due to insufficient expertise and oversight.
• Crypto-Assets: The number of authorised CASPs more than doubled between 2022–2024, many with ineffective AML/CFT frameworks.
• Fraud and AI: Criminals are using AI to automate laundering and evade detection; financial institutions are lagging in response capabilities.
• Sanctions: Implementation of restrictive measures remains inconsistent; new EBA Guidelines from end-2025 aim to harmonise EU standards.

Under paragraph 17 of CySEC’s AML Directive and section 58A of the AML Law, Regulated Entities must consult reports like the EBA Opinion when applying a risk-based approach to customer due diligence. CySEC expects entities to take the Opinion into account to strengthen the effectiveness of their AML/CFT systems.

Circular C724: New legal framework for Restrictive Measures/Sanctions in the Republic of Cyprus

On 01 August 2025, CySEC issued Circular C724, to inform all Regulated Entities that on Friday, 25 July 2025, three new laws related to Restrictive Measures/Sanctions were published in the Official Gazette of the Republic of Cyprus. These new pieces of legislation are now in force and constitute the new legal framework for Restrictive Measures/ Sanctions.Once the new legislation is available in English, it will be uploaded to the “Sanctions/Restrictive Measures” section of the CySEC website.

The Circular provides a brief overview of the new legislation, highlighting the following:

1. The Criminalization of the Violation of the Restrictive Measures of the European Union Law of 2025 (L. 149(Ι)/2025)

• • Aligns with Directive (EU) 2024/1226 on the definition of criminal offences and penalties for the violation of EU restrictive measures
  • Repeals Law 58(I)/2016

2. The Establishment of the National Sanctions Implementation Unit Law of 2025 (L. 150(Ι)/2025)

• • Establishes the ‘National Sanctions Implementation Unit’ (NSIU), within the Ministry of Finance, which has, among others, the following responsibilities:
  • Implementing and supervising EU and UN sanctions.
  • Coordinating with authorities for the implementation of the Restrictive Measures/Sanctions.
  • Evaluating the cases of potential violation of the Restrictive Measures/ Sanctions.
  • Issuing directives, circulars, guidelines, clarifications and guidance on issues related to the implementation of Restrictive Measures/Sanctions in the Republic of Cyprus.
  • Organising educational or training seminars/conferences and publishing relevant training material.

1. The Protection of Persons Reporting Breaches of Union and National Law (Amending) Law of 2025 (L. 148(Ι)/2025)

• • Aligns with Directive (EU) 2024/1226 on the definition of criminal offences and penalties by including cases of incitement, aiding and abetting and attempting to commit them to the application of the relevant law.

CySEC urges Regulated Entities to align their current measures and procedures for detecting actual or potential breaches of the Restrictive Measures and/or Sanctions with the new legal framework now in force in the Republic of Cyprus.

Notification: by the Ministry of Finance for the designation of CySEC and others as competent authorities for the compliance with Regulation (EU) No. 2022/2554

On 14 August 2025, the Ministry of Finance published a Notification (Κ.Δ.Π. 252/2025) designating the national competent authorities responsible for ensuring compliance with Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA), pursuant to Articles 19 and 46 of the Regulation.

The following authorities have been designated as competent under DORA:

• Cyprus Securities and Exchange Commission (CySEC): For investment firms subject to prudential supervision, crypto-asset service providers, issuers of asset-referenced tokens, central securities depositories (CSDs) supervised or licensed by CySEC, central counterparties, trading venues, data reporting service providers (DRSPs), UCITS management companies, and crowdfunding service providers.
• Central Bank of Cyprus (CBC): For credit institutions (excluding significant institutions supervised by the ECB), electronic money institutions, payment institutions, account information service providers, and CSDs licensed or supervised by the CBC for ancillary banking-type services.
• Insurance and Pension Funds Supervisor (Superintendent of Insurance and Pensions): For insurance and reinsurance undertakings, insurance intermediaries, and reinsurance intermediaries domiciled in Cyprus.
• Registrar of Occupational Retirement Provision Funds: For institutions for occupational retirement provision (IORPs).

All designated authorities are empowered to exercise the functions and powers under Regulation (EU) 2022/2554 and its delegated acts.

Policy Statement PS-03-2025 and Directive DI 73-2009-07: concerning the Digital Operational Resilience for the Financial Sector (Fees and Subscriptions)

On the 4th September 2025, the CySEC published a Policy Statement (PS-03-2025) outlining the fees payable by financial entities (as these are outlined in Point 1.2. of the Policy Statement) falling within the scope of Regulation (EU) 2022/2554 on Digital Operational Resilience for the financial sector (DORA Regulation).

The annual supervision fee ranges between €2,000 and €20,000 depending on the size of each entity and the assessment fee for Threat-Based Penetration Testing was set at €20,000. The fees were calculated by CySEC, taking into consideration comments submitted by stakeholders in the Public Consultation Document CP-01-2025 as published in early 2025. The most significant changes concern the reduction of annual fees for micro and small enterprises, as well as the reduction of the assessment fee for Threat Led Penetration Tests.

Fee Payment Procedure for 2025

Specifically, financial entities subject to the DORA Regulation and under CySEC supervision in 2025 should follow the steps below for the payment of the fees:

1. Category Declaration (2–31 October 2025):
   Financial entities shall inform CySEC of the category of undertaking they fall under, in accordance with the First Annex of Directive 73-2009- 07, based on their latest audited financial statements. These must include the number of employed persons, the annual turnover and the annual balance sheet.
2. Fee Payment (by 31 December 2025):
   Financial entities must pay the annual fee for the period from 15 August 2025 to 31 December 2025, calculated on a pro-rata basis according to the fees set out in the First Annex of Directive 73-2009- 07. The payment deadline is 31 December 2025.

From 2026 onwards, financial entities should pay an annual fee to CySEC covering the period 1 January to 31 December. Each year, entities should notify CySEC of their size between 1–15 September and pay the applicable DORA fee by 30 November, in line with Article 4(1)–(3) of the Directive’s First Appendix.

Dr. George Theocharides, CySEC Chairman said: “The DORA Regulation impacts National Competent Authorities, including CySEC, in ways not only confined to supervision. To meet these growing obligations adequate funding is essential. The fees are aligned with DORA’s proportionality criteria as well as the Ministry of Finance’s objective for CySEC to reduce reliance on public funding. This will enhance CySEC’s independence and ensure it can continue to safeguard market integrity effectively.”

Directive R.A.D. 270/2025: for the restriction on the Marketing, Distribution or Sale of Contracts for Differences (CFDs) to Retail Clients (Amending) of 2025

On 05 September 2025, the CySEC published Directive R.A.D. 270/2025 (only in Greek), which amends Directive DI87-09 on the restriction of the marketing, distribution, and sale of contracts for difference (CFDs) to retail clients (‘the basic Directive’).

This amendment introduces a change to the initial margin requirement applicable to CFDs. Specifically, paragraph (c) of Annex I of the basic Directive has been revised and under the amendment, a 10% initial margin of the notional value of the CFD is required where the underlying asset is either a stock index or a commodity not listed in point (b) of Annex I of the basic Directive. Previously, the 10% initial margin applied only to CFDs where the underlying was a stock or commodity index not listed under point (b) of Annex I of the basic Directive, rather than a plain commodity.

Kindly note that this Directive entered into force upon its publication in the Official Gazette of the Republic and CIFs shall comply with it going forward. The Consolidated version of the Directive can be found here.

Circular C726: Financial Services Volunteer Corps’ virtual practical training on sanctions risk mitigation

On 10 September 2025, CySEC issued Circular C726 to inform Regulated Entities of a virtual practical training hosted by the Financial Services Volunteer Corps (FSVC), with support from the U.S. Department of State, on sanctions risk mitigation.

The training is designed to support compliance with evolving sanctions frameworks and strengthen private sector risk mitigation in light of emerging sanctions evasion typologies. Sessions will be delivered by experienced U.S. practitioners and tailored to the Cypriot context.

The training will be offered on two dates:

• 3 November 2025 (14:00–17:00): for Financial Institutions and Crypto Asset Service Providers
• 6 November 2025 (14:00–17:00): for Administrative Service Providers

Interested participants must register by 8 October 2025. Registration is limited to two representatives per institution.

Circular C727: ECCD training event titled ‘Prevent Misuse of Designated Non-Financial Services Businesses and Professionals (DNFBPs) to Facilitate Sanctions Evasion’

On 10 September 2025, CySEC issued Circular C727 to inform Administrative Service Providers (ASPs) of an upcoming training event organised by the Council of Europe Economic Crime and Cooperation Division (ECCD) under the 2023 Council of Europe / EU Technical Support Instrument (TSI).

The event, held within the framework of the TSI Sanctions II Project, is titled: “Prevent Misuse of Designated Non-Financial Businesses and Professions (DNFBPs) to Facilitate Sanctions Evasion.”

It will cover:

• Trends, causes, and risks linked to the misuse of DNFBPs in the EU
• Real-world typologies, red flags, and control gaps
• Risk mitigation measures
• Horizon scanning of emerging risks related to DNFBPs

The training took place in person on 26 September 2025.

Circular C728: EU Council’s Restrictive Measures against Russia due to its military aggression against Ukraine – Article 5h of Regulation (EU) 833/2014

On 23 September 2025, CySEC issued Circular C728 to inform Regulated Entities of the amendment to Article 5h of Regulation (EU) 833/2014, which forms part of the EU’s restrictive measures against Russia.

CySEC notes that the EU has widened the scope of the amended Article 5h of Regulation (EU) 833/2014, from a prohibition to provide specialised financial messaging services to the legal persons, entities or bodies listed in Annex XIV, into a full transaction ban with the legal persons, entities or bodies listed in Annex XIV (which now includes a total of 45 Russian banks) or their subsidiaries whose proprietary rights are directly or indirectly owned for more than 50% and are established in Russia.

Furthermore, the Regulated Entities are reminded of the importance of studying the Commission Consolidated FAQs, which also cover Article 5h of Regulation (EU) 833/2014.

CySEC calls the Regulated Entities to harmonise the existing measures and procedures in place that are designed and implemented for the detection of actions that are in breach or may potentially be in breach of the provisions of the Restrictive Measures and/or Sanctions, in accordance with the amended Article 5h of Regulation (EU) 833/2014.[/vc_column_text][/vc_column][/vc_row][/vc_section]