April 2025 Regulatory Roundup

INVESTMENT SERVICES & CAPITAL MARKETS

MIFID and MIFIR 

Preparing for the Consolidated Tape Provider for bonds – ESMA clarifies some aspects

On 2 April 2025, ESMA clarified some aspects of the activities of the Consolidated Tape Provider (CTP) for bonds.

ESMA provided clarification on:

• the timing of the entry into force and application of the delegated acts related to CTP and the transparency regime; and
• the possibility of ESMA granting a transition period to the selected and authorised CTP for bonds.

ESMA has no indication that the European Commission intends to introduce substantial changes to the draft technical standards (RTS) that ESMA published on 16 December 2024 and expects them to be adopted shortly.

These draft RTS contain requirements for data contributors’ connection and contribution to the CTP, including those pertaining to input and output data of the CTP, the synchronisation of business clocks, and standards on bond transparency, and ESMA encourages all market participants to use these draft RTS to proceed with all preparatory steps necessary to be ready for the start of the activities of the CTP.

The process for the CTP selection for bonds was launched in January 2025 and continues as planned. ESMA intends to adopt a reasoned decision on the selected applicant by early July 2025. Once the selection procedure ends, ESMA recommends that all data contributors engage with the entity selected as the CTP for bonds for any necessary preparatory steps, including – but not limited to – connectivity, licensing and other practical and technical arrangements needed.

The successful applicant will be selected to operate the CTP for a period of five years and will be invited to apply for authorisation without delay.

The exact duration of the authorisation procedure will depend on the completeness of the applicant’s submissions and their ability to reply to ESMA’s requests. To expedite the process, ESMA ensured that the selection and award criteria for the selection procedure covers the main conditions for the authorisation of the selected CTP.

ESMA acknowledges the possibility – foreseen within the Markets in Financial Instruments Regulation (MIFIR) – to grant a transitional period to the selected CTP, if it is requested by the applicant. In that case, ESMA can grant a short transition period to the authorised CTP, to ensure its readiness and the readiness of its contributors for the start of the CTP activities.

ESMA encourages market participants to prepare for the start of the CTP without counting on an extended transition period after the authorisation of the entity.

ESMA consults on transparency requirements for derivatives under MIFIR Review

On 3 April 2025, ESMA asked for input on proposals for Regulatory Technical Standards (RTS) on transparency requirements for derivatives, amendments to RTS on package orders, and RTS on input/output data for the over-the-counter (OTC) derivatives consolidated tape.

ESMA is developing various technical standards further specifying certain provisions set out in the MIFIR Review. This consultation paper covers the following three areas:

• Transparency requirements for derivatives: covering the new deferral regime for Exchange Traded Derivatives (ETD) and OTC derivatives, specifying size thresholds, liquidity determination and deferral durations for post-trade transparency. ESMA also asks input on limited amendments for pre-trade waivers, and amendments to post-transparency fields and flags.
• RTS on package orders: considering the new scope and liquidity determination for derivatives.
• RTS on input/output data for the OTC derivatives consolidated tape: including the data quality requirements for the prospective CTPs and data contributors.

The consultation will remain open until 3 July 2025. Based on the feedback received, ESMA will publish a final report and submit the draft technical standards to the European Commission in Q4 2025.

Central Securities Depositories Regulation (CSDR) 

ESMA clarifies the treatment of settlement fails with respect to the CSDR penalty mechanism

On 14 March 2025, ESMA published a statement on the treatment of settlement fails with respect to the Central Securities Depositories Regulation (CSDR) penalty mechanism, following the major incident that affected TARGET Services (T2S and T2) last month.

Concretely, ESMA clarifies in this statement that National Competent Authorities (NCAs) do not expect CSDs to apply cash penalties in relation to settlement fails for the days of 27 and 28 of February 2025.

A major incident caused by a failure of the infrastructure component adversely affected T2S and T2 on 27 of February 2025 causing that settlement instructions, payment, ancillary system instructions or liquidity transfers between TARGET Services could not be processed for several hours. 

As specified in an existing CSDR Q&A, cash penalties should not be applied in situations where settlement cannot be performed for reasons that are independent from the involved participants.

European Central Bank opinion on moving to T+1

On 1 April 2025, the European Central Bank (ECB) published its opinion of 31 March on the proposal to shorten the securities settlement cycle from two business days (T+2) to one business day after trading takes place (T+1), by amending the Central Securities Depositories Regulation.

The opinion was published in response to requests from the Council of the European Union and the European Parliament. The ECB confirms that it welcomes the proposed move to T+1, and notes that moving to T+1 would facilitate the objective of promoting settlement efficiency in the European Union (EU) and ensure the EU was aligned with other global jurisdictions such as the UK which have also moved, or are moving, to a shorter securities settlement cycle. The EU T+1 Industry Taskforce is currently working towards a T+1 go-live date of 11 October 2027.

Market Data

ESMA facilitates access and use of data from its public registers

On 1 April 2025, ESMA published its first code package on the public code repository GitHub with the goal of promoting the availability of ESMA’s data and facilitating its usage.

The first code package published provides tools to search and download data from some of ESMA’s public registers.

This echoes the recent publication of ESMA’s first interactive dashboards based on MIFID data published in the registers, providing figures on a number of instruments or trading venues by market type and country.

The code packages and interactive dashboards add value by facilitating the visualisation, understanding, and (re)use of data otherwise only available at very granular level in the ESMA registers.

The above initiatives are part of ESMA’s efforts to provide relevant, useful and understandable information to the market in machine-readable form. Increasing and facilitating the use of ESMA’s data, including by retail investors, is one of the objectives of the ESMA Data Strategy 2023-2028.

ESMA will continue publishing new interactive dashboards and code packages in the future (requests from the public can be addressed to info@esma.europa.eu).

Risk monitoring

The ESAs call for vigilance amid rising geopolitical and cyber risks

On 31 March 2025, the three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published their Spring 2025 Joint Committee update on risks and vulnerabilities in the EU financial system, which focuses on the challenges linked to geopolitical tensions and cyber risks.

The ESAs warn that growing geopolitical tensions and rising cyber risks present significant challenges to financial stability. These include trade disputes, rapidly shifting policies, ongoing international conflicts and the prospect of economic fragmentation which are reshaping global markets, requiring heightened vigilance and adaptability from supervisors and financial entities alike.

Financial institutions must navigate growing uncertainties, including exposure to international markets, liquidity risks and the evolving role of artificial intelligence (AI). Ensuring resilience in the face of these developments is crucial.

The ESAs, therefore, emphasise the need for proactive risk management, stronger cyber resilience and a close monitoring of global financial linkages, including currency risks. As financial markets continue to evolve, international cooperation and regulatory preparedness will be key to maintaining stability. Against a background of high geopolitical risks, the ESAs recommend that supervisors and financial entities prepare for continued market volatility, consider the potential materialisation of liquidity risks and stand ready to adapt to adverse developments, including by provisioning adequately.

To better manage cyber and digitalisation risks, supervisors and financial institutions should continue to strive for robust data governance, critically assess AI solutions and their compliance with the AI Act and support the timely implementation of the Digital Operational Resilience Act’s provisions.

Market Abuse Regulation

ESMA consults on simplified insider list formats under the Listing Act

On 3 April 2025, ESMA launched a consultation paper proposing changes to the format for drawing up and updating insider lists, as part of the Listing Act amendments to the Market Abuse Regulation (MAR).

The Listing Act mandates ESMA to review the Implementing Technical Standards (ITS) on insider lists to extend the simplified format – currently used by issuers on Small and Medium Enterprises (SME) Growth Market – to all issuers. 

The proposed changes aim at reducing the administrative burden on issuers required to draw up and maintain insider lists under MAR. 

The consultation will remain open until 3 June 2025. Based on the feedback received, ESMA will finalise the ITS and submit them to the European Commission in Q4 2025.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

OPERATIONAL RESILIENCE

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]DIGITAL OPERATIONAL RESILIENCE ACT (DORA)

ESAs issue an opinion on the European Commission’s rejection of original draft RTS on subcontracting

On 7 March 2025, the European Supervisory Authorities (ESAs) issued an Opinion on the European Commission’s rejection of their draft Regulatory Technical Standard (RTS) on subcontracting under the Digital Operational Resilience Act (DORA).

The RTS specified further elements that financial entities must determine and assess when subcontracting ICT services that support critical or important functions under DORA. The European Commission rejected the draft RTS on the grounds that certain elements exceeded the powers given to the ESAs by DORA.

The ESAs’ Opinion acknowledges the European Commission’s assessment and confirms that the proposed amendments ensure the draft RTS is now in line with the DORA mandate.

The ESAs encourage the European Commission to finalise the adoption of the RTS without further delay.

EU DORA guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents published

On 18 March 2025, translations were published of the Joint Guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents.

The guidelines supplement the EU Digital Operational Resilience Act (DORA) which requires that financial entities report on request to their national competent authorities an estimation of aggregated annual costs and losses caused by major ICT-related incidents. The guidelines indicate how those estimations should be arrived at and include a related reporting template.

The guidelines will apply from 19 May 2025.

RTS on criteria for the composition of joint examination teams under DORA published in Official Journal

On 24 March 2025, Commission Delegated Regulation 2025/420 was published in the Official Journal of the European Union.

This Delegated Regulation supplements Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards (RTS) to specify the criteria for determining the composition of the joint examination team ensuring a balanced participation of staff members from the European Supervisory Authorities and from the relevant competent authorities, their designation, tasks and working arrangements. 

The Delegated Regulation will enter into force on 13 April 2025.

European Commission adopts RTS on the elements to assess when subcontracting certain ICT services under DORA

On 24 March 2025, the European Commission adopted a Delegated Regulation supplementing Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards specifying the elements that a financial entity has to determine and assess when subcontracting ICT services supporting critical or important functions.

Articles 1 and 2 establish the rules on proportionality and group application. Article 3 sets out rules on due diligence and risk assessment regarding the use of subcontractors supporting critical or important functions. Article 4 establishes the description and the conditions under which ICT services supporting a critical or important function may be subcontracted. Articles 5-6 contain the rules on material changes to subcontracting arrangements of ICT service supporting critical or important functions and the provisions on the termination of the contractual arrangement.

The Delegated Regulation will enter into force 20 days after its publication in the Official Journal of the European Union.

European Commission calls on Member States to fully transpose DORA

On 27 March 2025, the European Commission announced that it had decided to open infringement procedures by sending a letter of formal notice to 13 Member States (Belgium, Bulgaria, Denmark, Greece, Spain, France, Latvia, Lithuania, Malta, Poland, Portugal, Romania and Slovenia) for failing to fully transpose the DORA Directive (Directive 2022/2556).

Member States had to notify the transposition of the DORA Directive into national law by 17 January 2025. The Member States concerned now have two months to respond and to complete their transposition and notify their measures to the Commission. In the absence of a satisfactory response, the Commission may decide to issue a reasoned opinion, the second stage of the formal infringement procedure.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

SUSTAINABLE FINANCE

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]European Commission Omnibus package

Omnibus proposals: Council of the EU agrees position on ‘stop-the-clock’ mechanism

On 26 March 2025, the Council of the EU announced that it had agreed its position on the ‘stop-the-clock’ mechanism to postpone the dates of application of certain corporate sustainability reporting and due diligence requirements, as well as the transposition deadline of the due diligence provisions. In particular, to postpone:

• by two years the entry into application of the Corporate Sustainability Reporting Directive (CSRD) requirements for large companies that have not yet started reporting, as well as listed SMEs, and
• by one year the transposition deadline and the first phase of the application (covering the largest companies) of the Corporate Sustainability Due Diligence Directive (CSDDD).

This mechanism is intended to grant the co-legislators time to agree on substantive changes to the CSRD and CSDDD, also proposed by the Commission as part of the ‘Omnibus I’ package on sustainability.

European Parliament votes to delay sustainability and due diligence requirements

On 3 April 2025, the European Parliament voted in favour of its ‘stop the clock proposal’ to delay the application of new sustainability reporting and due diligence under the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD).

The delay was proposed as part of the European Commission’s “Omnibus I” simplification package, designed to address overlapping or disproportionate rules that are creating unnecessary burdens for EU businesses. The proposal postpones the application of CSRD reporting requirements for companies due to report in 2026 and 2027 (referred to as second and third wave companies) and postpones the transposition deadline and first wave application of the CSDDD by one year (to 2028). The European Commission had invited the co-legislators to prioritise this proposal in particular, and the Council of the EU endorsed the proposal on 26 March 2025 (see item above). The draft rules will need to be formally approved by the Council and then can enter into force.

Taxonomy

EU Platform on Sustainable Finance response to consultation on amendments to Taxonomy Delegated Acts

On 26 March 2025, the Platform on Sustainable Finance, an advisory body to the European Commission established under Article 20 of the Taxonomy Regulation, published its response to the draft taxonomy delegated act consultation.

The Platform is broadly supportive of the simplification proposal but makes a number of recommendations, including:

• introducing a mechanism for all companies to report partial alignment;
• clarifying the materiality threshold;
• gradually integrating exposures into the Green Asset Ratio;
• postponement of key performance indicators (KPIs) for Banks; and
• pausing, rather than excluding, reasonable assurance for Corporate Sustainability Reporting Directive (CSRD) reporting, including the EU Taxonomy entity-level reporting.

The Platform raises concerns regarding the reduction of the Taxonomy’s scope suggested in the Omnibus proposals, as regards certain corporate sustainability reporting and due diligence requirements. The Platform recommends aligning the scope of Taxonomy reporting with the scope of the CSRD, while preserving the CSRD’s original scope. For non-SME companies below the 1,000-employee threshold, the Platform suggests that reporting should be focused on the most essential standards, including Taxonomy alignment.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

ESMA

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Prioritisation of 2025 ESMA deliverables

On 6 March 2025, ESMA published a letter (dated 3 March) addressed to the European Commission on the prioritisation of ESMA’s 2025 deliverables.

ESMA’s letter sets out specific items which ESMA intends to delay or which have been cancelled. In some instances, the delays are made with the purpose of aligning ESMA’s work with other initiatives. For example, the technical standards on buy-in under the Central Securities Depository Regulation Review are delayed until T+1 implementation is complete. The EU has committed to moving to T+1 by 11 October 2027.

ESMA identifies the following as being included in its highest priority workstreams:

• implementation of the latest amendments to the European Market Infrastructure Regulation, known as EMIR 3
• the MIFID and MIFIR Review
• the Listing Act
• the Central Securities Depository Regulation Review
• the T+1 project; and
• the review of AIFMD

ESMA is also prioritising new supervisory responsibilities relating to Consolidated Tape Providers, Green Bond verifiers, ESG Rating providers and oversight powers under the Digital Operational Resilience Act.[/vc_column_text][/vc_column][/vc_row][/vc_section][vc_section css=”.vc_custom_1609007282200{margin-bottom: 20px !important;}”][vc_row css=”.vc_custom_1609007241176{padding-right: 15px !important;padding-left: 15px !important;}”][vc_column css=”.vc_custom_1612794217189{margin-bottom: 20px !important;padding-top: 3px !important;padding-right: 20px !important;padding-bottom: 3px !important;padding-left: 20px !important;background-color: #283a66 !important;}”][vc_column_text]

CySEC DEVELOPMENTS

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”8217″ img_size=”full” alignment=”center”][vc_column_text]Circular C686: Financial Action Task Force’s Public Consultation on Complex Proliferation Financing and Sanctions Evasion Schemes project

On 10 March 2025, the Cyprus Securities and Exchange Commission (the ‘CySEC’) issued Circular C686  to inform Regulated Entities that on the 26^th February 2025, the Financial Action Task Force (the ‘FATF’) launched a public consultation on Complex Proliferation Financing and Sanctions Evasion Schemes project.

To assist the production of the final report, the FATF is seeking input, through specific questions, from the private sector and civil society on best practices in mitigating Proliferation Financing risk. The CySEC encourages the Regulated Entities to respond to the said consultation paper.

Circular C687: EBA’s Public Consultation Paper on Proposed Regulatory Technical Standards in the context of the EBA’s response to the European Commission’s Call for advice on new AMLA mandates

On 10 March 2025, CySEC issued Circular C687 to inform Regulated Entities that the European Banking Authority (EBA) has launched a public consultation on four draft Regulatory Technical Standards (the ‘RTS’) that will be part of the EBA’s response to the European Commission’s Call for Advice. These technical standards will be central to the EU’s new AML/CFT regime and will shape how institutions and supervisors will comply with their AML/CFT obligations under the new AML/CFT package.

The proposed RTSs address the following key areas:

• A two-step approach is suggested for determining which institutions will be subject to AMLA’s direct supervision, based on cross-border activity and a harmonised ML/TF risk assessment.
• The EBA proposes a standardised methodology for national supervisors to assess institutions’ inherent risks, quality of internal controls, and residual risks, ensuring consistency and reducing burdens for cross-border firms.
• A flexible framework is proposed for how institutions can meet their CDD obligations, with guidance on types of documents and sources to consult, aiming to balance effectiveness with compliance costs.
• Proposed indicators and criteria on Sanctions and Administrative Measures for setting penalties aim to ensure a proportionate, consistent, and dissuasive approach to AML/CFT enforcement across the EU.

The EBA is expected to submit the final RTS to the European Commission by 31 October 2025. The consultation is open until 6 June 2025. CySEC encourages all Regulated Entities to review and respond to the consultation, as the feedback will contribute to shaping the final regulatory standards in the EU’s evolving AML/CFT framework.

Announcement: Application of Regulation (EU) 2023/1114 (MiCAR) and Regulation (EU) 2023/1113 (TFR) to Crypto-Asset Service Providers

On 11  March 2025, CySEC issued an announcement to inform Regulated Entities that Regulation (EU) 2023/1114 on markets in crypto-assets (MiCAR) and Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets (TFR) have become applicable.

Following Notification R.A.D. 310/2024, CySEC has been designated as the competent authority for crypto-asset service providers (CASPs) whose home Member State is the Republic of Cyprus, in accordance with Article 3(33)(f) of MiCAR. This applies to entities authorised or assessed under Article 60 and Article 63 of MiCAR, including investment firms, market operators, UCITS managers, and AIFMs.

CySEC notes the following:

• Regulation (EU) 2023/1114 establishes a comprehensive framework for the authorisation and supervision of CASPs operating across the Union.
• Regulation (EU) 2023/1113 sets out AML/CFT requirements related to the transfer of crypto-assets, including the information to be submitted with each transfer and the internal controls to be implemented.
• CySEC currently accepts applications for authorisation or notifications under MiCAR and will supervise the entities in line with the new regulatory framework.
• CySEC no longer accepts applications for registration in the Registry of Crypto-Asset Service Providers under article 61E of L. 188(I)/2007 and Directive R.A.D. 269/2021.

CySEC will continue to maintain the CASPs Registry during the transitional period provided under Article 143(3) of MiCAR. CASPs already providing services before 30 December 2024 may continue to do so until 1 July 2026 or until they are granted or refused authorisation under MiCAR, whichever occurs first.

During this period, such entities must comply with the provisions of Regulation (EU) 2023/1113, L. 188(I)/2007, and Directive R.A.D. 269/2021.

CySEC further notes that new national legislation will be introduced in 2025 to address areas under Member State discretion within the MiCAR and TFR frameworks.

Circular C688: ESMA launches a Common Supervisory Action (‘CSA’) with NCAs on Compliance and Internal Audit Functions

On 11 March 2025, the CySEC issued Circular C688 to notify Regulated Entities that the European Securities and Markets Authority (ESMA) has launched the 2025 Compliance and Internal Audit Functions CSA with national competent authorities (NCAs), on compliance and internal audit functions of UCITS management companies and Alternative Investment Fund Managers (AIFMs) across the EU.

The aim of the CSA is to evaluate whether UCITS and AIFMS have established adequate and effective compliance and internal audit functions in accordance with regulatory requirements, and whether these functions maintain sufficient internal control mechanisms to mitigate non-compliance risks.

CySEC highlights the importance of these functions in ensuring compliance with the applicable regulatory framework. As such, it has initiated a thematic review, including on-site as well as desk-based inspections on a sample of entities.

Finally, CySEC expects and urges Regulated Entities to take all necessary measures to ensure full compliance with their obligations in relation to the aforementioned functions and to assess and enhance their internal control framework to ensure that these functions are properly integrated into their governance structures without any weaknesses/deficiencies.

Press Release: Legislative and technological developments in the capital market in 2025

On 11 March 2025, CySEC issued a Press Release to present an overview of its supervisory activities in 2024 and set out its strategic priorities for 2025, highlighting upcoming regulatory changes, technological developments, and sectoral trends in the capital markets.

Key areas of regulatory focus included the Markets in Crypto-Assets Regulation (MiCAR), and the implementation of the Digital Operational Resilience Act (DORA), aimed at ensuring cybersecurity and data integrity in financial entities.

CySEC will continue to build its cyber security and resilience through the acquisition of new specialised systems and improving existing ones, both to manage licensing processes and the ongoing supervision of supervised entities, with the aim of ensuring their full compliance.

Amendments in the Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing (Register of Beneficial Owners of Express Trusts and Similar Legal Arrangements) 257/2021

On 14 March 2025, the Directive on the Prevention and Suppression of Money Laundering and Terrorist Financing (Register of Beneficial Owners of Express Trusts and Similar Legal Arrangements) (Amending) of 2025 was officially published in the Gazette of the Republic of Cyprus. This Amending Directive introduces amendments to the main Directive, specifically Articles 10, 12 and 13, which mainly concern parameters and fees for access to the Register.  

Announcement: Revised System of the Cyprus Beneficial Ownership Register of Express Trusts and Similar Legal Arrangements (CyTBOR)

On 17 March 2025, CySEC issued an announcement to inform the public that the online platform for the Cyprus Beneficial Ownership Register of Express Trusts and Similar Legal Arrangements (the ‘CyTBOR System’/the ‘Register’), has undergone changes which will take effect from 18/03/2025.

The changes in the CyTBOR System are related with the Directive on the Prevention and Suppression of Money Laundering and Terrorist Financing (Register of Beneficial Owners of Express Trusts and Similar Legal Arrangements) (Amending) of 2025.

The said Directive, the revised User Manuals, the revised Q & A’s developed by CySEC as well as video/presentations of the new functionalities of the CyTBOR System, have been published on CySEC’s website.

Circular C689: Adoption of the European Banking Authority (‘the ‘EBA’) Guidelines on benchmarking of diversity practices, including diversity policies and gender pay gap under Directive 2013/36/EU and Directive (EU) 2019/2034 (EBA/GL/2023/08)

On 19 March 2025, CySEC issued Circular C689 to inform CIFs regarding the EBA Guidelines on benchmarking of diversity practices, including diversity policies and gender pay gap (the “Guidelines on benchmarking of diversity practices”) which were issued on December 18, 2023 with entry into force June 27, 2024.

CySEC has adopted the Guidelines, under sections 20 and 28(1) of the Prudential Supervision of Investment Firms Law of 2021, which transpose Articles 26 and 34(1) of the Directive (EU) 2019/20341 (the “IFD”), by incorporating them into its supervisory practices and regulatory approach.

The Guidelines on benchmarking of diversity practices apply to Class 2 CIFs.

Circular C694: Updated Electronic Cross-Border Form, Freedom to Provide Investment Services and Activities (Cross Border Activity)

On 27 March 2025, CySEC issued Circular C694, to inform CIFs of ESMA’s Cross-border online questionnaire for the year 2024.

The Cross-border online questionnaire must be completed by CIFs that were authorised by December 31, 2024, and which have provided cross-border services to more than 50 active retail clients (including clients treated as professionals on request according to Section II of Annex II of MiFID II) (therein ‘retail clients’), in at least one host Member State.

Information collected through the Cross-border online questionnaire on the CIFs’ cross-border activity refers to the reporting period 01/01/2024 – 31/12/2024 and reference date 31/12/2024, as relevant.

In order for CIFs to assess whether they fall under the scope of the exercise, CIFs must consult all information provided in points 1.2 – 1.5 of the Circular.

• CIFs that fall under the scope of this exercise must provide a single, valid, company email address (i.e. compliance@…, info@…) to CySEC to which the Cross-border electronic form will be forwarded to, by sending an email to cifs@cysec.gov.cy, by Friday 4th of April 2025, at the latest.
• CySEC will send the link of the Cross-border electronic form, only to those CIFs that fall under the scope of this exercise.
• CIFs that do not meet the conditions i.e. CIFs that do not reach the materiality threshold of more than 50 active retail clients, in at least one EEA Member State, should inform CySEC of the fact that they are not required to complete the Form, by sending an email to cifs@cysec.gov.cy, by Friday 4th of April 2025, at the latest.

A forthcoming Circular will provide detailed information regarding the completion of the Cross-border electronic form, along with the stipulated deadline for submission.

Circular C695: Council of Europe and European Commission, Directorate General for Structural Reform Support workshop ‘Leveraging OSINT for compliance with EU restrictive measures against Russia’

On 28 March 2025, CySEC issued Circular C695 to inform Regulated Entities of the Workshop titled ‘Leveraging OSINT for compliance with EU restrictive measures against Russia’, organised by the Council of Europe and the European Commission, Directorate General for Structural Reform Support (DG REFORM) (the ‘Workshop’).

The Workshop enhances the capacity of National Competent Authorities and business operators to identify designated entities, improve access to information, and facilitate information exchange at both national and international levels. It also promotes the use of open-source intelligence (OSINT), aiming to strengthen the detection, investigation, and prevention of sanctions evasion, thereby ensuring better compliance with EU financial restrictive measures in the private sector.

The Workshop took place on April 2, 2025, and was organised as a hybrid event, thus private sector’s obliged entities from the EU Member States were invited.

Circular C696: Joint EBA and ESMA Guidelines on the assessment of the suitability of members of the management body and qualifying shareholders in issuers of asset-referenced tokens and crypto-asset service providers (CASPs)

On 28 March 2025, CySEC issued Circular C696 to inform Issuers of asset-referenced tokens (ARTs), CASPs and relevant applicants that it has adopted the Joint Guidelines issued by the EBA and ESMA on the assessment of the suitability of members of the management body and qualifying shareholders in issuers of asset-referenced tokens and crypto-asset service providers.

The Guidelines, issued under Article 16 of Regulations (EU) No 1093/2010 and 1095/2010, apply during authorisation and on an ongoing basis. They set out criteria for assessing whether management body members of ART and CASP issuers are of good repute, have sufficient time, and possess appropriate knowledge, skills, and experience. Individuals convicted of offences related to money laundering, terrorism financing, or affecting good repute are disqualified. The assessment applies to both incoming and existing members.

For shareholders or members with qualifying holdings, the Guidelines outline how authorities should assess the existence and suitability of such holdings, including proposed direct or indirect acquirers.

CySEC expects all relevant entities to ensure compliance with the Guidelines as part of their regulatory obligations.[/vc_column_text][/vc_column][/vc_row][/vc_section]