Apr 22 / Evdokia Pitsillidou

Prepare ahead of an inspection by CySEC

about the author

Evdokia Pitsillidou

Director of Risk & Compliance at SALVUS Funds

Evdokia, a partner at SALVUS Funds, is actively advising and working on all matters related to licensing, regulatory compliance, and internal audit for investment firms, funds, Electronic Money Institutions (EMI) & Crypto-Asset Services Providers (CASP).

  • Member of the Global Institute of Internal Auditors (IIA)
  • Member of the Cyprus Investment Funds Association (CIFA)
  • Certified Actuarial Analyst (CAA)
  • CySEC Advanced Certified Person
  • CySEC certified Anti-Money Laundering Compliance Officer (AMLCO)

The Cyprus Securities and Exchange Commission (CySEC) supervises the investment services and securities market carried out in the Republic of Cyprus, since 2001. Its mandate is to ensure investor protection and establish the Cyprus securities market as one of the safest, most reliable, and attractive destinations for investment. To achieve that, CySEC has the responsibility to inspect its regulated entities, ensuring compliance with the applicable laws and regulations.

 
In this blog post, Evdokia Pitsillidou , an instructor at the institute, demonstrates an in-depth analysis of CySEC’s authority to investigate and monitor its obliged entities, providing insights and compliance tips on the key inspection areas.

To this end, a comprehensive and detailed course titled How to Get Prepared by the Regulator in 2024 is available through the IforPE platform. This course emphasises the importance for supervised entities to achieve regulatory compliance by employing a proactive approach and enhance the internal policies and procedures.

Towards the end of this blog post, you will find detailed information about the skills and competencies acquired upon course completion and how they contribute to ensuring a successful CySEC inspection at any given time.


CySEC Powers


CySEC maintains numerous investigative powers which is extremely important for regulated entities to get accustomed with their compliance obligations, and avoid failing any of the following:

  1. Collection of information – CySEC can request in written form the collection of information from its supervised entities.
  2. Carrying out inspections – the regulator grants the authority to examine information; records, books, accounts, as well as documents and computer-stored data.
  3. Entrance and investigation– CySEC has the right to enter and search offices and the business premises, performing onsite inspections.

Inspection Areas

While CySEC can inspect every function of its supervised entity, the main focus is usually targeted towards, but not limited to:

  • Organisational structure and personnel changes - examining if the electronic record is updated, and if the Chinese Walls along with the documented Employee Replacement Policy are in place,
  • Employment Contracts and Remuneration - checking if the remuneration, employee recruitment, staff knowledge and competence policy and practices are established,
  • Personnel Training - assessing its adequacy and quality as well as the employee awareness,
  • Senior Management & BoD - ensuring the obeyance of their duties and responsibilities, their suitability and awareness on the firm’s operations,
  • Compliance Function - ascertaining that all required compliance processes are in place, including risk assessment and monitoring procedures.
  • Risk Management Function - reviewing the risk management plan, interviewing the key personnel is employed, and if they report directly to the BoD,
  • Internal Audit Function - analyzing whether its findings were reported to CySEC through the Electronic Record, and communicated to the BoD in a timely manner,
  • Shareholders Holdings, Tied Agents, Inducements, Cross-Border, ICF - inspecting if appointment or intention of such services has been communicated to CySEC,
  • Internal Operations Manual - checking whether the documented procedures are adequate and sufficient, and reflect the current procedures in practice,
  • Conflicts of Interest & Personal Transactions - investigating if a Conflict of Interest policy is implemented and if appropriate measures are taken to prevent or detect such phenomenon.
  • Client Complaints - assessing the complaints handling policy and procedures and if the annual fee payment has been made to the Financial Ombudsman,
  • Outsourcing - analyzing the adequacy and competence of outsourcing arrangements,
  • Business Continuity & Disaster Recovery- ensuring if appropriate procedures and policies are in place,
  • Product Governance - reviewing whether a Product Governance policy and product approval process is implemented.

These areas collectively form a high-level framework for regulatory inspection to ensure the integrity and compliance of regulated entities conducting investment activities.

What is the How to get prepared for an inspection by the regulator course and what does it include?

The How to get prepared for an inspection by the regulator in 2024 course is developed by SALVUS Funds and delivered by their Risk & Compliance Director, Evdokia Pitsillidou. This course is designed explicitly for professionals holding key compliance and managerial positions in Cyprus Investment Firms, enabling them to navigate regulatory inspections successfully.

Professionals participating in this course will gain the skills and competencies necessary for enhancing their firm's policies and procedures. After this blog post, they can ultimately assure readiness for successful regulatory inspections whenever required. Additionally, they will gain insights into the supervisory priorities established by the European Securities and Markets Authority (ESMA) and receive valuable compliance tips to facilitate a high standard result. 

The syllabus of the How to get prepared for an inspection by the regulator course includes:
  • The Cyprus Securities and Exchange Commission

- About CySEC

- CySEC responsibilities
- CySEC regulated entities
- CySEC powers
  • Governance arrangements & organisational requirements

- Governance arrangements

- Organisational requirements
  • Inspection areas & compliance tips

- Policies & procedures

- Policies & procedures
- Organisational requirements - inspection areas & methodology
- Operating conditions - inspection areas & methodology
- Client accounts: opening & closing
  • Departmental inspection areas & compliance tips

- Back office department

- AML department
- Accounting & finance
- Provision of services
- Business development & marketing
- Customer support
- Information technology
  • ESMA common supervisory actions

- What is an ESMA CSA?

- National Competent Authorities
- MiFID II Product Governance rules
- MiFID II cost and charges disclosure rules
- MiFID II marketing communications
  • Inspection tips & results

- Compliance tips

- Post-inspection communication
- Inspection results
- 2023 CySEC investor protection fine

The CySEC inspection preparation course material is delivered in PDF slides and online video recordings. Learners undertaking this course are provided with the flexibility to learn at their own pace, wherever, and whenever.

Upon completion of the course, learners have the opportunity to evaluate their comprehension of the covered material by answering a series of questions reflecting the gained knowledge.

The completion of this course counts towards the Continuous Professional Development (CPD) annual requirements for professionals, and holders of the CySEC Advanced and Basic certifications.
Get in touch
If you have any questions about Evdokia's course or any other questions related to your training requirements, please contact us
we would love to help.
From all of us at IforPE, the Institute for Professional Excellence,
Ancora Imparo