The emerging crypto industry is still unchartered waters in many regards. But the Cyprus Securities and Exchange Commission is working towards eliminating the regulatory gaps and ensure the highest level of investor protection. The Successful Business Magazine asks the Commission head, Dr George Theocharides, about the current crypto landscape in the EU and in Cyprus and the recent and forthcoming regulatory developments.

In your opinion, what are the greatest regulatory risks that Cyprus faces today?

The trends that we have seen in the last decade or so in financial services are more digitalisation, more online, and mobile trading platforms. We have also seen more sophisticated technologies, such as artificial intelligence, algorithmic trading, blockchain technologies, machine learning, Big Data Analytics, Robo-Advisors, and social trading.

Obviously, these global trends bring many opportunities, but at the same time, they come with risks relating to the protection of the investors, to cases of money laundering and terrorist financing, and risks around cybersecurity.

As regulators, we need to be proactive in understanding these new technologies and how they impact financial services in order to mitigate the risks and protect investors. It is essential that investors understand these risks before proceeding with any investment, so they are not lured into unsuitable investments based on inaccurate or incomplete information. Inconsistent liquidity, unregulated price discovery mechanisms, insider dealing and market abuse in relation to crypto-assets, lack of pre- and post- trade transparency rules, all undermine investor protection. The nature of cryptoassets, which means they are to some extent anonymous or pseudo-anonymous and can be used in the context of electronic contactless transactions and from anonymous crypto wallets and other emerging products, also makes them vulnerable to the risk of money laundering and the financing of terrorism.

What's the solution then?

When it comes to digital assets andWhen it comes to digital assets andcryptoassets, the regulation is evolving. There is a lot of work being done both atThere is a lot of work being done both atthe national and European level. A fewmonths ago, the Cyprus Securities andExchange Commission (CySEC) issueda Policy Statement on the Registrationand Operations of Crypto Asset ServicesProviders (CASP) to outline its finalisedrules for CASPs under the AML/CFTLaw. Additionally, we issued the CASPRegistration Directive and the Directivefor the Prevention and Suppressionof Money Laundering and TerroristFinancing, which elaborates on the nextsteps for CASPs and CySEC’s expectations.We expect Crypto Asset ServicesProviders to abide by their obligationsstemming from CASP Rules, includingbut not limited to their obligationsamong others on:

- the fitness and probity of the CASPBeneficiaries and persons holding a management position

- performing Know Your Client and other client due diligence measures

- drawing the economic profile and identifying the source of funds of their clients

- identifying and reporting suspicious transactions, and

- undertaking a comprehensive risk assessment in relation to their clients and activities and take proportionate measures per client, activity and cryptoasset in question.

Details can be found on the CySECDetails can be found on the CySECwebsite, www.cysec.gov.cy.

CySECalso continues to analyse market practicesand will assess the effectiveness ofexisting rules. Where necessary, we willact to issue further guidance to ensurethe compliance of supervised entitieswith the regulatory framework. CySECexpects these kinds of initiatives toalleviate some, but not all, of the risksinvolved in cryptoasset space, and wewelcome developments at EU level,under the proposed Regulation on Marketsin Crypto Assets (MiCA).

In September 2020, the EuropeanCommission proposed a new regulationon cryptoassets (MiCA). This regulationwill form part of the EU’s Digital FinanceStrategy and is expected to significantlyimpact the operation of the crypto marketin the EU. It will increase consumerprotection by establishing clear cryptoindustry conduct and introduce newlicencing requirements. This proposal,which covers cryptoassets falling outsideexisting EU financial services legislation,as well as e-money tokens, has four generaland related objectives.

The first objective is one of legalcertainty. For cryptoasset markets todevelop within the EU, there is a needfor a sound legal framework, clearlydefining the regulatory treatment ofall cryptoassets that are not covered byexisting financial services legislation.The second objective is to support innovation.The development of cryptoassetsand the wider use of DLT requires a safeand proportionate framework to supportinnovation and fair competition. Thethird objective is to instil appropriatelevels of consumer and investor protectionand market integrity given thatcryptoassets not covered by existingfinancial services legislation presentmany of the same risks as more familiarfinancial instruments. Finally, thefourth objective is to ensure financial stability. 

Cyprus has attracted a numberCyprus has attracted a numberof large CIF companies and someconcentrate in CFDs. These tendto have hundreds of thousands oftrading accounts and millions oftransactions every day. Are youconfident that Cyprus' currentregulatory system is adequate toprotect investor interests in companieslike this?

EU financial regulation applies uniformlyto all EU Member States, savefor certain minor Member State discretionsprovided for in the respective EUlegislation. As a result, investment firmsdomiciled in any of the EU MemberStates must abide to the same rulesand in return, benefit from the right tofreely provide their services throughoutthe EU. The regulatory and supervisorylandscape of the financial sector inCyprus mirrors that of the rest of the EUso that investors benefit from the highstandards of protection we enforce.

I should also mention that – untilI should also mention that – untilMiCA becomes effective – a nationalBill has been drafted by the Ministry ofFinance (an Umbrella Law) to regulate the development of DLT-Blockchainthe development of DLT-BlockchainTechnology/Smart Contracts and providelegal certainty to this market.Under this Bill, CySEC is empowered todraft other legislative amendments if itdeems necessary for further regulatingthe provision of investment services inthis space.

Clearly, there is a high level of demandClearly, there is a high level of demandglobally for these products. CySEC hasalways held the belief that regulatingthese products appropriately is the safest,most diligent way of allowing thesefirms to provide these services, and ismost in line with serving investors’ interests.We continually assess and monitorregulated entities to tackle any concerningpractices to ensure that investorsprotection is not compromised. Since2015, CySEC applies a risk-based supervisoryapproach, which governs howwe determine the entities and marketsegments that pose the greatest risks toinvestors, and which are subject to theclosest scrutiny.

Our risk-based supervisory approachfollows the same blueprint for supervisionof other European supervisors andwe have been in constant and close collaborationwith ESMA and IOSCO.

According to our annual SupervisoryAction Plans, each year both onsiteinspections and desk-top reviewsare undertaken on supervised entities,together with full audit inspections orthematic or targeted basis. As a result,CySEC imposed more than €10 millionadministrative fines only for CIFs. Italso suspended the licence of more than30 CIFs, which had significant problemsand called upon them to take a numberof corrective measures to improve theirinternal procedures, regulations andpractices in order to fully comply withtheir legal obligations. In addition, CySECrevoked the operating licence of morethan 15 CIFs, in which serious violationsof the legislation were identified and asignificant number of CIFs voluntarilyresigned from the licence they held.CySEC will continue to conduct in-depthaudits and take all the appropriate actionsto safeguard investor protection and thesmooth functioning of the market.

Also, we are in the process of developingAlso, we are in the process of developingnew procedures and a methodologyto conduct data-driven supervision,which will allow us to identify anyirregularities and risks in the market atan early stage. In this respect, CySEC isresponding to the need to manage BigData with RegTech systems that willuse Artificial Intelligence and CloudComputing. These solutions will enableCySEC to quickly screen data, representinglarge and varied trading volumes,in order to automatically detect risksand irregularities at an earlier stageand, thus, be able to react more quicklyagainst these risks.

A recent CySEC Policy StatementA recent CySEC Policy Statementessentially required investmentservices to be ring-fencedfrom crypto-asset activities. Whatis the rationale underpinning thisapproach?

There is very straight-forward reasonfor this – we don’t want to see issues spillover into investment services from otheractivities such as cryptoasset activitiesthat are not fully regulated.

Do investors in Cyprus understandthe risks of investing in cryptocurrencies? Is CySEC educatinginvestors about these risks?

Right now, what we are seeing aroundthe globe is a lot of hype around cryptoassets;I would even call it irrationalexuberance. This is understandablebecause in the financial markets a newproduct creates a lot of attention similarto the dot.com bubble in the late 1990sor the complex, securitised financialproducts in the 2000s. But I think themarket still has a lot of informationto digest and understand, particularlyin terms of what cryptocurrencies are,how the mechanics of cryptocurrency work, what their purpose is and whatwork, what their purpose is and whatthe risks are.

There is a general lack of knowledgeThere is a general lack of knowledgeamong investors around the globe interms of cryptoassets. Providing knowledgeand education around cryptoassetsand improving financial educationand skills in general is part of the role ofthe regulators. CySEC undertakes variouseducative actions and initiatives,through publications on its websiteand in the media. CySEC participatesin World Investor Week 2021, with theaim of contributing to the global driveto educate and protect investors. Overthe past year, CySEC has been part ofa national effort and is participating atthe ad-hoc Committee for Financial Literacyand Investor Education, togetherwith the Central Bank of Cyprus, theMinistries of Education and Financeand our two state universities to createa national strategy for financial literacy.The aim is to submit the national strategyto the Council of Ministers in early2022. But while education is part of ourmandate, it’s also the responsibility ofmarket participants and the professionalsof the industry to educate investorsabout these types of assets by providingthem with the necessary information inorder to understand if the assets matchtheir needs.

What can investors do to identify/What can investors do to identify/avoid crypto and CFD fraudand scams?

The most important thing investorsmust do when considering an investmentis to do some research into thecompany offering the product or service,and consider whether seeking independentprofessional advice from anotherregulated entity might be appropriate.CySEC has a full list of all the companiesit regulates on its website, which iseasy to check. If a company is not listedby CySEC or another EU competentauthority and is fraudulently claimingto be a licensed firm, investors will nothave the same protections they wouldhave had with a regulated entity. It iscritical that investment firms classifytheir clients in an appropriate mannerso that more sophisticated, and oftenhigher-risk products and services areonly targeted at professional investors.This marketing process must be fair andnot misleading.

CySEC regularly updates its ‘Warnings’website on prevalent scamsand nefarious operators. Investors areencouraged to keep an eye on this sothey are aware of what types of fraudand scams are being tried.

Typically, investors should be especiallywary if they feel under pressure tomake a decision to invest quickly (suchas a time-limited offer), or are offeredreturns on their investment that soundtoo good to be true, or are told aboutproducts or services that don’t adequatelyexplain the risk of losing money.

CFD trading is inherently speculative,and firms must uphold their responsibilityto warn their clients that their capitalis at risk. Aggressive cold-calling tacticseither by phone, email, online pop-ups,or on social media are also likely to beperpetrated by unscrupulous providersrather than by reputable players inthe market. In the past, we have alsoobserved cases where people have fraudulentlypresented themselves as CySEC representatives in an effort to defraudinvestors. For this reason, CySEC hasissued several announcements informingthe public that it never sendsunsolicited correspondence to investorsor members of the public, nor does itever request any personal data, financialor otherwise.

As we move into a more digitalAs we move into a more digitalworld, the number of risks toinvestors is growing constantly.This is not only due to platformrelatedfraud or illicit activity, butalso due to hacking and cybersecurity.Does CySEC take cybersecurityinto account when auditingregulated firms that use investorsdeposits or accounts? Will you bedoing this in the future?

Data security is an organisationalrequirement under the investmentlaw. CIFs must have sound securitymechanisms in place to guarantee thesecurity and authentication of the meansof transfer of information, minimise therisk of data corruption and unauthorisedaccess, and prevent information leakagein order to maintain the confidentialityof the data at all times. It’s part of CySECsupervisory action plan each year.

What are your plans for theWhat are your plans for thenearest six months? What to expectfrom CySEC?

Our goal as CySEC is to continueacting as a protective shield for investorsthrough effective supervision andguiding the sound development of thesector. As part of our mission we areincreasing the level and the frequencyof supervision, particularly of online tradingplatforms, by expanding our internalresources. Given the internationaland largely web-based nature of theactivities of CIFs, CySEC has acquired asupervisory system for monitoring thesupervised entities’ online marketingactivities/materials. This tool will thereforefurther enhance CySEC’s ability tocollect, analyse, and monitor the marketingcommunications of CIFs. In terms ofpolicy making our aim is to consult onenhancing the clients’ money rules bymid to late 2022.

In addition, we have received fundingapproval from the EU Recoveryand Resilient Fund to explore the opportunityof transforming our InnovationHub into a Regulatory Sandbox. In thiscontrolled environment, fintech startupsand other entities will be able to testtheir innovative products or servicesin real conditions under the regulator’ssupervision.

We are also launching the Trust RegisterPortal which will keep the details ofthe beneficial owners of express trustsand similar legal arrangements. ThePortal is an additional tool to improvetransparency and combat money launderingand terrorist financing.

CySEC is also introducing new examsfor the providers of financial informationin regulated entities as part of the financialeducation of industry professionalsto ensure a high standard of service.

In 2020, CySEC added a newIn 2020, CySEC added a newregulatory category, Mini Managers,and a new investment product,Crowdfunding. What has beenthe reaction to these so far? Isthere scope to introduce other newregulatory categories?

Although the initial reaction has beenAlthough the initial reaction has beenfairly slow, we have recently approvedthe licence of the first mini managerand also pre-approved the licence of thefirst crowdfunding platform. Once thesenew entities start operating, and if theyend up being successful, I do see a trendtowards more applications in the futurefor both mini-manager and crowdfundingplatforms.

CySEC is also introducing a newregulatory category for fund administrators.The draft law will be submittedto the Ministry of Finance in 2022. Thefund administration is not regulatedat EU level; however, we believe thatregulating these entities will contributeto enhancing investor protection andmarket integrity by ensuring authorisationand supervision throughout thedelegation chain.

We are also looking at loan originationand loan participation for the fundsindustry. In many countries, there arerestrictions on these so we are beingcautious to make sure we address therelevant risks.

Environmental, social and governance-Environmental, social and governance-related factors are rapidlybeing integrated into the institutionalframework of the capitalmarkets. How ready are the regulatedentities to adopt the specificcriteria?

As in the case of any new regulation notonly in Cyprus but at EU and global level,we expect that there will be challengesin the application of ESG until a level ofmaturity is reached. Market participantsand investors are not fully informedabout what ESG entails and while someregulations have been passed in Europe,there's still no uniformity of regulatorypractices and approaches. There is alwaysthe risk of greenwashing or mislabellinginvestments towards ESG. If you havean investment that labels itself as ESG,somebody needs to approve it, somebodyneeds to rate it, but the criteria for thisare not clear yet. More work needs to bedone at national and EU level to createsustainable growth in this market.

In Cyprus, although we are yet to seeIn Cyprus, although we are yet to seea large-scale shift towards responsibleinvestments, we have already signed upa few alternative investment funds withan investment policy focusing on ESGfactors. Data gathered from asset managersin Cyprus showed that €40.2 millionof funds under management have asustainable investment strategy, whichis indeed a very promising step in theright direction. To encourage and assistinvestors and regulated entities in thisregard, and in line with the EU actionplan for financing sustainable growth,CySEC has confirmed its commitmentto fostering compliance with sustainablefinance standards, and in early 2021 wecreated a dedicated section on our websiteon sustainable finance, which givesinformation on the legislative measuresbeing introduced at the EU level.

Dr George Theocharides
Chairman of the Cyprus Securities and Exchange Commission (CySEC)

Dr Theocharides served as CySEC’s Vice Chairman since July 2020 andwas appointed new Chairman in 2021. As an Associate Finance Professor atthe Cyprus International Institute of Management (CIIM) and Director of theMSc in Financial Service Programme from September 2010 until July 2020, hehas extensive work experience in the wider financial sector.

Prior to joining CIIM, he worked as an Assistant Professor of Finance atthe Sungkyunkwan University of South Korea and as an International FacultyFellow at the Sloan School of Management of the Massachusetts Institute ofTechnology (MIT).

In the past, he served as a member of the Board of the Cyprus Securitiesand Exchange Commission, a member of the Interim Board of Bank of Cyprus,Chairman of the Board of the Cyprus Blockchain Technologies Ltd, as well as amember of the Board of Directors of the Cyprus-Kuwait Business Association.He also served as a member of the Training/HR Committee of the CyprusInvestment Funds Association (CIFA), as well as a non-executive member of theBoard of Directors for a number of organisations and companies in the financialservices sector.

He is also an Associate member of the Chartered Institute forSecurities & Investment (CISI) and a Research Associate at the UCL Centre forBlockchain Technologies (UCL CBT).

Dr Theocharides holds a degree of BEng (Hons) in Electrical Engineering &Electronics from the University of Manchester (U.M.I.S.T.), an MBA from theUniversity of San Diego, and a PhD in Finance from the University of Arizona.