The Cyprus Securities and Exchange Commission (“CySEC”), as an authority regulating the operation of Cyprus Investment Firms (hereinafter referred to as “the CIFs”), has recently issued guidance on what it considers to be significant Cyprus investment firms (“CIFs”). This guidance was presented in the form of the CySEC Directive DI 144-2014-14 for the Prudential Supervision of Investment Firms (“the Directive”), which itself amended the Investment Services and Activities and Regulated Markets Law, Law 144(I) of 2007. The said Directive provides for more stringent and exact requirements regarding corporate governance of CIFs which are considered and/or deemed to be significant by reference to their size, internal organisation or the nature, scale and complexity of their activities.
CySEC’s policy is to apply an objective definition with pre-defined thresholds to determine which CIFs are considered significant for the purposes of these requirements. A CIF is deemed to be significant if it meets any of the following criteria:

• total assets in excess of €43 million;
• revenue for the preceding 12 months in excess of €50 million;
• clients’ money in excess of €60 million;
• clients’ assets in excess of €2 billion.

CIFs must regularly assess whether they meet the criteria as this shall directly affect the internal procedures to be taken. As soon as a CIF becomes aware that it is likely to meet any of them it must make arrangements to establish and have in place sound, effective and comprehensive strategies, processes and systems to achieve compliance with the requirements that apply to a ‘significant CIF’. One of the most important step is to build up a strong and effective system of evaluation of potential risks that may arise taking into consideration the clients’ portfolio, future projects etc. of the CIF. These arrangements must be in place and effective no later than three months from the date the CIF meets any of the criteria.
If a ‘significant CIF’ falls below all of the thresholds it must nevertheless continue to comply with the requirements applicable to a ‘significant CIF’ until the first anniversary of the date on which it ceased to be a ‘significant CIF’. In cases where it deems it appropriate CySEC may require a CIF to comply with the requirements that apply to a ‘significant CIF’, even though the CIF does not meet any of the criteria.

New CySec Directive On Corporate Governance Of CIFs