top of page
Licensing-Service 1
Regulatory compliance - Service 2

Our Services

Licensing

Our Company fully undertakes the preparation of the necessary documentation required for the licensing process through a client-centric approach.

1. Investment Firm Licensing

A company that wants to provide investment services must be licensed and supervised by the Cyprus Securities and Exchange Commission (“CySEC”) under Law 87(I)/2017, which is the national transposition MIFID II Directive. Following the granting of the relevant authorization by CySEC, the investment firm acquires the so-called “passporting right” which allows the provision of investment services and activities on a cross-border basis in the other Member States without seeking authorisation in those host States. Other than the passporting rights, Cyprus has proven to be an exceptional and particularly attractive jurisdiction which is well known for its high level of services and which is at the top of the EU tax league table in terms of the attractiveness of its tax regime.

 

Authorisation Process

 

Timeframe

The authorisation of a Cyprus Investment Firm takes an average of 5-6 months after submission to get a final response considering that there are no exceptional circumstances surrounding the application. It is also possible to utilize the fast-track scheme of CySEC, based on which there is an additional fee of EUR 25.000 paid to CySEC, which can reduce the processing time of the application by CySEC to two (2) months.

Capital Requirements

Cyprus Investment Firms (“CIF”) need to have a minimum amount of capital which depends on the services and/or activities they provide.

1. A CIF that provides one or more of the following investment services without holding clients’ money or/and client’s financial instruments must have an initial capital of €75,000:

  • Reception and transmission of orders concerning one or more financial instruments,

  • Execution of orders on behalf of clients,

  • Portfolio management,

  • Investment advice,

  • Placing of financial instruments without a firm commitment basis.

 

2. A CIF that provides one or more of the following investment services with holding clients’ money or/and client’s financial instruments must have an initial capital of €150,000:

  • Reception and transmission of orders concerning one or more financial instruments,

  • Execution of orders on behalf of clients,

  • Portfolio management,

  • Investment advice,

  • Placing of financial instruments without a firm commitment basis.

 

3. A CIF that provides one or more of the following investment services with holding clients’ money or/and client’s financial instruments, must have an initial capital of €750,000:

  • Dealing on own Account

  • Underwriting of financial instruments and/or placing financial instruments on a firm commitment basis & one of the below services:

  • Reception and transmission of orders concerning one or more financial instruments,

  • Execution of orders on behalf of clients,

  • Portfolio management,

  • Investment advice,

  • Placing of financial instruments without a firm commitment basis.

 

General Requirements:

Before the application for authorization, a Cyprus firm must be incorporated with the Registrar of Companies.  Furthermore, It is required that the company’s board of directors consists of two executives and two independent non-executive directors, the majority being Cyprus residents. In addition, the Investment Firm will need to have a local physical presence. In this respect, the firm must have a local office adequately equipped and staffed with all key personnel on a full-time basis in order to qualify to apply for the relevant authorization.

Application Fees

For the purposes of examining the application, the applicant shall pay to the Cyprus Securities and Exchange Commission the following:

  1. €7,000 for the following investment services:

  • Reception and transmission of orders concerning one or more financial instruments,

  • Execution of orders on behalf of clients,

  • Dealing on own account,

  • Portfolio management,

  • Provision of investment advice,

  • Underwriting of financial instruments and/or placing financial instruments on a firm commitment basis,

  • Placing of financial instruments without a firm commitment basis

2. €25,000 for the following services:

  • Operation of an MTF

  • Operation of an OTF

3. €500 per ancillary service

4. €2000 if the applicant will engage in algorithmic trading

 

Our Company fully undertakes the entire process and the preparation of all applications and documents that must be submitted to CySEC until the license is granted.

 

2. Crypto-Asset Service Providers

The adoption of the 5th Anti-Money Laundering Directive (EU Directive 2018/843) has significantly changed the legal status of cryptocurrencies by making them more transparent, setting out at the same time the necessary safeguards to effectively prevent the use of cryptocurrencies as a vehicle through which money launderers may achieve to conceal their illicit activities.

 

Following the implementation of the 5th AML Directive, the Cyprus Securities and Exchange Commission, as the national supervisory body, has set relevant procedures for the registration of Crypto-Asset Service Providers. 

 

The applications for registration to the Register of Crypto-Asset Service Providers held by CySEC must be submitted to CySEC. The application must contain the name, trade name, legal form and physical address of the applicant (potential Crypto-Asset Service Provider). The Commission must inform the applicants within six months from the date of submission of their applications. Once the application for registration is approved, CySEC shall immediately register the applicant in the Register.

 

The benefit of setting up a Crypto Assets services company in Cyprus is great, and except for the tax advantages, it could allow you to operate throughout the European Union.

 

Authorisation Process

 

Timeframe

The competent authority informs the applicant within six (6) months from the submission of the application, considering that there are no exceptional circumstances surrounding the application.

Capital Requirements

CASPs need to have a minimum amount of capital which is depended on the class in which they will be classified.

 

1. Class 1: A CASP that provides one or more of the following services must have an initial capital of €50,000:

  • Investment Advice

2. Class 2: A CASP that provides one or more of the following services must have an initial capital of €125,000:

  • reception and transmission of client orders

  • execution of orders on behalf of clients

  • exchange between crypto-assets and fiat currency

  • exchange between crypto-assets

  • participation and/or provision of financial services related to the distribution, offering and/or sale of crypto-assets, including the initial offering

  • placement of crypto-assets without firm commitment

  • portfolio management.

3. Class 3: A CASP that provides one or more of any of the services referred to in Class 1 or 2 and/or any of the following services must have an initial capital of €150,000:

  • administration, transfer of ownership, transfer of site, holding, and/or safekeeping, including custody, of cryptoassets or cryptographic keys or means enabling control over cryptoassets

  • underwriting and/or placement of cryptoassets with firm commitment and/or

  • operation of a multilateral system, which brings together multiple third-party buying and selling interests in cryptoassets in a way that results in a transaction

 

Application Fees

For the purposes of examining the application for registration in the CASP Register, the CASP shall pay to the Cyprus Securities and Exchange Commission a fee of 10,000 euros.

Regulatory Compliance

1.Annual Internal Audit Report

All CySEC regulated entities (Investment Firms, Crypto-Asset Service Providers, Administrative, Funds) are required to appoint an internal auditor on an annual basis who, after a thorough review of the company's activities and operation, will provide an independent report setting out his findings. The aim of the Annual Internal Audit is to add value and improve the functions of the regulated entities, the effectiveness of risk management and governance processes and to assist them in complying with the relevant directives and circulars of CySEC. In addition, one of the principal objectives of the Report is to provide relevant guidance to ensure their compliance with the relevant directives and circulars of CySEC.

The internal audit process is divided into the following stages:

  1. Preparation of the audit schedule

  2. Interview with the key personnel of the regulated entities

  3. Review necessary documentation, procedures, policies and controls

  4. Inspection of the different departments of the regulated entities

  5. Identification of weaknesses and best practices

  6. Report to the Board of Directors

  7. Evaluation of progress in implementing the recommendations and rectifying the weaknesses included in the Report

 

2. Risk Management

Risk management can be considered an essential component for the smooth operation of a company. Legal entities may face a wide range of risks that may negatively impact their corporate and financial development. Therefore, obliged entities need to establish, implement and maintain adequate risk management policies and procedures which identify the risks relating to the firm’s activities, processes and systems and, where appropriate, set the level of risk tolerated by the firm.

APC Compliance provides detailed, unique and tailored risk-management services to legal entities worldwide for the establishment of effective risk management policies that can support all aspects of their operation while ensuring the appropriate mitigation of each risk. Our company implements a structured, consistent and continuous risk management process, which allows the firms to be aware of their risks and how they can eliminate them.

Our Risk Management Services include:

  1. Preparation of the Risk Management Manual

  2. Review of the adequacy and effectiveness of the risk management policies and procedures

  3. Business Best Practices

  4. Strategic Risk Advisory

  5. Suggest new and further develop the existing governance and control frameworks within a firm

  6. Evaluate the key structures and processes required in order to achieve an effective corporate governance and risk management

  7. Assess the impact of any new regulatory changes introduced within the EU law on the company’s risk profile

  8. Establishment of the procedures and risk management manual for the regulated entity to fulfil the specific needs of each entity based on its size, internal organization and the nature, scope and complexity of its activities

  9. Implementation of governance arrangements that ensure effective and prudent management of an obliged entity, including the segregation of duties within the organization and the prevention of conflicts of interest.

 

3. Capital Adequacy Consulting

The outcome of the internal capital adequacy assessment process (ICAAP) represents the view of the obliged entity on the capital it should hold, given its risk profile and the complexity of its business. The ICAAP is a set of processes, procedures and measures implemented by a regulated entity to ensure appropriate identification and measurement of risk, the appropriate level of internal capital in relation to their risk profile, and application and further development of suitable risk management and internal control systems.

 

Our experts’ deep knowledge of the financial sector industry allows us to provide tailored advisory services to financial entities in relation to the long-term management of their capital. Our team provides the following services:

  1. Capital Adequacy Monitoring

  2. Assistance in the preparation of the Internal Capital Adequacy Assessment Process (ICAAP)

 

4. Reporting Support & Outsourcing

The regulatory reporting requirements are increasingly demanding and excessively burdensome, and specialist knowledge is necessary to deal with them. The CySEC regulated entities are required to submit monthly, quarterly and annual reports.

 

To assist you in meeting your regulatory reporting obligations, our services continue beyond the engagement field work. Our methodology combines a deep understanding of required regulations and the industry’s best practices. APC Compliance can undertake the preparation of the various reporting obligations as per the regulator’s requirements:

  1. The Annual Anti-Money Laundering Compliance Officer Report;

  2. The Annual Compliance Function Report

  3. Annual Risk Management Report

  4. Quarterly Statistics Form QST

  5. Annual Disclosure & Market Discipline Report

  6. Annual Internal Audit Report

  7. Quarterly RTS 27 Execution Quality of Transactions

  8. Annual RTS 28 Execution Quality Summary Statement

  9. Quarterly Country Analysis Form

  10. Internal Capital Adequacy Assessment Process (ICAAP)

 

APC Compliance also provides you with the option to outsource some of your functions permanently to relieve the pressure of meeting the strict schedules set by the Regulator.

5. Preparation of Manuals

 APC Compliance, specializes in compiling a number of Manuals and Policies which are mandatory for regulated service providers (investment firms, audit firms, corporate service providers, law firms) in order to comply with the relevant legislative and regulatory requirements. As our methodology combines a deep understanding of the required regulations and industry best practices, we can undertake the preparation of the following manuals:

  1. Anti-Money Laundering & Terrorist Financing Manual, including all required forms and procedures for the compliance of the company with current regulations and requirements;

  2. Sanctions Manual;

  3. DAC6 Manual;

  4. GDPR Manual (in accordance with the GDPR Regulation and decisions and guidelines issued by the Data Protection Commissioner);

  5. Quality Control - ISQM Manual (for audit firms) with the new requirements of ICPAC as per the ISQM1, ISQM2 and ISA220 (revised);

  6. Employee Manual;

Anti-money Laundering Compliance

Money laundering offences are considered to be among the top priorities of all EU regulators, which have adopted quite strict legislative frameworks regarding these offences. The complexity of the Anti-Money Laundering and Counter-Terrorism Financing requirements (“AML/CFT”) and the ever-changing landscape of AML make it necessary to adapt and enhance the internal procedures of the regulated entities.

 

At APC Compliance, we understand the range of that challenges and, with our AML regulatory advisory expertise, seek innovative ways to help regulated entities meet the growing and demanding regulatory requirements.

 

Our services in this area include the following:

  1. Monitoring and assessment of the effectiveness of the policies, practices, measures, procedures and controls applied for the prevention of Money Laundering and Terrorist Financing

  2. Tailor-made preparation/update of Anti–Money Laundering Manuals to eliminate deficiencies and to keep up regulated entities to date with any changes and updates of the Law

  3. Design a wide risk-based oriented Customer Identification (KYC) and due diligence procedures

  4. Construction of clients’ economic profile

  5. Assisting with the relevant background analysis of the information and documentation provided through a thorough examination of the client’s history, the main corporate activities, the management structure and the beneficial owners

  6. Analysis of Source of Funds and Source of Wealth

  7. Assisting in identifying the “red flags” and suspicious activities – behavior of clients

  8. Development and establishment of Internal Reporting Procedures

  9. Development and establishment of a clear client on-boarding policy, which is in line with the provisions of the Law and directives, after a detailed assessment of the risks faced by the particular client

  10. Establishment of procedures and methodologies in order to monitor account transactions for unusual behavior, as required by AML legislation.

GDPR

The Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) came into effect on 25 May 2018. The Regulation imposes a specific obligation on legal entities and organisations that collect data relating to individuals in the European Union. All companies should take the necessary measures to comply with the provisions of the GDPR Regulation, as well as with the instruction and guidelines issued by the Office of the Commissioner for Personal Data Protection, as the competent Authority.

For each personal data processing activity, companies should consider specific parameters, such as the principles relating to the processing of personal data, the legal basis of the processing, the duration of the processing and the technical and organizational measures taken for the security of the data.

Our services in this area include the preparation of the following:

  1. GDPR Audit (Assessment and evaluation of organisation’s existing level of compliance with the GDPR Regulation)

  2. GDPR Manual

  3. Employee Privacy Policy

  4. Client Privacy Policy

  5. Privacy Policy (Website)

  6. Employee Privacy Policy

  7. Record of Processing Activities

  8. Data Protection Impact Assessment

  9. Data Retention Policy

 

Our GDPR experts can provide you with any assistance in matters related to personal data protection and ensure your full compliance with the relevant legislation.

DAC 6

The DAC6 EU Directive requires EU-based intermediaries (including Lawyers, tax consultants, Administrative Service Providers etc.) to disclose cross-border structures which have been implemented as from 25 June 2018 and onwards. This reporting mainly consists of the tax structure involved and it covers holding companies, financing companies and most tax structures. The reporting will be done to the Cyprus tax authorities which in turn will share the information with the tax authorities of all other EU member states.

 

The penalties for non-complying with DAC6 are substantial and they vary from €1.000 to €20.000 per structure.

  

Our team of experts can assist you by identifying those arrangements that fall under the reportable category as per the regulation, as well as undertaking the reporting procedure. Our services include:

  • Preparation of DAC6 procedures manual

  • Review and assessment of arrangements/transactions in relation to the DAC 6 Hallmarks

  • Preparation of reporting file in xml format

Seminars/Trainings

APC Compliance offers training and seminars which are tailored made according to each client’s needs, either natural or legal person with a view to the transmission of the required knowledge and skills so that they can successfully overcome any problems that arise during the operation of their business. Our firm is offering training/seminars on topics related to the following:

  • International AML/CFT Standards

  • AML Directives, Guidelines and Circulars issued by the EU institutions and the relevant competent authorities of the member-states.

  • Money Laundering and Terrorist Financing Red Flags

  • Assessing AML/CFT Risk

  • The Anti-Money Laundering (AML) Duties, Responsibilities and Risks,

  • Know your Customer (KYC) & Customer Due Diligence (CDD)

  • Conducting and Responding to Investigation

  • Annual Reporting Requirements for obliged entities (e.g. law firms, audit firms, investment firms, insurance firms etc.)

  • Risk Management Policies

  • DAC 6

AML Compliance - Service 3
GDPR - Service 4
DAC6 - Service 5
Seminars/Trainings-Service 6
bottom of page