CySEC's supervisory findings: Dear CEO letter

On the 29th of December 2020 CySEC’s latest Dear CEO Letter went out to Cyprus Investment Firms (the ’CIFs’), within which the CySEC disclosed findings on deficiencies, identified after the conduct of desk-based reviews and onsite inspections to CIFs.

Contents of the Letter:

A. Scope of the letter

B. Key findings and CySEC expectations

C. General actions required by CIFs

D. CySEC's actions, next steps and follow-up measures

The letter applies particularly to CIFs that employ persons whose purpose is to promote the CIF’s services and products and information regarding investment and ancillary services, offered by the CIF.

Such persons include sales staff, sales agents, customer support officers, account managers, tied agents, affiliates, education persons, etc.

CIFs must act honestly, fairly and professionally when providing investment services.

The telephone recordings, reviewed in relation to the communication between clients and Staff, as well as the clients’ complaints, indicate that the Staff appeared to:

CySEC expects:

CIFs must understand the financial instruments offered or recommended, assess their compatibility with the needs of the clients and ensure that these are offered or recommended only when it is in the interest of the client.

The analysis of the records of communication between the CIFs under review and their clients, revealed that a number of clients did not understand the financial product that they were investing and the associated risks.

CySEC expects:

CIFs to consider the need of revising/amending their policies and procedures, accordingly, to ensure their compliance with Article 25(2)(b) of the Law and the obligations included in Part III ‘Product Governance Requirements’ of the Directive DI87-01.

CIFs must ensure that they offer or recommend financial instruments only when it is in the interest of the client.

CIFs must ensure that information addressed to clients is fair, clear and not misleading.

According to the findings of the Review, it appeared that the information provided to clients or potential clients was not accurate at all times.

CySEC expects:

CIFs to review the information addressed to clients, including marketing information in order to ensure that this does not incentivize/mislead, in any way, clients to start trading with a firm established in a non-EU jurisdiction (e.g. a related firm to the CIF).

CIFs must ensure that natural persons giving investment advice or information to clients are competent.

According to the Review, it was identified that in several cases the Staff claimed that their job was to “manage the client’s account” without the CIFs being authorised to provide the investment services and in other cases the Staff involved did not have any background in the financial services sector.

CySEC expects:

CIFs should have in place appropriate internal policies, procedures and controls in order to ensure that no unauthorised investment services are provided to clients and that the persons who are responsible for providing investment services are competent and authorised by CySEC as per the relevant directive.

CIFs must ensure that the financial instruments offered or recommended are appropriate for the client.

The Review revealed that several CIFs did not properly assess the clients’ knowledge and experience in the investment field relevant to complex products.

CySEC expects:

CIFs to consider the need to review the questionnaire and the relevant scoring methods used for assessing whether the investment service or product envisaged is appropriate for the client. CIFs are expected to take also into account Section 4 of the ESMA35-36-794 Q&As.

CIFs must have adequate complaints handling policies and procedures.

CySEC has observed an alarming increase in relation to the number of investors’ complaints submitted through other National Competent Authorities. The same trend has been observed in relation to the numbers of complaints that are escalated to the Financial Ombudsman.

CySEC expects:

CIFs must take immediate actions for re-evaluating and restructuring their policies and procedures, in order to ensure that the investors complaints’ are effectively handled.

The CIFs must maintain all necessary records in a way that enables CySEC to monitor compliance with the requirements of the Law that are mentioned in this Letter. CIFs are requested to (i) Review their policies and procedures and ensure that they fully comply with their regulatory requirements, and (ii) take without any delay, immediate corrective measures, where necessary, in order to comply with the requirements of the Law that are mentioned in the Letter.

The CySEC expects all CIFs to re-evaluate their adherence to the rules pertaining to the code of conduct and where they identify that clients were negatively impacted as a result of poor practices to rectify them, to quantify the impact and to consider additional remedial actions including compensating the respective clients.

Such re-evaluation and remedial measures (including compensation) should be documented and be held available for CySEC’s audit and should include a period commencing at least six months’ prior the date of issue of this Letter and ending as of the date of issue of this Letter.

CIFs should further assign to an Internal Auditor to prepare and submit an Ad-hoc report to the Board of Directors regarding the evaluation of the adequacy and the effectiveness of the CIF’s systems, internal control mechanisms and arrangements in relation to the conduct of business obligations.

CySEC will launch a follow-up review in due course, which is not expected to be sooner than four months, and expects CIFs to adhere to the content of the Letter as this will form part of CySEC’s supervisory assessments.

FAI COMPLY remains at your disposal to assist and provide clarification on the above. Please contact us for further information on our Compliance and Internal Audit services.

Written by Christos Eleftheriou, Junior Compliance Assistant of FAI Comply