Search Results

Understanding the Internal Organisation & Governance Directive of 2025 Introduction The Payment Institutions Internal Organisation & Governance Directive, issued in draft by the Central Bank of Cyprus (CBC), establishes comprehensive requirements for the development, application, and effective control of internal governance mechanisms for payment institutions. This Directive aims to ensure their effective and prudent management while aligning with international standards and practices. Purpose and Application Purpose The primary purpose of the CBC Directive is to set forth requirements regarding the development and effective control of internal governance mechanisms that payment institutions must implement. These measures are designed to ensure that institutions operate in a manner that is both effective and prudent, safeguarding the interests of all stakeholders. Application The Directive applies to licensed payment institutions established in the Republic. Institutions providing specific services exclusively may be exempt from certain requirements, subject to CBC approval. Proportionality and General Requirements General Requirements The Directive mandates strong governance with sound and effective management, including: A clear organizational structure with transparent and consistent lines of responsibility. Effective detection, management, monitoring, and reporting of risks, including non-compliance with regulatory frameworks. Internal control mechanisms, including compliance with anti-money laundering and counter-terrorism financing regulations. Procedures for monitoring and handling complaints and allegations. Administrative and accounting procedures. Proportionality Institutions must consider the nature, scale, and complexity of their activities and internal organization when developing and implementing internal governance arrangements. Management Body, Committees & Composition Roles & Responsibilities of the Board The Board of Directors (BoD) is responsible for the oversight, effective supervision, approval, and implementation of business strategies, key policies, risk strategies, and the governance framework. The BoD must ensure the establishment and effective implementation of a Conflicts of Interest Policy and regularly assess the effectiveness of governance arrangements. Board Composition The BoD's size and composition must reflect the institution's size, complexity, and activities. It must include at least two executive directors, one of whom is the CEO, and at least three non-executive, independent directors with the majority voting power. The chairman must be an independent non-executive director. Board Meetings The BoD must hold at least four regular or extraordinary meetings annually. Members can participate either physically or via videoconference, with physical attendance required at least once a year. Absences are limited to no more than two consecutive meetings or 25% of annual meetings. Annual Suitability Assessment The BoD, its committees, and its members must undergo an independent suitability assessment every three years, with the results reported to the CBC. Establishment of Board Committees The BoD must establish committees such as the Risk Management Committee and Audit Committee, primarily composed of non-executive directors. These committees are responsible for advising the BoD, monitoring risk management, and ensuring compliance.   Internal Governance Framework   The Three Lines of Defense Model The Directive emphasizes the Three Lines of Defense Model, ensuring a robust internal control system through clearly defined roles and responsibilities at various organizational levels. Corporate Values & Code of Conduct Institutions must establish a Code of Conduct based on international standards, promoting risk awareness, honesty, integrity, and compliance. Monitoring and training programs must ensure staff adherence to the Code. Customer Complaint Handling Institutions must maintain effective and transparent procedures for handling customer complaints, in line with ESMA Guidelines, and disclose relevant information on their websites. Internal Whistleblowing Policy & Procedure An internal whistleblowing mechanism must be in place, ensuring protection and confidentiality for whistleblowers. Institutions must comply with the Protection of Persons Who Report Breaches of Union and National Law. External Whistleblowing Mechanism Institutions must provide reliable mechanisms for staff to report potential or actual regulatory violations to the CBC, particularly when internal procedures may not be effective or pose risks to the whistleblower. Internal Controls System Institutions must develop and maintain a comprehensive internal control system, including regular external evaluations, to prevent money laundering and terrorism financing. Internal control functions may be outsourced, subject to stringent oversight.   Risk Management Framework Roles & Responsibilities The Risk Management function must have adequate authority, resources, and expertise to manage all institutional risks effectively. The Head of Risk Management directly reports to the BoD and ensures continuous risk monitoring and communication. New Products & Significant Changes Institutions must have a documented policy for approving new products and significant changes, covering compliance reviews, risk assessments, and regulatory adherence. Policy aspects: Ensures that all approved products and changes are aligned with the institution's risk strategy or undergo necessary reviews. Defines the scope for evaluating major changes, including new products, system modifications, risk management frameworks, and organizational restructuring. Incorporates significant process modifications, such as new external outsourcing arrangements and updates to technological systems. Establishes procedures for systematic pre-approval assessments and documented compliance reviews by the Compliance function. Covers parameters to consider before entering new markets, launching new products/services, or implementing substantial modifications. Provides clear definitions for key concepts such as "new product," "new market," and "significant changes." Outlines critical issues to address prior to approval, including regulatory compliance, accounting, pricing models, risk profile impact, profitability, resource availability, and internal tools for risk monitoring. Reporting to the Central Bank of Cyprus Institutions must submit various reports to the CBC, including minutes of BoD meetings, internal audit reports, risk management reports, compliance reports, and outsourcing assessment reports, all within specified timeframes. Timeline The new CBC Directive on Internal Governance of EMIs & PIs has undergone the final round of consultation and it is estimated to be officially issued by the CBC within H1 2025 - ealry H2 2025. Conclusion Overall, the CBC Directive on Internal Governance of EMIs & PIs  sets forth comprehensive requirements for payment institutions to ensure effective and prudent management. By adhering to these rules and guidelines, institutions will need to enhance their governance frameworks, manage risks effectively, and safeguard stakeholder interests.

On 29 April 2025, the European Securities and Markets Authority (ESMA) has introduced a set of detailed guidelines aimed at helping national regulators effectively prevent and detect market abuse within the EU’s crypto-assets markets. These guidelines are a crucial component of the implementation of the Markets in Crypto-Assets Regulation (MiCA), which came into force to establish a robust regulatory framework for digital assets. Why These Guidelines Are Critical Enhance Market Confidence:  Promote transparency and integrity in crypto trading. Prevent Market Abuse:  Detect and mitigate manipulation, insider trading, and other abusive practices. Harmonize Supervision:  Ensure consistent enforcement across all EU Member States, reducing regulatory gaps. Core Principles of the Guidelines ESMA emphasizes risk-based , proportionate  supervisory approaches tailored specifically for the unique environment of crypto markets. Proportionality:  Supervisory measures should align with the size, complexity, and risk profile of the market participants. Shared Supervisory Culture:  Foster collaboration and information sharing among NCAs through an open dialogue and mutual learning. Technology and Cross-Border Focus:  Address the specific challenges posed by social media, innovative technologies, and the inherently cross-border nature of crypto trading. Practical Supervisory Practices for NCAs The guidelines outline specific actions and frameworks for regulators to implement: Monitoring & Surveillance Establish ongoing, real-time monitoring systems tailored for crypto assets. Use advanced analytics and technology to identify suspicious activities. Engagement with Stakeholders Maintain open channels of communication with industry players, market participants, and other authorities. Conduct regular dialogues to understand emerging risks and best practices. Detection & Prevention Implement systems to identify suspicious transactions or activities promptly. Require entities to submit Suspicious Transaction or Order Reports (STORs) when anomalies are detected. Develop and refine internal procedures to prevent market abuse. Cross-Border Coordination Collaborate effectively with other NCAs for cross-jurisdictional cases of market abuse. Share intelligence, coordinate investigations, and enforce regulations uniformly across borders. Integration of Existing Practices Adapt current supervisory tools and processes to suit the crypto environment. Ensure that new surveillance and detection methods are compatible with existing legal and regulatory frameworks. Promoting Market Integrity Encourage industry initiatives aimed at self-regulation and ethical conduct. Organize awareness programs to educate market participants on market abuse risks. Reaction to Suspicious Activity Establish clear procedures for responding to suspicious transaction reports. Ensure swift, coordinated enforcement actions to address violations. ESMA and NCA Coordination Coordinate with ESMA and other national authorities to ensure a unified approach. Participate in cross-border enforcement actions and share best practices. Addressing Third-Country Obstacles Identify and mitigate barriers to effective supervision in cross-border crypto markets. Engage with non-EU regulators to facilitate cooperation and enforcement. Implementation Timeline Guidelines are to be finalized and communicated by June 30, 2025. Conclusion These comprehensive guidelines serve as a blueprint for EU regulators to strengthen oversight of crypto markets. By emphasizing risk-based, technology-driven, and collaborative supervision, ESMA aims to create a safer, more transparent environment that protects investors and enhances market integrity across Europe.

📢 Good news for companies across Europe! On April 3, 2025, the European Parliament gave the green light to delay some of the upcoming sustainability rules. This move is part of the European Commission’s broader effort to make compliance easier and help businesses stay competitive. 🔔 What’s changing? CSRD (Corporate Sustainability Reporting Directive) The deadline for "large companies" to start reporting has been pushed back by two years. Instead of needing to report on their 2025 financial year, they’ll now do so for 2027, with reports published in 2028. For " listed small and medium-sized enterprises (SMEs)" , listed companies (like SMEs), the new deadline is 2028, with reports coming out in 2029. The second phase of the Omnibus plan will likely narrow which companies need to report, making things even simpler. CSDDD (Corporate Sustainability Due Diligence Directive) Member states now have until July 26, 2027, to put these rules into national law, giving companies an extra year to prepare. Starting in 2028, the biggest EU companies (over 5,000 employees and €1.5 billion in turnover) and some large non-EU companies will need to follow the new due diligence rules. Smaller big companies (over 3,000 employees and €900 million in turnover) will also be included from that year. ⛔ What’s next? This delay was approved under an urgent procedure, and now the legislation just needs formal approval from the EU Council. This gives businesses a bit more breathing room to get ready for the future. While some details about exactly which companies will need to report and what standards they’ll follow are still being worked out, this move provides much-needed certainty and helps companies avoid rushing to meet deadlines that are now pushed back. All in all, it’s good news for companies looking to balance sustainability goals with manageable compliance. The EU is clearly trying to make the process smoother while still pushing forward on important sustainability commitments.

Introduction MiFID III, as entered into force on March 8, 2024, requires ESMA to develop regulatory technical standards (RTS) that specify criteria for evaluating the effectiveness of investment firms' order execution policies. The standards will impact how firms execute orders on behalf of both retail and professional clients. In that respect, on April 10, 2025, the European Securities and Markets Authority (ESMA) published a Final Report on the rules explaining how investment firms should establish their order execution policies and assess their effectiveness. In the draft Regulatory Technical Standards (RTS), ESMA specifies the rules, with the objective to enhance investment firms’ order execution and foster investor protection. The RTS includes requirements on:  the establishment of an investment firm’s order execution policy; this includes the classification of financial instruments in which firms execute client orders and the selection of venues for the order execution policy; the investment firm’s procedures and criteria to monitor and regularly assess the effectiveness of its order execution arrangements and order execution policy; the investment firm’s execution of client orders through own account dealing; and how an investment firm should deal with specific client instructions. In more detail but summarised form, the draft RTS deal with the following: General Criteria for Order Execution Policies Investment firms must define specific governance procedures for selecting execution venues. This includes: Ensuring venues are authorized by relevant authorities Maintaining an internal list that encompasses details such as the venue’s name, approval date, the classes of instruments, etc. Firms are required to implement robust valuation systems to ensure fair pricing, particularly for over-the-counter transactions. This is crucial for maintaining best execution standards, as mandated by regulatory articles Selection of Execution Venues When selecting execution venues, firms must consider client characteristics and needs. Key factors include: Order types and sizes relevant to clients Costs associated with execution, including trading fees and membership costs Comparisons of execution prices against reference datasets to ensure competitive pricing If a firm opts for a single execution venue, it must justify how this choice consistently delivers the best outcomes for clients. Order Routing Criteria Investment firms are required to specify the criteria for routing orders across multiple venues to secure optimal results. This involves: Assessing cost implications, including fees and commissions Considering the nature of the order and the client's profile (Retail Vs Professional) Utilizing historical market data to inform decisions For firms employing automated systems for order routing, clarity on system characteristics and safeguards to ensure best execution is necessary. Managing Client Instructions Investment firms must articulate how they handle specific client instructions that may deviate from their standard policies. This includes: Differentiating between general and specific instructions. Ensuring that any specific client request is processed accordingly, while other aspects of the order adhere to standard protocols Provide clients with the option to choose execution venues, ensuring transparency about potential costs associated with different venues. Dealing on Own Account When investment firms execute orders by dealing on their own account, they must outline: Strategies for ensuring best execution. Measures to identify and manage conflicts of interest. Risk assessment protocols for client orders. This component is especially pertinent for transactions involving over-the-counter products, where price fairness must be rigorously evaluated. Monitoring of the order execution policy Investment firms must monitor the effectiveness of their order execution policy to ensure compliance with established standards. Key elements to assess include the execution quality, price comparison against reference datasets, and adherence to predetermined thresholds for financial instruments. Firms should evaluate execution prices based on accepted deviations, traded volume percentages, and the number of client transactions meeting reference standards. Periodic assessment of the effectiveness of the order execution policy Investment firms are required to periodically assess the effectiveness of their order execution policy at least annually and in response to specific triggers, such as compliance concerns or material changes affecting execution ability. The assessment must include an evaluation of costs and fees, monitoring results, market developments impacting execution quality, and the emergence of new execution venues and their features. If an investment firm uses a single execution venue, it must assess whether this choice continues to provide the best results for clients compared to alternative venues. Any identified deficiencies in effectiveness must lead to updates in the order execution policies and internal arrangements within a reasonable timeframe, based on the severity of the issues. Implementation Timeline The new regulation will enter into force 20 days after publication in the Official Journal of the European Union  and will apply 18 months post-entry into force , estimated to be towards the end of 2026. Conclusion ESMA's new regulatory technical standards are critical for improving the order execution processes of investment firms across Europe. By adhering to these guidelines, firms can enhance client trust, ensure compliance, and ultimately deliver better financial outcomes. As the implementation timeline approaches, it is essential for firms to begin preparations to align their practices with the new standards.

🔔 Legal / Regulatory Alert – Cyprus! CySEC has issued today Circular 700, which outlines the obligation of Regulated Entities: Cyprus Investment Firms (‘CIFs’) Central Securities Depositories (‘CSDs’) Trading Venues (‘TVs’) Crypto-Asset Providers (CASPs) Alternative Investment Fund Managers (‘AIFMs’) UCITS Management Companies (‘UCITS’) regarding the assessment of incidents related to ICT Services as well as the reporting of Major Incidents Reporting, as emanated by Article 19(1)of Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) . 📊 Major Incidents Reporting - Step Approach Assess Impact : Determine the impact of the incident on ICT services to establish whether it qualifies as an ICT-related incident based on Articles 18(1) of DORA and Articles 1-7 of the Commission Delegated Regulation 2024/1772 . Classify Incident : If the incident is deemed ICT-related, classify it accordingly using the provided criteria. Evaluate Major Incident Thresholds : Refer to Articles 8-9 of the Commission Delegated Regulation 2024/1772 to assess if the incident meets the thresholds for a major ICT-related incident. Report to CySEC : If classified as a Major Incident, ensure that it is reported to CySEC in accordance with regulatory requirements. 📢 Phase Out Reporting & Submission Deadlines Initial Report:  Submit within four hours of classifying the incident as major, and no later than 24 hours after becoming aware of it. Intermediate Report:  Submit within 72 hours of the initial report, regardless of whether the incident's status has changed. An updated report must be submitted promptly, especially after regular activities are restored. Final Report:  Submit within one month of the intermediate report or the latest updated intermediate report. References: Commission Implementing Regulation (EU) 2025/302 with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat Commission Delegated Regulation (EU) 2025/301 with regard to regulatory technical standards specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats ⛔ Submission Process The Major ICT-related incident Form and the Significant Cyberthreats Template (Voluntary) (the ‘Incident Reporting Forms’) must be submitted to CySEC through the TRS system ONLY. The steps that the Regulated Entities have to follow for the successful submission of the template to the TRS, can be found here . After populating the required Excel fields in the Incident Reporting Forms, Regulated Entities should name the Excel file in accordance with the following naming convention: Username_DATDIR_IIRN-Version_YY.xlsx Example: XX_DATDIR_0000000001-0_25.xlsx

🔔 Legal / Regulatory Alert – Cyprus! CySEC has issued today Circular 700, which outlines the obligation of Regulated Entities: Cyprus Investment Firms (‘CIFs’) Central Securities Depositories (‘CSDs’) Trading Venues (‘TVs’) Crypto-Asset Providers (CASPs) Alternative Investment Fund Managers (‘AIFMs’) UCITS Management Companies (‘UCITS’) regarding the submission of Register of Information, as emanated by Article 28(3) of Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) . 📊 At which level the Register of Information shall be constructed The Register of Information should be: at individual entity level , where Regulated Entities are not part of a group of financial entities or where Regulated Entities are part of a group of financial entities and the parent undertaking is an entity outside of the Union and there is no Union parent undertaking. at the highest level of consolidation in the Union for groups of Regulated Entities that is available to the competent authorities. Further guidance for maintaining and updating the Register of Information, Frequently Asked Questions (FAQ) are shared by ESAs for guidance. 📢 Submission Deadline First submission due the deadline is Wednesday, April 30, 2025 , with a reference date of March 31, 2025. Going forward , Regulated Entities must fill in the Register of Information and submit it to CySEC on an annual basis, by February 28, each year , with reference date 31 December preceding the reporting date. Therefore, next reporting shall take place by February 28, 2026 with reference date 31 December 2025. ⛔ Submission Process The Register of Information Form should only be submitted via CySEC’s XBRL Portal . Once the Register of Information is completed, it should be zipped and submitted , through the Create filing. Regulated Entities may submit an XBRL file .

On April 3, 2025, the European Securities and Markets Authority (ESMA) released the MiFIR Review Consultation Package 4, which focuses on transparency regarding derivatives, package orders, and the input/output data for the derivatives consolidated tape. Overview This review, outlined in Regulation (EU) 2024/7913, introduces two new articles: Article 8a for pre-trade transparency and Article 11a for post-trade deferrals. This effectively separates the non-equity regime into two segments: one for bonds, structured finance products (SFPs), and emission allowances (EUAs) under revised Articles 8 and 11, and another for derivatives governed by the new Articles 8a and 11a. To ensure consistency across asset classes and in response to political guidance prioritizing bond transparency, ESMA has opted to address these issues separately. A final report regarding the transparency mandate for bonds, SFPs, and EUAs was published on December 16, 2024. The current consultation addresses the transparency requirements for derivatives as specified in Articles 8a and 11a. Key Proposals The consultation presents several significant proposals from ESMA: Transparency Regime for Derivatives : A new framework for exchange-traded derivatives (ETD) and over-the-counter (OTC) derivatives. This includes outlining the scope of derivatives subject to transparency, proposing new liquidity determinations for pre-trade waivers, and modifying fields and flags related to post-trade transparency. The table below provides an overview of the derivatives in scope of transparency. Deferral Regime : Establishing a new deferral regime for ETD and OTC derivatives, detailing various size thresholds and deferral durations for post-trade transparency. Amendments to Transparency Conditions : Proposing changes to the conditions under which MiFIR trade transparency requirements may not apply to transactions by members of the European System of Central Banks. Review of Package Order RTS : A reassessment of Commission Delegated Regulation (EU) 2017/2194 (‘Package order RTS’), particularly in light of new scope and liquidity determinations. Data Quality Standards : Developing draft regulatory technical standards that specify data quality requirements for prospective consolidated tape providers and data contributors for the OTC derivatives tape, as mandated by ESMA. Next Steps The consultation will remain open for comments until July 3, 2025. ESMA plans to publish a final report and submit draft technical standards to the European Commission in the fourth quarter of 2025.

On March 13, 2025, the European Commission Commission announced that will undergo a simplification process of GDPR.  In particular, the European Commission has adopted new proposals that will cut red tape and simplify EU rules for citizens and business , in line with its vision to make the EU’s economy more prosperous and competitive, as well as to foster a favourable business environment and ensure that companies can thrive.  It is anticipated that, the proposed changes will focus on easing record-keeping obligations for organizations with fewer than 500 employees while preserving the core principles of data protection. The suggested simplification strategies could involve: Streamlined Documentation Standards  that cut down the detail required for processing activities considered lower risk. Simplified Risk Assessment Frameworks  that deliver more straightforward guidance and less complicated approaches for SMEs to assess their data processing practices. Standardized Tools and Templates  that enhance compliance accessibility without necessitating specialized legal or technical skills. Overall, in its work programme for 2025, the European Commission announced a series of measures to address overlapping, unnecessary or disproportionate rules that create barriers for EU companies. Collectively, with these measures, the Commission wishes to reduce administrative burdens by 25%, and by 35% for small and medium-sized businesses, by 2029.

🔔 Legal / Regulatory Alert Cyprus! 🔊 Important Update for Employers and HR Professionals! The Transparent and Predictable Working Conditions Law of 2023 (L. 25(I)/2023) introduces significant changes to employment practices in Cyprus, in the context of a recent amendment of the said Law (L.126(I)/2024). According to the new Decree published on 20.12.2024 (Κ.Δ.Π. 455/2024), all employers must register essential employment terms in the ERGANI system by February 28.02.2025 the latest. Key terms to be registered include employer - employee details, working location - job description, employment start date, salary and payment frequency, working hours per day/week, annual leave duration and allocation method, probation period terms and other. Employers must ensure that these terms, along with other required details, are clearly defined and registered within the stipulated deadlines. Non-compliance could result in administrative fines and legal implications. Stay proactive to ensure alignment with these new transparency and predictability obligations. Let’s foster a fair and compliant employment culture! https://www.gov.cy/ergasia-kai-koinonikes-asfaliseis/ilektroniki-katagrafi-oron-ergasias/

Introduction The European Securities and Markets Authority (ESMA) recently published a Statement to guide investment firms in navigating these complexities within the framework of the Markets in Financial Instruments Directive II (MiFID II). The landscape of retail investment services is undergoing a transformative shift, largely driven by advancements in Artificial Intelligence (AI). This technology holds the potential to enhance efficiency, foster innovation, and improve decision-making processes. However, alongside these opportunities come inherent risks, including algorithmic biases, data quality challenges, and a potential lack of transparency. Potential Benefits of AI in Investment Services The adoption of AI in financial services is varied across firms and jurisdictions, yet several promising applications have emerged: Customer Service and Support : AI-driven chatbots and virtual assistants can enhance client interactions by providing immediate responses to inquiries and account-related queries. Investment Advice and Portfolio Management : AI tools can analyze client data—including financial situations and risk tolerances—to deliver personalized investment recommendations. By processing vast amounts of market data, AI can identify potential investment opportunities and assist in managing client portfolios. Compliance : Investment firms can utilize AI to streamline the analysis of financial regulations, detect non-compliance with MiFID II rules, and prepare compliance reports. Risk Management : AI can evaluate risks associated with various investment options, helping firms and clients manage their overall portfolio risks effectively. Fraud Detection : AI systems can monitor transactions and communications for unusual patterns that may indicate fraudulent activities, enhancing security measures. Operational Efficiency : By automating routine tasks such as data entry and report generation, AI allows employees to focus on more complex responsibilities. It is essential to note that these applications extend beyond tools developed by firms; they also encompass third-party AI technologies utilized by employees, which may or may not have senior management's direct approval. Risks for Firms and Clients Despite the benefits, the integration of AI into investment services is not without challenges: Over-reliance on AI : There is a risk that both firms and clients may depend too heavily on AI for decision-making, potentially neglecting the importance of human judgment, especially in volatile markets. Lack of Transparency : Many AI systems operate as "black boxes," making their decision-making processes opaque. This lack of explainability can hinder the adjustment of underperforming strategies. Data Privacy and Security : The extensive data collection required by AI tools raises significant privacy and security concerns, particularly regarding personal data. Algorithmic Bias : AI tools can produce biased outcomes due to training data that reflects historical inequalities or societal stereotypes. This can lead to misleading investment advice and unexpected risks. Conclusion As AI continues to evolve and integrate into retail investment services, it is imperative for firms to remain vigilant in addressing the associated risks while leveraging its potential benefits. The guidance provided by ESMA aims to ensure that investment firms prioritize their clients' best interests amidst this technological revolution. By maintaining a balance between innovation and accountability, the financial sector can navigate the complexities of AI and enhance investor protection in a rapidly changing landscape.

In recent years, the importance of Environmental, Social, and Governance (ESG) risks has surged, compelling financial institutions to re-evaluate their risk management frameworks. On 8 January 2025 , the European Banking Authority (EBA) released guidelines aimed at helping these institutions effectively manage ESG risks, ensuring not only compliance but also long-term sustainability and resilience. Understanding ESG Risks ESG risks encompass a broad range of issues that can significantly impact financial performance and institutional integrity. Environmental risks include climate change and resource depletion, social risks relate to human rights and labor practices, and governance risks involve corporate governance and ethical conduct. The interplay of these risks can lead to profound economic transformations, affecting the financial sector and requiring institutions to adapt proactively. Key Provisions of the EBA Guidelines Risk Integration : Financial institutions are required to incorporate ESG risks into their credit, market, operational, and liquidity risk frameworks. This comprehensive approach ensures that ESG factors are considered across all areas of risk management. Materiality Assessments : Institutions must conduct annual reviews for large entities and biannual assessments for smaller organizations to gauge the impacts of ESG risks on their operations. This regular evaluation is critical for identifying potential threats. Transition Planning : Institutions are mandated to align their strategies with EU climate targets, including achieving net-zero emissions by 2050. This alignment is essential for supporting a sustainable economy. Data and Reporting : Robust data collection processes are necessary for monitoring ESG-related performance indicators. Institutions must implement effective reporting frameworks to track their progress. Governance : ESG risks must be embedded within internal governance structures, risk appetites, and overall risk management frameworks. This ensures that ESG considerations are a fundamental part of decision-making processes. Impact on Financial Institutions The guidelines emphasize a forward-looking approach, requiring institutions to: Conduct scenario-based analyses for climate and environmental stress testing, enabling them to prepare for potential future risks. Develop sector-specific policies for high-risk industries, ensuring tailored strategies that address unique challenges. Enhance ESG capabilities within risk management teams, equipping them with the skills necessary to navigate complex ESG landscapes. Assess ESG risks as part of their capital and liquidity adequacy processes, integrating these considerations into their overall financial health assessments. Implementation Timelines The EBA guidelines will take effect on 11 January 2026 , for most institutions. However, smaller and non-complex institutions will have an extended deadline until 11 January 2027 , to comply with these requirements. This timeline provides financial institutions with a clear pathway to enhance their ESG risk management frameworks. Conclusion As the financial landscape evolves, the integration of ESG risks into institutional frameworks is no longer optional; it is a necessity for long-term sustainability and compliance. The EBA's guidelines provide a comprehensive roadmap for institutions to navigate this complex terrain, ensuring they are not only prepared for regulatory requirements but also positioned to thrive in a rapidly changing world. By embracing these guidelines, financial institutions can contribute to a more sustainable economy while safeguarding their own financial health.

🔔  Legal / Regulatory Alert – Cyprus! CySEC issued today the Circular 689, which adopts the EBA Guidelines on benchmarking of diversity practices, including diversity policies and gender pay gap  (the “Guidelines on benchmarking of diversity practices”). 🔊  Important Update for Class 2 Firms! The Guidelines on benchmarking of diversity practices apply to Class 2 firms. 📢  Latest Updates in brief CySEC has issued the Circular C689 on 19/03/2025 to bring to the attention of the Cyprus Investment Firms (the “CIFs”) that it adopted the EBA Guidelines on benchmarking of diversity practices, including diversity policies and gender pay gap (the “Guidelines on benchmarking of diversity practices”). The Guidelines outline the following: Investment firms, except for those categorized as small and non-interconnected, are required to provide specific information to competent authorities. This information will also be shared with the European Banking Authority (EBA) for the purpose of benchmarking diversity practices. Competent authorities must gather data from investment firms on an individual basis regarding diversity practices within their management bodies. This includes details about the composition of the management body, diversity policies, and the gender pay gap among its members. In view of the above, CySEC will notify the selected CIFs about their inclusion in the sample by January 31st of the relevant year. CIFs chosen for the 2025 sample have already been informed. ❓ What CIFs Must Do : CIFs included in the sample, should submit the required information via the Remuneration Diversity Form to CySEC, by   30 April , every three years starting in 2025   with a reference date of 31 December 2024, via CySEC’s XBRL Portal. ⛔ Why it Matters: CIFs needs to comply and are urged to consider the abovementioned EBA Guidelines and where necessary, take actions to ensure compliance with their provisions.