Search Results

🔔  Legal / Regulatory Alert! ESMA has issued a warning letter in connection to the use of Artificial Intelligence for Investing, aiming to inform investments on what should know / what should be aware of. 🔊  Important Update for ALL investors! 📢  In brief Use AI as a Tool, Not a Sole Resource : AI tools can provide investment suggestions, but they should not be the only resource for financial decisions. It’s vital to consider multiple perspectives and consult authorized professionals. Be Wary of Promises : Avoid get-rich-quick schemes and be skeptical of AI tools promising high returns, as these claims are often unrealistic and misleading. Regulatory Awareness : Publicly available AI tools are not regulated and do not have an obligation to act in your best interest, which increases the risk of poor investment decisions. Understand Limitations and Risks : AI-generated advice can be based on outdated or inaccurate information. Predicting market movements is inherently risky, and human judgment remains crucial. Protect Your Privacy : Do not share personal information with AI tools, as they may lack adequate security measures, putting your data at risk. Always prioritize your privacy when using these services. ❓ What should be aware of : ⛔ Why it Matters: Client protection shall remain on top of the agenda of regulated entities as well as investors.

🔔 Legal / Regulatory Alert – Cyprus! CySEC has issued today Circular C691, which outlines the requirements for Cyprus Investment Firms (CIFs) regarding the submission of quarterly statistics. 📊 Important Update for CIFs! Circular C691 mandates that all CIFs authorized by March 31, 2025, must complete and submit the latest version of the Form QST-CIF to CySEC. 📢 Key Updates in Brief CySEC has released Circular C691 on March 26, 2025, informing CIFs about the submission process for the Form QST-CIF. This submission is crucial for compliance with section 25(1)(c)(ii) & (iii) of the CySEC Law. 1. Submission Requirements: All authorized CIFs must submit the completed Form QST-CIF, Version 16, by May 5, 2025. CIFs that have not utilized their authorization must also submit the Form. Upon submission, firms must receive a feedback file confirming receipt, which indicates whether the submission was error-free. 2. Importance of Deadline: The deadline for submission is set for May 5, 2025. CIFs are reminded that this deadline is crucial to avoid administrative penalties as outlined in section 37(5) of the CySEC Law. No reminders will be sent to firms that fail to comply. 3. General Instructions: The Form is to be completed in English and all monetary values reported in Euros. CIFs must ensure they are using the latest version of the Form and follow the provided instructions closely. 4. Naming Convention for Submission: CIFs are required to name their Excel file following this format: Username_yyyymmdd_QST-CIF This ensures proper identification and processing of submissions. 5. Support for CIFs: CIFs with questions regarding the Form completion should submit inquiries in writing before April 28, 2025, to the designated email. For technical issues related to submission, they can visit the CySEC website or reach out to the technical support email. ⛔ Why It Matters: CIFs are urged to comply with these requirements to avoid penalties and ensure proper reporting. Adhering to the submission guidelines is essential for maintaining regulatory standards and operational integrity.

🔔  Regulatory Alert! 📢 2025 is going to bring a wave of new compliance regulations and financial industry regulations that are likely to deeply influence the landscape. For finance professionals in Europe, this means a period of preparation and deeper understanding of the changes.   Key regulatory changes affecting the financial sector in Europe along with regulatory tips on what it means for businesses and how to prepare for it, are provided below. ⛔ Why it Matters: Stay tuned ... Compliance is not about avoiding regulatory fines and penalties. It's about building trust with customers, investors, and regulators, and embracing the upcoming changes can help financial institutions and position themselves as leaders and champions in the ever-evolving financial industry.

Introduction In November 2023, European institutions finalized a political agreement on a new directive aimed at amending the existing AIFMD, known as the Amending Directive. This directive was published in the official Journal in March 2024. A major challenge was establishing a framework for EU AIFMs managing AIFs involved in loan origination activities. This article summarizes the key features of the loan origination regime established in the political agreement. The new regulations will take effect on April 16, 2026, and will be particularly relevant for managers of dedicated credit funds and those managing other funds that provide loans, including shareholder loans in private equity contexts.   What is a ‘Loan-Originating AIF’? A "loan-originating AIF" is defined in Article 4 as an AIF that either: Primarily focuses on originating loans, or Has originated loans that account for at least 50% of its net asset value. Loan origination is described as granting loans directly by an AIF or indirectly through third parties or special purpose vehicles, where the AIFM or AIF is involved in structuring the loan prior to exposure. AIFMD II differentiates between an AIF engaged in loan origination and a “loan originating AIF,” which has implications for the application of various rules. Risk Management Requirements Policies and Procedures AIFMs are required to implement effective policies, procedures, and processes for granting credit related to loan origination activities. If an AIFM oversees an AIF engaged in loan origination or purchasing loans from third parties, it must also manage credit risk and administer the AIF’s credit portfolio. These policies must be regularly updated and reviewed at least annually. These requirements do not apply to shareholder loans, provided their total does not exceed 150% of the AIF's capital. Concentration Limits AIFMs must ensure that the total value of loans to any single borrower does not exceed 20% of the AIF’s capital if the borrower is: A financial undertaking defined by Article 13(25) of Solvency II, Another AIF, or A UCITS. This 20% limit must be adhered to as specified in the AIF’s official documents and can be extended under exceptional circumstances. Leverage Limits For "loan-originating AIFs," leverage must not exceed: 175% for open-ended AIFs, 300% for closed-ended AIFs. Leverage is calculated as the ratio of the AIF’s exposure to its net asset value. Certain borrowing arrangements fully backed by investor commitments can be excluded from this calculation.   Risk Retention Requirements To discourage quick re-sales of loans on secondary markets, AIFMs must retain 5% of the notional value of each loan they originate and subsequently transfer to third parties. Specific retention periods apply based on the nature of the loan. Restrictions on Lending AIFMD II prohibits AIFs from granting loans to: The AIFM or its staff, The depositary or its delegates, Any entity within the AIFM’s group, unless it is a financial undertaking that exclusively finances unrelated borrowers. Member States may also restrict AIFs from lending to consumers, as defined by the Consumer Credit Directive. Prohibition on Originate to Distribute AIFMs are prohibited from managing an AIF that engages in loan origination solely for the purpose of transferring those loans to third parties. Liquidity Management Obligations Under AIFMD II, a loan-originating AIF can only be open-ended if its AIFM demonstrates that the AIF’s liquidity risk management system aligns with its investment strategy and redemption policy. Open-ended AIFs are subject to enhanced liquidity risk management requirements, including selecting additional liquidity management tools from a specified list.   Grandfathering The leverage limits, concentration limits, and liquidity management requirements mentioned above do not apply to preexisting AIFs until April 16, 2029, or at all if those AIFs do not raise further capital after AIFMD II takes effect. However, if an existing AIF is already in breach of the leverage or concentration limits when AIFMD II takes effect, it must not increase its leverage or lending until April 16, 2029. Additionally, some of the requirements relating to loan origination could apply to loans originated from April 15, 2024, if they are still in place by April 16, 2026. Conclusion The introduction of the loan origination regime under AIFMD II represents a significant shift in the regulatory landscape for EU AIFMs. By establishing clear definitions, risk management protocols, and obligations regarding loan origination, the directive aims to enhance transparency and stability within the financial system. As the effective date approaches, AIFMs must ensure compliance with these new requirements to successfully navigate the evolving regulatory environment. This regime not only impacts dedicated credit funds but also influences a broader range of financial entities engaged in loan activities, underscoring the need for adaptation to these regulatory changes.

🔔 Regulatory Alert _Relaxation! 🔊  Applicable to: Investment Firms, Insurance Companies, Financial Institutions 📢  Latest Update – Focus on DORA The European Banking Authority (EBA) repealed its  Guidelines on major incidents reporting under the Payment Services Directive (PSD2)  due to the application of harmonised incident reporting under the Digital Operational Resilience Act (DORA) as from 17 January 2025. Purpose & Goal of Repealing DORA, applies since 17 January 2025 and introduced a set of harmonised incident reporting requirements that apply to financial entities across the banking, securities/markets, insurance and pensions sectors. The repeal of the Guidelines aims at simplifying the reporting of major incidents by payment service providers (PSPs) and providing legal certainty to the market. In that regard, to ensure legal clarity and certainty for the payment service providers covered by DORA, and to simplify the overall reporting of major incidents by PSPs, the EBA has decided to repeal its Guidelines on major incident reporting under PSD2 for entities covered by DORA. Entities Covered by DORA : DORA applies to a wide range of financial entities, including: Credit institutions Payment institutions Electronic money institutions Account information service providers It is important to note that incident reporting requirements under PSD2 still apply for other types of PSPs (e.g. post-office giro institutions and credit unions) that are not covered by DORA. Those PSPs that are still subject to incident reporting requirements under the PSD2 can be subject to national incident reporting requirements, regardless of the existence of the EBA Guidelines. Competent authorities willing to retain the incident reporting approach included in the EBA Guidelines for those PSPs can continue to do so under their national legal framework or supervisory measures.  . ⛔ Why it Matters: Compliance and internal audit functions are designed to ensure that the internal control mechanisms to monitor, identify, measure, and mitigate any possible risks of non-compliance with the applicable rules are in place. Therefore, ensuring that the entities have robust internal controls is crucial to avoid investor detriment and preserve financial stability.

Background of AIFMD II The Alternative Investment Fund Managers Directive (AIFMD) has undergone substantial revisions with the introduction of AIFMD II, aimed at enhancing regulation and investor protection within the European Union's financial landscape. This article delves into the significant changes introduced by AIFMD II, their implications for fund managers, and the expected impact on the investment sector. Key Time milestones On November 25, 2021, the European Commission unveiled proposals to amend the AIFMD, followed by a series of negotiations involving the Council of the EU and the European Parliament. After extensive discussions, a provisional agreement on AIFMD II was reached in July 2023. The final text was published in the Official Journal of the EU on March 26, 2024, with an implementation date of April 15, 2024. Member States have until April 16, 2026, to transpose these provisions into national law. Major Changes in AIFMD II Delegation Framework AIFMD II retains the existing delegation structure but enhances the requirements for oversight and reporting: Supervision Enhancements: AIFMs must notify their national competent authority (NCA) when delegating functions to third parties. This requirement ensures that supervisory bodies maintain updated information on delegation arrangements. Expanded Liability: The liability of AIFMs extends to include not only core delegated functions but also ancillary services, reinforcing the need for careful selection and monitoring of delegates. Clarification on Marketing: The directive clarifies that marketing functions performed by distributors do not constitute delegation, alleviating some industry concerns. Key Requirements for Delegation Qualified Delegates: AIFMs must ensure that delegates are adequately qualified to perform delegated functions and that they are monitored effectively. Data Reporting: AIFMs are required to provide detailed information about the percentage of assets subject to delegation, although this data will not serve as an evidential indicator for assessing the adequacy of risk management. Authorisation Requirements The authorisation process has been modified to demand more detailed disclosures from AIFMs: Granular Information: AIFMs must provide extensive details about the individuals conducting business, delegation arrangements, and resources allocated for portfolio and risk management tasks. Partial or Full Delegation: AIFMs must specify whether their delegation arrangements are partial or full, enhancing transparency for regulatory oversight. Reporting Obligations AIFMD II introduces comprehensive reporting requirements designed to enhance transparency and regulatory oversight: Detailed Risk Profiles: AIFMs are required to report on various risk aspects, including market, liquidity, counterparty, and operational risks, as well as total leverage employed by the AIF. Delegation Specifics: AIFMs must disclose information about the number of resources allocated for portfolio management, a list of delegated activities, and the start and end dates for delegation arrangements. Disclosure to Investors The revised directive places a strong emphasis on investor transparency: Enhanced Disclosure: AIFMs must provide more detailed information regarding risks, fees, and investment nature both prior to and periodically throughout the investment period, ensuring investors are well-informed. New Loan Origination Regime AIFMD II introduces a new framework for loan origination, which is expected to significantly impact investment strategies and operations within AIFs. The updated Loan Origination regime within AIFMD II introduces several significant modifications: Lending Passport: A major feature is the introduction of a lending passport, allowing for greater mobility in loan origination across the EU. Leverage Limits : New leverage restrictions have been established, capping closed-ended funds at 300% and open-ended funds at 175%. These limits may pose challenges for funds engaged in substantial loan origination activities. Applicability : The regime specifically targets EU full-scope AIFMs managing funds involved in loan origination, with additional requirements for those significantly engaged in this activity. Flexibility: Interestingly, the regime allows for both closed-ended and open-ended structures for loan-originating AIFs, providing some operational flexibility. Risk Retention: A new requirement mandates that AIFMs retain 5% of the risk associated with loans, which aligns with existing EU regulations but is a novel application in the context of straightforward lending. National Implementation : As AIFMD II functions as an EU Directive, it must be integrated into national laws, which could lead to variations in implementation. Member States may also enhance their frameworks beyond the EU baseline, a practice known as "gold-plating." Non-EU Managers Exclusion: Notably, the loan origination regime does not extend to non-EU managers operating in the EU, potentially placing them at a regulatory disadvantage compared to their EU counterparts. The above underscores the importance of closely monitoring the implementation of AIFMD II, especially as it pertains to loan origination, as it may significantly influence market practices and regulatory compliance for fund managers. Upcoming Regulatory Guidelines / Technical Standards Implications for Fund Managers The amendments brought forth by AIFMD II will necessitate substantial adjustments in fund management practices: Increased Compliance Requirements : Fund managers will need to invest in compliance and reporting infrastructure to meet the new obligations. Focus on Risk Management: Enhanced risk management protocols will be critical for meeting regulatory standards and maintaining investor trust. Delegation Strategy Reevaluation : Fund managers will need to reevaluate their delegation strategies to ensure compliance with the new requirements and maintain effective oversight. Proactive Approach Scoping:  Identifying which of the new requirements and amendments are relevant to the AIF's regulatory footprint and activities. Gap analysis:  Based on in-scope activities, perform initial analysis to identify gaps, potential actions, accountable owners, and timelines.  Product suite:  Consider how the new requirements could impact on the AIF's commercial strategy, particularly regarding loan origination funds. Reporting capabilities:  Given the new information all AIFs will need to submit, start considering the technology capabilities that will be required and which function of the business will be responsible.  Conclusion AIFMD II marks a pivotal shift in the regulatory framework governing alternative investment funds within the EU. With enhanced transparency, stricter reporting obligations, and refined delegation rules, fund managers must proactively prepare for compliance ahead of the 2026 deadline. Understanding these changes will be essential for navigating the evolving investment landscape and ensuring competitive positioning in the market. As AIFMD II comes into effect, the emphasis on risk management and transparency will likely reshape how investment firms operate, ultimately benefiting investors and the broader financial ecosystem.

CYSEC launches a Common Supervisory Action (‘CSA’) with NCAs on Compliance and Internal Audit Functions 🔔  Regulatory Alert – Cyprus! 🔊  Cyprus UCITS Management Companies and Self-Managed Cyprus / Cyprus Alternative Investment Fund Managers and Self-Managed AIFs 📢  Latest Update – Compliance and Internal Audit Function to take actions! Following the ESMA decision in February 2025 for launching a Common Supervisory Action (CSA) with National Competent Authorities (NCAs) on compliance and internal audit functions of UCITS management companies and Alternative Investment Fund Managers (AIFMs) across the EU, CySEC via its Circular 688 introduced the initiation of its targeted thematic reviews for 2025. ❓ What CyUCITS MCs and CyAIFMs must do : Take all necessary measures to ensure full compliance with their legal and regulatory obligations regarding the compliance and internal audit functions. In this regard, CyUCITS MCs and CyAIFMs should review and, where necessary, enhance their internal control framework, ensuring that these functions are adequately resourced, independent, and effectively integrated into their governance structures, as well as take corrective actions, where deficiencies are identified, in line with the applicable regulatory requirements. ⛔ Why it Matters: Compliance and internal audit functions are designed to ensure that the internal control mechanisms to monitor, identify, measure, and mitigate any possible risks of non-compliance with the applicable rules are in place. Therefore, ensuring that the entities have robust internal controls is crucial to avoid investor detriment and preserve financial stability.

The Transparent and Predictable Working Conditions Law of 2023 (L. 25(I)/2023) introduces significant changes to employment practices in Cyprus (ERGANI) 🔔  Legal / Regulatory Alert – Cyprus! 🔊  Important Update for Employers and HR Professionals! The Transparent and Predictable Working Conditions Law of 2023 (L. 25(I)/2023)  introduced key employment compliance requirements in Cyprus, further amended by L.126(I)/2024 . 📢  Latest Update – ERGANI Deadline Extended! According to the new Decree published on 26.02.2025 (R.A.A. 58/2025), all employers are obliged to register essential employment terms in the in the information system “ERGANI” between January 2, 2025 and May 31, 2025.  This extension allows employers additional time to ensure compliance with the updated legislative obligations. ❓ What Employers Must Do :By the revised deadline , all employers  must register essential employment terms in ERGANI, including: ·       Employer and employee details ·       Job description and work location ·       Employment start date ·       Salary and payment frequency ·       Working hours per day/week ·       Annual leave duration and allocation method ·       Probation period terms and other key employment conditions ⛔ Why it Matters: Electronic recording in ERGANI plays a crucial role in regulating and supervising the labor market, helping combat undeclared work and reinforcing transparency in employment relationships. Non-compliance may result in  administrative fines and legal implications,  making it essential for businesses to act proactively.

Overview of the Retail Investment Strategy (RIS) The  Retail Investment Strategy (RIS)  was initiated by the European Commission following the  Action Plan for the Capital Markets Union (CMU)  adopted in September 2020. The CMU aims to enhance the financing of EU companies but recognizes challenges such as market lack of transparency, fragmentation and insufficient investment by individual investors. Objectives of the RIS Launched in May 2021, the RIS aims to: Increase protection  for individual investors Enhance participation  in the economy's financing Restore  investor confidence  by ensuring informed decision-making Stronger retail investments rules will give citizens the tools they need to make sound investment decisions on the EU’s capital markets at every step of their way. We need to get savings flowing into innovative European companies, including the small and medium-sized enterprises (SMEs) that are the backbone of Europe’s economy and that need to attract more private investment. These rules will contribute to deepening the capital markets union by increasing consumers’ trust in capital markets and channeling private funding into our economy. Vincent Van Peteghem, Belgian Minister of Finance RIS Covering Framework What’s the problem? Key Features of the RIS Legislative Proposal The RIS proposes significant legislative changes, including: Amendments to directives : Adjustments to the Markets in Financial Instruments Directive (MiFID) and Insurance Distribution Directive (IDD) focus on investor protection, reporting, and transparency. Strengthening product governance : A focus on ensuring a favorable quality-price ratio by controlling excessive costs and mandating benchmarks for product performance. Regulating financial incentives : The prohibition of trailer fees for non-advisory services and enhanced transparency regarding commission payments. Improving communication : Standardization of investor information through electronic formats and annual statements detailing costs and performance. Suitability assessments : Stricter evaluations to ensure that products align with investors' risk profiles and preferences. Enhancing financial literacy : Encouraging member states to promote financial education among Retail investors. New client classification:  There are new criteria for Retail investors to opt into professional clients as follows: The criterion with respect to the client portfolio is reduced from €500.000 to €250.000. The criterion with respect to experience has been amended to also cover clients who have ‘undertaken capital market activities'. A new criterion is added with respect to clients with ‘recognised education or training' that supports his/her understanding of the relevant transactions /services and ability to adequately evaluate risks. Impact for financial/investment service providers The RIS is seen as a positive move to bolster Retail investor participation. However, concerns exist regarding potential regulatory burdens and a limited range of products, particularly affecting small investors and SMEs. Financial players express the need for a balanced approach to avoid complicating the investment process or reducing available options for Retail investors. The RIS directly affects various financial actors, including asset managers, insurers, and banks. It addresses products like funds, life insurance, and structured products. Timeframes April 2024 : European Parliament votes on its position. June 2024 : EU Council adopts its position. Q4 2024 : Initiation of negotiations. 2026 : Initial expected date for the RIS implementation, subject to changes based on negotiation duration. Conclusion The Retail Investment Strategy will bring about substantial modifications to current systems and will affect the entire retail investment experience. Additionally, as it addresses client classification, client information, and suitability considerations, there will also be implications for IT systems.

Introduction The European Union (EU) has made significant advancements in modernizing its payment services framework with the introduction of Payment Services Directive 3 (PSD3) and the Payment Services Regulation (PSR). These regulations aim to enhance the existing payment system, promote innovation, and address evolving challenges in the digital payment landscape. Building on the foundations laid by PSD2, PSD3 and PSR seek to strengthen the sector against fraud, enhance transparency, and ensure high consumer protection standards. These reforms are designed to foster a secure, efficient, and innovative payments ecosystem in the EU and beyond. 1. PSD3 and PSR: Building on PSD2 The introduction of PSD2 brought about transformative changes, particularly focusing on security, consumer protection, and the promotion of innovation within payment services. PSD3 and PSR take these efforts a step further, expanding on the foundations of PSD2 by continuing to emphasize consumer protection, transparency, and market efficiency. Key Priorities of PSD3 and PSR: Secure Payment Transactions: Ensuring robust security protocols are in place, especially around Strong Customer Authentication (SCA). Enhanced Customer Rights: Empowering consumers with increased rights and protections, especially in the context of fraud prevention. Innovation Promotion: Facilitating open banking and the use of new financial technologies to offer consumers better services. In addition, APIs (Application Programming Interfaces) play a crucial role in enabling seamless communication and integration between different financial entities. APIs are sets of rules and protocols that allow one software application to interact with another. They act as intermediaries, enabling different systems to exchange data securely and efficiently. PSD3 introduces enhanced provisions for open banking, which require financial institutions to provide secure access to their payment services and accounts via APIs. These APIs are designed to allow third-party providers, such as fintech companies, to securely access customer payment data with consent, fostering innovation and competition in the financial sector. Furthermore, the PSR, as a part of PSD3, lays down the regulatory framework for the provision of payment services, ensuring that APIs are standardized, secure, and accessible. These regulations aim to ensure that consumers benefit from enhanced transparency, better service options, and greater security when engaging in digital payments. 2. Key Enhancements Under PSD3 ·        Enhanced Consumer Protection One of the primary objectives of PSD3 is to bolster consumer protection in the digital payment space. The following measures ensure that consumers can confidently engage in digital transactions, knowing that their rights and personal data are safeguarded: Stricter Strong Customer Authentication (SCA) Requirements: To enhance security and prevent fraud, PSD3 strengthens the requirements for Strong Customer Authentication (SCA), ensuring that online transactions are secured with multi-factor authentication methods. This aligns with the goal of increasing trust in digital payments. Improved Data Protection: PSD3 introduces stricter data protection standards, reinforcing the need for payment service providers (PSPs) to handle consumer information with the utmost care. This is a direct response to growing concerns over privacy and data breaches in the digital space. Comprehensive Risk Management: PSD3 mandates enhanced risk management frameworks for PSPs, which will lead to greater accountability in the event of fraud or security incidents. These frameworks are designed to ensure that payment providers act quickly to address security vulnerabilities, minimizing the risk of financial loss to consumers. ·        Broadened Transaction Coverage PSD3 seeks to create a more inclusive and robust payments framework by expanding the scope of transactions covered under its provisions: Increased Cross-Border Payment Protection: Consumers making cross-border transactions within the EU will benefit from the same level of security and consumer protection as they would for domestic payments. This enhances the overall efficiency and trust in the European payment system, which is key to fostering a single digital market. Digital and Remote Transactions: As digital and remote payments grow, PSD3 ensures that these transaction types are subject to the same regulatory standards as traditional payment methods. This guarantees that both consumers and businesses can rely on secure and transparent payment processes, no matter where they are. ·        Introduction of New Services PSD3 supports innovation in the payments industry by introducing legal recognition of new types of services that enhance consumer experience and reduce costs: Payment Initiation Services (PIS): PIS allow consumers to directly initiate payments from their bank accounts without using traditional card payment systems. This opens the door for more efficient and cost-effective payment solutions, contributing to increased competition among providers. Account Information Services (AIS): These services allow consumers to view aggregated payment account information from multiple banks in one interface. This innovative service not only improves transparency but also empowers consumers to make more informed financial decisions. By encouraging the growth of these services, PSD3 fosters a more competitive and innovative financial ecosystem, driving both efficiency and consumer choice. ·        Addressing Payment Fraud In response to the increasing threat of digital fraud, PSD3 takes significant steps to combat fraud and enhance security in digital payments: Non-Discriminatory Treatment of Third-Party Providers (TPPs): PSD3 ensures that TPPs are treated fairly by Account Servicing Payment Service Providers (ASPSPs), enabling secure access to consumer accounts for services like payment initiation and account aggregation. This ensures that third-party providers can safely operate within the regulatory framework, without compromising the security of consumer data. Enhanced Fraud Detection and Reporting: The new legislation mandates the implementation of more sophisticated fraud detection systems, which will allow PSPs to proactively identify suspicious transactions and minimize fraud risks. This is in line with PSD3's overarching goal of creating a secure payment environment for consumers and businesses and minimize fraud risks in digital payments. 3. The Scope and Impact of PSD3 PSD3 is designed to: Modernize Payment Services: Facilitating secure, faster, and more efficient payment processes across the EU. Enhance Consumer Protection: Ensuring that consumers’ rights are protected in every transaction, and providing clearer avenues for dispute resolution. Foster Innovation: Encouraging the development of new financial products and services, especially in the realm of open banking. •        It is a Full Harmonisation Directive meaning that Member States shall ensure that PSPs do not derogate, to the detriment of PSUs, from the provisions of national law transposing this Directive, except where explicitly provided for therein. It aims to ensure uniformity  and legal certainty across the internal market by eliminating variations . However, PSPs may decide to grant more favourable terms to PSUs. The Directive will take effect around 2026 following an 18-month transition period, during which both businesses and regulators will have time to adapt. 4. Legal Framework and Obligations The current legal framework includes: Directive (EU) 2015/2366 (PSD2), Directive 98/26/EC, and Regulation (EU) No. 910/2014 (e-IDAS). PSD3 will repeal and replace PSD2 and the e-Money Directive (EMD2), consolidating payment services and electronic money regulations into one cohesive framework. Non-bank PSPs will need to reapply for regulatory authorizations under the new PSD3 framework. This will ensure that all providers, regardless of their business model, meet the same high standards of security, compliance, and transparency. 5. e-Money Highlights e-money, or electronic money, continues to evolve as a key component of the digital payments ecosystem. According to the European Central Bank , the main distinction in modern e-money is between hardware-based  and software-based  products. Often, consumers may not even be aware of which form they are using. The new PSD3 unifies the framework of e-money institutions as well as the PIs, to address the issuance and redeemability of e-money, building on the regulatory framework established by the e-Money Directive (EMD2), which will be repealed once the PSD3 comes into effect. These enhanced provisions aim to provide a more secure, transparent, and efficient framework for e-money transactions, ensuring that both consumers and businesses can rely on the safety and accessibility of digital currencies. The integration of e-money within PSD3 also facilitates greater innovation in payment solutions, further expanding the variety of digital financial products available to consumers. 6. Buy Now, Pay Later (BNPL) and Consumer Protection The Buy Now, Pay Later (BNPL) service, which allows consumers to defer payments for purchases, has risen in popularity, especially among younger consumers. However, BNPL services are not classified as a payment service under PSD3, and there is no explicit provision for them in the regulatory text. Nevertheless, a narrow exception may be provided under PSD3 for one-time BNPL transactions that do not involve the use of payment accounts or payment cards. BNPL services are regulated under the Consumer Credit Directive (CCD), specifically Directive (EU) 2023/2225. This Directive sets out stricter regulations for consumer credit agreements, including BNPL services, ensuring that consumers are protected from excessive debt and informed about the terms and conditions of their agreements. Key Features of BNPL under the CCD: Interest-Free Credit: Many BNPL services offer credit with no interest or extra charges, which is particularly attractive to consumers. Consumer Protections: Under the CCD, BNPL providers must ensure clear disclosure of terms, including repayment schedules and fees, to avoid misleading consumers. Exclusions under the CCD: The CCD does not apply to all BNPL schemes. Exclusions include: Deferred Payments Without Third-Party Credit: If a supplier allows a consumer to defer payment without involving a third-party creditor, and the payment is completed within 50 days of delivery, the CCD does not apply. The payment must be interest-free, with only late payment charges allowed. Distance Contracts: For online purchases (distance contracts), the CCD exclusion applies if: No third party is offering or purchasing credit. The payment is due within 14 days of delivery. The purchase price is paid interest-free with limited late payment charges. These exclusions ensure that simple BNPL schemes that do not involve significant credit risks are not subject to the burdens of consumer credit regulation. However, for more complex BNPL services that charge interest or extend payment terms, these services will be fully regulated under the CCD. 7. Fraud Prevention and Open Banking The PSR emphasizes the importance of preventing fraudulent activities, particularly with the rise of open banking. The regulation ensures that: ·        Third-Party Providers (TPPs) and Equal Treatment by Account Servicing Payment Service Providers (ASPSPs). Non-Discriminatory Treatment: Under PSD3, Payment Service Providers (PSPs) must treat Third-Party Providers (TPPs) fairly and equally, regardless of whether the TPP is a bank or a non-bank. This ensures that authorized third-party services can access payment accounts in a secure and standardized manner, fostering competition and innovation. Access to Account Data: TPPs, such as payment initiation services (PIS) and account information services (AIS), can only access account data with explicit consent from consumers. These services must meet stringent security standards to prevent unauthorized access and data breaches. ·        Stronger Authentication and Secure Payment Protocols Personalized Security Credentials: PSD3 places a strong emphasis on ensuring that personalized security credentials (such as passwords, PINs, or biometrics) are safeguarded to prevent fraudulent access. Payment service providers must implement multi-layered security measures to protect consumers' funds and personal data. Fraud Detection Tools: PSD3 requires PSPs to adopt advanced fraud detection systems, such as machine learning algorithms and real-time transaction monitoring, to flag suspicious activity and reduce fraud risks. ·        Liability in Case of Fraud PSPs are liable for financial losses in case of fraud unless there is suspicion of fraud, in which case an investigation may be conducted before issuing a refund. Liability Rules for Fraudulent Transactions: Under the PSR, PSPs are generally liable for losses resulting from fraud, unless there is evidence of consumer negligence (such as sharing security details). In cases where fraud is suspected, PSPs must initiate an investigation to determine responsibility before issuing refunds. Consumer Protection: Consumers are entitled to full reimbursement if unauthorized transactions occur, provided they notify their PSPs promptly. The regulations also provide mechanisms for resolving disputes between consumers and PSPs related to fraudulent transactions. ·        Role of the Digital Services Act (DSA) Fraud Prevention by Online Platforms: In addition to PSD3, the Digital Services Act (DSA) plays a role in regulating online platforms and ensuring they take responsibility for fraud prevention within their ecosystems. This includes ensuring that platforms identify and remove fraudulent listings, prohibit the sale of counterfeit goods, and verify the identity of sellers. Platform Accountability: The DSA holds online platforms accountable for preventing the use of their services to perpetrate fraud. These platforms must implement processes to identify potentially harmful or illegal activity and prevent fraudsters from exploiting their systems. ·        Implications for Consumers and Businesses Consumer Benefits: The enhanced security measures under PSD3 and the DSA are designed to build consumer confidence in digital payments and open banking services. Consumers can be assured that their data and money are better protected from fraud and cyber threats. Business Responsibility: Payment service providers will need to invest in stronger security technologies and fraud detection systems. Additionally, they must ensure their third-party partners (such as fintechs or other TPPs) comply with the stringent regulations to avoid liability for fraudulent activities. Linked EU Framework with Payments   The PSD3 Package is supported by some existing and upcoming legislations that strengthen key areas such as security, cross-border payments, data protection, and digital resilience. Below are some of the most important regulations that align with the objectives of PSD3 and play a crucial role in advancing the EU's digital payment ecosystem: ·        Regulation (EU) No 260/2012 of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009. ·        Regulation (EU) 2021/1230 of 14 July 2021 on cross-border payments in the Union. ·        Regulation (EU) 2015/751 of 29 April 2015 on interchange fees for card-based payment transactions. ·        Directive 98/26/EC of 19 May 1998 on settlement finality in payment and securities settlement systems. ·        Instant Regulation (EU) 2024/886 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 March 2024 amending Regulations (EU) No 260/2012 and (EU) 2021/1230 and Directives 98/26/EC and (EU) 2015/2366 as regards instant credit transfers in euro ·        Regulation (EU) 2023/1114 of 31 May 2023 on markets in crypto-assets. ·        Regulation (EU) 2022/2554 (DORA) of 14 December 2022 on digital operational resilience for the financial sector & Relevant Package. ·        EU AML Package (PSPs are obliged entities in the meaning of EU AML legislation). ·        Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC e-IDAS ·        Regulation (EU) 2024/1183 (e-IDAS 2) of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. ·        Directive 2019/882 (Accessibility Act) of 17 April 2019 on the accessibility requirements for products and services (relevant for measures to improve access to SCA, which are designed to be consistent with that Dir.). ·        Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication ·        Proposal for a REGULATION (FIDA) on a framework for Financial Data Access and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2022/2554 ·        Regulation (EU) 2024/1689 AI ACT ·        Regulation (EU) 2023/2854 (DATA ACT) of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828   8. Implementation Timeline The final publication of PSD3 and PSR is expected in 2025, with full implementation anticipated around 2026/2027. The regulations will be directly applicable across the EU, with member states required to transpose them into national law. The introduction of new services will help streamline payment processes and foster greater competition within the financial sector.   9. Conclusion PSD3 and PSR represent a crucial evolution of the EU’s payment services framework, aiming to enhance security, consumer protection, and innovation. By building upon the foundational principles established by PSD2, these regulations seek to address emerging challenges in the digital era, promoting a safer, more competitive, and efficient payments ecosystem in the EU. In tandem with the Consumer Credit Directive (CCD), which regulates Buy Now, Pay Later (BNPL) schemes, these new rules create a balanced regulatory environment that supports both consumer rights and the growth of innovative financial products. As digital payments continue to evolve, PSD3 and PSR will play an essential role in shaping the future of payments in the EU.   Sources : (1) Proposal  for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on payment services and electronic money services in the Internal Market amending Directive 98/26/EC and repealing Directives 2015/2366/EU and 2009/110/EC https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023PC0366&qid=1690276986711   (2) Proposal  for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on payment services in the internal market and amending Regulation (EU) No 1093/2010 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023PC0367   (3) Opinion  of the European Economic and Social Committee - C/2024/1594 Opinion of the European Economic and Social Committee on a) Proposal for a Regulation of the European Parliament and of the Council on a framework for Financial Data Access and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2022/2554 (COM(2023) 360 final — 2023/0205 (COD)) a) Proposal for a Directive of the European Parliament and of the Council on payment services and electronic money services in the Internal Market amending Directive 98/26/EC and repealing Directives 2015/2366/EU and 2009/110/EC (COM(2023) 366 final — 2023/0209 (COD)) and b) Proposal for a Regulation of the European Parliament and of the Council on payment services in the internal market and amending Regulation (EU) No 1093/2010 (COM(2023) 367 final — 2023/0210 (COD)) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=eesc%3AEESC-2023-03611   (4) COMMUNICATION  FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS on a Retail Payments Strategy for the EU, COM(2020) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2020:592:FIN     (5) EBA report on payment fraud, ECB - (August 2024, EBA/ECB REPORT, 2024) https://www.ecb.europa.eu/press/intro/publications/pdf/ecb.ebaecb202408.en.pdf?6043824ff2dd70f0d9d9b6be2af2c4dc

Introduction In today’s interconnected business environment, fostering a culture of transparency and accountability has never been more critical. The European Union's Directive 2019/1937 on whistleblowing represents a significant step forward in protecting those who dare to speak up against wrongdoing. Implemented on December 16, 2019, this Directive provides a comprehensive framework for the protection of whistleblowers across EU member states, ensuring they can report breaches of EU law without fear of retaliation. To whom Does it Apply Directive 2019/1937 applies broadly across both the public and private sectors within the EU. Specifically, it affects: Private Sector:  All companies with 50 or more employees must comply. Additionally, all businesses involved in financial services, regardless of size, are covered. Public Sector:  All public entities, including state and regional administrations, municipalities with more than 10,000 inhabitants, and other bodies governed by public law, are included under this Directive. Type of Violations  The Directive sets out a comprehensive list of violations that can be reported, covering areas critical to public interest and the functioning of the internal market. These include: Public Procurement Financial Services, Products, and Markets Prevention of Money Laundering and Terrorist Financing Product Safety and Compliance Transport Safety Environmental Protection Radiation Protection and Nuclear Safety Food and Feed Safety, Animal Health and Welfare Public Health Consumer Protection Protection of Privacy and Personal Data, and Security of Network and Information Systems Competition Law Violations Whistle-blower - who can be Directive 2019/1937 provides protections to a broad range of individuals who might gain information about breaches in a work-related context. This includes: Employees:  Both current and former employees of an organisation, including self-employed status employees. Volunteers and Trainees:  Individuals working without payment or on training schemes. Contractors and Suppliers : Individuals and entities providing services, goods, or executing works. Shareholders and Persons Belonging to the Administrative, Management, or Supervisory Bodies : Including non-executive members. Job Applicants:  Individuals who acquired information during the recruitment process or other pre-contractual negotiations. Key Provisions of Directive 2019/1937 The Directive establishes several important requirements that organisations must adhere to: Reporting Channels:  Organisations with 50 or more employees are required to establish internal reporting channels that are secure and confidential. Public sector entities must also comply with these requirements. Whistleblowers can report violations through internal channels, external channels (to competent authorities), or publicly under specific conditions. Safeguards Against Retaliation:  The Directive mandates robust protections against retaliation for whistleblowers. This includes legal protection from dismissal, demotion, and other forms of workplace retaliation. Additionally, the Directive provides for support measures, such as access to legal aid and comprehensive information on reporting procedures. Follow-up Obligations:  Organisations are required to diligently follow up on reports, providing feedback to the whistleblower within a reasonable timeframe (usually three months). This ensures that whistleblowers are kept informed about the status and outcome of their reports. The Impact on Organisations The implementation of Directive 2019/1937 necessitates significant changes for many organisations, including but not limited to: Enhanced Compliance Requirements:  Organisations need to develop or upgrade their whistleblowing policies and procedures to comply with the Directive. This includes setting up secure reporting channels and ensuring that employees are aware of these channels and protections. Training and Awareness:  Companies must invest in training programs to educate employees about the importance of whistleblowing, the reporting procedures, and the protections available to them. Creating a culture of openness where employees feel safe to report misconduct is essential. Legal and Operational Readiness:  Legal teams must be prepared to handle whistleblower reports, ensuring that investigations are conducted thoroughly and discreetly. Operational adjustments may also be necessary to protect whistleblowers from retaliation effectively. Benefits of Compliance Adhering to the Directive not only helps organisations avoid legal repercussions but also brings several strategic advantages: Enhanced Reputation:  Demonstrating a commitment to transparency and ethical behaviour can significantly enhance an organisation’s reputation. Stakeholders, including customers, investors, and partners, are more likely to trust and engage with companies that prioritise integrity. Risk Mitigation:  Effective whistleblowing systems can help organisations identify and address issues before they escalate into major problems, thus mitigating legal, financial, and reputational risks. Employee Morale and Trust:  Protecting whistleblowers and fostering an environment where employees feel safe to report wrongdoing can boost morale and trust within the organisation. Employees are more likely to be engaged and loyal when they believe their concerns will be taken seriously. Conclusion Directive 2019/1937 marks as an important milestone in the journey towards greater corporate accountability and integrity within the EU. By protecting those who have the courage to report misconduct, the Directive not only safeguards the public interest but also helps build a business environment where ethical behaviour is the norm. Organisations that embrace these changes do not only ensure compliance but also cultivate a culture of trust and transparency that can drive long-term success. Therefore, it is crucial for organisations to view whistleblowing not as a threat, but as a vital component of a robust corporate governance framework.

Introduction In 2021, the European Commission introduced four legislative acts with a view to ensure harmonisation, strengthen the Capital Markets Union regime, as well as streamline the access to financial and sustainability-related information. In particular, the following legislations were adopted: The European Long-Term Investment Funds regulation (ELTIF), which aims at channeling long-term financing to listed or unlisted small and medium-sized enterprises (SMEs) as well as long-term infrastructure projects in various sectors The revision of the Alternative Investment Fund Managers Directive (AIFMD), which introduced targeted amendments to make the alternative investment fund market more efficient and integrated The revision of the Financial Instruments Markets Regulation (MiFIR), to further improve market transparency The European Single Access Point package (ESAP) What is European Single Access Point ( ESAP)? The European Single Access Point (ESAP) is a centralized platform designed to provide public access to a wide array of financial and sustainability-related data on European companies and investment products. This initiative is part of the broader European Commission’s Capital Markets Union (CMU) Action Plan, which aims to create a more integrated and efficient European capital market. Key Objectives of ESAP Enhanced Transparency : ESAP aims to consolidate data from various sources into a single, easily accessible platform. This will include financial statements, management reports, sustainability disclosures, and more, thereby providing a comprehensive view of companies' performances and sustainability efforts. Improved Accessibility : By providing a one-stop-shop for financial data, ESAP will reduce the fragmentation of information across different jurisdictions and regulatory frameworks. This will make it easier for investors, analysts, and other stakeholders to access and compare data across the EU. Fostering Integration : ESAP will facilitate the integration of financial markets by harmonizing data reporting standards and practices across member states. This is expected to boost cross-border investments and economic cooperation within the EU. Supporting Sustainable Finance : ESAP will play a crucial role in the EU’s sustainable finance strategy by ensuring that sustainability-related information is readily available. This will help investors make informed decisions and support the transition to a greener economy Functionalities of the ESAP A web portal featuring a user-friendly interface that accommodates the access needs of individuals with disabilities, offering information in all official EU languages. A search function available in all official EU languages. An information viewer tool. A machine translation service for the retrieved information. A download service that supports downloading large volumes of data. A notification service to inform users of new updates on ESAP. Display of information submitted voluntarily. Benefits of ESAP For Investors: Comprehensive Data Access : Investors will benefit from a more comprehensive and accessible data repository, enabling better investment decisions. Market Transparency:  Enhanced transparency will reduce information asymmetry, contributing to more efficient market functioning. For Entities: Simplified Reporting:  Companies will have a streamlined reporting process with standardized requirements, reducing the administrative burden. Visibility and Trust:  Increased visibility of sustainability efforts and financial health can enhance trust and attract more investment. For Regulators: Efficient Monitoring:  ESAP will provide regulators with better tools for monitoring and enforcing compliance with financial and sustainability reporting standards. Policy Making:  The availability of standardized data will support evidence-based policymaking and regulatory adjustments. Implementation and Challenges The implementation of ESAP will require significant coordination among EU member states, regulators, and stakeholders - Key challenges include but not limited: Data Standardization : Harmonizing data reporting standards across different jurisdictions. Technological Infrastructure:  Developing a robust and secure technological infrastructure to support the platform. Stakeholder Collaboration : Ensuring active collaboration among companies, investors, and regulators to provide and utilize the data effectively. Timeframes The ESAP platform is expected to be available from Q2 2027, where the collection of publication of information by the relevant Collection Entities (i.e. regulatory authorities), it will be gradually phased in from January 2026 to 2030, in order to allow for a robust implementation. Conclusion The European Single Access Point represents a significant step towards a more integrated, transparent, and efficient European financial market. By centralizing access to crucial financial and sustainability-related information, ESAP will not only empower investors and companies but also support the broader objectives of economic integration and sustainable growth within the EU. As the initiative progresses, it will be essential for all stakeholders to engage actively and collaboratively to realize the full potential of ESAP. The future of financial data access in Europe is on the horizon, and with ESAP, we are set to embark on a journey towards a more transparent, accessible, and sustainable financial ecosystem.