Dec 15 / Evdokia Pitsillidou

Get ready for an inspection by CySEC

about the author

Evdokia Pitsillidou

Director of Risk & Compliance at SALVUS Funds

Evdokia, a partner at SALVUS Funds, is actively advising and working on all matters related to licensing, regulatory compliance, and internal audit for investment firms, funds, Electronic Money Institutions (EMI) & Crypto-Asset Services Providers (CASP).

  • Member of the Global Institute of Internal Auditors (IIA)
  • Member of the Cyprus Investment Funds Association (CIFA)
  • Certified Actuarial Analyst (CAA)
  • CySEC Advanced Certified Person
  • CySEC certified Anti-Money Laundering Compliance Officer (AMLCO)
The Cyprus Securities and Exchange Commission (CySEC) was established in 2001 with the mission to safeguard investor interests and ensure healthy development of the securities market. To carry out its supervisory role effectively, CySEC is tasked with gathering information and conducting inspections as part of its responsibilities.

In this blog post, Evdokia Pitsillidou, an instructor at the Institute, delves into CySEC's investigative powers and highlights key areas of scrutiny for its regulated entities. To provide a comprehensive understanding of these topics, a detailed course titled How to get prepared for an inspection by the regulator in 2023 is available through the IforPE platform.

The course serves as a complete guide, offering valuable insights into what to anticipate both during and after a regulatory inspection, along with practical suggestions for ensuring your readiness. In the end of this blog post, you will be informed of the knowledge and skills gained upon finishing the course, and how to use them to strengthen your firm's compliance.

CySEC Powers

CySEC's investigative powers encompass the following key abilities:

1. Collection of information – CySEC can require regulated entities under its supervision to furnish information through written requests within specified timeframes.

2. Conducting inspections – the Commission is empowered to solicit information, and examine records, books, accounts, as well as documents and computer-stored data.

3. Premises entry and investigation – CySEC is authorized to enter the premises of businesses and workplaces, perform onsite investigations at the premises of any person falling under its regulatory purview.

Inspection Areas

All areas and functions associated with the provision of the investment services can be subject to the regulator’s inspection. Key areas of scrutiny can be among others:

  • Compliance and Risk Management – determining the level of adherence to regulatory requirements and risk mitigation measures and controls.
  • Client Onboarding and Due Diligence – examining processes for client identification, verification, as well as appropriateness and suitability assessments.
  • Trading and Execution of client orders – monitoring trade execution practices and adherence to best execution standards.
  • Asset Custody and Safekeeping – verifying the application of proper custody and safekeeping of client assets.
  • Financial Reporting and Record Keeping – assessing financial reporting accuracy and the maintenance of appropriate records.
  • Capital Adequacy and Financial Stability – ensuring compliance with capital adequacy and liquidity requirements.
  • Corporate Governance – evaluating the firm’s corporate governance practices and structure.
  • Product Governance, Appropriateness and Suitability of Products offering – evaluating the firm’s practices for the product assessment procedures and whether the products offered to clients are suitable with their needs, characteristics, knowledge, expertise and risk tolerance.
  • Remuneration – reviewing the internal practices towards remuneration of personnel and outsourced arrangements, to ensure that they are in line with the regulatory framework.
  • Internal Controls and Policies – reviewing internal control mechanisms and effectiveness of policies and procedures.
  • Market Abuse Prevention – ensuring that appropriate measures are in place to prevent market abuse and insider trading.
  • Information Security and Data Protection – assessing the safeguards adopted regarding information security and data protection.
  • Complaints Handling and Conflicts of Interest Resolution – evaluating the processes for addressing client complaints and conflicts of interest.
  • Anti-Money Laundering and Combating Financing of Terrorism – examining whether robust procedures are established and followed.
  • Training and Competence – reviewing employee training and competence to perform their roles effectively.

These areas collectively form a high-level framework for regulatory inspection to ensure the integrity and compliance of regulated entities conducting investment activities.

What is the How to get prepared for an inspection by the regulator course and what does it include?

The How to get prepared for an inspection by the regulator course is developed by SALVUS Funds and delivered by their Risk & Compliance Director, Evdokia Pitsillidou. This course is specifically tailored to professionals holding key positions in Cyprus Investment Firms, enabling them to navigate regulatory inspections successfully.

Professionals who enroll in this course will acquire the essential skills and competencies needed to enhance their firm's policies and procedures, ultimately ensuring readiness for successful regulatory inspections whenever required. Additionally, they will gain insights into the supervisory priorities established by the European Securities and Markets Authority (ESMA) and receive valuable inspection tips to facilitate compliance with regulatory standards.

The syllabus of the How to get prepared for an inspection by the regulator course includes:

  • The Cyprus Securities and Exchange Commission
    - About CySEC
    - CySEC responsibilities
    - CySEC regulated entities
    - CySEC powers
  • Governance arrangements & organisational requirements
    - Governance arrangements
    - Organisational requirements
  • Inspection areas & compliance tips
    - Policies & procedures
    - Organisational requirements - inspection areas & methodology
    - Operating conditions - inspection areas & methodology
    - Client accounts: opening & closing
  • Departmental inspection areas & compliance tips
    - Back office department
    - AML department
    - Accounting & finance
    - Provision of services
    - Business development & marketing
    - Customer support
    - Information technology

  • ESMA common supervisory actions
    - What is an ESMA CSA?
    - National Competent Authorities
    - MiFID II Product Governance rules
    - MiFID II cost and charges disclosure rules
    - MiFID II marketing communications
  • Inspection tips & results
    - Compliance tips
    - Post-inspection communication
    - Inspection results
    - 2023 CySEC investor protection fine

The course material is delivered in PDF slides and online video recordings. Learners undertaking this course are provided with the flexibility to learn wherever and whenever.

Upon completion of the course, learners have the opportunity to evaluate their comprehension of the covered material by answering a series of questions reflecting the gained knowledge.

The completion of this course counts towards the Continuous Professional Development (CPD) annual requirements for professionals, and holders of the CySEC Advanced and Basic certifications.
Get in touch
If you have any questions about Evdokia's course or any other questions related to your training requirements, please contact uswe would love to help.
From all of us at IforPE, the Institute for Professional Excellence,
Ancora Imparo