May 8 / Evdokia Pitsillidou

Implementing a robust Compliance Monitoring Program (CMP)

about the author

Evdokia Pitsillidou

Director of Risk & Compliance at SALVUS Funds

Evdokia, a partner at SALVUS Funds, is actively advising and working on all matters related to licensing, regulatory compliance, and internal audit for investment firms, funds, Electronic Money Institutions (EMI) & Crypto-Asset Services Providers (CASP).

  • Member of the Global Institute of Internal Auditors (IIA)
  • Member of the Cyprus Investment Funds Association (CIFA)
  • Certified Actuarial Analyst (CAA)
  • CySEC Advanced Certified Person
  • CySEC certified Anti-Money Laundering Compliance Officer (AMLCO)


To achieve regulatory compliance with the national and European supervisory authorities, all investment firms must incorporate an effective Compliance Monitoring Program (CMP). A CMP is responsible for monitoring the firm’s operations and a well-established Compliance Risk Assessment (CRA) is also essential for the monitoring program to be appropriate.


With this blog post, Evdokia Pitsillidou, an instructor at the institute, wishes to address important information about the Compliance Function organisational requirements as outlined in CySEC Circular C553, the CMP key features along with the common inspection areas, findings and recommendations. Further, a complete online course is offered through the IforPE platform, titled Compliance Monitoring Program (CMP) & Assessment in 2024.


Towards the end of this blog post, you will find detailed information about the valuable skills and competencies acquired upon course completion and how they contribute to ensuring the successful implementation of a CMP.


What does the Compliance Function do?


From a corporate perspective, the Compliance Function is the ultimate business gatekeeper as it shall be involved in the following areas:

  • Policies and procedures; be involved in the development of the firm’s policies and procedures for the investment and ancillary services provision,
  • Expertise and advice; provide compliance expertise and advice about strategic decisions, new business models and new advertising strategies,
  • Organisation modification; be active in the decision-making process of the approval of new business lines or financial products, and the definition of staff remuneration policies,
  • Participation; be present in the product approval process of manufacturers and distributors,
  • Correspondence; be involved in all material and non-material correspondence with CySEC and other competent authorities.


In addition, the Compliance Function, according to the Guidelines set out in Circular C553, shall be established and operate in accordance within the context of the following key organisational requirements:

  • Guideline 5: Effectiveness of the compliance function,
  • Guideline 6: Skills, knowledge, expertise and authority of the compliance function,
  • Guideline 7: Permanence of the compliance function,
  • Guideline 8: Independence of the compliance function,
  • Guideline 9: Proportionality with regard to the effectiveness of the compliance function,
  • Guideline 10: Combining the compliance function with other internal control functions,
  • Guideline 11: Outsourcing of the compliance function.

Common Inspection Areas

The implementation of a risk-based CMP is required for the regular assessment that needs to be established and conducted by the Compliance Function. While every function of the supervised entity is subject to inspection, significant focus of the CMP is usually targeted towards,, but not limited to the organisational structure:

  • The electronic record or the CySEC portal is up to date,
  • Any personnel changes such as appointments or replacements are notified to CySEC,
  • The organisational structure itself is functional,
  • Adequate personnel training and training policy implementation such as AML/CFT targeted training program,
  • The Senior Management and Board of Directors (BoD) perform their duties effectively,
  • Implementation and effectiveness of CRA,
  • Conflicts of interest monitoring,
  • Client complaints reporting,
  • Internal structure of Risk Management’s and Internal Audit’s Function is communicated to CySEC, along with the details of any tied agents or any intention to provide cross-border services,
  • Efficacy of the compliance function practices.

Findings and Recommendations


The findings of an effective Compliance Monitoring Program are critical for the monitoring and management of the compliance risk stemming from each firm’s operations. Therefore, stakeholders should familiarise themselves with the firm’s regulatory obligations and promptly establish or enhance the required policies and procedures based on the relevant recommendations discussed.

What is the Compliance Monitoring Program & Assessment course and what does it include?

The Compliance Monitoring Program & Assessment in 2024 course is designed by SALVUS Funds and delivered by their Risk & Compliance Director, Evdokia Pitsillidou. This course is developed for professionals holding key compliance and managerial positions in Cyprus Investment Firms, enabling them to implement a robust Compliance Monitoring Program.


Professionals undertaking this course will acquire the skills and competencies necessary for enhancing their firm's CMP and Compliance Function requirements. After this course, they can ultimately ensure comprehension of key information regarding the organisational structure requirements and key inspection areas of the organization.


The syllabus of the Compliance Monitoring Program & Assessment in 2024 course includes:

  • Compliance Risk Assessment (CRA)
    Purpose & Objectives of the Compliance Risk Assessment (CRA)
    - How the Compliance Risk Assessment (CRA) affects the Compliance Monitoring Program (CMP)?
  • Compliance Function

- Responsibilities
Effectiveness, permanence & independence

- Organisational requirements

- Monitoring obligations

Compliance Function – Q&As

  • Compliance Monitoring Program features

Compliance Monitoring Program

- Aim & Characteristics

Type and frequency of monitoring activities

- Tools and methodologies

- Compliance reports

  • CySEC Circular C553 – Guidelines on certain aspects of the compliance function requirements

CySEC Circular C553

A. Compliance Function Responsibilities

-  Guideline 1: Compliance Risk Assessment

- Guideline 2: Monitoring obligations of the compliance function (CMP)

- Guideline 3: Reporting obligations of the compliance function

- Guideline 4: Advisory and assistance obligations of the compliance function

B. Compliance Function organisational requirements

- Guideline 5: Effectiveness of the compliance function

- Guideline 6: Skills, knowledge, expertise and authority of the compliance function.

- Guideline 7: Permanence of the compliance function

- Guideline 8: Independence of the compliance function

- Guideline 9: Proportionality with regard to the effectiveness of the compliance function

Guideline 10: Combining the compliance function with other internal control functions

Guideline 11: Outsourcing of the compliance function

C. Competent authority review of the compliance function

- Guideline 12: Review of the compliance function by the competent authorities.

  • Inspection areas & Compliance tips

- Policies & Procedures

- Organisational requirements – Inspection areas & Methodology

- Operating conditions – Inspection areas & Methodology

- Client accounts: opening & closing

  • Departmental inspection areas & Compliance tips

- Back Office Department

- AML Department

- Accounting & Finance

- Provision of Services

- Business Development & Marketing

Customer Support- Information Technology

  • CySEC Desk-based Reviews – Circular C441

Common deficiencies

Good practices


The material of the CMP & Assessment course is provided both in PDF slides and online video recordings, suitable for self-paced learning. Learners enrolled in the course have the flexibility to learn wherever and whenever.


Upon completion of the course, learners have the opportunity to evaluate their comprehension of the covered material by answering a series of questions reflecting the gained knowledge.


The completion of this course counts towards the Continuous Professional Development (CPD) annual requirements for professionals, and holders of the CySEC Advanced and Basic certifications.

Get in touch
If you have any questions about Evdokia's course or any other questions related to your training requirements, please contact us
we would love to help.
From all of us at IforPE, the Institute for Professional Excellence,
Ancora Imparo