May 24 / Evdokia Pitsillidou

The Compliance Function requirements in 2023

The Cyprus Securities and Exchange Commission (CySEC) issued Circular C553, offering regulated entities guidance on specific aspects of the Compliance Function (CF) requirements. The circular divides the guidelines into three key categories: the responsibilities of the CF, the organizational requirements of the CF, and the review conducted by the competent authority regarding the CF.

Throughout this blog post, the IforPE instructor, Evdokia Pitsillidou, discusses the main guidelines provided regarding the CF’s responsibilities and the review of the CF by the competent authority. The IforPE platform offers a comprehensive and detailed course titled Compliance Monitoring Program & Assessment in 2023. The course covers the establishment and implementation of the compliance monitoring program and includes a dedicated section that focuses on the key takeaways from Circular C553.

At the end of this blog post, you can find detailed information on the knowledge and competencies gained by undertaking the Compliance Monitoring Program & Assessment in 2023, as shared by Evdokia.

Compliance Function responsibilities

The following guidelines represent the main responsibilities of the Compliance Function of CySEC regulated entities:

Guideline 1: Compliance risk assessment
– the CF is required to conduct a risk assessment ensuring comprehensive monitoring of the firm’s compliance risks. The assessment findings are utilised to effectively allocate resources within the compliance function.

Guideline 2: Monitoring obligations
– the CF shall establish and maintain a risk-based compliance monitoring program. The priorities and monitoring frequency of the program are determined based on the risk assessment results.

Guideline 3: Reporting obligations
– the CF is obliged to prepare and submit a compliance report to the firm’s Board of Directors, at least annually. The report shall encompass all business units involved in the provision of investment and ancillary services and present the findings of the onsite and desk-based reviews of the monitoring program.

Guideline 4: Advisory and assistance obligations
– the CF is tasked to provide training and support to the firm's personnel and management regarding the development of the firm's policies and procedures.


Competent authority review of the compliance function

During a firm’s authorisation process and in the context of its ongoing supervision, CySEC reviews the implementation and maintenance of the CF’s requirements. The assessment primarily focuses on the resources, organization, and reporting lines of the Compliance Function.

In this respect, CySEC examines the adequacy of the measures implemented to ensure compliance with the applicable regulatory framework and the completion of the function’s responsibilities. CySEC further assesses whether investment firms monitor the need for changes in the resources and organization of the CF. They also evaluate the timeframe required for implementing such amendments.

What is the Compliance Monitoring Program & Assessment course and what does it include?


The Compliance Monitoring Program & Assessment course has been prepared by SALVUS Funds and is delivered by their Risk & Compliance Director, Evdokia Pitsillidou. The course aims to provide Compliance Officers and Assistants, as well as other professionals employed in Cyprus Investment Firms (CIF), Alternative Investment Fund Managers (AIFM) and other CySEC regulated entities, with the know-how for the establishment and implementation of a complete and well-structured compliance monitoring program.

Professionals who complete this course will gain the necessary information and skills to develop or enhance a Compliance Monitoring Program, utilising the results of the Compliance Risk Assessment. Moreover, professionals will be thoroughly informed of the requirements governing the Compliance Function responsibilities, organisational structure and activities following CySEC’s regulatory standards, as presented through Circulars C553 and C441.

The syllabus of the Compliance Monitoring Program and Assessment course includes:

  • Compliance Risk Assessment (CRA)
    - Purpose & Objectives of the Compliance Risk Assessment (CRA)
    - How the Compliance Risk Assessment (CRA) affects the Compliance Monitoring Program (CMP)?
  • Compliance Function
    - Responsibilities
    - Effectiveness, permanence & independence
    - Organisational requirements
    - Monitoring obligations
    - Compliance Function - Q&As
  • CySEC Circular C553 – Guidelines on certain aspect of the compliance function requirements
    - CySEC Circular C553
    - A. Compliance Function responsibilities
    - B. Compliance Function organisational requirements
    - C. Competent authority review of the compliance function
  • Compliance Monitoring Program Features
    - Compliance Monitoring Program

    - Aim & Characteristics 
    - Type and frequency of monitoring activities
    - Tools and methodologies
    - Compliance reports
  • Inspection areas & Compliance tips
    - Policies & Procedures
    - Organisational requirements
    – Inspection areas & Methodology
    - Operating conditions
    – Inspection areas & Methodology
    - Client accounts: opening & closing
  • Departmental inspection areas & Compliance tips
    - Back Office Department
    - AML Department
    - Accounting & Finance
    - Provision of Services
    - Business Development & Marketing
    - Customer Support
    - Information Technology
  • CySEC Desk-based Reviews – Circular C441
    - Common deficiencies
    - Good practices


The material of the Compliance Monitoring Program and Assessment course is delivered in PDF slides and online video recordings, ideal for self-paced learning. Learners undertaking this course are provided with the flexibility to learn wherever and whenever.

Upon completing the course, learners have the opportunity to assess their understanding by answering a series of questions that reflect the material covered throughout the course.

The completion of this course counts towards the Continuous Professional Development (CPD) annual requirements for professionals who are holders of the CySEC Advanced and Basic certifications.
Get in touch
If you have any questions about Evdokia's course or any other questions related to your training requirements, please contact us
we would love to help.
From all of us at IforPE, the Institute for Professional Excellence,
Ancora Imparo