On 27 November 2020, the Cyprus Securities and Exchange Commission (CySEC) issued Circular 418 (the C418) enhancing rules on client assets relevant to Cyprus Investment Firms (CIFs) over and above those contained in Part II of CySEC’s Directive D187-01 (the Directive).
C418 touches on various requirements to be taken into account by CIFs when safeguarding clients’ funds. Until now there had been some ambiguity as to the processes to be adopted by CIFs handling client funds.
Segregating clients’ accounts
Under the Directive, on receipt of client funds, CIFs are required to promptly place those funds into one or more accounts opened with a bank/credit institution (or similar) and ensure that the title of the clients’ account should be sufficiently distinguished from any account used to hold the CIF’s own funds. However there has been concern as to compliance with these requirements where the bank in question would not be willing to cooperate with these requirements from the CIF, usually due to concerns over anti-money laundering risks.
C418 now clarifies that CIFs should adopt the following processes where local law governing client bank accounts prevent the institutions from complying with the requirement to separately identify client accounts from own accounts:
- CIFs must notify the credit intuition/bank that they are obliged to keep clients’ funds separate from the CIF’s own funds, the communication should be kept in the CIFs’ records and be available for review by CySEC.
- CIFs must demonstrate to CySEC that they had no other alternative but to conduct such business, given the risk to clients’ funds in the event of the entity’s insolvency.
- CIFs must also demonstrate to CySEC that they have done everything in their powers to obtain separately titled accounts, including using another third party.
Using Payment Service Providers and Electronic Money Institutions
C418 makes clear that CIFs may maintain merchant accounts with PSPs and EMIs for, among other purposes, the clearing/settlement of their clients’ payment transactions (inwards and outwards payments). The CIFs must exercise all due skill, care and diligence in the selection, appointment and periodic review of the PSP/EMI with whom merchant accounts are maintained.
Further, CIFs must, at all times, ensure that clients’ funds are transferred to clients’ accounts held by the CIF with an entity, immediately after the clearing/settlement of the payment transactions. CIFs’ merchant accounts must not, under any circumstances, be used by their connected persons, or third persons, and/or the clients of those persons, for the clearing/settlement of their payment transactions, as this does not comply with the relevant provisions of the legislation. Merchant accounts must be used only and exclusively by CIFs.
Due diligence and diversification of institutions holding clients’ funds
CIFs are expected on a regular basis (and no less than once in each financial year) to perform due diligence procedures of the banks where clients’ funds are placed. Further, CIFs should consider diversifying placements of client funds with more than one bank where the amounts are, for example, of sufficient size to warrant such diversification.
Additionally, CySEC expressed its expectation that CIFs need to consider the following factors when choosing a bank for client funds:
- The capital of the bank
- The amount of client funds placed, as a proportion of the bank’s capital and deposits
- Where available, the credit rating of the bank
- Where available, the level of risk in the investment and loan activities undertaken by the bank and its affiliated companies
Banks in the same group as the CIF: The circular reminds CIFs that where they deposit client funds with a bank or money market fund of the same group as the CIF, then the CIF must limit the funds that are deposited with any such group entity or combination of any such group entities so that the funds do not exceed 20 per cent of all such funds.
Use of Title Transfer Collateral Arrangements (TTCAs): CIFs are not entitled to transfer funds belonging to retail clients to a third party, as there is an outright prohibition of such practice in section 17(10) of the law and further, CIFs are not entitled to arbitrarily transfer funds that belong to non-retail clients, without taking into account the factors provided for in the Directive and having regard to appropriateness more broadly.
Maintaining a “buffer” in clients’ bank accounts: CIFs may decide to maintain a “buffer” of own funds into clients’ bank accounts in order to facilitate the smooth running of their business, to ensure no delays, to cover clients’ funds with PSP/EMI and to manage the foreign exchange risk from maintaining clients’ funds in different currencies and to cover possible shortfalls.
Single officer for the safeguarding of client financial instruments and funds: A single officer with overall responsibility for the safeguarding of client instruments and funds should be appointed in order to reduce risks of fragmented responsibility across diverse departments, especially in large and complex CIFs, and to remedy unsatisfactory situations where CIFs do not have overarching sight of their means of meeting their obligations. CIFs are expected to complete and keep up to date the details of their single officer for the safeguarding of client financial instruments and funds in CySEC’s portal.
Reconciliation of clients’ funds: CIFs must conduct a regular reconciliation between internal accounts and records and those of any third parties. In essence, CySEC specified that when a CIF undertakes transactions for its clients on a daily basis, CySEC expects that reconciliations of clients’ funds will be contacted on each business day on the records of the CIF as at the close of business of the previous business day.
Four-eyes signatories: CIFs must ensure that there are at least two persons with combined signatory powers. CySEC generally expects that the CEO/CFO/Head of the Accounts/an Executive Director would be the persons to be appointed as the signatories of the clients’ accounts.
CySEC’s Circular 418 can be found here.
CySEC’s Directive DI87-01 can be found here.