On 6 March 2020, the Cyprus Securities and Exchange Commission (the “CySEC”) issued Circular 358 encouraging its Regulated Entities, such as CIF, AIF, AIFMD, RAIF and UCITS, to review their business continuity and disaster recovery systems, in response to the outbreak of COVID-19 and make the necessary amendments based on each entity’s size, complexity and nature of business.
CySEC anticipates that Regulated Entities take the necessary steps to prepare for and minimize possible business disruptions by identifying key operations risks. CySEC also advises that the business continuity plans should at least include:
- Planning for the employees to be able to work from home and report to the management via the internet or telephone, etc.
- Identifying any emergency measures to help slow the spread of the virus. Limiting or cancelling social and public gatherings such as seminars, conferences, or requiring staff quarantines in the event of travelling to affected countries, etc.;
- Creating alternative communication channels for the employees, clients and/or service providers and consider whether those options would be undisruptive in the worst-case scenario (e.g. if the office is shut down or employees with important functions are unable to work for a period of time);
- Determine the estimates, to the possible extent, in the event of an outbreak of the virus in Cyprus, on the number of people that will not be needed to attend the office to work (e.g. 20%) and the amount of period that such persons can work remotely without disrupting consequences to the Regulated Entities’ operations.
CySEC requires from its Regulated Entities to circulate their amended plan among its employees and make sure that all employees are aware and prepared to put the plan, into effect.
CySEC’s Circular 358 can be found here.