Answer ... (a) Crowdfunding, peer-to-peer lending
Crowdfunding can serve as an alternative method to bank financing, through which small and medium-sized enterprises (SMEs) can access financing through the issuance of transferable securities (typically shares or debt instruments), among other things. Investors can access these investment opportunities through an internet-based electronic information system, or platform, which allows the crowdfunding service provider to match SMEs seeking financing with funding investors. In return for financing a business interest, a potential economic return is generated.
On 15 November 2019, the Cyprus Securities and Exchange Commission (CySEC) issued a consultation paper proposing the introduction of a set of complementary rules on investment-based crowdfunding in the Investment Services and Activities and Regulated Markets Law, and transposing MiFID II. Based on the feedback received, CySEC has now finalised these rules, which have been issued by means of a directive (the ‘Crowdfunding Directive’). The Crowdfunding Directive related solely to investment-based crowdfunding through transferable securities and excludes loan-based, reward-based and donation-based crowdfunding.
Cyprus investment firms (CIFs) that act as crowdfunding service providers will be subject to additional provisions aimed at ensuring investor protection. These address issues such as:
- conflicts of interest;
- customer due diligence;
- transparency obligations;
- safeguarding of clients’ funds;
- financial instruments; and
- exit opportunities.
Peer-to-peer lending is not particularly developed in Cyprus. Only financial institutions that are duly licenced by the Central Bank of Cyprus can fund their lending activities by taking deposits. Deposit taking remains the primary source of lending activities by Cyprus banks.
(b) Online lending and other forms of alternative finance
Online lending is not common in Cyprus and has not yet been regulated.
(c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and Airbnb)
In Cyprus, payment services are regulated by:
- the Provision and Use of Payment Services and Access to Payments Law (L 31(I)/2018), which transposed the EU Payment Services Directive (2015/2366/EC); and
- the Electronic Money Law of 2012, which transposed provisions of the EU Directive 2009/110/EC.
Payment services in Cyprus can be provided by payment institutions and electronic money institutions, in accordance with the law. Payment institutions and electronic money institutions must obtain a licence and authorisation from the Central Bank of Cyprus before offering any payment services. By using their passporting rights, authorised institutions from other European Economic Area (EEA) states can offer payment services in Cyprus.
(d) Forex
Foreign exchange is quite advanced in Cyprus, due to the early establishment of foreign exchange as a regulated product under the Directive on Markets in Financial Instruments (MiFID). Foreign exchange companies are subject to the provisions of MiFID II. CySEC regulates member firms, which must be licensed by, and report to, CySEC.
Foreign exchange companies that are licensed by a competent authority of another EEA member state may offer their services by establishing branches, subsidiaries or representative offices in Cyprus, without needing to obtain an additional licence.
Non-EEA businesses may also provide forex services in Cyprus by establishing a branch or a subsidiary, subject to the approval of the relevant authority.
(e) Trading
Trading in financial instruments must be conducted by CIFs or credit institutions duly licensed by CySEC. Licensed trading platforms in Cyprus are governed by MiFID II. According to this legal framework, Cyprus operates a regulated market – the Cyprus Stock Exchange – and enables trading in authorised multilateral trading facilities (MTFs) and organised trading facilities (OTFs). The Cyprus Stock Exchange is governed by the Securities and Cyprus Stock Exchange Laws and is supervised by CySEC as a regulated market.
MTFs and OTFs are regulated by the Investment Services Law (87(I)2017). The operation of MTFs and OTFs must be approved and authorised by CySEC after fulfilling the requirements relating to:
- organisational measures;
- transparency and non-discrimination requirements; and
- management of technical operations.
However, activities relating to trading in cryptocurrencies are not regulated by CySEC unless a virtual currency falls under the existing regulatory framework, as per CySEC’s announcements, which introduced the following new rules for trading in Bitcoin and digital currencies:
- Brokers must leverage the limit at a ratio of 5:1 for trading in contracts for difference in relation to virtual currencies, provided that the total volume of digital currency trading for each broker does not exceed 15% of the total broker volume each quarter;
- Brokers must use more than one feed provider for each cryptocurrency; and
- Virtual currency instruments are not automatically subject to MiFID I passporting rights.
(f) Investment and asset management
The investment funds industry is regulated by CySEC and the law relating to this industry derives from the transposition of EU directives. The most popular type of investment fund in Cyprus is the alternative investment fund (AIF). AIFs are collective investment undertakings, including their investment compartments, which:
- raise capital from a number of investors with a view to investing it in accordance with a defined investment policy for the benefit of the investors; and
- do not require authorisation pursuant to the laws on undertakings for collective investment in transferable securities.
The following types of AIFs are offered in Cyprus pursuant to the law:
- AIFs with an unlimited number of persons (AIFUNPs);
- AIFs with a limited number of persons (AIFLNPs); and
- registered AIFs (RAIFs).
AIFUNPs and RAIFs may take any of the following legal forms:
- a mutual/common fund;
- a fixed capital investment company (FCIC) or variable capital investment company (VCIC); or
- a limited partnership registered subject to the General and Limited Partnership and Business Names Law. An anticipated amendment to this law will afford the possibility to register a limited partnership with separate legal personality which may be either internally managed by the general partner or externally managed by an external manager appointed by the general partner.
AIFLNPs may take any of the following forms:
- a limited partnership registered subject to the General and Limited Partnership and Business Names Law. An anticipated amendment to this law will afford the possibility to register a limited partnership with separate legal personality which may be either internally managed by the general partner or externally managed by an external manager appointed by the general partner.
All types of AIFs can be open-ended or closed-ended, and may be structured as single or umbrella schemes with one or more investment compartments where each investment compartment corresponds to separate assets and liabilities of the AIF.
In Cyprus, the most common structure is an umbrella AIF in the form of a VCIC or limited partnership.
The competent authority responsible for the authorisation and ongoing prudential supervision of AIFUNPs and AIFLNPs is CySEC, and prior authorisation is required before they can be established. RAIFs are not subject to prior authorisation or supervision by CySEC; however, they must be registered on the RAIF register maintained by CySEC following their incorporation with the Registrar of Companies.
(g) Risk management
CySEC, as the supervisory authority, has issued guidelines on risk management to ensure compliance with Article 76 of EU Directive 2013/36/EC, with which all CIFs must comply. These address:
- the responsibilities of the board of directors in relation to risk management;
- the establishment of a risk committee, for CIFs that are significant in size, internal organisation and the nature, scale and complexity of its activities;
- the qualifications and responsibilities of members of the risk committee; and
- the establishment of a risk management department, which is appropriate and proportionate in view of the nature, scale and complexity of the activities of the CIF, and the nature and range of its investment services.
CySEC has stressed that board members and senior management of CIFs are responsible for ensuring risk management compliance. In case of any violation due to omission, negligence or fault, a CIF will be subject to administrative sanctions.
(h) Roboadvice
‘Roboadvice’ is the provision of investment advice or portfolio management services (in whole or in part) through an automated or semi-automated system which is used as a client-facing tool. This sector thus falls within the scope of MiFID II, and all of its provisions and requirements are therefore applicable to firms that provide these services.
The European Securities and Markets Authority has issued guidelines on certain aspects of the MiFID II suitability requirements, including further guidelines for firms that provide roboadvice services. The guidelines state that firms should inform clients and explain:
- the exact degree and extent of human involvement;
- the risks involved in the decisions recommended or undertaken on their behalf; and
- the measures and steps that are taken to protect clients and minimise the risks.
(i) Insurtech
The term ‘insurtech’ is not defined in Cyprus law. However, such activities are governed by the Law on Insurance and Reinsurance Affairs, which provides that all companies that a business operates as an insurance or reinsurance agent or broker or mediator should obtain a licence from the superintendent of insurance.
The superintendent is responsible for supervising the insurance sector in Cyprus and exercises all powers granted to him under the Law on Insurance and Reinsurance Affairs and Other Related Issues (38(I) 2016) and the relevant regulations, as amended from time to time, in order to protect policyholders and policyholders.