1. The MiFID Compliance Report

The report is prepared to inform the BoD and the SM about the effectiveness of the overall control environment implemented in the provision of investment and ancillary services. In this respect, the report summarises the risks identified and the remedies taken by the firm to maintain regulatory compliance.

The compliance report represents a significant assessment tool, equally valuable for the regulator and the firm. To this end, the firm becomes aware of deficiencies identified in the established policies and procedures and is provided with recommendations on how to fulfil its MiFID requirements.

The report is also expected to discuss regulatory developments that occurred throughout the reference period and the measures taken by the firm to ensure compliance. Such developments can be circulars issued by the regulator, amendments of the applicable legislations, and guidelines provided by European supervisory authorities.

2. Timeline & Reference Period 

The compliance report constitutes an annual reporting obligation of investment firms subject to the MiFID regulatory framework. The following diagram provides the timeline for the preparation and submission of the report, initially to the firm’s BoD and subsequently to the regulator.

The report addresses the services provided and the operations conducted by the firm during the previous calendar year. Firms authorised during the year under review, which did not activate their license, are also required to submit the report, providing the minimum information required.

3. Inspections of the Compliance Function

Pursuant to its monitoring obligations the compliance function is required to establish a risk-based Compliance Monitoring Program (CMP). In the context of the CMP, the function shall perform onsite and desk-based reviews of all the business units involved with the provision of services. The frequency and extent of the reviews are adjusted to the nature and level of risk they impose.

The main content of the compliance report is primarily focused on the areas examined, the findings and weaknesses identified, and the recommendations provided by the compliance function. Some of the areas assessed can be among others, the firm’s:

• organisational structure,
• governance arrangements,
• operating requirements,
• client complaints,
• marketing material and practices,
• anti-money laundering measures taken,
• functions and services outsourced,
• information provided to clients,
• remuneration policy and practices,
• product governance controls,
• monitoring of best execution and RTS 27 & 28 reporting obligations,
• prevention and mitigation of market abuse,
• risk management controls,
• areas subject to existing or potential conflicts of interest.

4. CySEC Circular C553

The Cyprus Securities and Exchange Commission (CySEC) published Circular C553 to provide regulated entities with guidance on how to apply certain aspects of the compliance function requirements. 12 Guidelines are presented through the circular and these are divided into the following 3 categories:

1. Compliance Function responsibilities
   • Guideline 1: Compliance risk assessment
   • Guideline 2: Monitoring obligations of the compliance function
   • Guideline 3: Reporting obligations of the compliance function
   • Guideline 4: Advisory and assistance obligations of the compliance function
2. Compliance Function organisational requirements
   • Guideline 5: Effectiveness of the compliance function
   • Guideline 6: Skills, knowledge, expertise and authority of the compliance
   • function
   • Guideline 7: Permanence of the compliance function
   • Guideline 8: Independence of the compliance function
   • Guideline 9: Proportionality with regard to the effectiveness of the compliance
   • function
   • Guideline 10: Combining the compliance function with other internal control
   • functions
   • Guideline 11: Outsourcing of the compliance function
3. Competent authority review of the Compliance Function
   • Guideline 12: Review of the compliance function by the competent authorities

The third guideline outlines the information to be included in the compliance annual report. The guideline highlights that beyond the deficiencies and the recommendations arisen, the report shall refer to the function’s monitoring and reviewing. Details on how the function monitors and identifies the risks of compliance failure and their importance. Lastly, the Compliance shall include in the report the review priorities set for the year, and the tools and methodologies employed regarding the development of legislative obligations.

It is noted that it is of essence an executive summary to be included at the beginning of the report that includes a summary of the function’s onsite and desk-based reviews performed, as well as subsequent reviews planned.

Final thoughts

Apart from the regulatory obligation, regulated entities shall consider the compliance annual report as a scan examination that identifies the compliance degree of the business core activities and operations. For that reason, it is important for the compliance function to prepare and deliver to the BoD a complete and accurate report, based on the findings of its monitoring activities.

In this respect, Compliance Officers and Assistants in Cyprus Investment Firms (CIF) and Alternative Investment Fund Managers (AIFM) must know how to prepare a well-structured report. Furthermore, members of the Board of Directors shall be informed of what to look for and address, during the report’s review and approval.

In continuation of its cooperation with the Institute for Professional Excellence (IforPE), SALVUS Funds has designed a self-study course titled – How to prepare the MiFID Compliance Report in 2023. This course distils the extensive experience of our Regulatory Compliance team in preparing annual reports for our regulated clients.

The course is designed to equip professionals with guidance in preparing, reviewing and approving the Compliance Annual Report following regulatory guidelines. In addition, professionals who undertake this course will be channelled through the specifics of Circular C553 on the guidelines of certain aspects of the compliance function requirements.

The SALVUS Regulatory Compliance team can support CIF, AIFM and other CySEC regulated entities, to complete their compliance regulatory and reporting obligations, and prepare their Compliance Annual Report in accordance with the MiFID standards through our Compliance Consulting service.

Please contact us at info@salvusfunds.com or call us at +357 7000 7898 if you require support with your compliance practices and reports or if your have any questions about our MiFID Compliance Report course with IforPE.

#StayAhead

Should you be interested to read more about the Compliance Monitoring Program, the Regulatory Updates and CySEC Circulars of 2023, the AMLCO Annual Report and RTS 27 & 28 Reports please visit the selected articles below:

• How to establish an effective Compliance Monitoring Program
• Regulatory Updates & CySEC Circulars
• How to prepare the AMLCO Annual Report
• RTS 27 & 28 Reports for CySEC regulated entities

The information provided in this article is for general information purposes only. You should always seek professional advice suitable to your needs.