A practical guide to prepare the Annual MiFID Report in 2025

1. Executive Summary

The Executive Summary is a critical component of the Annual MiFID Report, offering a concise overview of its purpose, key findings from the previous year, weaknesses identified during the reporting period, whether rectified or outstanding, and the Compliance Officer’s recommendations. It serves as a practical tool for both senior management and regulatory authorities by highlighting the most significant issues, the corrective measures implemented or pending, and the proposed improvements. In practice, the Executive Summary should not exceed five to six pages and must be signed by the Compliance Officer.

2. The Company

The Company section under the Annual MiFID Report sets out the key information necessary to contextualise the firm’s regulatory operations. It should include the company’s registered and previous names, legal entity registration number, contact details, registered address, official website and any domains authorised or pending authorisation by the competent authority. This section must also outline the firm’s licensing details, such as the license number and date of issue, the investment and ancillary services provided, and any upgrades or downgrades to the license during the reporting period. In addition, the most recent organisational structure, as submitted through the CIF Electronic Record, should be presented together with a description of any material changes, including modifications to shareholders, directors, key function holders, or the compliance department.

3. Legal Framework

A key section of the Annual MiFID Report outlines the applicable regulatory framework, which forms the foundation of investment and ancillary services regulation. These include primary legislation such as National Law and European regulations, and secondary legislation such as Directives and circulars issued by regulators concerning investment services. This section should not merely reference these legal instruments but provide a clear account of any recent or forthcoming amendments, highlighting new provisions, updated requirements or upcoming directives that may impact the firm’s operations.

Beyond referencing regulatory developments, the Compliance Officer must also assess their practical implications for the firm. For each change, the report should outline the measures and procedures adopted to ensure compliance, identify any weaknesses or deficiencies, and present recommendations for improvement, together with implementation plans and timeframes where necessary.

4. Business Divisions

The Business Division section of the Annual MiFID Report should provide an overview of the firm’s governance and structure, beginning with the BoD and SM. This includes a brief description of their duties and responsibilities, by emphasising on their obligation to ensure that the company’s control processes and procedures are appropriately designed and effectively implemented, and capable of reducing compliance risk. Supportively, the BoD bears responsibility for compliance with all applicable laws, directives and regulations.

Depending on the size, nature, and complexity of the firm’s activities, various committees may be established, such as a Risk Management Committee, Investment and Product Governance Committee, Remuneration Committee, or Nomination Committee.

The report must also provide a clear description of the Compliance Department, outlining the details of the appointed Compliance Officer and Compliance Assistants including their name, position, date of appointment and location, together with a summary of their duties and responsibilities. Consequently, this ensures that the organisational structure and accountability lines are clearly presented.

5. Compliance Function’s Inspections

The Compliance Function’s Inspections form the core of the Annual MiFID Report, spanning every important function of the company and covering all key areas through both desk-based monitoring and onsite assessments. These inspections typically review the firm’s organisational structure and governance arrangements, operating requirements, client complaints and marketing material.

A key element of this process is the regular review and update of policies and procedures which must take place at least annually and whenever significant events occur, such as regulatory developments, business plan modifications, restructuring or the emergence of new risks. These inspections also extend to the firm’s organisational requirements, including personnel changes, employment contracts, remuneration practices and the effectiveness of key control functions such as Compliance, Risk Management and Internal Audit. In terms of operating conditions, the Compliance Function examines areas such as the internal operations manual, conflicts of interest, client complaints, outsourcing, record keeping and other related processes.

In addition, significant attention is given to client account opening and closing procedures, ensuring accurate disclosures, appropriate documentation, proper client categorisation, KYC collection and assessments at onboarding, as well as the handling of dormant accounts, the return of client funds, and record-keeping at closure.

Additional inspections extend to core departments; including Back Office, AML, Accounting and Finance, Business Development, Customer Support, and IT, confirming that all functions are adequately resourced, aligned with regulatory requirements, and integrated into the firm’s overall control framework. By documenting both the scope and findings of these inspections, the report demonstrates how the Compliance Function monitors the adequacy of internal controls and drives the continuous improvement of governance and compliance culture.

6. Correspondence with CySEC

Consequently, even though investment firms must comply with all the obligations outlined above, they should also ensure that the Compliance Function is always actively involved in all material and non-routine correspondence with CySEC. Furthermore, any such correspondence with CySEC or other competent authorities should be documented and included within the Compliance Function’s report, demonstrating transparency and oversight in regulatory interactions.

Final Thoughts

Preparing the Annual MiFID Report requires a structured and diligent approach, with strict adherence to regulatory guidelines. Every section of the report, from the Executive Summary to the correspondence with CySEC, plays a vital role in demonstrating the firm’s commitment to strong governance, effective internal controls, and investor protection for Compliance Officers, Senior Management, and Boards of Directors at Cyprus Investment Firms (CIFs), preparing a thorough and accurate Annual MiFID Report is essential to meeting supervisory expectations and safeguarding the firm’s regulatory standing.

In response to this need, SALVUS Funds, in collaboration with the Institute for Professional Excellence (IforPE), presents a self-study course titled “A practical guide to prepare the Annual MiFID Report in 2025”. Drawing from the extensive expertise of our Regulatory Compliance team, this course offers valuable insights into the intricacies of report preparation. By undertaking this course, professionals will acquire the knowledge and skills necessary to prepare a sound MiFID Annual Report that meets regulatory standards.

The SALVUS Regulatory Compliance team can support CIF, CASP and other CySEC and CBC regulated entities, to fulfill their regulatory and reporting obligations, and prepare your Annual MiFID Report through our Compliance Consulting service.

Contact us at compliance@salvusfunds.com should you require further guidance on the preparation of your Company’s MiFID Report or if you have enquiries about our Annual MiFID Report course with IforPE.

#StayAhead

The information provided in this article is for general information purposes only. You should always seek professional advice suitable for your needs.