The Investment Services and Activities and Regulated Markets Law, Law 144(I) of 2007, requires Cyprus Investment Firms ("CIFs") that hold clients' funds to take every possible measure to protect their clients' interests. The Cyprus Securities and Exchange Commission ("CySEC") has issued detailed guidance to CIFs regarding these obligations in its Directive DI144-2007-01 of 2012, which requires CIFs to have adequate arrangements in place to minimize the risk of the loss or diminution of clients' assets, as a result of misuse, fraud, poor administration, inadequate record keeping or negligence.

CySEC has recently issued a circular reminding CIFs that maintain a merchant account for the clearing or settlement of payment transactions that any such merchant account must be completely segregated and may not be used by anyone other than the CIF. In no circumstances may CIFs' merchant accounts be used by connected persons or third parties, as this does not provide the required degree of segregation and protection of client funds.

CIFs must ensure that clients' funds are transferred to clients' bank accounts immediately after the clearing or settlement of the relevant transactions.

In order to minimise the risk of loss, CIFs must exercise all due skill, care and diligence in the selection and periodic review of the payment service providers with whom merchant accounts are maintained. Only payment service providers licensed and regulated by a competent authority of an EU Member State or of a third country applying the same standards are to be used. For purposes of transparency CIFs should include on their website a list of the payment service providers they use and the relevant supervisory authority. In their assessments of capital adequacy and large exposures, CIFs are required to apply the provisions of the relevant CySEC Directive and EU regulation to any balances they have with payment service providers. The circular notes that payment service providers do not fall under the definition of institutions as defined in article 4(3) of Regulation (EU) 575/2013.

CIFs that are not currently complying with these requirements are required to take corrective measures as soon as possible and in any event no later than 12 March 2015.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.