The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, has on March 10th published its peer review report on the supervision of cross-border activities of investment firms. With this peer review, ESMA is also issuing Article 16 recommendations to the Cyprus Securities and Exchange Commission (CySEC), the first time ESMA has issued such recommendations to a National Competent Authority (NCA). ESMA identifies in the peer review the need for home NCAs to significantly improve their approach in the authorisation, ongoing supervision and enforcement work, relating to investment firm’s cross border activities. This includes calibrating their supervisory work to the nature, scale and complexity of those firms’ cross-border activities and the risks they pose.
Verena Ross, Chair, said: “Effective supervision of cross-border activities by home NCAs is crucial to ensure that retail clients benefit from the same level of protection regardless of where the firm providing those activities is based. As we strive to develop an effective European capital market, and retail investors increasingly access investment opportunities across the EU, ensuring investor protection and the proper functioning of the single market is a key mission for ESMA and NCAs.
The recommendations set out in the reports aim to significantly reinforce the cross-border supervisory framework. ESMA, in also making recommendations under Article 16, shows it will use its full toolkit to promote effective and consistent high-quality supervision.”
The peer review assessed how NCAs supervise the investment services that investment firms and credit institutions provide to retail clients on a cross-border basis using a MiFID II passport. This exercise focused on the AFM (Netherlands), BaFin (Germany), CNB (Czech Republic),CSSF (Luxembourg), CySEC (Cyprus) and MFSA (Malta) in light of the significance of their domestic firms’ cross-border activities.
In addition to the peer review recommendations addressed to the NCAs, ESMA decided to issue two specific recommendations to CySEC under Article 16 of the ESMA Regulation requiring it to make every effort to comply. These recommendations aim to increase the human resources dedicated to the supervision of cross-border services of Cypriot investment firms, and to strengthen CySEC’s supervisory activities to effectively monitor, promote and enforce compliance by authorised firms.
Summary of findings
ESMA, based on the peer review findings, identified that home NCAs’ supervision is not sufficiently effective when it comes to their firms’ cross-border activities:
- NCAs covered by the peer review did not specifically, adequately and structurally consider firms’ cross-border activities in their supervision. In particular, NCAs did not sufficiently identify, assess and monitor the risks related to firms’ cross-border activities or take supervisory actions to effectively address those risks;
- Out of the six jurisdictions covered in the peer review, Cyprus had the highest level of outgoing cross-border activities, and by far the highest number of complaints relating to firms’ cross-border activities and of requests from other NCAs relating to Cypriot firms’ cross-border activities. A large number of Cypriot firms pose a high risk of investor detriment, due to the frequent provision of services involving speculative products, with aggressive marketing behaviour. ESMA identified that CySEC’s supervisory activities have overall proven insufficient at addressing the risks posed by Cypriot firms’ cross-border services; and
- ESMA identified that overall, home NCAs appear to have established adequate processes in relation to the passport notifications and – with some areas for improvements – in the context of cooperation.
The peer review also revealed satisfactory results on the activities carried out by host NCAs
ESMA expects to carry out a follow-up assessment in two years to review the level of improvements achieved considering the findings and recommendations of the peer review report.
Following the Article 16 recommendations, CySEC has two months to inform ESMA whether it complies/intends to comply with the recommendations. In addition, the recommendations foresee ad-hoc and periodic updates that CySEC should provide to ESMA to assess that the recommendations are effectively addressed.