English Greek Russian Ukrainian
  • Neocleous

Executive summaries in the reports of the compliance, risk management and internal audit functions of regulated entities

The Cyprus Securities and Exchange Commission (‘CySEC’) has issued a circular instructing Cyprus Investment Firms (‘CIFs’) to include an executive summary at the beginning of the periodic reports to the senior management and board of directors prepared by their compliance, risk management and internal audit functions. The circular also applies to UCITS management companies and alternative investment fund managers when they provide investment services.

Article 18(2)(a) and (f) of the Investment Services and Activities and Regulated Markets Law of 2007 and CySEC Directive DI144-2007-01 of 2012 require the compliance officer, risk manager, and internal auditor of regulated entities to prepare, at least once per year, written reports in respect of their respective areas of responsibility to help the senior management and board of directors of the entity to monitor the effectiveness of its policies, arrangements and procedures established to ensure compliance with its legal and regulatory obligations.

In order to facilitate the assessment and review of the reports and to assist the board of directors in its decision making, such reports should begin with an executive summary. This should be an integral part of the report, no more than three pages in length, and should include the following sections:

  • Introduction.
  • Purpose, objectives and terms of reference.
  • A summary of all key findings or weaknesses, regardless of whether they have been rectified within the year, and the main issues from previous years that are still unresolved.
  • Suggestions.
  • Conclusion.

CySEC requires all reports for 2016 and later years to meet these standards.