A wave of regulatory changes is set to reshape Cyprus' financial sector in 2025 as the Cyprus Securities and Exchange Commission (CySEC) intensifies its supervision of investment firms, funds, and crypto service providers.

In 2024, the regulator carried out over 850 audits, issued €2.76 million in fines and revoked multiple operating licenses. As new EU regulations take effect, CySEC is now doubling down on compliance efforts to strengthen investor protection and financial stability.

CySEC Chairman Dr. George Theocharides outlined the organization's priorities during a recent press conference, emphasizing that "protecting investors and the further development of a healthy market" remain central to its mission.

"In 2025 and beyond, a series of significant regulatory changes will be implemented through European directives and regulations which are expected to strengthen the supervisory framework governing investment services," Theocharides said.

New Regulatory Landscape in 2025

Several key EU regulations, including the AML Package, European Single Access Point (ESAP), EU Sustainability Framework, AIFMD II, Financial Data Access Regulation (FiDA), MiFIR Review, and EMIR Refit, are expected to reshape the financial sector in the coming year.

Additionally, the EU's Retail Investment Strategy is set to bring new requirements for transparency and investor rights. The regulator also highlighted the EU's Savings and Investments Union Plan as a major driver of market transformation.

These inspections targeted a wide range of financial firms, including Cyprus Investment Firms (CIFs), Administrative Service Providers (ASPs), fund managers, and crypto-asset service providers (CASPs).

Additionally, CySEC reviewed 510 annual compliance reports and monitored derivatives transactions for 33 investment funds. The regulator also reportedly investigated misleading promotional materials and identified fake websites impersonating CySEC representatives.

As a result, it issued numerous public warnings and worked with European authorities to address fraudulent activities. Administrative fines in 2024 totaled €2.76 million, with Cyprus investment firms accounting for €2.12 million of that sum.

Supervisory Actions and Compliance Crackdown

Over the past three years, CySEC has reportedly imposed fines exceeding €7.82 million, reflecting its increasingly strict stance on compliance failures. Seven Cyprus investment firms had their licenses revoked or suspended, and two Reserved Alternative Investment Funds lost their authorization.

Crypto-assets remain a priority for CySEC as the Markets in Crypto-Assets Regulation (MiCA) takes full effect. The regulator has already received interest from multiple firms seeking licensing under the new framework.

Despite the heightened scrutiny, Cyprus's financial sector continued to expand in 2024. CySEC authorized 80 new entities, bringing the total number of supervised firms to 834. However, the regulator also rejected five licensing applications and saw 13 firms voluntarily withdraw their applications.

In 2024, CySEC also enforced the Digital Operational Resilience Act (DORA), which mandates stringent cybersecurity requirements for financial entities.