CySEC’s new sanctions regime: What investment firms must do to stay compliant

The Cyprus Securities and Exchange Commission (CySEC) is moving to significantly strengthen its sanctions enforcement regime, and CFD brokers are directly in scope. With CySEC’s new framework entering into force on 1st August 2025, supervised entities must ensure their sanctions controls are fit for purpose and capable of detecting and preventing breaches. Supervised entities include:

1. Cypriot Investment Firms
2. Administrative Service Providers
3. UCITS Management Companies
4. Internally Managed UCITS
5. Alternative Investment Fund Managers
6. Internally Managed AIFs
7. Internally Managed AIFLNPs
8. Special Purpose Entities managing AIFLNPs
9. Sub-threshold AIFMs under Law 81(I)/2020
10. Crypto-Asset Service Providers

Cypriot Investment Firms (CIFs) offering contracts for difference (CFDs) to retail clients should take particular notice. Given their speed and cross-border nature, CFDs present an attractive channel for sanctioned individuals seeking synthetic exposure to restricted markets.

In the following sections, we outline the key provisions and provide a practical blueprint for compliance.

The three laws at a glance

1. Criminalisation of sanctions breaches:^[1] Implements EU Directive 2024/1226, making it a criminal offence to:

1. Provide funds or resources to designated persons
2. Fail to freeze sanctioned assets
3. Breach trade/service bans or licence terms
4. Facilitate sanctioned individuals’ entry or transit
5. Conceal ownership/control or circumvent sanctions

^[1] These offences apply inside and outside Cyprus if there’s a Cypriot link.

2. National Sanctions Implementation Unit (NSIU): The NSIU operates within the Ministry of Finance to coordinate sanctions implementation, process licence applications, issue guidance, and impose administrative fines, alongside enforcement by CySEC.

3. Whistleblower protection for sanctions breaches: Expands whistleblowing laws to cover sanctions violations, including attempts and facilitation. Firms must protect whistleblowers and handle disclosures appropriately.

Why CFD brokers are in the crosshairs

CFD brokers sit at the intersection of multiple Financial Action Task Force (FATF) red flags: rapid, digital onboarding; high-velocity, cross-border trading; and reliance on affiliate, introducing brokers (IB), and white-label distribution chains. These models create “intermediary chains” - precisely the structures FATF warns are exploited to obscure beneficial ownership, bridge jurisdictional gaps, and evade sanctions.

Add leverage, synthetic exposure to restricted markets, and the growing role of crypto funding, and the risk profile intensifies. This doesn’t mean CFD brokers are inherently non-compliant, but it does mean the sector must adopt enhanced controls if it wants to stay ahead of sanctions evaders.

Sanctions compliance checklist

CySEC’s circular sets out clear operational priorities for supervised entities. The focus is on tightening controls to detect, escalate and report sanctions breaches quickly and effectively.

Onboarding and screening

• Screen customers, beneficial owners, intermediaries against EU/UN/US sanctions lists before onboarding.
• Embed risk-based continuous screening. Trigger fresh checks when ownership, jurisdiction, or payment channels change.
• Apply screening to all relevant relationships: counterparties, service providers, and introducers, not just direct applicants.
• Maintain evidence of screening results, including false positives in management logs.

Transaction monitoring

• Monitor all financial flows (deposits, withdrawals, payments, trades, transfers) in real time or near real time where activity volume is high (e.g. CFDs).
• Detect direct and indirect exposure including via ownership/control structures, intermediaries, and proxy arrangements.
• Block and flag transactions involving prohibited goods, services, or crypto-assets covered by EU restrictive measures.
• Integrate sanctions monitoring into AML and market abuse surveillance, so potential breaches are reviewed in the wider financial crime context.
• Document thresholds, alerts, and escalation pathways in policies/procedures.

Suspicious activity reporting

• Define clear internal thresholds and triggers for sanctions-related suspicious activity.
• Monitor circumvention attempts like PSP layering, sudden jurisdictional shifts, nominee/proxy arrangements.
• Maintain complete records of alerts, investigations, and decisions, including “no-report” outcomes.
• Train staff to recognise sanctions red flags, tailored to business activity (e.g. trading, crypto, payments).

Escalation processes

• Establish time-bound escalation channels for compliance, senior management, and the board.
• Define escalation routes to NSIU and CySEC for suspected or actual breaches.
• Ensure escalation is immediate once a potential match is confirmed - delays can be treated as non-compliance.
• Align escalation channels with whistleblowing procedures, so both internal and third-party reports are captured.
• Protect staff and external reporters under whistleblower protection laws.

The penalty profile

The enforcement risks under the new sanctions regime are substantial:

• Individuals: Up to five years’ imprisonment and fines of up to €100,000
• Legal entities: Up to 5% of global turnover or €40 million, whichever is higher
• Other measures: Licence withdrawal, business bans, exclusion from public contracts, and even liquidation in severe cases
• Asset freezes/confiscations: Apply even if the assets are not deemed criminal proceeds

Notably, dual enforcement by the NSIU and CySEC means that a single breach could trigger both criminal and administrative sanctions, amplifying the risk for firms.

CySEC has already demonstrated a clear willingness to intervene when firms fail to meet their obligations. In July 2025, the Cyprus Stock Exchange suspended trading in three listed companies after they failed to submit key financial reports - a move taken following a directive from CySEC.

What’s next?

Leverage your risk assessment

Exposure must be assessed against the specific contours of the business model, products, and distribution channels. For CFD brokers, FATF’s red flags should be given priority in risk assessments, especially the presence of intermediary chains and the use of virtual assets.

Strengthen controls and governance

CySEC’s direction of travel is towards active intervention. Firms need escalation frameworks that integrate sanctions, AML, and market abuse monitoring into a single surveillance architecture. Escalation must be immediate and seamless, with clear routes to compliance, senior management, and regulators.

Invest in advanced monitoring

Compliance hinges on speed and precision. Investing in a trade surveillance system that is engineered to track high-velocity CFD flows and that can be calibrated to capture synthetic sanctions exposure and cross-border risks is essential.

If you’d like to discuss your regulatory requirements in further detail, feel free to book a consultation or get in touch using a contact form.