The national authority for banking regulation, supervision and resolution in the Republic of Cyprus is the Central Bank of Cyprus (“CBC’’) . The CBC regulates and supervises in conformity with the provisions of the Central Bank of Cyprus Law 2002, as amended (“CBC Law”) in order to ensure the financial system’s stability and to protect the interests of depositors . Given that Cyprus has been part of the Eurozone since January 2008 (and as such part of the Single Supervisory Mechanism (“SSM”), the European Central Bank (“ECB”) has assumed a number of tasks concerning policies relating to the prudential supervision of credit institutions established in SSM participating member states, which have been conferred on it by the Council Regulation (EU) No 1024/2013. These include the task of authorisation of credit institutions within the SSM.

According to the Business of Credit Institutions Laws of 1997 (as amended) (“Law”), a bank is prohibited from carrying out any activities other than those permitted under the banking license granted by the CBC (“Banking License”). The permitted activities are as follows:

• Accepting deposits and other repayable funds
• Lending
• Provision of payment services
• Issuing and administering other means of payment including travellers’ cheques and bankers’ drafts
• Guarantees and commitments
• Trading for own account or for account of customers in: (a) money market instruments including cheques, bills and certificates of deposit; (b) foreign exchange; (c) financial futures and options; (d) exchange and interest-rate instruments; (e) transferable securities.
• Participation in securities issues and the provision of services relating to such issues
• Advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating the purchase of undertakings and mergers
• Money broking
• Portfolio management and advice
• Safekeeping and administration of securities
• Credit reference services
• Safe custody services
• Issuance of electronic money

Different licenses are not required to carry out different Banking Services. Even though there are specific laws that regulate specific banking services, such as the Provision and Use of Payment Services and Access to Payment Systems Laws of 2018 to 2023 (‘’Payment Services Law’’) for payment services and the Electronic Money Law of 2012 for issuance of electronic money, a single Banking License authorises the applicant to carry out all the Banking Services.

The Banking Licence does not automatically permit other activities apart from the Banking Services referred to in question 2.

Yes, certain banks such as Hellenic Bank and Bank of Cyprus offer a sandbox service on their websites. Such a service enables the users to conduct specific activities, such as to perform multi-currency money movements, to access account information, to create subscriptions, and to connect their ERP systems to perform group and multiple payments. To date, the national banks of the Republic of Cyprus do not offer a “license light” for any activity.

The “Law” prohibits an Authorised Credit Institution (“ACI”) from carrying on any commercial activity for its own account or for a fee, unless the activity is included in the activities described in the Law, or unless the activity constitutes an undertaking providing ancillary services.

Pursuant to Regulation (EU) 2023/1114 (“MiCAR”) which has been transposed in Cyprus in 2025 by an amendment to the Law, crypto assets are defined as a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology. In addition, MiCAR also defined crypto – asset services, as the provision of custody and administration of crypto – assets on behalf of clients, operation of a trading platform for crypto – assets, exchange of crypto – assets for funds, exchange of crypto – assets for other crypto assets and execution of orders for crypto – assets on behalf of client . Up until 21 February 2025, such crypto – asset services were not included in the list of permitted activities; however, the listed activities are now permitted.

In terms of regulation, crypto – asset services (as defined above) are regulated primarily under the Prevention and Suppression of Money Laundering and Terrorist Financing Law (“AML Law”), which embodies the EU 5th Anti-Money Laundering Directive (“5AMLD”). In addition to the general rules, the AML Law defines crypto-assets and contains an obligation for all Crypto-Asset Service Providers (“CASPs”) to be registered with the Cyprus Securities and Exchange Commission (“CySEC”) as the competent supervisory authority for CASPs, creating a central registry for anti-money laundering purposes. In turn, CySEC has issued the Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing (Register of Crypto Asset Services Providers) (“CASP Directive”) which provides the framework for CASP registration and operation.

Moreover, MiCAR lays down various rules and requirements applicable to CASPs, including the following:

(a) transparency and disclosure requirements for the issuance, offer to the public and admission of crypto-assets to trading on a trading platform for crypto-assets;

(b) requirements for the authorisation and supervision of CASPs;

(c) the protection of holders of crypto-assets in the issuance, offer to the public and admission to trading of crypto-assets;

(d) requirements for the protection of clients of CASPs;

(e) measures to prevent insider dealing, unlawful disclosure of inside information and market manipulation related to crypto-assets, in order to ensure the integrity of markets in crypto-assets.

Under MiCAR, credit institutions may offer to the public or admit to trading an asset-referenced token provided that they submit an application for an authorisation to the national competent authority of their home Member State.

At the same time, both CySEC and the CBC have over the years issued warnings in relation to the risks associated with the purchase, holding, or trading of crypto-assets.

Presently, crypto assets and/or digital assets do not qualify as bank deposits, nor are crypto assets issued or guaranteed by the CBC do not possess a legal status of currency or money . Nevertheless, an CASP can manage, transfer, hold, safekeep, have in custody and exercise control over crypto-assets, provided that it is registered with CySEC .

The banking sector in Cyprus, has generally taken a cautious approach regarding proceeds generated from crypto currencies trading as the sources of funds used for as well as the funds derived from the sale of such crypto currencies, is not transparent enough to meet the AML Law criteria. As a result, banking institutions in Cyprus in general refuse to transfer funds to or accept funds from crypto currency exchange platforms. At present there is no indication from CySEC and the CBC as to when, in their view, a crypto asset might constitute a financial instrument or electronic money for the purposes of the Investment Services Law or the national law implementing the Electronic Money Directive .

Article 14 of the CASP Directive provides that CASPs must at all times maintain equity capital at least equal to the greater of the following amounts:

(a) €125000 or €150000, depending on the nature of its functions and activities;

(b) one quarter of its fixed costs for the previous year (revised annually). For this, the CASP must calculate the amount of the fixed costs of the previous year, based on the data derived from the applicable accounting framework and subtracting the following items from the total expenses after the distribution of profit to shareholders in the most recent audited annual financial statements:

(i) additional staff fees and other remuneration, to the extent that the said additional fees or other remuneration depends on the CASP’s net profitability in the relevant year;

(ii) participation in the profit of employees, directors and partners;

(iii) other distributions of profit and other variable remuneration, to the extent that they are made at its sole discretion;

(iv) non-recurring expenses from non-ordinary activities.

In case that one year has not passed since the date that the CASP started to operate, it must use the expected fixed costs included in the provisions of the transactions of the first twelve months, as submitted with its application for its registration in the CASP Registry.

The applicant or its authorised representative submits an application for obtaining authorisation to carry out the Banking Services to the CBC. Such an application must be accompanied by a programme of operations specifying the types of business activities planned and the organisational structure of the bank and any other related information and documents as may be required by the CBC.

The CBC will either refuse authorisation and notify the applicant of its reasoned decision within six months of receipt of the application, or if the application is incomplete, the CBC will request from the applicant additional information and/or documents and will notify its decision within six months of the receipt of the complete application. The CBC will conduct a preliminary check of the application and will notify the applicant of its decision within twelve months of receipt of its complete application.

According to the Law, the applicant may oppose the decision of the CBC to refuse its application by way of appeal under the Constitution. In terms of timing, this varies depending on the applicant and the type of services sought to be offered in Cyprus.

Cross border banking activity is generally considered permissible in Cyprus. Foreign and overseas banks may conduct cross–border banking activities into Cyprus without local presence, especially if they operate within the European Union passporting framework. For non – EU entities, there are more stringent regulations on the matter. An ACI of another Member State, that is an ACI situated in a Member State of the European Union or other state which is party to the Agreement for the European Economic Area, may carry out the activities permitted by the Banking License in the Republic of Cyprus either through the establishment of a branch or through the provision of services. In order for this cross-border activity to take place, the CBC must be notified by the competent authority of the other Member State . Then, the CBC will supervise the branch so as to indicate, if needed the conditions under which those activities shall be commenced in the Republic of Cyprus.

A branch of a third country institution is allowed to perform the activities permitted by the Banking License in the Republic of Cyprus, provided that it is entitled under the laws of that third country to carry on business of a credit institution . In order for this cross-border activity to take place, the third country institution must obtain the authorisation of the CBC .

Also, an ACI incorporated in the Republic of Cyprus may establish or maintain a branch or a representative office outside the Republic of Cyprus, provided it obtains the approval of the CBC . The CBC shall also be notified and provided with information specified in the Law, before the ACI establishes a branch within the territory of another member state .

The legal entities forms that can are permitted to operate as banks in Cyprus are the following:

• A credit institution incorporated in the Republic of Cyprus to which a licence has been granted under the provisions of the Law ;
• A credit institution incorporated and authorised in a Member State pursuant to corresponding legislation of that Member State in order to operate in the Republic of Cyprus through a branch ;
• A credit institution established and authorised in a third country pursuant to corresponding legislation of that country in order to operate in the Republic of Cyprus through a branch .

It is worth noting that aside the operation of banks, payment institutions (authorized to provide and execute payment services throughout the EU), can upon meeting the necessary criteria be licensed to operate as such by the CBC, since the Payment Services Directive has been transposed into the Cypriot law through the Payment Services Law . The Central Bank of Cyprus is the competent authority in Cyprus for the authorisation and supervision of such payment institutions.

Cypriot banking jurisdiction, does not have a specific / comprehensive legal framework mandating structural separation or ring – fencing, even though the Cyprus banking sector underwent a significant structural separation in the 2013 financial crisis.

Banks must adhere to the Basel III standards, ensuring high capital adequacy and liquidity, essentially ring – fencing capital in local subsidiaries.

In terms of the practical challenges to the group structures and operations, extensive KYC / AML requirements and close supervision often lead to increased costs and compliance burdens. Also, strict sanctions policies often create complexities in managing cross – border transactions and maintaining client relationships in certain, high – risk, jurisdictions.

Governance, risk management, and internal control requirements for banks in Cyprus are governed by a combination of the Central Bank of Cyprus and other regulatory bodies, depending on the corporate form of the ACI . Some key principles of corporate governance that banks in Cyprus implement is that the board should consist of at least 50% independent members (excluding the Chairman), other non – executive members as well as at least two executive members. The roles of Chairperson of the Board and the Chief Executive Officer (CEO) are separate and clearly established and assigned to two different persons.

The CBC Governance Directive indicates that the Nominations and Corporate Governance Code is responsible for ensuring the appropriate balance of diversity, skills and experience is maintained on the board of directors. The CBC Suitability Directive states that credit institutions must implement a policy promoting diversity on the management body with the aim of promoting a diverse pool of board membership.

As of 17 January 2025, all financial entities and information and communications technology (“ICT”) providers operating in or serving the EU market are required to comply with the Digital Operational Resilience Act (Regulation (EU) 2022/2554) (“DORA”). DORA introduces enhanced cybersecurity and digital operational resilience requirements for financial entities, ensuring that they have appropriate safeguards in place to mitigate cyber threats and operational disruptions.

Essentially, DORA establishes a comprehensive digital operational resilience framework for the EU financial sector. Financial entities must implement robust ICT risk governance integrated into their overall risk management, with board-level accountability, strong security, business continuity, and recovery measures, and regular updates to address evolving threats. They are required to detect, manage, and report ICT-related incidents through a harmonised EU process within strict timeframes, supported by root-cause analysis and remediation.

DORA also mandates regular resilience testing, ranging from basic assessments to advanced threat-led penetration testing for larger or systemically important entities. In addition, it imposes stringent requirements on ICT outsourcing and third-party providers, including due diligence, contractual safeguards, and regulatory oversight of critical providers.

IT outsourcing for ACIs is regulated by the Digital Operational Resilience Act (DORA), EBA guidelines, and CySEC, requiring comprehensive due diligence, mandatory contract clauses and strict management of critical third – party / cloud risks.

In July 2025, the European Central Bank (ECB) issued the final wording of its new guide on outsourcing cloud services to cloud service providers (CSPs). The Guide, among others, notes that when significant financial entities (FEs) use cloud services, they are advised to adopt a cloud strategy aligned with their other strategies, either as part of the DORA operational resilience strategy or as a component of their separate ICT risk and outsourcing strategy and a clear policy on the classification of all ICT assets, including those outsourced to CSPs.

Environmental, social and governance (ESG) and climate-related regulatory requirements have a significant and increasingly integrated impact on banks’ governance, risk management frameworks, disclosure obligations, and prudential supervision within the European Union.

From a governance perspective, under Directive 2013/36/EU (“CRD IV”) as amended by Directive (EU) 2019/878 (“CRD V”), banks’ management bodies are required to take responsibility for identifying and overseeing ESG and climate-related risks as part of their overall business strategy and risk appetite. Boards are expected to integrate sustainability considerations into decision-making, internal control systems, remuneration policies, and long-term strategic planning, ensuring that climate and environmental risks are addressed at the highest level of governance. In Cyprus, CRD V was transposed into national law via amendments to the Law, as well as through updated Central Bank of Cyprus (CBC) governance directives.

Regarding disclosure, the European Commission proposed the new Corporate Sustainability Reporting Directive (Directive (EU) 2022/246) (“CSRD”) for the purposes of revising the existing Non-Financial Reporting Directive (Directive 2014/95/EU) (“NFRD”). Historically, the European Union has steadily reinforced its sustainability reporting framework, beginning with the adoption of the NFRD, which required only large companies with over 500 employees to disclose non-financial information. With the introduction of the CSRD, both the scope and the level of detail of sustainability reporting was expanded in order to include more companies, ensuring greater transparency and comparability ESG data.

CSRD introduces additional significant improvements compared to the NFRD. Notably, it embeds the principle of double materiality, requiring companies to disclose not only how environmental and social factors affect their operations and financial performance, but also how their activities impact the environment and society, including issues such as climate change and resource scarcity.

In Cyprus, the CSRD was transposed into national law via amendments to the Cyprus Companies Law, Cap. 113, precisely through Law Ν. 162(Ι)/2025, the Auditor’s Law of 2017 and the Transparency Requirements (Securities Admitted to Trading on a Regulated Market) Law of 2007. The implementation is structured in three waves, with staggered reporting obligations depending on company size and type.

ACIs are subject to comprehensive remuneration requirements derived from CRD IV and CRD V (as discussed above), which are supplemented by the CBC Internal Governance of Credit Institutions Directives of 2021 to 2025 (“CBC Directive”) .

When establishing and applying the total remuneration policies, for categories of staff, whose professional activities have a material impact on the credit institution’s risk profile, credit institutions shall comply with a number of requirements in a manner that is appropriate to their size, internal organization and the nature, scope and complexity of their activities.

Firstly, the remuneration policy should be consistent with and promotes sound and effective risk management and should not encourage risk – taking that exceeds the level of tolerated risk of the credit institution and the remuneration policy shall also be gender neutral remuneration policy.

Remuneration policies must also clearly distinguish between fixed and variable components, with fixed remuneration reflecting professional experience and organizational responsibility, and variable remuneration reflecting sustainable and risk-adjusted performance. Precisely, variable remuneration is subject to a cap in relation to fixed remuneration. In addition, a significant portion of variable remuneration must be deferred over a specific period of time, with vesting linked to sustained performance and the financial situation of the institution.

ACIs are further required to include mechanisms allowing performance-based awards of cash or shares granted to executives and senior employees to either be reduced (malus) or repaid (clawback), with up to 100% of the total variable remuneration being subject to malus or clawback arrangements.

Enforcement in practice is carried out by the Central Bank of Cyprus, which reviews remuneration policies and their application as part of its ongoing prudential supervision and supervisory review process.

The Basel III framework is implemented in the European Union mainly through Regulation (EU) No. 575/2013 (“CRR”) and CRD IV (as amended by CRD V), which have been transposed into Cyprus law.

CRD IV as amended by CRD V requires banks in the Republic of Cyprus to completely and accurately disclose the information on the leverage ratio in accordance with Articles 429-430 of CRR to a competent authority such as a public authority or body of a Member State that is officially recognized and empowered by national law to supervise investment firms, as part of the supervisory system in operation in that Member State . In Cyprus, the competent authority for credit institutions is CBC. Precisely, the following information shall be disclosed:

• The leverage ratio which shall be calculated as an institution’s capital measure divided by that institution’s total exposure measure and shall be expressed as a percentage, and shall at all times satisfy the 3%;
• A breakdown of the total exposure measure and a reconciliation of the total exposure measure with the relevant information reported in published financial statements;
• The amount of derecognized fiduciary items, where applicable;
• An outline of the method used to manage the risk of excessive leverage;
• An outline of the factors that affected the leverage ratio during the period to which the disclosed leverage ratio refers .

Banks are required to calculate their leverage ratio at the reporting reference date.

Cyprus has implemented the Basel III liquidity requirements in relation to liquidity coverage ratio (“LCR”), as specified in the CRR. The specified liquidity requirements are:

• Banks shall hold liquid assets, the sum of the values of which covers the liquidity outflows less the liquidity inflows under stressed conditions in order to make sure the banks preserve levels of liquidity buffers that are sufficient to face any probable imbalance between liquidity outflows and inflows under highly stressed conditions over a period of thirty days. During times of stress, banks are able to use their liquid assets so as to cover their net liquidity outflows.
• Banks shall not count double liquidity inflows and liquid assets.
• Banks are able to use the abovementioned liquid assets to meet their obligations under stressed circumstances .
• Banks maintain a minimum LCR requirement .

It is also stated under Section 23 of the Law that the CBC may set a minimum ratio of liquefiable assets to be held by ACIs in relation to the liabilities and other obligations of ACIs that may arise or mature within a period . The liabilities and the liquefiable assets shall be defined and calculated as may be determined by the Central Bank and notified in writing to ACIs.

However, CRR has not implemented the liquidity requirements regarding the net stable funding ratio (“NSFR”), and it states that institutions shall observe a general funding obligation until the introduction of the NSFR .

Generally, commercial banks may seek assistance from the CBC to address immediate, short-term liquidity requirements. Pursuant to Article 39(2)(b) of the CBC Law , the CBC may engage in lending and borrowing operations with credit institutions (banks and other market participants in order to achieve its objectives and carry out its tasks. In addition, under Article 46(3) of the CBC Law, the CBC may grant advances against collateral security or grant loans against collateral security to credit institutions for fixed periods and for purposes which the CBC may designate.

In addition, the ECB can extend facilitates to banks against the provision of adequate collateral . These can be conducted either through Main Refinancing Operations (“MROs”) which are used to provide banks with liquidity for a duration of one week or more or Longer-Term Refinancing Operations (“LTROs”) which normally have a maturity of three months. These are also one of the tools that allow the ECB to steer interest rates by providing liquidity to, or withdrawing liquidity from, the market.

A common method of raising funds (applicable to all commercial entities), including banks, is to issue bonds or debt notes.

Banks incorporated in the Republic of Cyprus must publish, within six months from the end of each financial year, their balance sheets and profit and loss accounts for that year, as well as the approved report of the auditor . Banks, other than those incorporated in the Republic of Cyprus, must publish their balance sheets and profit and loss accounts for each financial year covering their business as a whole, in the manner provided by the CBC .

There is no requirement under the Law for interim reporting. To the extend than a bank is subject to other regulations (for example if a listed entity the Stock Exchange Rules), then more frequent reporting or other requirements may apply.

Consolidated supervision of banks exists in Cyprus and is carried out by the CBC. Consolidated supervision is exercised when the parent undertaking of an ACI incorporated in the Republic is a parent credit institution established in another Member State in relation to an ACI incorporated in the Republic of Cyprus which has a parent financial holding company or a parent mixed financial holding company . Where the ACI incorporated in the Republic of Cyprus has a parent financial holding company or a parent mixed financial holding company which is a Member State or which is established in the European Union, the CBC shall exercise supervision on a consolidated basis .

The consequences of carrying out a consolidated supervision are:

• Coordination of the gathering and sharing of important information in going concern and emergency situations.
• Planning and coordination the supervision of activities in going concern situations, in cooperation with the competent authorities involved.
• Planning and coordination, in cooperation with the competent authorities involved or in emergency situations the European Central Bank and other national central banks, of supervisory activities.

An acquisition of shares in the capital of an ACI established in the Republic of Cyprus by any natural or legal person individually or in concert with other persons, directly or indirectly, which results to the proportion of the voting rights or of the capital held to reach or exceed, a qualifying holding of 10% or to further increase such holding to 20%, 30% or 50% ,or so that the ACI would become its subsidiary shall give prior notice to the CBC, specifying the size of the proposed holding and the relevant information. The CBC will then examine the notification and information provided by taking into account a number of criteria specified under the provisions of the Law. The ACI also has an obligation to inform the CBC of any acquisitions or disposals of qualifying holdings in its capital that cause holdings to exceed or fall below one of the thresholds referred to above.

In addition to the above, the ACI must disclose to the CBC in relation to any legal person who holds 5% or more of an ACI’s issued share capital the names of its ultimate beneficial owners to whom each legal person belongs to at least once a year or when such information is amended or changed.

In accordance with the Law on Transparency Requirements, the acquisition or disposal of listed shares (including those of ACIs), either listed in the Cypriot Stock Exchange (“CSE”) or in any organised market of any other EU member state, crossing directly or indirectly 5%, 10%, 15%, 20%, 25%, 30%, 50%, 75% thresholds of the total voting rights of the issuing company must be notified to the issuer, the Cypriot Securities and Exchange Commission and/or the CSE.

A natural or legal person who plans to acquire a proportion of voting rights or capital in a ACI which reaches or exceeds twenty percent (20%) should notify the CBC, specifying the size of the proposed holding . A natural or legal person who decides to dispose its qualifying holding in an ACI must first notify in writing in advance the CBC indicating the size of its qualified holding.

In addition to the above and in accordance with the Law on Transparency Requirements (Law 190 (1) 2007), the acquisition or disposal of listed shares (including those of ACIs), either listed in the Cypriot Stock Exchange (“CSE”) or in any organized market of any other EU member state, crossing directly or indirectly 5%,10%, 15%, 20%, 25%, 30%, 50%, 75% thresholds of the total voting rights of the issuing company must be notified to the issuer, the Cypriot Securities and Exchange Commission and/or the CSE.

There are no specific restrictions on foreign shareholdings in banks.

Regarding the domestic or otherwise other systematically important institutions (“O-SII”) and globally systematically important institutions (“G-SII”), The CBC recognises a special regime:

• By setting the additional G-SII capital buffer that each G-SII credit institution must maintain, and
• By setting the additional O-SII capital buffer that each 0-SII institution must maintain .

The infringement of any provisions of the Law or any regulations or directives issued by the CBC under the said Law is an offence punishable by the following ways:

• imprisonment not exceeding 5 years
• a fine not exceeding one million Euros (€1.000.000)
• by both aforementioned ways.

In case of a continuing offence by a further fine not exceeding 5 thousand Euros (€5.000) for each day during which the offence continues .

Banking supervision and enforcement in Cyprus is carried out by the ECB and the CBC within the framework of the Law (as amended) and applicable EU legislation, including CRD IV, CRD V and the CRR.

The CBC exercises its supervisory and enforcement powers through directives issued under the Law and through ongoing supervision of credit institutions, while the ECB directly supervises significant banks under the SSM, working in close cooperation with the CBC. Supervision is continuous and aimed at ensuring the safety and soundness of the banking system, financial stability and consistent application of supervisory standards.

Enforcement activity is primarily directed at banks as institutions, with supervisory measures typically focusing on compliance with prudential, governance and regulatory requirements. Members of the management body are subject to ongoing reassessment, and banks must take corrective measures if individuals are found unfit.

The CBC is in the process of restructuring its supervisory framework and enhancing its institutional capacities. This includes organizational reforms aimed at improving supervision and compliance enforcement across the banking sector, addressing emerging risks, and strengthening compliance culture within supervised entities. At the same time, due to M&A activity, the number of retail ACIs operating in Cyprus has been reduced benefiting supervision and regulation of the sector.

The Law on Deposit Guarantee and Resolution of Credit Institutions and Other Institutions Scheme of 2016 (as amended), as amended by 22(I)/2020, modelled after the relevant EU Regulation, is meant to provides limited protection (up to €100,000, the so-called “Deposit Guarantee Scheme”) of a bank client’s cash deposits. Thus, according to the Law, an ACI may accept deposits provided that it participates in the Deposit Guarantee Scheme. It is noted that during the 2013 financial crisis, the Deposit Guarantee Scheme did not function and was unable to compensate the depositors, with the EU, CBC and the Government forcing an equivalent measure to the detriment of depositors with over €100,000, by the use of a bail-in tool. The discriminatory nature and other aspects of this approach have been the subject of various articles and procedures before courts, as well as EU-wide reflection on its appropriateness.

In addition to the aforementioned amount, the following deposits are covered up to fifty thousand Euros (€50,000): (a) deposits from immovable property transactions that concern private residence, and (b) deposits that serve social purposes.

Cyprus has amended its legislative framework to be in line with the EU Bank Recovery and Resolution Directive 2102014/59/EU (“BRRD”) and the Deposit Guarantee Schemes Directive 2014/49/EU, which provides a unified framework for the recovery and resolution of entities active in financial markets, including credit institutions, investment firms and financial holding companies, and the protection of depositors.

Precisely, Cyprus enacted the Resolution of Credit Institutions and Investment Firms Law of 2016 (Law No. 22(I)/2016) (“Resolution Law”), which established a framework for the recovery and resolution of credit institutions and investment firms. The Resolution Law also designates the CBC as the National Resolution Authority (NRA), with the CBC’s board serving as the decision-making body.

Under the Resolution Law, resolution action can only be taken when all of the following conditions are satisfied :

(a) The competent supervisory authority, in consultation with the resolution authority, has determined that the institution is failing or is likely to fail.

(b) Considering the timing and relevant circumstances, there is no reasonable prospect that alternative private-sector measures or supervisory actions could prevent the institution’s failure within a reasonable period.

(c) The resolution action is necessary to protect the public interest.

Further, the resolution measures that the resolution authority may apply include (a) the sale of operations measure, (b) the measure to transfer assets, rights or liabilities to a bridge institution, (c) the measure to transfer assets and rights to an asset management company, (d) the bail-in measure .

As already mentioned, the bail-in tool was first applied within the Eurozone in Cyprus in 2013. The bail-in tool is meant to be applied for two purposes:

(a) To recapitalise an ACI or a relevant person that meets the conditions for resolution to the extent sufficient to:

•  restore its ability to comply with the conditions for authorisation of the entity or, where such conditions exist for the relevant person, of the relevant person and
• to continue to carry out the activities for which it is authorised under the Investment Services and Activities and Regulated Markets Law or the Business of Credit Institutions Law as applicable, and
• to sustain sufficient market confidence in the institution or relevant person;

(b) To convert to equity or reduce the principal number of claims or debt instruments that are transferred:

• To a bridge institution with a view to providing capital for that bridge institution; or
• Under the sale of operations measure or the measure to transfer assets and rights to an asset management company.

The bail-in tool may be applied to all liabilities of an institution or relevant person, except to those excluded by the Resolution Law, including:

(a) covered deposits;

(b) secured liabilities including covered bonds and liabilities in the form of financial instruments used for hedging purposes which form an integral part of the cover pool and which are secured in a way similar to covered bonds;

(c) a liability to an institution, excluding entities that are part of the same group, with an original maturity of less than seven days;

(d) a liability to an employee in relation to accrued salary, pension benefits or other fixed remuneration

The Financial Stability Board’s standards on Total Loss-Absorbing Capacity (TLAC) which have been implemented into EU law as Directive (EU) 2019/879, apply only to globally systemically important credit institutions. The CBC has not issued a banking licence to any G-SIIs in Cyprus, but there are eleven other systemically important institutions (O-SIIs) in Cyprus which must fulfil supplementary requirements concerning the amount of capital they must hold as a buffer (the buffer range being between 0.5 -2% in gone concern capital).

According to Section 27 of the Internal Governance of Credit Institutions Directives issued by the Central Bank of Cyprus for the years 2021 to 2024 the chief executive officers and senior managers of credit institutions in Cyprus bear the responsibility for guiding and supervising the effective management of their respective institutions. This responsibility is exercised within the framework of authority granted by the management body and in adherence to relevant laws and regulations. In addition, under the Directive on the Prevention of Money Laundering and Terrorist Financing (“CBC AML Directive”) issued by the CBC, senior management is responsible for ensuring that financial institutions implement effective policies, procedures, and internal controls to prevent money laundering and terrorist financing. According to Article 58C of the AML Law, senior management must approve these measures and continuously monitor their effectiveness. Additionally, they are required to take corrective action when deficiencies are identified .

The CBC has the authority to impose administrative fines on individuals within a credit institution, including managers and senior officers, for breach of any relevant law, regulation or guideline due to negligence, deliberate omissions, or intentional misconduct . Additionally, the CBC may, at its discretion, publicly disclose the names of individuals found to have violated AML laws, reinforcing personal accountability for compliance.

While the regulatory framework is aimed at disciplining senior officers and those in managerial roles, its broad wording may extend beyond decision-makers to any financial institution employees, sometimes resulting in a culture of no assumption of responsibility.

The recent mergers in Cyprus’ banking sector are the most notable market developments which are expected to have the most significant impact on the banking sector. Eurobank’s takeover and merger with Hellenic Bank, and Alpha Bank’s acquisition of Astro Bank have limited the number of retail ACIs in the country, albeit created bigger players.

In addition, Europe’s push for the digital euro is another development that will affect the banking sector in the following months. EU lawmakers are expected to decide on the future of the digital euro in 2026, something that will subsequently have effect in Cyprus regulations on the matter. The Central Bank of Cyprus has outlined its roadmap for the digital euro’s rollout, aiming to ensure Cyprus is prepared for what may become one of the most significant currency innovations in decades.

In addition, there has been an increase in the establishment and use of electronic money institutions (EMI) and payment institutions (PI) as an alternative to traditional banks. Cyprus as an EU member state with the requisite legal and regulatory framework attracted a number of EMIs and PIs to be established locally. Cyprus EMIs are regulated by the CBC.

Regulations and the regulatory authority’s oversight are akin to those applicable to ACIs in terms of compliance, capitalization, risk management, and cybersecurity. EMIs are also subject to the European Directive 2009/110/EC on electronic money, PSD2, etc.), which facilitates their operations within the Single Euro Payments Area (SEPA).