Often blasted in the media and other industry forums for being too lenient with brokers in its jurisdiction, as well as for the lax implementation of various regulations that result in hindering the completion in the global online retail forex and binary industry, the Cypriot regulator CySEC has lately been making many efforts to improve its image as a watchdog and tighten the leash on the forex and binary brokers it has licensed, leading to an improved protection network for traders and customers.
Within this framework, and shortly after issuing several fines to CIFs, suspended licenses and admitted it is investigating one of its most prominent CIFs, namely Iron FX, CySEC has addressed on 2nd September a circular to all the Cyprus Investment Firms on the subjects of Notification of website address, Domain Name and Redirecting and informing clients.
More specifically, with regards to the subject of notification of website addresses of CIFs, the Cypriot watchdog reminds CIFs that according to the country’s Investment Services and Activities and Regulated Markets Law of 2007, they are obliged to notify all the addresses of their domains to CySEC, also remarking that it has come to its attention that certain CIFs provide investment services through websites the address for which they have not notified to the regulator.
Urging CIFs that they need to fully comply with the legal provisions, CySEC requests them to inform the regulator about all the addresses of their websites no later than September 25, 2015, also informing them that it then intends to register these addresses in the Public Register of Article 7 of the Law, in which all licensed CIFs are registered, and to post them on its own website, as well. Moreover, it also points out that within this same deadline CIFs must also update their electronic records kept in CySEC, as this is specifically required by Directive DI144-2007-12 of 2012 and Circular CI144-2012-22 on CIFs electronic records.
CySEC clarifies that throughout the duration of their operation all CIFs must ensure that they operate only through the websites addresses already notified to the CySEC and posted on its website, warning that CIFs providing investment services through unregistered domains will be considered as violating the relevant legal provisions.
As regards the cases where a domain name used by a CIF is different from the name under which the CIF was granted authorization, CySEC comments that this is a usual phenomenon and that this is potentially misleading since the visitors of the website do not always know, or have the wrong impression, as to the name of the person who operates through that domain name. The regulator says that this happens because often there is no explicit reference on the website of the CIF that the domain name is operated by it, or if there is such reference, it is not always visible.
CySEC reminds CIFs of their legal obligation when providing investment and ancillary services to customers, to act fairly, honestly and professionally and that all information addressed by a CIF to its clients or potential clients shall be fair, clear and not misleading. Therefore it highlights that the visitors of a website must be informed on the name of the person that operates the website and provides the investment services.
Consequently, it instructs all CIFs to establish and implement measures so that the visitors of their websites are informed of their name so as there should be no misrepresentation on that, when establishing a business relationship. According to CySEC such measures may be in the form of the posting of a prominent statement (in a prominent place with marked letters) on the home page of their website that this website is under the operation of the CIF, or alternatively in the form of informing visitors of the CIF’s name through a pop-up message.
With regards to the subject of the use of the same domain name by other persons, CySEC sees this as a problem since as a result, clients or potential clients of the CIFs do not know, or have the wrong impression, as to the name of the person with which they establish, or intend to establish, a business relationship, and as to whether this person is licensed / supervised by a competent authority.
CySEC remarks that according to the relevant legislation there must be no ambiguities as to the name of the CIF with which clients or potential clients deal, or intend to deal. Pointing out that the CIF remains fully and unconditionally responsible for any misrepresentation thereupon, CySEC says that CIFs must operate a domain name that is unique and not used by another person. Furthermore, the domain name must direct potential clients to a website, belonging exclusively to the CIF.
Moreover, according to CySEC in the cases where a CIF is not the owner of the domain name but concludes an agreement with the owner for its use, it must be ensured, under the Agreement, that it has its exclusive use. If this is not possible, then the CIF should not proceed to this agreement.
CySEC says that CIFs, belonging to a group, may use the same domain name with other persons of the group provided that:
The potential client, when selecting/entering into the domain name, is directed to a page (e.g. abc.com/eu or abc.com/cy), or to a sub-domain (e.g. eu.abc.com or cy.abc.com), or to another domain (e.g. def.com), which it is operated exclusively by the CIF and that all the relevant legal requirements are applied to that specific page, sub-domain or other domain.
In addition, CySEC stresses that a CIF is not allowed to redirect potential clients to a website of another person for the provision of investment services unless:
- The other person belongs to the same group with the CIF and it is licensed/supervised by a competent authority of a member state or third country in the provision of investment services.
- The CIF has not a license to provide investment services within the territories of the country of residence of the potential client.
iii. The potential clients are clearly informed and consent (e.g. client on the link) to this redirection.
According to CySEC this could be achieved if, for example, the potential client, through a pop-up message:
- is informed that he/she is redirected outside the website of the CIF, under his/her own responsibility,
- is informed of the name of the person to which he/she is redirected, as well as of the name of its supervisory authority,
- is requested to read the terms and conditions of that person.
Finally, the CySEC circular also draws the attention of CIFS to the following points regarding the information concerning terms and conditions and other:
- In accordance with paragraph 8 of the Directive, the CIF must provide, in good time, to existing or potential retail clients the terms and conditions of the investment or ancillary services agreement, as well the information stated in articles 9-12 of the Directive.
- Where a CIF provides information to a client by means of a website, it must ensure that the conditions of paragraph 4(2)2 of the Directive are satisfied. Special emphasis is given to the provisions of paragraph 4(2)(b) and (c) of the Directive where the client must specifically consent to the provision of that information in that form and is notified electronically on the address of the website and the place of the website where the information may be accessed.
- Where a potential client may open a trading account through a landing page, the CIF must ensure that the terms and conditions and information of point E.1 above are also included in this page, or, at least, there is a link to the place of the website where the information may be assessed.
- The content of the CIF’s website in relation to the legal obligations of the CIF is not differentiated based on the IP address of the visitor of the website.
- The client agreement always includes the name of the CIF.
- The CIF shall maintain adequate and orderly records with clients’ agreements and other data/documents evidencing its compliance with the above requirements.
Reminding CIFs under its jurisdiction that all their records should be available and accessible by CySEC at all times, the Cypriot watchdog requests all the CIFs to fully comply with all the requirements set out in its circular within two months and confirm their compliance to CySEC.
What remains to be seen is whether all CIFs will indeed comply, or whether some may choose to opt out from CySEC regulation, while it will be also evaluated whether CySEC will be strict in its follow-up procedures and willing to take strict and swift action against those CIFs which will fail or avoid to comply.