The Cyprus Securities and Exchange Commission (CySEC) on Monday issued a circular reminding all regulated entities of their obligations under the 19th package of restrictive measures adopted by the European Council on October 23.
The measures were adopted in response to actions undermining or threatening the territorial integrity, sovereignty, and independence of Ukraine.
The circular, signed by CySEC chairman George Theocharides, was addressed to all regulated entities.
This includes Cyprus Investment Firms (CIFs), Administrative Service Providers (ASPs), UCITS and AIF management companies, crypto asset service providers, and small AIFMs.
The European Council’s latest package introduces further individual listings and economic measures targeting key sectors of Russia’s energy, finance, and military-industrial complex.
CySEC drew attention to the inclusion of explicit definitions of “owning” and “controlling” a legal person, entity, or body.
The definition of “owning” now explicitly means being in possession of 50 per cent or more of the proprietary rights of a legal person, entity, or body, or having a majority interest therein.
CySEC stated that the notion of a “majority interest” must be carefully assessed, particularly where a designated person is the largest shareholder in an entity even if holding less than 50 per cent.
For instance, where a designated person holds 40 per cent of shares in an entity and the remaining shares are equally divided among three shareholders holding 20 per cent each, the designated person is deemed to have a majority interest.
The definition of “controlling” a legal person, entity, or body includes several non-exhaustive factors, such as the power to appoint a majority of management, the control of voting rights, or the ability to exercise dominant influence, whether legally or de facto.
CySEC reminded that control may also be established by other means, and entities must assess all relevant factors.
If a designated person is deemed to own or control a legal person, entity, or body, all funds or economic resources of that entity and its subsidiaries must be frozen, and no funds or resources may be made available to or for the benefit of that person.
The circular also highlighted amendments establishing a prohibition on providing crypto-asset services, issuing payment instruments, acquiring payment transactions, or payment initiation services, and issuing electronic money to Russian nationals, residents, or entities established in Russia.
CySEC emphasised that the same prohibition extends to Belarusian nationals and entities.
Meanwhile, a newly introduced article imposes wide-ranging prohibitions related to Russia’s special economic, innovation, or preferential zones.
Under this article, it is prohibited to acquire or extend participation in ownership or control of any legal person or entity based in these zones, create new joint ventures, branches, or representative offices, or enter into new contracts or arrangements involving the supply of goods, services, or intellectual property linked to these areas.
As of January 25, the new sanctions package will further prohibit the maintenance of existing ownership, joint ventures, or contracts related to entities within the listed zones.
Moreover, the package bans the provision of investment services directly related to such activities.e
These prohibitions are extended to entities outside the listed zones that are owned or controlled by entities located within them.
Exceptions to these prohibitions apply to activities necessary for public health emergencies, humanitarian purposes, or essential energy supplies such as natural gas, titanium, aluminium, copper, nickel, palladium, and iron ore.
CySEC further clarified that the execution of contracts concluded before October 24, 2025, may continue until January 25, 2026, and that competent authorities may authorise activities necessary for humanitarian, medical, agricultural, or food-related purposes, judicial proceedings, or divestment from Russia.
CySEC called upon regulated entities with business relationships affected by these changes to inform the commission within one month, by emailing [email protected], providing details of the affected relationships and actions taken for compliance.
The commission urged all regulated entities to take these amendments into account, in combination with the EU Best Practices and the European Commission’s Consolidated FAQs, and to implement targeted compliance measures.
CySEC also instructed entities to review all changes introduced by the 19th package of restrictive measures and take appropriate actions accordingly.
