Cyprus: CySEC Circular On COVID-19 And Respective Business Continuity And Contingency Plans Of Regulated Entities.

On the very current topic of CoVID-19, the Cyprus Securities and Exchange Commission ("CySEC") issued today Circular C358/6.03.2020 (available here) to all Regulated Entities, informing them that CySEC is actively following the developments related to the coronavirus disease 2019 (COVID-19) and the impact that it may impose to the operations of the Regulated Entities.

• CySEC encourages its Regulated Entities to review their business continuity and disaster recovery systems, in response to the outbreak of the virus and make the necessary amendments based on each entity's size, complexity and nature of business.
• Interestingly, CySEC notes that it expects the business continuity plans of Regulated Entities to include at least the following information:
  • plan for the employees to be able to work from home and report to the management via the internet or telephone, etc.;
  • identify any unique/emergency measures to help slow the spread of the illness, if necessary. These may include limiting or cancelling social and public gatherings such as seminars, conferences, or requiring staff quarantines in the event on traveling to affected countries, etc.;
  • create alternative communication channels for the employees, clients and/or service providers and consider whether those options would be undisruptive in the worst case scenario (e.g. if the office is shut down or employees with important functions are unable to work for a period of time); and
  • if possible determine the estimates, in the event of an outbreak of the virus in Cyprus, on the number of people who will not need to go to the office to work (e.g. 20%) and the amount of period that such persons can work from home without disrupting consequences to the Regulated Entities' operations (e.g. 1 to 3 weeks).

CySEC requests that the Regulated Entities ensure that their employees have access to the company's technology infrastructures necessary for the completion of their tasks within the company and/or that additional systems or options for critical functions are being provided.

In addition to the above mentioned, CySEC expects from Regulated Entities to circulate their amended plan among its employees and make sure that all employees know about the plan (training/awareness).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.