CYPRUS Law and Practice Contributed by: Angelina Fitoz, Svetlana Remezova, Darya Averyanova and Sude Dogan, Lawitt Buro
Investment Funds (UCITS/AIFs) Funds may use algorithmic strategies within their mandate without a Cyprus investment firm licence, provided they do not serve third parties. Supervision focuses on risk management, liquidity and adher - ence to the disclosed strategy, under the responsibil - ity of the UCITS management company or alternative investment fund manager. Dealers (CIFs Under MiFID II) Cyprus investment firms using algorithmic trading or HFT are directly regulated under Law 87 (I)/2017. They must notify CySEC, implement trading controls and meet capital requirements proportionate to risk. Prin - cipal trading triggers stricter conflict controls. Common Framework Both are subject to the Digital Operational Resilience Act, including ICT governance, testing and incident reporting obligations. 7.4 Regulation of Programmers and Programming Programmers who build trading algorithms in Cyprus are not licensed by regulators, but they are controlled indirectly through the rules that apply to the author - ised firm. • Firm accountability (MiFID II) – The licensed firm must ensure developers are competent, keep gov - ernance/testing in place, and the board remains responsible for the trading system. • EU AI Act – If the tool is in-scope (especially high- risk), the firm must ensure documentation, data governance, explainability and human oversight. • DORA – Firms must manage ICT risk and, if development is outsourced, monitor the vendor’s security and resilience. • Contracts/IP – Developers are governed through contract liability; firms must secure IP ownership, confidentiality and access/control rights.
cy II. Insurtech firms increasingly use automation, but core prudential principles remain unchanged. Automated Models Digital insurers use algorithmic risk scoring, usage- based pricing and straight-through processing, with human review for complex cases. Automation improves efficiency but does not reduce regulatory responsibility. Regulatory and AI Constraints Underwriting remains subject to insurance law, data protection rules and, where applicable, EU AI require - ments (including documentation, transparency and human oversight for higher-risk systems). Prudential Governance Insurers must comply with the prudent person prin - ciple, ensuring sound risk measurement, adequate reserving and alignment with the solvency capital requirement. Automated models form part of the overall risk management framework and are subject to supervision. DORA Underwriting platforms are treated as critical ICT sys - tems and must meet resilience, incident reporting and business continuity standards. 8.2 Treatment of Different Types of Insurance Cyprus law separates life and non-life insurance, although both are supervised under the Insurance and Reinsurance Services Law. The distinction reflects dif - ferent risk and capital profiles. Separation of Business Composite insurers are generally prohibited. Life and non-life activities require separate authorisation and capital, given the long-term nature of life liabilities ver - sus short-term general insurance risks. Life Insurance Life, annuities and investment-linked products are treated as long-term savings and protection business. Regulation focuses on actuarial reserving, asset-lia - bility matching and enhanced disclosure under the Insurance Distribution Directive and PRIIPs frame -
8. Insurtech 8.1 Underwriting Processes
Underwriting in Cyprus is governed by the Insurance and Reinsurance Services Law implementing Solven -
181 CHAMBERS.COM
Powered by FlippingBook