CYPRUS Law and Practice Contributed by: Angelina Fitoz, Svetlana Remezova, Darya Averyanova and Sude Dogan, Lawitt Buro
Authorised Push-Payment Fraud (APP) Liability has expanded to scams where customers are tricked into authorising payments. Failure to imple - ment safeguards – eg, confirmation of payee or cases of bank impersonation – generally triggers full reim - bursement duties. Operational Failures (DORA) Under DORA, firms are liable for losses caused by major ICT incidents, outages or cyber failures they failed to prevent or contain. Responsibility cannot be shifted to outsourced technology providers. Misleading Conduct and Execution Failures Investment firms and CASPs are liable for losses caused by misleading disclosures – eg, defective White Papers or unreasonable order execution delays. Insurance Coverage Most fintechs must maintain professional indemnity insurance covering technology errors, cyber incidents and compliance failures to ensure capacity to meet customer claims.
sures. On-chain analytics are used to detect fictitious volume inflation and “rug pull” structures. DORA and ICT Incidents Under DORA, firms must promptly report major ICT incidents, including breaches that could enable fraud. Supervisory focus also includes third-party and sup - ply-chain vulnerabilities. Money Mule Networks and Synthetic Identity Authorities are strengthening inbound payment moni - toring to detect mule accounts and synthetic identi - ties. Banks are expected to freeze suspicious flows showing rapid inflows followed by immediate with - drawals. 12.3 Responsibility for Losses In Cyprus, liability for fintech losses follows a consum - er-first model shaped by EU law. Since 2025–26, pro - viders are usually responsible unless they can prove customer fraud or gross negligence, which courts interpret narrowly. Unauthorised Transactions (PSR/PSD3) Customer liability for unauthorised payments is capped at EUR50, and providers must refund by the next business day unless fraud is reasonably suspect - ed. Full exemption applies only if the provider proves fraudulent or grossly negligent conduct by the cus - tomer.
189 CHAMBERS.COM
Powered by FlippingBook