CySEC updates CIFs on T+1 rule and ICT guideline withdrawal

The European Commission has proposed shortening the standard securities settlement cycle from two business days to one (T+1), something which is being seen as a significant development for European capital markets.

This move is designed to bolster post-trade efficiency, market resilience, and the global competitiveness of the EU’s financial system.

The announcement was communicated to Cyprus Investment Firms (CIFs), Alternative Investment Fund Managers, trading venues, and Central Securities Depositories through a circular issued by the Cyprus Securities and Exchange Commission (CySEC).

The European Commission’s proposal, based on the European Securities and Markets Authority’s (ESMA) final report, would amend Regulation (EU) No 909/2014 on central securities depositories (CSDR), setting October 11, 2027, as the target date for the transition to T+1 settlement.

The shift will apply to all EU transactions in transferable securities, including shares and bonds traded on EU trading venues.

“The move to T+1 aims to strengthen the efficiency and competitiveness of post-trade financial market services in the EU,” CySEC said in its circular.

Moreover, the commission pointed out that the transition would help avoid fragmentation and misalignment with global markets, while also reducing associated costs and risks.

Given the complexity of the transition, the European Commission, ESMA, and the European Central Bank have agreed to implement a dedicated governance structure, comprising a T+1 coordination committee, a T+1 industry committee, and various specialised workstreams under the latter’s guidance.

This structure is expected to support stakeholders in developing and agreeing on the processes and standards required to ensure an orderly and successful implementation of T+1 across EU capital markets.

In related news, the Cyprus Securities and Exchange Commission issued another important notice this week, informing CIFs of the European Banking Authority’s (EBA) decision to amend its guidelines on ICT and security risk management.

The amendment, identified as EBA/GL/2025/02 and published on February 11, 2025, reflects the application of harmonised ICT risk requirements under the Digital Operational Resilience Act (DORA), which came into effect on January 17, 2025.

As a result of the amendment, paragraphs 7 and 8 of the original Guidelines (EBA/GL/2019/04) have been deleted, meaning that investment firms are no longer subject to the earlier framework.

CySEC clarified that “CIFs are not required to follow the guidelines EBA/GL/2019/04,” and has accordingly withdrawn its own Circulars C571 and C609, which previously aligned CIFs with those guidelines.

Although the amended guidelines have not yet been translated into all official EU languages or published on the EBA’s website, the regulatory change is already effective.

CySEC vice chairman Panikkos Vakkou signed both circulars, underscoring the regulator’s efforts to keep market participants informed of evolving EU-level reforms.

Both announcements signal a period of regulatory transition for CIFs and other market stakeholders, with implications for compliance, operational processes, and IT infrastructure.