Pillar III Disclosures and Market Discipline Report for the year ended 31 December 2018
1.1 Corporate information
These disclosures relate to GWG (Cyprus) Limited (the “Company”), which is authorized and regulated by the Cyprus Securities and Exchange Commission (the Commission” or “CySEC”) as a Cyprus Investment Firm (“CIF”) to offer Investment and Ancillary Services in accordance to the Investment Services and Activities and Regulated Markets Law of 2017 (hereinafter, the “Law”), under license number 291/16 dated 20 January 2016.
The Company has the license to provide the following investment and ancillary services, in the financial instruments outlined below:
Investment Services and Activities:
- Reception and transmission of orders in relation to one or more financial instruments; and
- Execution of orders on behalf of clients
- Safekeeping and administration of financial instruments, including custodianship and related services;
- Granting credits or loans to one or more financial instruments, where the firm granting the credit or loan is involved in the transaction; and
- Foreign exchange services where these are connected to the provision of investment services.
- Transferable securities;
- Money-market instruments;
- Units in collective investment undertakings;
- Options, futures, swaps, forward rate agreements and any other derivative contracts relating to securities, currencies, interest rates or yields, or other derivatives instruments, financial indices or financial measures which may be settled physically or in cash; and
- Financial contracts for differences.
- Options, futures, swaps, forward rate agreements and any other derivative contracts relating to commodities that can be physically settled provided that they are traded on a regulated market or/and an MTF);
- Options, futures, swaps, forward rate agreements and any other derivative contracts relating to commodities that can be physically settled not otherwise mentioned in point 6 of Part III and not being for commercial purposes, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are cleared and settled through recognized clearing houses or are subject to regular margin calls;
- Derivative instruments for the transfer of credit risk;
- Financial contracts for differences; and
- Options, futures, swaps, forward rate agreements and any other derivative contracts relating to climatic variables, freight rates, emission allowances or inflation rates or other official economic statistics that must be settled in cash or may be settled in cash at the option of one of the parties (otherwise than by reason of a default or other termination event), as well as any other derivative contract relating to assets, rights, obligations and measures not otherwise mentioned in this Part, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are traded on a regulated market or an MTF, are cleared and settled through recognized clearing houses or are subject to regular margin calls.
1.2 Basis of preparation (Pillar III Regulatory Framework)
The current EU Capital Requirements Directive 2013/36/EU (“CRDIV”) and Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (the “Regulation” or “CRR”) set out the regulatory framework (commonly known as Basel III) that governs the amount of capital EU investment firms and banks are required to maintain. This is achieved through the application of common capital adequacy methodologies and by enforcing standardized disclosure requirements that ensure transparency and enable the comparability of solvency results across the region.
The Basel III framework consists of three Pillars:
- Pillar I set out the minimum capital requirements firms are required to meet;
- Pillar II requires firms to assess their capital requirements in light of any specific risks not captured in the Pillar I calculations; and
- Pillar III seeks to improve market discipline by requiring firms to publicly disclose certain details of their risks, capital and risk management.
According to Directives DI144-2014-14, DI144-2014-14(A) and DI144-2014-15 of the Commission and Part Eight of the Regulation for the prudential supervision of investment firms, the Company prepared these disclosures (hereinafter the “Pillar III disclosures”) to demonstrate that it has successfully implemented the prudential provisions and to fully comply with the current legislature.
The information provided in this report is based on procedures followed by the Management to identify and manage risks for the year ended 31 December 2018 and on reports submitted to CySEC for the said year.
1.3 Reporting Frequency
The Company’s policy is to publish the disclosures required on an annual basis. Should there be a material change in approach used for the calculation of capital, business structure or regulatory requirements, the frequency of disclosure will be reviewed.
This report is published and will be available on the Company’s websites at WWW.GWGLOBALFX.COM.
The Company’s Pillar III disclosures are subject to internal review and validation prior to being submitted to the Board of Directors (the “Board” or “BoD”) for approval.
The Company’s Pillar III disclosures have been reviewed and approved by the Board. In addition, the Remuneration disclosures as detailed in Section 6 of this document have been reviewed by the Board which has responsibility of the Remuneration Policy in the absence of a Remuneration Committee.
1.5 Reporting details
The Company reports on a Solo basis and the reporting currency is EUR.
1.6 Return on Assets
The Company’s return on assets (ROA) for financial year ending 31 December 2018 was (97.96)% (2017: (84.94)%).
1.7 Non-Material, Proprietary or Confidential Information
This document has been prepared to satisfy the Pillar III disclosure requirements set out in the CRR. The Company does not seek any exemption from disclosure on the basis of materiality or on the basis of proprietary or confidential information.
2. Risk Governance – Board and Committees
2.1 Board of Directors
The Board has overall responsibility for the business. It sets the strategic aims for the business, in line with delegated authority from the shareholder and in some circumstances subject to shareholder approval, within a control framework, which is designed to enable risk to be assessed and managed. The Board satisfies itself that financial controls and systems of risk management are robust.
The Board of Directors, as at year end 2018, consists of two (2) executive and three (3) non- executive members, of which two (2) are also independent. The Chairman of the Board is one of the Independent Non-Executive Directors of the Company.
Table 1: Board of Directors structure
|Full name of Director||Position/Title||Capacity||Country|
|Maria Alexandrou||Chief Executive Officer||Executive Director, “4 eyes”||Cyprus|
|Petros Antoniades||Executive Director||Executive Director, “4 eyes”||Cyprus|
|Kin Wang Pang||Non-executive Director||Non-Exe. Director||Hong Kong|
|Hui Ka Lok||Non-executive Director||Non-Exe. Director, Independent||Hong Kong|
|Agathocles Agathocleous||Non-executive Director||Non-Exe. Director, Independent||Cyprus|
2.1.1 Board of Directors responsibilities
The Board shall be responsible for ensuring that the Company complies with its obligations under the Law. The Board assesses and periodically reviews the effectiveness of the policies, arrangements and procedures put in place to comply with the obligations under the Law and takes appropriate measures to address any deficiencies. In general, the Board shall discuss and approve:
- Targets and strategic policy objectives of the Company
- Decisions as regard to changes in the operation of the Company
- Annual and monthly budgets and business plans
- Important transactions
- Changes to the application of the accounting principles Monitoring of the Company’s compliance with its regulatory obligations
- Review of efficiency of Compliance policies
- Related party transactions
- The selection, appointment and dismissal of executive management of the Company
- Approval of the Company’s policies
- Review of the reports, submitted by Risk Management, Compliance and Anti‐Money Laundering Officers and Internal Audit and ensuring that the remedial measures taken to address deficiencies (if any).
Particularly, the Board shall ensure that it receives on a frequent basis, and at least annually, written reports regarding Internal Audit, Compliance, Anti-Money Laundering & Terrorist Financing and Risk Management issues, indicating, in particular, whether the appropriate remedial measures have been taken in the event of any deficiencies.
The executive directors take part in the operation of the Company and, as appropriate, in the provision of investment or ancillary services. The non-executive Directors monitor the operations of the Company through their participation in the various meetings of the Board, and will also request and be granted access to, as necessary, information and reports from the management of the Company.
2.1.2 Board of Directors meetings and quorum
The Board of Directors has a formal schedule for its meetings of matters that the Board needs to take decisions. Minutes are always taken during the meetings and are signed by the Chairman and the Secretary. Any decisions taken at the Board meetings should be by a majority of votes. In order to have a quorum, two (2) members should be present.
2.1.3 Number of Directorships held by the Board members
Directorships in organizations which do not pursue predominantly commercial objectives, such as nonprofit-making or charitable organizations, are not taken into account for the purposes of the below.
The table below provides the number of directorships that each member of the management body of the Company holds at the same time in other entities, including the one in GWG (Cyprus) Limited:
Table 2: Directorships of Board Members
|Full name of Director||Position/Title||Executive||Non-Executive|
|Petros Antoniades||Executive Director||1||1|
|Maria Alexandrou||Executive Director||1||1|
|Kin Wang Pang||Non-executive Director||3||1|
|Hui Ka Lok||Non-executive Director||-||1|
|Agathocles Agathocleous||Non-executive Director||1||2|
2.2 Board recruitment policy
Recruitment of Board members combines an assessment of both technical capability and competency skills referenced against the Company’s regulatory and operational framework. One of the BoD’s main responsibilities is to identify, evaluate and select candidates for the Board and ensure appropriate succession planning and replacement. The persons proposed for appointment to the Board should commit the necessary time and effort to fulfill their obligations. Prior to their appointment the proposed persons should obtain the approval of the Commission.
All organizational units of the Company shall be staffed by competent people. During the executive hiring process, special attention shall be given to the following:
- Morality and reliability (character) of the person;
- Academic qualifications;
- Professional experience;
- Knowledge of and experience with financial institutions;
- Possession of certificates of professional competence, where applicable;
- His/her potential to contribute to the business development of the Company’s projects.
2.3 Governance Committees
The Company has not formed any governance committees since the current scale and complexity of its operations does not require such level of elaborate governance oversight to adequately monitor its operational effectiveness and its potential risks.
2.4 Information flow on risk to the Board
The flow of risk-related information to the management body of the Company, is presented in the table below:
Table 3: Information flow on risk to Board
|No.||Report Description||Responsible Officer||Frequency|
|1||Risk Management Report||Risk Manager||Annually|
|2||Pillar I (CySEC F061 template)||Risk Manager||Quarterly|
|3||ICAAP (Pillar 2) Report||Risk Manager||Annually|
|4||Pillar III Disclosures||Risk Manager||Annually|
|5||Escalation of key risk (when applicable)||Risk Manager||Ad hoc|
|6||Internal Audit Report||Internal Auditor||Annually|
|7||Compliance Report||Compliance Officer||Annually|
|9||Suspicious transactions involving money laundering and terrorist financing||AMLCO||Ad hoc|
3. Risk Management Objectives and Policies
3.1 Approach to Risk Management
There is a formal structure for monitoring and managing risks across the Company comprising of detailed risk management frameworks (including policies and supporting documentation) and independent governance and oversight of risk.
First line of defense - Managers are responsible for establishing an effective control framework within their area of operations and identifying and controlling all risks so that they are operating within the organizational risk appetite and are fully compliant with Company policies and where appropriate defined thresholds.
Second line of defense - the Risk Management Function is responsible for proposing to the Board appropriate objectives and measures to define the Company’s risk appetite and for devising the suite of policies necessary to control the business including the overarching framework and for independently monitoring the risk profile, providing additional assurance where required. Risk will leverage their expertise by providing frameworks, tools and techniques to assist management in meeting their responsibilities, as well as acting as a central coordinator to identify enterprise wide risks and make recommendations to address them.
Third line of defense comprises the Internal Audit Function which is responsible for providing assurance to the Board and senior management on the adequacy of design and operational effectiveness of the systems of internal controls.
3.2 Risk Appetite
The risk appetite is defined as the amount and type of risks considered reasonable to assume for implementing its business strategy, so that the Company can maintain its ordinary activity in the event of unexpected events that could have a negative impact on its level of capital, levels of profitability and/or its share price.
The BoD is responsible for establishing the risk appetite, monitoring the risk profile and ensuring the consistency between them. Senior management is responsible for achieving the desired risk profile as well managing risks on a daily basis. The Company’s risk appetite framework has quantitative as well as qualitative elements that are integrated into a series of basic metrics and another series of transversal metrics.
The establishment of the risk appetite covers both the risks whose assumption constitutes the strategic objective and for which maximum exposure criteria are set - minimum objectives of return/risk - as well as those whose assumption is not desired, but which cannot be avoided in an integral way. The BoD ensures that the amount and type of risks relevant for the Company have been considered. These derive from the annual budget approved as well as the medium-term strategic plan. It also ensures that sufficient resources have been assigned to manage and control these risks, at both the global and local levels.
The BoD periodically revises the Company’s risk appetite and its management framework, analyzing the impact of unlikely but plausible tension scenarios and adopting the pertinent measures to ensure the policies set are met. The review and approval process are undertaken by the BoD at least annually.
The qualitative elements of the risk appetite framework define, both generally and for the main risk factors, the positioning that the Company’s senior management wishes to adopt or maintain in the development of its business model.
- A general medium-low and predictable risk profile based on a diversified business model
- Maintain a stable and recurring policy of profit generation and shareholder remuneration on the foundations of a strong capital base and liquidity and an efficient diversification strategy by sources and maturities.
- Maintain an independent risk function and intense involvement by senior management that guarantees a strong risk culture centered on protecting and ensuring an adequate return on capital.
- Maintain a management model that ensure a global vision and one inter-related with all risks, through an environment of control and robust corporate monitoring of risks.
- Focus the business model on those products which the Company has sufficient knowledge of and the management capacity (systems, processes and resources).
- The confidence of customers, shareholders, employees and professional counterparts, guaranteeing the development of their activity within its social and reputational commitment, in accordance with the Company’s strategic objectives.
- Maintain adequate and sufficient availability of the necessary human resources, systems and tools that guarantee the continuation of a risk profile compatible with the risk appetite established.
- Implement a remuneration policy that contains the necessary incentives to ensure that the individual interests of employees and executives are aligned with the corporate framework of risk appetite and these are consistent with the evolution of the institution’s results over the long term.
The quantitative elements that comprise the risk appetite framework are specified in the following basic metrics:
- The maximum losses that the firm must assume.
- The minimum capital position that the firm wants to maintain.
- The minimum liquidity position that the firm wishes to have in the event of unlikely but plausible tension scenarios.
3.3 Risk Management Function
The Risk Management function is independent from other operational functions, possesses the necessary authority for the fulfilment of relevant duties and responsibilities, as well as direct access to the Company’s Board of Directors.
The Risk Management Function operates under the leadership of the Risk Manager who reports directly to the Board. The Risk Management function has been outsourced to a professional with specific expertise and structured to provide analysis, challenge, understanding and oversight of each of the principal risks faced by the Company.
The Risk Manager is responsible for the following tasks:
- Establish, implement and maintain adequate risk management policies and procedures which identify the risks relating to the Company’s activities and processes;
- Development of administrative and accounting procedures, internal control mechanisms, effective procedures for risk assessment, and effective control and safeguard arrangements for information processingsystems;
- Development of risk management policy for the market, operational, liquidity, credit and any other risks;
- Analyze for the Board the potential hazards associated with the recommended framework on which investment decisions are based, and the association with other Company’s functions;
- Credit assessment (including quality and financial analysis) of clients when opening a new client account and classification of clients according to the Company’s risk criteria and limits;
- Monitoring of credit risk undertaken by the Company;
- AML risk management in cooperation with AMLO;
- Building a risk aware culture within the organization and providing the relevant training;
- Maintenance of appropriate internal control systems designed to manage key risk areas;
- Monitor the adequacy and effectiveness of its risk management policies and procedures;
- Monitor the level of compliance by the Company and its employees with the arrangements, processes and mechanisms adopted;
- Monitor the adequacy and effectiveness of measures taken to address any deficiencies in the risk management arrangements and procedures;
- Reporting to Senior Management, at least annually, on risk management issues; indicating in particular whether appropriate remedial measures have been taken in the event of any deficiencies identified and providing the Board with recommendations to address the identified deficiencies;
3.3.1 Risk Management Framework
The Company’ aim is to embed explicit and robust risk management practices across its entire business operations, in order to ensure that the level of risk it faces is consistent with its corporate objectives and its level of risk tolerance. This is achieved through the implementation of a
comprehensive risk management framework for the identification, assessment, monitoring and control of all relevant risks. The framework also enables the Company to continually align its business objectives against a background of changing risks and uncertainty.
The risk management framework:
- Enables the Company to proactively manage its risks in a systematic manner;
- Ensures that appropriate measures are in place to mitigate risks;
- Creates a culture of risk awareness within the Company; and
- Ensures that risk management is an integral part of the Company’s decision-making process.
3.3.2 Risk Identification
The Risk Identification process provides guidance on the sources to investigate and research in order to identify new and emerging risks and sets out consistent principles, which should be applied.
3.3.3 Risk Assessment
The Risk Assessment process is the means through which the Company understands and estimates the effect of risk on the business and the processes, systems and controls that mitigate those risks to an acceptable level.
3.3.4 Risk monitoring and control
Based on the Risk Assessment findings and having the Risk Appetite as a benchmark the Company decides to eliminate, mitigate or tolerate the risks faced and accordingly takes appropriate actions and measures to achieve the decision being made. The actions and measures are monitored for performance and change achievement.
3.3.5 Stress Testing
Stress Testing is the process by which the Company’s business plans are subjected to severe stress scenarios in order to assess the impact of those potential stresses on the Company’s business including the projected capital and liquidity positions. Stress tests are performed for both internal and regulatory purposes and serve an important role in:
- Understanding the risk profile of the Company
- The evaluation of the Company’s capital adequacy in absorbing potential losses under stressed conditions: The Company is required to prepare and make available upon request periodic ICAAP reports which set out future plans, their impact on capital availability and requirements and the risks to capital adequacy under potential stress scenarios;
- The evaluation of the Company’s strategy: Senior management considers the stress test results against the approved business plans and determines whether any corrective actions need to be taken. Overall, stress testing allows senior management to determine whether the Company’s exposures correspond to its risk appetite;
- The establishment or revision of limits: Stress test results, where applicable, are part of the risk management processes for the establishment or revision of limits across products, different market risk variables and portfolios
3.4 Internal Capital Adequacy Assessment Process
The Company has yet to establish an Internal Capital Adequacy Assessment Process and has not documented an ICAAP Report and a relevant policy manual. Currently the Company is in the process of producing its updated ICAAP Report for financial year 2019, as per the Guidelines GD- IF-02 & GD-IF-03. Upon CySEC’s request the ICAAP Report shall be submitted to CySEC.
The ICAAP report should describe how the Company has implemented and embedded the management of the various risks to which it is subject, within its business. The ICAAP also describes the Company’s Risk Management framework, which includes - among others – its risk profile and the extent of risk appetite, the risk management limits where relevant, as well as the measures that need to be taken and, if necessary, the Pillar II capital to be held for the most material risks (including risks other than the Pillar I risks) faced by the Company.
In performing its ICAAP, the Company plans to adopt the “Pillar I” approach. In particular, the Company uses simple methods to quantify the capital requirements, over and above the Pillar I minimum requirement, as more advanced approaches are considered unsuitable for the size and complexity of the Company and require extensive use of resources and time to produce. The allocation of capital for Pillar II will take into consideration the risks that have been assessed internally by the Company as material, through the risk assessment as well as the capital planning and stress test exercises performed. All risks falling outside the Company’s risk appetite are considered to be threats to the Company and shall be covered with additional capital and/or additional controls.
3.5 Board Declaration - Adequacy of the Risk Management arrangements
The Board of Directors is ultimately responsible for the risk management framework of the Company. The risk management framework is the totality of systems, structures, policies, processes and people within the Company that identify, assess, mitigate and monitor all internal and external sources of risk that could have a material impact on the Company’s operations.
The Board is responsible for reviewing the effectiveness of the Company’s risk management arrangements and systems of financial and internal control. These are designed to manage rather than eliminate the risks of not achieving business objectives, and – as such- offer reasonable but not absolute assurance against fraud, material misstatement and loss.
The Board considers that it has in place adequate systems and controls with regard to the Company’s profile and strategy and an appropriate array of assurance mechanisms, properly resourced and skilled, to avoid or minimize loss.
3.6 Board Risk Statement
Considering its current nature, scale and complexity of operations, the Company has developed a policy that establishes and applies processes and mechanisms that are most appropriate and effective in monitoring activities.
The aim is to promptly identify, measure, manage, report and monitor risks that interfere with the achievement of the Company’s strategic, operational and financial objectives. The policy includes adjusting the risk profile in line with the Company’s stated risk tolerance to respond to new threats and opportunities in order to minimize risks and optimize returns.
Risk appetite measures are integrated into decision making, monitoring and reporting processes, with early warning trigger levels set to drive any required corrective action before overall tolerance levels are reached. Risks are assessed systematically and evaluated as to the probability of a risk scenario occurring, as well as the severity of the consequences should they occur.
|Risk Area||Metrics||Comment||Measure as at 31|
|Capital risk||Core Equity Tier1 (CET1), Tier 1 and Total capital ratios||The Company’s objective is to maintain regulatory ratios well above the minimum thresholds set by CySEC. It therefore aims to maintain its capital ratios at least 2% points above the required level (regulator’s current total capital ratio limit is 8%).||CET1: 13.09% Tier 1: 13.09% Total capital ratio: 22.72%|
|Liquidity risk||Cash Ratio||The Company aims to keep its Cash Ratio i.e. (Cash & Cash Equivalents)/Current Liabilities at values exceeding 1.0.||Cash Ratio: 6.44x|
|Credit risk||Exposure to single financial institution||The Company’s objective is to minimize the potential loss from counterparties. It thus tries to limit its exposure to any one institution at levels of 100% of its own funds or less.||As at year end 2018, the Company maintained its cash positions in two credit institutions and two financial institutions. Its largest exposure which is to a credit institution as percent of own funds was at 93%|
The following table sets out a number of key measures used to monitor the Company’s risk profile: Table 4: Key Risk Measures
4. Pillar I Risks and Minimum Capital Requirements
4.1 Capital Management
This is the risk that the Company will not comply with capital adequacy requirements. The Company has a regulatory obligation to monitor and implement policies and procedures for capital risk management. Specifically, the Company is required to test its capital against regulatory requirements and has to maintain a minimum level of capital. This ultimately ensures the going concern of the Company.
The Company is further required to report on its capital adequacy on a regular basis and has to maintain at all times a minimum capital adequacy ratio which is set at 8%. The capital adequacy ratio expresses the capital base of the Company as a proportion of the total risk weighted assets. Management monitors such reporting and has policies and procedures in place to help meet the specific regulatory requirements. This is achieved through the preparation on a monthly basis of Company’s Management Accounts to monitor the financial and capital position of the Company.
It is underlined that in accordance to the Company’s licenses, no additional capital conservation buffer nor systemic risk buffer are applicable as applicable by the Cyprus Macroprudential Authority regulations. Moreover, the Company was exempted from applying the institution- specific countercyclical capital buffer following a decision of the CBC to exempt small and medium-sized CIFs from this requirement.
4.1.1 Capital Base
The own funds/capital base of the Company as at 31 December 2018 comprised of Common Equity Tier 1 (CET1) and Tier 2 capital as shown in table 5 below.
Under the Law, CET 1 consists mainly of paid up share capital, share premium, other reserves retained earnings less any proposed dividends and translation differences. Within the balance of retained earnings, current year audited profits are included however, losses are included even if un-audited.
According to Article 4(1) (117) of the CRR, ‘Other Reserves’ means those under the applicable accounting standards, excluding any amounts already included in accumulated other comprehensive income or retained earnings; moreover, according to Article 26(1) of the CRR ‘Other reserves’ should be available to the CIF for unrestricted and immediate use to cover risks or losses as soon as these occur. The amount classified as ‘other reserves’ by the Company relates to non-refundable contributions from the shareholder.
The Company classifies the subordinated loan from its shareholder as Tier 2 instrument since it meets the conditions set by Article 63 of CRR. It is noted that during the first quarter of 2019, the Company has proceeded with the conversion of the full amount of subordinated loan to equity (share capital and share premium) to the same shareholder. This resulted to the re-classification of the Tier 2 Capital amount of €95 thousand as CET 1 capital.
Following the calculation of the Company’s own funds and in accordance to Article 4(1) point 71(b) of the CRR, the eligible capital of the Company is calculated based on the sum of Tier 1 capital and Tier 2 capital that is equal to or less than one third of Tier 1 capital.
Table 5: Composition of Capital Base
|Total CET1 capital instruments||190|
|Additional Tier 1 Capital||-|
|Adjustment to CET1 due to prudential filters|
|(-) Other intangible assets||-|
|(-) Additional deductions of CET1 Capital due to Article 3 CRR||(61)|
|Total Common Equity Tier 1 Capital||129|
|Tier 2 Capital – paid up capital instruments and subordinated loans||95|
|Total Own Funds||224|
|Total Eligible Capital||172|
4.1.2 Capital Requirements and Capital Adequacy
The Company's objectives when managing capital are:
- to comply with the capital requirements set by the CySEC;
- to safeguard its ability to continue as a going concern; and
- to maintain a strong capital base to support the development of its business.
The Company's policy on capital management is focused on maintaining the capital base sufficient in order to keep the confidence of customers, creditors and other market participants at satisfactory levels and to secure the future development of the Company. Capital adequacy and the use of the regulatory capital are monitored by the Company's management through its Internal Capital Adequacy Assessment Process as analyzed in section 3.5. The Company is further required to report on its capital adequacy quarterly. Management monitors such reporting and has policies and procedures in place to help meet the specific regulatory requirements. All reports are regularly submitted to the Regulator as required.
Based on the Company’s authorization, quarterly Capital Adequacy Reports are prepared and submitted to Cyprus Securities and Exchange Commission. The Capital Adequacy Reports are prepared on a solo basis and the reporting currency is Euro. Moreover, the Company is categorized as an Investment Firm falling under the Article 95.1 category, which requires it to hold eligible capital of at least one quarter of the fixed overheads of the preceding year.
According to the Regulation and the Law the minimum capital adequacy ratio is 8% and the minimum own capital is €125 thousand. The Company maintains Tier 1 and Tier 2 Capital as eligible own funds as detailed in Table 5. Total eligible own funds for 31 December 2018 were €172 thousand.
As at 31 December 2018, the Company’s total risk exposure amount was €987 thousand resulting in a capital adequacy ratio of 22.72%, which is higher than the minimum required of 8%. Also, the minimum capital requirements set by CySEC are €125 thousand, and the Company’s total eligible capital of €172 thousand is above the minimum threshold.
Further the Company’s total eligible capital stated above covers the Fixed Overheads Requirement (25% * Fixed Overheads) of €79 thousand by more than 2 times.
Table 6: Own Funds and Capital Adequacy Ratio
|Own Funds and Capital Adequacy Ratio||2018|
|Common Equity Tier 1 Capital||129|
|Total Own Funds||224|
|Total Eligible Capital||172|
|Risk Weighted Exposures|
|Market risk – FX risk||33|
|Total Risk Exposure Amount||987|
|CET1 Capital ratio||13.09%|
|T1 Capital ratio||13.09%|
|Total capital ratio||22.72%|
Publication of disclosures
According to the CySEC Directive, the risk management disclosures should be included in either the financial statements of the investment firms if these are published, or on their websites. In addition, these disclosures must be verified by the external auditors of the investment firm. The investment firm will be responsible to submit its external auditors’ verification report to CySEC. The Company has included its risk management disclosures as per the Directive on its website as it does not publish its financial statements. Verification of these disclosures have been made by the external auditors and sent to CySEC.
4.2 Market Risk
Market risk is the risk associated with the Company’s balance sheet positions where the value or cash flow depends on financial markets. Fluctuating risk drivers resulting in market risk include:
4.2.1 Securities market prices
Risks arising from equity, debt, money market or derivative securities and real estate could affect the Company’s liquidity, reported income, surplus and regulatory capital position. Such exposure may include, but is not limited to, common stocks, debt assets, deposits, option contracts, direct holdings in real estate, or listed real estate company shares and funds.
As at 31 December 2018, the Company did not hold any securities or any other type of financial instruments. Therefore, the Company was not exposed to any risks resulting from price fluctuations on equity securities, real estate or capital markets. Moreover, it is highly unlikely that the Company will be exposed to such risks considering it is not licensed to trade on its own account and there is no plan to hold any asset securities on its balance sheet. The balance sheet assets consist of plant and equipment utilized in the daily operations of the Company and own funds which mainly consist of instant access cash deposits.
4.2.2 Interest rates
Interest rate risk is the risk that the value of financial instruments will fluctuate due to changes in market interest rates. Borrowings issued at variable rates expose the Company to cash flow interest rate risk. Borrowings issued at fixed rates expose the Company to fair value interest rate risk.
As at 31 December 2018 and 2017, the Company did not have any borrowings. At 31 December 2018, the Company had no other interest-bearing financial assets or liabilities other than cash at bank.
The Company does not have any significant own position in securities meaning that its income and operating cash flows are substantially independent of changes in market interest rates.
The Company's management monitors the interest rate fluctuations on a continuous basis and acts accordingly.
4.2.3 Currency exchange rates
The Company is exposed to Foreign Exchange Risk. Foreign Exchange Risk is the risk that the value of financial instruments will fluctuate due to changes in foreign exchange rates. Foreign Exchange Risk arises when future commercial transactions and recognized assets and liabilities are denominated in a currency that is not the Company’s functional currency (Euro). At the year- end the Company had certain receivables in US Dollar. The table below shows the Company’s exposure to Foreign Exchange Risk.
Table 7: Exposures to foreign exchange risk
|Exposure to currency risk||Net Position|
|Assets (Long)||Liabilities (Short)||Overall Net FX Position|
|Total currency positions||257||32||225|
|Total Foreign Exchange Risk - Risk Exposure Amount||33|
|Market Risk (8% of total foreign exchange risk)||3|
4.3 Credit Risk
Credit risk is the risk associated with a loss or potential loss from counterparties failing to fulfill their financial obligations. Generally, credit risk can be derived from the following areas:
- Cash and cash equivalents;
- Debt instruments;
- Receivables; and
- Other Assets.
The Company’s objective in managing credit risk exposures is to maintain them within parameters that reflect the strategic objectives and risk tolerance. Sources of credit risk are assessed and monitored, and the Company has policies to manage the specific risks within the various subcategories of credit risk.
For calculating its Credit risk capital requirement, the Company uses the Standardized Approach. The following table represents the Company’s RWAs and minimum capital requirement for Credit risk as at 31 December 2018, broken down by asset class:
Table 8: Credit risk summary table: by asset class
|Asset classes||Total Exposure Amounts||Risk Weighted Exposure|
Table 9: Credit risk summary table: by residual maturity
|Residual maturity as at 31 December 2018||Up to 3 months||More than 3 months||Total|
|Total Exposure Amounts||2018||2018||2018|
Table 10: Credit risk summary table: by country distribution of exposure
|Country Distribution of Exposures as at 31 December 2018||Cyprus||UK||Total|
|Total Exposure Amounts||2018||2018||2018|
4.3.1 Exposures to institutions
The Company's Credit risk stems mainly from its cash balances with credit and other financial institutions. Due to the scale and complexity of the Company’s operations the Company holds its cash balances with a reliable credit institution in Cyprus. The Company has policies in place to diversify risks and to limit the amount of credit exposure to any particular financial institution in compliance with the requirements of the Directive, when necessary.
The Company takes into account the expertise and market reputation of the credit institution itself and the residual maturity of the exposure as per Article 120 of CRR. Exposures to unrated institutions are assigned a risk weight according to the credit quality step to which exposures to the central government of the jurisdiction in which the institution is incorporated are assigned, as specified in Article 121 of CRR.
According to Article 119 of the CRR, exposures to institutions of a residual maturity of three months or less denominated and funded in the national currency of the borrower shall be assigned a risk weight that is one category less favorable than the preferential risk weight, as described in Article 114(4) to (7) of the CRR, assigned to exposures to the central government in which the institution is incorporated in accordance with the table below:
|Article 114 (2) - Table 1<< /th>|
|Credit Quality Step||1||2||3||4||5||6|
Exposures to Member States' central governments, and central banks denominated and funded in the domestic currency of that central government and central bank shall be assigned a risk weight of 0%.
Until 31 December 2017, the same risk weight shall be assigned in relation to exposures to the central governments or central banks of Member States denominated and funded in the domestic currency of any Member State as would be applied to such exposures denominated and funded in their domestic currency. However, in 2018, the calculated risk weighted exposure amounts shall be 20 % of the risk weight assigned to these exposures in accordance with Article 114(2).
According to Article 119 of the CRR, exposures to institutions for which a credit assessment by a nominated ECAI is available shall be risk-weighted in accordance with the tables below.
|Article 120 (1) - Table 3|
|Credit Quality Step||1||2||3||4||5||6|
|Article 120 (2) - Table 4|
|Credit Quality Step||1||2||3||4||5||6|
Exposures to institutions for which a credit assessment by a nominated ECAI is not available shall be assigned a risk weight according to the credit quality step to which exposures to the central government of the jurisdiction in which the institution is incorporated are assigned in accordance with the table below.
|Article 121 (1) - Table 4|
|Credit Quality Step||1||2||3||4||5||6|
Notwithstanding the general treatment mentioned above, short term exposures to institutions can receive the more favorable risk weight of 20% if specific conditions apply:
- in accordance to Article 119(3) no exposures with a residual maturity of three months or less denominated and funded in the national currency of the borrower shall be assigned a risk weight less than 20%;
- in accordance to Article 121 (3) for exposures to unrated institutions with an original effective maturity of three months or less, the risk weight shall be 20%.
Table 11: Credit risk summary table: exposures to institutions
|Credit Quality Steps||Risk Weight||Moody’s Credit Rating||Exposure amount||Risk weighted|
|Less than 3 months maturity||More than 3 months Rated||More than 3 months Unrated||Less than 3 months maturity||More than 3 months Rated||More than 3 months Unrated|
|CQS1||0%||20%||20%||Aaa to Aa3||-||-||-||-|
|CQS2||20%||50%||50%||A1 to A3||208||-||-||41|
|CQS3||50%||50%||100%||Baa1 to Baa3||-||-||-||-|
|CQS4||100%||100%||100%||Ba1 to Ba3||35||-||-||35|
|CQS5||100%||100%||100%||B1 to B3||-||-||-||-|
|CQS6||150%||150%||150%||Caa1 and below||-||-||-||-|
|Total risk weighted cash exposure||76|
4.3.2 Other exposures
As described in Article 134 (1), tangible assets within the meaning of Article 4(10) of Directive 86/635/EEC shall be assigned a risk weight of 100%. As at 31 December 2018, the Company had no exposures to tangible assets.
As described in Article 134 (2), prepayments and accrued income for which an institution is unable to determine the counterparty in accordance to Directive 86/635/EEC, shall be assigned a risk weight of 100%. As at 31 December 2018, the Company had €7 thousand of exposure to prepayments, deferred expenses and other accounts receivable. Risk weight of 100% has been assigned to the above exposures.
4.4 Operational Risk
Operational risk is defined by the Basel Committee for Banking Supervision as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. Major sources of Operational risk include inadequate operational processes, IT security, dependence on key service providers and implementation of strategic change, fraud, human error, recruitment training and retention of staff. The Company’s systems and controls are evaluated, maintained and upgraded continuously. Furthermore, the Company has a “four-eye” structure and board oversight ensuring the separation of power and authority regarding vital functions of the Company.
The Company has implemented an Operational risk management framework designed to ensure that Operational risks are identified, assessed, mitigated and reported in a consistent manner consisting of, inter alia, the following components:
- Reviewing risks and controls as part of the Internal Audit function; Regular review and updating of policies;
- Monitoring of the effectiveness of policies, procedures and controls by Internal Audit;
- Maintaining a four-eye structure and implementing board oversight over the strategic decisions made by the heads of departments;
- Access to the Company’s systems (client administration) is limited and the end-users are properly authorized. The system is in a network protected by firewalls and other hardware and software intrusion security tools to block any external intruders from accessing it;
- The Company has performed due diligence on its system providers and has ensured that their service can be delivered uninterrupted. The due diligence performed covered the areas of a business continuity policy, acceptable downtime, accessibility, security features, and server location(s). The provider is a reputable software developer with years of experience in system provision for the financial industry;
- A Disaster Recovery Plan has been designed in order to be used in the event of a force majeure affecting the Company’s internal systems and databases. This plan is structured around departments, with each having a set of specific responsibilities; and
- A Business Continuity Policy has been implemented which helps protect all of the Company’s information databases including data, records and facilities.
In addition to its overall framework, in order to mitigate operational risks, the Company has specific processes and systems in place to focus continuously on high priority operational matters such as information security, managing business continuity and combating fraud.
Following the implementation of the CRR and the Law and the issuance of Directives DI2014- 144-14 and DI2014-144-15, the Company has been categorized as an investment firm that falls under Article 95(1) of the CRR. Given its categorization, the Company has adopted the Fixed Overheads Exposure Risk calculation method to calculate its total risk exposure amount.
The table below shows the Total Risk Exposure which takes into account the exposure to Fixed Overheads (equal to 4 times the Fixed Overheads Requirement). The fixed overheads are based on the fixed overheads of the preceding year adjusted for items listed below:
- employees', directors' and partners’ shares in profits, to the extent that they are fully discretionary;
- other appropriations of profits and other variable remuneration, to the extent that they are fully discretionary
- shared commission and fees payable which are directly related to commission and fees receivable, which are included within total revenue, and where the payment of the commission and fees payable is contingent upon the actual receipt of the commission and fees receivable
- fees, brokerage and other charges paid to clearing houses, exchanges and intermediate brokers for the purposes of executing, registering or clearing transactions
- fees to tied agents in the sense of paragraph 1, Section 2 of Part I of Law 114(I)/2007, where applicable, notwithstanding the provisions of Note (i)
- interest paid to customers on client money
- non-recurring expenses from non-ordinary activities
Following the calculation of the Fixed Overheads there are three derivative calculated amounts:
- Fixed Overheads Requirement which is 25% of the Fixed Overheads and defines minimum threshold of eligible funds the Company is obliged to have (this minimum will be applicable if larger than the CRR-defined minimum initial capital requirement);
- Fixed Overheads risk exposure amount which is 12.5 times the Fixed Overheads Requirement and defines the total operational risk exposure amount;
- Additional Risk Exposure amount due to fixed overheads: calculated as the difference between Fixed Overheads risk exposure amount and the total of all other risk exposures of the Company (i.e. credit risk, market risk etc.); however, this calculated number has an absolute minimum of zero. The additional risk exposure amount due to fixed overheads is the exposure that forms part of the Company’s Total Risk Exposure Amount for the calculation of the capital ratios (refer to table 6)
Table 12 – Fixed overhead requirement calculation:
|Fixed Overhead requirement||2018|
|Fixed Overheads Requirement (25% X Fixed Overheads)||79|
|Fixed Overheads risk exposure amount||987|
|Total Risk Exposure amount, other than operational risk (Credit risk & Market risk)||123|
|Additional Risk Exposure amount due to Fixed Overheads||864|
4.5 Other Risks
4.5.1 Liquidity Risk
Liquidity risk is the risk that the Company may not have sufficient liquid financial resources to meet its obligations when they fall due or would have to incur excessive costs to do so. The Company’s policy is to maintain adequate liquidity and contingent liquidity to meet its liquidity needs under both normal and stressed conditions.
To achieve this, the Company monitors and manages its liquidity needs on an ongoing basis. The Company also ensures that it has sufficient accessible cash on demand to meet expected operational expenses. This excludes the potential impact of extreme circumstances that cannot reasonably be predicted, such as natural disasters. Currently the Company is not subject to any liquidity risk as it maintains own funds in cash deposits with reputable institutions and its liquidity and own fund ratios are at a satisfactory level.
4.5.2 Strategic Risk
Strategic risk corresponds to the unintended risk that can result as a by-product of planning or executing the strategy. A strategy is a long-term plan of action designed to allow the Company to achieve its goals and aspirations. Strategic risks can arise from:
- Inadequate assessment of strategic plans
- Improper implementation of strategic plans
- Unexpected changes to assumptions underlying strategic plans
Risk considerations are a key element in the strategic decision-making process. The Company assesses the implications of strategic decisions on risk-based return measures and risk-based capital in order to optimize the risk-return profile and to take advantage of economically profitable growth opportunities as they arise.
4.5.3 Reputation Risk
Risks to the Company’s reputation include the risk that an act or omission by the Company or any of its employees could result in damage to the reputation or loss of trust among its stakeholders. Every risk type has potential consequences for the Company’s reputation, and therefore, effectively managing each type of risk helps reduce threats to its reputation.
The Company strives to preserve its reputation by adhering to applicable laws and regulations, and by following the core values and principles of the Company, which includes integrity and good business practice. The Company centrally manages certain aspects of reputation risk, for example external communications, through functions with the appropriate expertise. It also places great emphasis on the information technology security which is one of the main causes of such reputational risk manifestation.
4.5.4 Business Risk
Business risk includes the current or prospective risk to earnings and capital arising from changes in the business environment including the effects of deterioration in economic conditions.
Research on economic and market forecasts are conducted with a view to minimize the Company’s exposure to business risk. Additionally, reports from external providers are constantly reviewed. All these are analyzed and taken into consideration when implementing the Company’s strategy.
The Company’s Board regularly reviews the economic and market conditions and responds to any changes.
4.5.5 Regulatory non-compliance risk
Regulatory risk is the risk the Company faces by not complying with relevant Laws and Directives issued by its supervisory body. If materialized, regulatory risk could trigger the effects of reputation and strategic risk.
The structure of the Company is such to promote clear coordination of duties and the management consists of individuals of suitable professional experience, ethos and integrity, who have accepted responsibility for setting and achieving the Company’s strategic targets and goals. In addition, the board meets at least annually to discuss such issues and any suggestions to enhance compliance are implemented by management.
The Company has documented procedures and policies based on the requirements of relevant Laws and Directives issued by the Commission; these can be found in the Internal Operations Manual. Compliance with these procedures and policies are further assessed and reviewed by the Company’s Internal Auditors and suggestions for improvement are implemented by management. The Internal Auditors evaluate and test the effectiveness of the Company’s control framework at least annually. Therefore, the risk of non-compliance is minimized within acceptable limits.
4.5.6 Concentration Risk
This includes large individual exposures and significant exposures to companies whose likelihood of default is driven by common underlying factors such as the economy, geographical location, instrument type etc.
Due to the nature of operations and specific clientele (majority comprises of legal persons) the Company, during the period under review was subject to concentration risk due to high share of income generated by a few corporate clients.
The Company also faces a level of concentration risk arising from its exposure to a single credit institution where the entire cash and cash equivalent balances are held. The exposure represents 92.9% of its own funds and is within the Company’s acceptable risk limits.
5. Leverage Ratio
The leverage ratio is a new monitoring tool which will allow the competent authorities to assess the risk of excessive leverage in their respective institutions. According to the CRR, the investment firms have to report all necessary information on the leverage ratio and its components.
According to the CRR, the requirement for institutions to start disclosing the leverage ratio (Form 144-14-07) from 1 January 2016, depends on the category of the institution as detailed in the to the table below extracted from the relevant CySEC Circular by which the Company is classified in the ‘under art.95(1) of CRR’ category. The Company is therefore exempted from this reporting requirement in accordance to its minimum initial capital which is €125,000.
6 Remuneration Policy and Practices
The Company implements and maintains adequate remuneration policy and procedures as defined with the provisions of the Directive DI144-2007-05. Ensuring compliance with the conflicts of interest requirements set out in Articles 13(3) and 18 of MiFID and MiFID II 2014/65 EC; and also ensures compliance with the conduct of business rules set out in Article 19 of MiFID, as well as in accordance with Article 16(3) of the ESMA Regulation.
In addition, for the preparation of the Remuneration Policy, (the “RP”) the Company has taken into consideration Section 36(1) of the Law (conduct of business rules), Circular C030 of CySEC (compliance function requirements) and Circular C031 of CySEC (guidelines on remuneration policies and practices).
The Company's RP is concerned with practices of the Company for those categories of staff whose professional activities have a material impact on its risk profile, i.e. the Senior Management, members of the Board of Directors, Heads of the departments, and the outsourced activities of the
Company (hereafter “employees”); the said practices are established to ensure that the rewards for the ‘executive management’ provide an incentive to achieve the key business aims.
The Company will take into account the conduct of business and conflicts of interest risks that may arise. Effective conflicts of interest management duties (which should include the avoidance of conflicts of interests created the RP) and conduct of business risk management obligations, in order to ensure that clients’ interests are not impaired by the policy and its practices in the short, medium and long term.
The Company bounds not to create incentives that may lead the employees to favour their own interest, or the Company’s interests to the potential detriment of clients.
The Board of Directors is responsible for determining and approving the Company’s remuneration policy and practices. The Board of Director’s is also responsible to monitor the Company’s compliance towards the approved policy and to identify and work towards any deficiencies. The Board of Directors meets at least once a year, and whenever the need arises, to discuss issues and to reformulate the policy where this is necessary on account of changes and developments, whether internal to the Company or external in its market environment. Any changes in the Company’s remuneration policy can be brought about only as a result of a decision of its Board of Directors.
6.1 Design and Structure of Remuneration
When assessing performance for the purposes of determining the variable remuneration, for the employees to act in the best interest of the Company’s clients, the Company takes into account the following factors:
- Clients’ support quality;
- Assess the performance of employees based on qualitative criteria e.g. compliance with regulatory (especially conduct of business rules and, in particular, the review of the suitability of client support provided by employees to clients), internal procedures i.e. the fair treatment of clients and client satisfaction;
- The outcome of their activities in terms of compliance with the conduct of business rules and, in general, with the duty to care about the best interests of their client.
The Company’s calculation of the fixed and variable remuneration of employees will be based on a qualitative criterion. The variable component of the remuneration is based on qualitative criteria will allow the Company to closely reflect the desired conduct of employees to act in the best interests of the clients.
The total remuneration of staff consists of fixed and variable components. The fixed component of the Company is set at 100% of the total remuneration and represents a high proportion of the total remuneration paid; this will allow the employees to focus on the qualitative aspects of their work in the short, medium and long term. The variable remuneration of the Employees will
therefore be based on the annual appraisals performed by the General Manager and/or Board of Directors, and based on the outcome of such appraisals, a variable remuneration will be decided upon at the discretion of the Board of Directors.
6.2 Link between Pay and Performance
Remuneration policies and practices implemented by the Company were intentionally simplified to the basic requirements of recruiting and maintaining high level professional personnel. The Board of Directors considers such approach as the most practical at this stage as it corresponds to the scale and complexity of the Company’s operations. To this respect, the Company has decided to follow fixed remuneration scales for all employees including top Management. More complex stimulating remuneration schemes may be introduced in the future depending on the Company’s results and growth.
The total staff costs for 2018 amounted to €154,370 (2017: €108,736). It should be noted that the Internal Audit, Accounting, Information technology and Risk Management departments are outsourced. Moreover, the Company did not pay any non-cash remuneration, nor any severance payments were made, during the years 2018 and 2017.
The table below provides aggregate quantitative information on remuneration, broken down by senior management and members of staff (heads of departments) whose actions have a material impact on the risk profile of the Company:
Table 13: Quantitative information on remuneration
|Description||No. of beneficiaries||Fixed Remuneration||No. of beneficiaries||Variable remuneration||Total remuneration|
|Senior Management – Directors||2||139,875||-||-||139,875|
|Head of Department||1||14,495||-||-||14,495|
It can be concluded that the Company has a comprehensive, effective risk management that meets its requirements. Specifically, it warns the management in due time of risks as they arise and enables timely and appropriate risk control measures to be taken. The Company understands the necessity of further improvement of the existing policies for capital management and continually assesses the appropriateness of its disclosures. Moreover, the Company has a clear remuneration system which is effectively risk-based managed. The Company is not disclosing in this report all information and certain detailed data which considers immaterial or confidential. The Company
through its Management is always willing to discuss these issues in more detail with any interested party upon written request.
The Company has included its risk management disclosures as required by the Directive on its website (gwglobalfx.devshell.site). The Company has appointed its independent auditors FINCAP Advisers Ltd to verify its disclosures. The Company is required according to the Directive to provide a copy of the auditor’s verification report to CySEC five months after the end of each financial year, at the latest.