This report and the information herein is disclosed in accordance with the requirements stated in Part Eight of Regulation (EU) No 575/2013 of the European Parliament and of the council of 26 June 2013 on prudential requirements for credit institutions and investment firms (the “Regulation”) and paragraph 32(1) of DI144-2014-14 of the Cyprus Securities and Exchange Commission (the “CySEC”) for the Prudential Supervision of Investment Firms.
Furthermore, the information disclosed by the Company within this report relates to the year ended 31 December 2017.
K-DNA Financial Services LTD (hereinafter called the “Company” or “KDNA Financial Services LTD”), is a financial services company dully incorporated under the laws of Republic of Cyprus on the 10th of September 2014 under registration number HE335683.
On the 23rd of April 2015 the Company has been authorized by Cyprus Securities and Exchange Commission (hereinafter called ”CYSEC”) to provide investment services in the capacity as Cyprus Investment Firm under the license number 273/15.
In particular the Company is authorized to provide the following investment and ancillary services:
• Receipt and transmission of orders in relation to one or more financial instruments
• Execution of Orders on behalf of clients
• Safekeeping and administration of financial instruments for the account of clients, including custodianship and related services such as cash/collateral management
• Foreign exchange services where these are connected to the provision of investment services
• Granting credits or loans to one or more financial instruments, where the firm granting the credit or loan is involved in the transaction
III(1) Transferable securities
III(2) Money-market instruments
III(3) Units in collective investment undertakings
III(4) Options, futures, swaps, forward rate agreements and any other derivative contracts
relating to securities, currencies, interest rates or yields, or other derivatives instruments, financial indices or financial measures which may be settled physically or in cash
III(9) Financial contracts for differences (for differences in relation to MiFID instruments, currencies, interest rates or other financial indices)
1.1 Frequency of Disclosures
The report will be published on the Company’s website www.kdna-investment.com, on annual basis and within a reasonable time after the preparation of the financial statements on annual basis.
The new regulatory framework consists of three Pillars:
o Pillar I sets out the minimum capital requirements firms are required to meet.
o Pillar II requires firms to assess their capital requirements in light of any specific risks not captured or not sufficiently captured in the Pillar 1 calculations.
o Pillar III seeks to improve market discipline by requiring firms to publish certain details of their risks, capital and risk management practices.
1.2. Organizational Structure
1.3. Disclosure Policy
The Company discloses herein its Disclosure Policy, embodying the risk management policies and procedures, as applied to Basel III Pillar 3 Disclosures with Basel II comparatives.
This Policy aims to meet all the requirements provided within Pillar 3 of Capital Requirements Regulations (CRR) and is to be published on annual basis on each website operated by K-DNA Financial Services Ltd.
This report representing the Company’s Pillar 3 disclosure has been internally review and its validation have been approved by the Board of the Company.
The Company does not seek any exemption from disclosure on the basis of materiality or on the basis of proprietary or confidential information.
2. GOVERNANCE AND RISK MANAGEMENT OF THE COMPANY
2.1. The Board
The Company’s Board of Directors is responsible for overlooking the operations of the Company. With respect to the management of risk, it has overall responsibility for the establishment and assessment of the policies, arrangements and procedures. The Board shall ensure the compliance with the obligations under the Law, the Directive and any regulation under MiFID II/MiFIR and to take appropriate measures to address any deficiencies.
In particular, when managing and/or assessing risks, the responsibilities of the Board of Directors and Senior Management may be summarized as follows:
•the overall responsibility for proper implementation of the relevant laws and regulations
•the overall responsibility for proper implementation of regulations under MiFID II/MiFIR
•the overall responsibility for proper implementation of a new framework regarding the Data Protection
•the formulation of the Company’s business strategy in terms of development of existing and/or new services and its presence in the local and international financial markets
•setting business strategies based on annual budgets, plan the approach and ensure the continuing operations of the Company
• Meeting on a frequent basis to ensure that operational and strategic issues are discussed and issue guidance to the executive officers and Senior Management
• the governing of the Company by broad, on policies and objectives, formulated and agreed upon by the chief executive and employees
• ensuring that sufficient resources are available to the Company to carry out its operations
• appointing Money Laundering Compliance Officer (MLCO) and define his/her duties and responsibilities
• defining, recording and approving the general policy principles of the Company in relation to the prevention of money laundering and terrorist financing
• notifying the Company’s policy for the prevention of money laundering and terrorist financing
to the MLCO
•approving the Company’s risk management policies and procedures manual
•establishing a clear and quick reporting chain for transmission of information to the MLCO
•assessing the Money Laundering and Compliance Department function
•assessing and approving the annual reports regarding AML, Compliance, Risk Management and Internal Audit
•assessing the Internal Audit Department’s members and the efficiency of the mechanisms of internal control
•adopting strategies to improve the operation of the internal audit mechanism
•approving the Company’s financial statements
•reviewing the suitability report prepared by the Company’s external auditors
•taking decisions on important matters of the Company during Board meetings
•adopting new policies needed for the ongoing review of the Company.
The Board of Directors is, currently, composed by 2 (two) executive and 3 (three) non-executive independent directors.
The two executive directors of the company are the “four eyes” for the management of the Company. Their role within the Company is to oversee the day-to-day operations of the Company in order to ensure an effective and orderly management of those operations within the framework of the relevant laws and regulations and according to the Internal Procedures Manual of the Company. In addition, they manage human resources function and promote the services provided by the Company.
The General Manager acts as a liaison between the Heads of departments and the Board of Directors. The Heads of departments report to the General Manager and the General Manager reports to the Board of Directors.
2.1.2 Flow of information concerning the risk to the Board of Directors
All risks related to the Company are communicated to the management body through the following reports which are prepared annually, reviewed and approved by the BOD.
oRisk Management report
oInternal Audit Report
oAML Compliance Officer report
oCompliance officer report
2.1.3 Number of Directorship held by members of the Board
The table below provides the number of directorships a member of the management body of the Company holds at the same time in other entities.
Directorships in organizations which do not pursue predominantly commercial objectives, such as non-profit-making or charitable organizations, are not taken into account for the purposes of the below.
2.1.4 Board Declaration – Adequacy of the Risk Management arrangements
As stated above the Board of Directors of the Company has an overall responsibility regarding the effectiveness of the Company’s risk management arrangements and mechanisms of financial and internal control. These mechanisms are established, not only to eliminate any possible risk and prevent any possible fraud, misstatement and/or loss, but also, to achieve the Company’s business objectives.
The Board embraces and discerns that the Company has adequately established and implemented appropriate systems and mechanisms for the identification, prevention and mitigation of the risk according to the Company’s profile and strategy.
2.2. Risk Management Policy
The main objective of this policy is to establish and implement adequate and effective risk management policies and procedures. The Risk Management Policy is disclosed in Company’s Internal Procedures Manual (hereafter “IPM”), which aims to set out those policies and procedures and to ensure compliance with legislative requirements and general procedures within each department of the Company. Through the Risk Management Policy it is clearly illustrated the fact that the company intrinsic the risk aspect into its business and activities.
The Risk Management Policy plays an integral role within the Company’s internal control and corporate governance arrangements. It is a mechanism through which the Company has the ability to identify, monitor and manage each type of risk to which the Company is exposed. In the policy it is clearly explained the key management procedures to be followed and the responsibilities of the Risk Management Committee, the Risk Manager and other key parties. Moreover by this policy the Company assess the level of Compliance by its and its relevant persons with the arrangements, processes and mechanisms adopted.
An important factor within the Company’s operation is the financial stability, which requires periodic reviews and assessment of the systems and procedures in place for the risk management aspect.
2.3. Risk Management Department
More specifically this Department is generally responsible for the compliance of the Company with all the legislation and Directives issued by CySec with regards to capital adequacy and other risk-related issues. In particular, the Department ensured that the Company’s investment and ancillary services and all transactions are carried out in accordance with the legal framework. Within this legal framework is included the matter of conflict of interest, insider dealing and protection of confidential information.
In particular, the Department is responsible for the following:
•To create an internal mechanism for the identification and management of risks, which will include guidelines regarding possible risk exposure and acceptable risk levels
•To develop a risk management policy for credit risk, liquidity risk and market risk
•To assist and evaluate from the financial aspect any agreements concluded by the Company with counterparties;
•To review and evaluate the quality and financial analysis of Company’s clients when opening a new client account and classification of clients according to Company’s risk criteria and limits
•To frequently review the Company’s policy from the risk management aspect, of the services offered by the company, taking into consideration the costs, the competitor’s pricing policy and the cost- benefit analysis
•To undertake a quarterly review of effectiveness of the system of internal control and provide a report to
the Risk Management Committee
•To monitor and evaluate the investment risk undertaken by the Company for each client, counterparty and as a whole, including the risk associated with transactions executed on behalf of clients;
•To assess the compliance with the Company’s established limits (for example stop loss control limits)
•To monitor the adequacy and effectiveness of measures taken to address any deficiencies with respect to the Company’s policies and procedures that are in place
•To oversee and estimate the risk of possible money laundering and/or terrorist financing activities from the clients and counterparties part and, if necessary, act according to the situation;
•To monitor risk associated with margin trading clients as well as the deals executed with counterparties in relation to securities’ market prices
•To monitor on a daily basis the operational risks;
•To provide adequate information in a timely manner to the Risk Management Committee on the status of
risks and controls
•To prepare an annual written report to the Board of Directors on the matters of his/her
responsibility indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies
•To prepare and/or adopt new policies needed for the ongoing review of the Company and with regards of proper implementation of regulations under MiFID II/MiFIR.
•To take any measure in regards of proper implementation of a new framework regarding the Data Protection.
In order for this Department to function sufficiently effective, the Company has appointed a qualified and experience Risk Manager who leads the Risk Management function of its. The Risk manager conducts on a daily, weekly and monthly basis monitoring and reports to the Risk Management Committee and the Chief Executive Officer of the Company. In this reports the Manager provides a detailed explanation of the Company’s risks exposure, as well as any recommendations that the Risk Manager may think appropriate.
2.4. Risk Management Strategy and Capital management
Regulatory framework and legislation requires all Investment Firms to effectively manage and maintain adequate capital level in accordance with the requirements imposed by European Union and CySec. Therefore, in this respect, the Company must establish, implement and maintain an effective system for monitoring its capital base so as to ensure a strong capital adequacy ratio and be declared as a fully complaint and financially healthy Company.
In particular, the legislation requires all Cyprus Investment Firms to maintain a minimum capital adequacy ratio of 8%, this is to be seen as a mechanism of controlling and proportionating the total risk weighted assets of the Company.
One of the Company’s tools for managing its capital adequacy is the Internal Capital Adequacy Assessment Procedure report, which enables the Company to monitor the risks undertaken and assess as match risks as possible, reducing its residual risk and enabling more precise future growth planning. The ICCAP report should be maintained within the Company’s records at all times and should be periodically, at least annually, updated.
2.5. Compliance/Anti-Money Laundering Officer
The Company retain a person to the position of the Company’s Money Laundering Compliance Officer (MLCO), to whom its employees reports their knowledge or suspicion of transactions involving money laundering and terrorist financing. To command the necessary authority, the MLCO belongs to the management of the Company. The MLCO shall lead the Company’s Money Laundering Compliance procedures and processes and report to the Senior Management of The Company.
In particular, the Compliance / Anti-Money Laundering Officer is responsible for the following:
• To design the internal procedures, measures and controls in respect to the prevention on money laundering and terrorist financing and to describe and allocate the appropriateness and the limits of responsibility of each department that is involved
• To draw and establish the customers’ acceptance policy and to submit it to the Board of Directors for consideration and approval, as well as monitoring of its implementation
• To periodically monitor and assess the effectiveness, adequacy and implementation of the those policies and procedures for internal procedures and controls
• To receive information from the employees through “Internal Suspicion Report” regarding the suspicious cases which might involve money laundering or terrorist financing activities or might be related with such activities
• To prepare and report to MOKAS, through “Compliance Officer’s Report to the Unit for Combating Money Laundering”, any suspicion that may arise regarding the money laundering or terrorist financing activities
• To prepare and submit to the Commission the Monthly prevention statement for the prevention of Money laundering and terrorist financing activities;
• To prepare the Compliance Officer’s annual report and submit it to the Board of Directors on the matters of his/her responsibility, indicating whether the appropriate remedial measures have been taken in the event of any deficiencies
• To ensure that the Company complies with all regulations and continuous obligations to CySEC (for example, submission of Capital Adequacy Return, annual reports, notifications to CySEC regarding changes in the Company’s structure, services, personnel, procedures, etc)
• To comply with the provisions of MiFID II/MiFIR on achieving transparency in financial transactions
• To comply with the new framework regarding the Data Protection
• To assist regulatory bodies in performing inspections of the Company’s activities
• To monitor the Company’s mechanisms for identifying the risks or failure by the Company to comply with its regulatory obligations taking into account the nature, scale and complexity of the Company’s business and investment services and all activities undertaken in the course of that business
• To ensure that all employees of the Company are well informed and trained in respect to the compliance with applicable laws and regulations as well as anti-money laundering and terrorist financing procedures
• To advise and assist the employees to comply with the Company’s regulatory obligations
• Reviewing marketing communications and making sure that they have been prepared in accordance with legal requirements
• To maintain a registry and relevant statistical information, the evaluation reports and all the documents that verify the accomplishment of his duties specified in the present subparagraph.
• To approve the Client file before accepting a client
• To obtain and utilise data, information and reports issued by international organisations, as these are stated in the Company’s AML Manual.
2.6 Compliance Officer
The Board retain an in house Compliance Officer in order to establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the Company to comply with its obligations, and put in place adequate measures and procedures designed to minimize suck risk and to enable the competent authorities to exercise their powers effectively. The Compliance officer is independent, has the necessary authority, resources, expertise and access to all relevant information and reports to the Senior Management of the Company.
2. 7. Internal Audit
This Unit is to be considered as an independent department of the company which is considered to be a vital tool for the internal control and operation assessment framework. The departments’ aim is to review and evaluate the operations and activities of the Company in respect to all aspects.
The Internal Audit function it is outsourced to an external firm, who examines, evaluates and reports directly to the Board of Directors alongside with any recommendations and advices that may be necessary and proportionate. Their function is one of the tools that ensure a prudent and effective operation of the company and high standard services according to the regulatory framework.
The Internal Auditor assists the senior management of the Company in the effective discharge of its responsibilities and functions by examining and evaluating controls.
The main responsibilities of Internal Audit function are:
• To establish, implement and maintain an audit plan to examine and evaluate the
adequacy and effectiveness of the Company’s systems, internal control mechanisms and arrangements
• To provide an independent appraisal of all the Company’s activities, financial, operational and others
• To reports and submit to the Board of Directors for approval regarding the effectiveness of the controls for which they are responsible and issuing recommendations and suggestions
• To ensure the continuance of compliance with the Company’s obligations before CySec (such us reporting, notifications, procedures etc.)
• To keep records and books in regard with internal audit work performed
2.8. Information flow on risk flow to Management Body
The Risk Management department is responsible for ensuring the risk information flow to the senior management of the Company. Such flow can be done through different means, such us:
• By email or any other written form.
• Through the annual report of the Risk Manager, Annual Financial Statements by the external auditors or other reports and/or communication by the Risk Manager in case of emergency and/or once risk emerges.
• Through decisions of the Risk Management Committee which are communicated to the CEO and
• Through the annual reports of the Internal Auditor and Compliance Officer and Anti-Money Laundering Officer and other reports and/or communication performed throughout the year once the risks and/or deficiencies are identified.
2.9. Recruitment Policy
For the managerial vacancies, such us Board Members, General Manager and Chief Executive Officer etc., the Company takes a very cautious approach by examining the candidates profile not only form the qualification aspect but also from the personality and cultural perspective, who shall be of sufficiently good repute. In this way the Company ensures the fact of appointing the most appropriate person for the specific position with both technical capability and competency skills.
It is of a vital importance to highlight the fact that any person appointed by the Company for any managerial position, should be firstly approved by CySec, in order for that person to undertake his/her duties and responsibilities, which is coordinated through the Compliance Officer of the Company.
At the stage of examination of any candidate, by the Company, the following is taken into consideration:
1) Skills and knowledge of the candidate in accounting, finance, law, business administration and other related areas
2) Integrity, honesty, trustworthiness
3) Knowledge of the financial sector and of the governing regulatory framework
4) Clear Criminal Record
5) Sound business judgment
6) Relevant previous experience
2.10. Diversity Policy
The Company is well orientated to an establishment of diverse and independent working environment within its corporate governance framework. The senior management of the Company undertakes the responsibility to ensure that the Board of Directors is at all times well diversified. In this manner the Company is benefited with the following:
• Variety in the skills, knowledge, experience and therefore variety of opinions
• More effective decision making
• More availability of the talents and solving problems minds
• Enhancement of corporate reputation and investor relations by establishing the
2.11. Risk Statement
The Company acknowledges the fact that risk is embedded in all of the Company’s activities and, therefore, it aims to develop a sufficient and strong risk management framework. In this respect the Company’s Board examines the risks to which the Company is exposed and which the company has appetite to undertake by identifying the level of those risks and monitoring them accordingly.
To the effect of the above aim, the Company has performed a risk identification and assessment exercise with the use of a Risk Register, which reflected all the risks inherent in its activities and operations.
The identification of the risk and its level of exposure it is based on the Company’s size, services provided, complexity and nature of the business, and operations as a whole. Therefore, the Company, highlights the risks that are to be considered to have a priority rank, and those are:
1) Regarding the Company’s Reputational Risks involves the money laundering and terrorist financing risk, compliance risk, capital risks, and regulatory risk;
2) Regarding the Company’s Operational risks involves the failure of key process or systems and the risk of not having the right quality and quantity of people to operate those processes and systems including operational risk, information and technology risk.
3) Regarding the Financial Risk it is involved the credit, market, interest rate risk and funding liquidity risks
3. OWN FUNDS
The own funds of the Company as at 31 December 2017 consisted solely of original own funds (Tier 1). The Company’s capital base and its analysis it is stated within the table below.
Authorized Share Capital
The authorized share capital of K-DNA Financial Services Ltd amounts to 200.000 shares. Upon incorporation on 10 September 2014 the Company issued to the subscribers of its Memorandum of Association ordinary shares of €1 each at par.
On 28 September 2015, the Company issued 25.000 additional shares at a premium of €4,50 each.
On 27 October 2015, the Company issued 10.000 additional shares at a premium of €10 each. On 28 December 2015, the Company issued 8.200 additional shares at a premium of €10 each. On 17 March 2016, the Company issued 10.000 additional ordinary shares at a premium of €10 each.
On 30 June 2016, the Company issued 1 (one) ordinary share at a premium of €45.299, realizing €45.300 including the premium.
On 30 September 2016, the Company issued 1 (one) ordinary share of €1 at a premium of €120.999, realizing €121.000 including the premium.
On 31 December 2016, the Company issued 1 (one) ordinary share of €1 at a premium of €51.999, realizing €52.000 including the premium.
On 31 March 2017 the Company issued 1 (one) ordinary share of €1 at a premium of € 87.799, realising €87.800.-.
On 30 June 2017 the Company issued 1 (one) ordinary share of €1 at a premium of €139.629, realising €139.630.-.
On 30 September 2017 the Company issued 1 (one) ordinary share of at a premium of €176.373, realising €176.374.-
On 30 December 2017 the Company issued 1 (one) ordinary share of at a premium of €48.490, realising €48.491.-
Capital Adequacy Ratio
The capital adequacy ratio as reported to CySEC for the year ended 31 December 2017 was as per Audited amount is 6.80% (while the threshold is 8%).
4. CAPITAL MANAGEMENT
The Company manages its capital to ensure that it will be able to continue as a going concern while increasing the return to shareholders by aiming to improve the debt to equity ratio.
The adequacy of the Company’s capital in monitored by reference to the provisions of the Capital Requirements Regulation and the CySEC Capital Requirements Directives 144-2014-14 and 144-2014-15 bringing into force the regulatory provisions of Basel III (Pillar I – Minimum Capital Requirements, Pillar II- The Supervisory Review and Internal Capital Adequacy Assessment Process, Pillar III – Market Discipline).
4.1. CAPITAL REQUIREMENTS
K-DNA Financial Services Ltd follows the requirements provided in Pillar I in respect to its capital adequacy assessment. The Pillar expressly provides each category of risks that the Company should be cautious about and, therefore, below in this paragraph the Company will disclose its each category of risks as at 31 of December 2017.
Minimum Capital Requirements by Risk Category:
4.2. Credit Risk
Credit risk is the risk associated with a loss or potential loss from counterparties failing to fulfil their financial obligations. Generally, credit risk can be derived from the following areas:
• Cash and cash equivalents
• Debt securities
The Company’s objective in managing credit risk exposures is to maintain them within parameters that reflect the strategic objectives and risk tolerance. Sources of credit risk are assessed and monitored, and the Company has policies to manage the specific risks within the various subcategories of credit risk. To assess counterparty credit risk, the Company uses the ratings assigned by external rating agencies. The Company has policies in place to ensure that sales of products and services are made to customers with an appropriate credit history and monitors on a continuous basis the ageing profile of its receivables.
For the purpose of this report the Company states in the table below its risk weighted assets (RWA) and minimum capital requirement by the year ended 31/12/2017.
Risk Weighted Assets by exposure class:
4.3. Fixed Overheads Risk
This type of risk involves all ongoing business expenses not including or related to direct labour, direct materials or third-party expenses that are billed directly to customers. These expenses are paid regardless of whether the company is conducting a high or low level of business.
Such risk is periodically overviewed for the purposes of determining how much the Company should charge for its services / products in order to make profit, not only for the budgeting purposes.
Risk Weighted Assets by exposure class:
4.4 Market Risk
Market risk is the risk associated with the Company’s balance sheet positions where the value or cash flow depends on financial markets. Fluctuating risk drivers resulting in market risk include:
• Equity market prices
• Interest rates
• Currency exchange rates
The Company manages the market risk of assets relative to liabilities on an economic total balance sheet basis. It strives to maximize the economic risk-adjusted excess return of assets relative to the liability benchmark taking into account the Company’s risk tolerance as well as regulatory constraints.
As per requirement of Article 445 of the Regulation, the Company shall disclose the own funds requirements for Market Risk exposures.
5. REMUNERATION POLICY
The company’s Remuneration Policy describes the procedure which is followed in determining the remuneration of all members of the company’s staff, including the members of the Board of Directors.
It is prepared in 2016 to ensure compliance of the CIFs, on the one hand with the requirements of sections 18(2)(b) and 29 of the Investment Services and Activities and Regulated Markets Law of 2007, as in force (‘the Law’) in relation to conflicts of interests and on the other hand, with the conduct of business rules set out in section 36(1) of the Law.
Moreover, the remuneration policies and practices of CIFs must be consistent with:
I. Circular C031, C138, C145, C240 of CySEC concerning the guidelines on remuneration policies and practices.
II. The questions and answers 2 and 3 of Chapter 2 of ESMA/2016/904, ‘Questions and Answers – Relating to the provision of CFDs and other speculative products to retail Investors under MiFID’ of 1st June 2016 and regulations under MiFiD II of 03/01/2018
The Remuneration Policy was approved by the Board of Directors. It is based on the principle of transparency and hence has been uploaded on the CIF’s server, to enable access by all employees.
It will be reviewed annually by the Board of Directors to ensure compliance with the strategic goals of the CIF and to avoid the payment of rewards that encourage excessive risk-taking.
Furthermore, the Board assesses whether the Remuneration Policy is in line with the prevailing conditions of the market, as well as those of the CIF and whether these justify an update of the Policy.
Remuneration consists of all forms of payments and/or benefits provided directly or indirectly to relevant persons in the provision of Investment and/or ancillary services to clients. Remuneration can be either financial, such as cash shares, options, cancellations of loans to relevant persons at dismissal, pension contributions, remuneration by third parties (i.e. through carried interest models, wage increases) or non-financial, such as career progression, health insurance, discounts or special allowances for car, mobile phone, generous expense accounts, seminars in exotic destinations etc.).
All employees of the Company are covered by the Policy including any employee who can have a material impact on the services provided, on the conduct of business risk profile, and who can influence corporate behaviour.
This included but is not limited to:
– Client-facing front-line staff
– Sales force staff, and/ or other staff indirectly involved in the provision of investment services whose remuneration may create inappropriate incentives to act against the best interest of the clients.
– outsourcing function to service providers