The newly enacted Investment Fund Administrators (IFA) Law marks a major milestone for Cyprus’ investment funds industry – a regulatory shift that places fund administration firmly under supervision for the first time. For the first time, fund administration is formally brought under regulatory supervision, placing it on equal footing with other core components of the fund ecosystem. This is more than a policy change; it represents a structural upgrade. For fund administrators operating in or from Cyprus, the message is clear: the time to act is now.

The law’s scope is internationally broad, covering virtually every aspect of fund administration. It applies to any entity offering fund administration services in or from Cyprus. This includes a range of activities such as net asset value (NAV) calculation, fund accounting, the maintenance of shareholder registers, processing investor subscriptions and redemptions, preparing financial and regulatory reports, performing anti-money laundering (AML) and know-your-customer (KYC) onboarding and monitoring, and handling performance and risk-related reporting. Even if these services are performed internally within a fund management company, they fall within the scope of the law. As such, many organisations that previously operated informally or without direct oversight must now re-evaluate their operating model and compliance status.

From now on, any entity performing fund administration functions must secure a licence from the Cyprus Securities and Exchange Commission (CySEC). To qualify, firms will need to meet specific regulatory requirements. These include having appropriate governance frameworks in place, meeting “fit and proper” criteria for key individuals and shareholders, satisfying minimum capital thresholds (expected to be clarified by CySEC), and establishing robust internal systems. A functioning compliance and risk management function must be independent from operations, while AML/CTF procedures must be clearly documented and reliably implemented. In addition, applicants will need to prepare and submit a comprehensive set of documentation, including operational manuals, business plans, outsourcing agreements, and internal control policies.

To ease the transition, CySEC has announced a transitional period, likely lasting up to 12 months. During this period, existing fund administrators must bring their operations into line with the new framework and submit their licence applications. Although application deadlines are expected to fall mid- 2025, it is critical for firms to begin their preparation early. Those operating without a licence will not be permitted to take on new clients during the transition period, and delays in readiness may jeopardise continuity of service. Given that approval timelines may vary based on the complexity of the organisation, early preparation is not only advisable—it is essential.

Documentation is only part of the equation - CySEC will also scrutinise each applicant’s real-world operational readiness. This includes assessing whether valuation methodologies are consistently applied, whether AML processes are fit for purpose, and whether outsourcing arrangements are properly monitored and controlled. Administrators must also demonstrate that they have resilient IT systems, comprehensive business continuity plans, and a functional internal audit and compliance monitoring framework. For firms with decentralised or informal structures, this represents a significant transformation—but one that is necessary to meet evolving regulatory standards.

For fund managers who currently handle administration in-house, the law creates a strategic decision point. They must decide whether to seek a licence and build internal compliance capability, or to outsource fund administration to a licensed third party. Both options carry benefits and trade-offs. An internal model allows for control and proximity to the portfolio management team but comes with higher costs and compliance obligations. Outsourcing can offer quicker compliance and access to specialised expertise but requires thorough vendor due diligence and clear reporting lines. The right decision will depend on each manager’s structure, growth trajectory, and long-term strategy.

Now that the law is in force, both fund administrators and managers must act quickly to align. This starts with assessing whether their activities fall under the scope of the IFA Law, reviewing their current governance and internal controls, deciding on their preferred compliance route, and beginning the process of preparing the necessary documentation and policies. Monitoring updates and guidance from CySEC will also be crucial, as additional details and clarifications are expected in the coming months.

The IFA Law significantly raises the bar for fund administration in Cyprus. But with the right preparation, it also raises the opportunity to build trust, enhance operational integrity, and strengthen Cyprus’ standing as a competitive and credible fund services hub.