Cyprus Securities and Exchange Commission | FREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS
HOME THE COMMISSIONTHE COMMISSION PUBLIC INFORMATIONPUBLIC INFORMATION REGULATED ENTITIESREGULATED ENTITIES REGULATORY FRAMEWORKREGULATORY FRAMEWORK INVESTOR PROTECTIONINVESTOR PROTECTION
CONTACT US  |  LINKS  |   EL / EN |
FREQUENTLY ASKED QUESTIONS

1. Pick-up procedure Errors

When I try to pick up my certificate via Adacom website, I receive an error and doesn’t allow me proceed.
The possible errors and their respective solutions are presented: • Before proceeding with the pick-up process, the USB token should be inserted in the USB port of your PC and the middleware program should already be installed. • You need to ensure that you are visiting the proper Adacom website which is https://pki.adacom.com/xak/en • You need to make sure that you are using the exact same PC, the exact same browser and that the exact same user is logged-in that you have previously used to Enrol or Renew your digital certificate. • The browser to be used should in both cases be Internet Explorer. If the Chrome browser was used for Enrolling or Renewing, then the certificate should be revoked (revoke procedure is explained in a different FAQ point) and the procedure should be done from the beginning. • When the pick-up procedure is concluded the USB token should be removed from the USB port and inserted back again in the USB port so as to be used for digitally signing using the CySEC Digital Signer found at http://http://cysec.gov.cy/el-GR/entities/digital-signature/

2. How can I cancel (revoke) my digital certificate?

How can I cancel (revoke) my digital certificate?
In order to revoke the certificate the following steps should be followed: 
 
Visit Adacom’s web site, https://pki.adacom.com/xak/en/ and select Revoke from the list. 
 
Follow the instructions 
 
After revoking the certificate users are recommended to remove the revoked certificate from their token. In order to delete a certificate from the token, users must log in to AWP Manager Application, select the revoked certificate in the Browser tab and press the delete button from the toolbar.

3. Can I use the empty token again?

Can I use the empty token again?
The empty token can be used again by a new user. In that case, a new certificate must be issued to the new user by following the published procedure. The new digital signature holder will be charged only with the annual certification cost (€120). 
 

4. The device asks for a PIN or Passphrase. What should I do? What is a challenge phrase?

The device asks for a PIN or Passphrase. What should I do? What is a challenge phrase?
• USB Token PIN or Passphrase: 
The default PIN for the ID One Token by Oberthur Technologies is “9999”. The default PIN for the ATHENA Smartcard is 11111111. Your computer will prompt for the PIN whenever it needs to communicate with the USB Token. Depending on the use of the token you may be prompted for the PIN or the Passphrase of the device. 
 
• Enrollment Challenge Phrase: 
During the enrollment procedure you will be prompted to enter a Challenge Phrase. The Challenge Phrase will be used only when the user executes the revocation procedure of the certificate or the renewal procedure.
 
• Pick up ID PIN: 
When your certificate application is approved, the user will receive an email with instructions on how to pick up his/her certificate. The email contains a PIN, which consists of 9 digits. The Pick-up ID PIN is only used for picking up the certificate. 
 

5. My usb token is locked. What shall I do?

My usb token is locked. What shall I do?
The usb token device is locked after three unsuccessful login tries. The unlock procedure should be done by calling the Commission’s IT department. 
 
If the user continues to enter unsuccessful login credentials after the three tries, then the device will be permanently locked and become unusable. In this case, the user is required to purchase a new device. 
 

6. I have additional certificates installed on my PC. Can I use any of them?

I have additional certificates installed on my PC. Can I use any of them?
The only acceptable digital certificate is the qualified certificate issued by Adacom.

7. From where the usb token (SSCD) can be acquired?

From where the usb token (SSCD) can be acquired?
• Any person may obtain a qualified digital certificate and secure signature creation device (SSCD) either by presenting himself/herself at the Cyprus Securities and Exchange Commission offices or by the presence of an authorized representative on behalf of the physical person at the Cyprus Securities and Exchange Commission offices. 
• The Commission’s offices are located at Diagorou 27, 2nd Floor, Nicosia. The offices are situated above Marzano Restaurant, opposite T.G.I. Friday’s. 
• A person acquiring a SSCD acting for himself/herself or as an authorised representative should only visit the Commission’s offices. 
 

8. Should a newly authorized CIF acquire a usb token (SSCD)?

Should a newly authorized CIF acquire a usb token (SSCD)?
• The digital signature will be required as of 25 October 2013 for any TRS usage. The TRS usage falls under CRD, CIF Record Content and TREM obligations. 
• The obligation regarding CRD (Excel files-Form 6.1, 8.1 & 8.2) is activated immediately following the CIF’s authorisation from CySEC and the forms should be submitted regardless if the CIF is activated or not. 
• The obligation regarding CIF Record Content is specified in the CIF’s license letter that, within twelve months, should submit the XML file with all the necessary CIF info according to Circular ΕΓ 144-2012-01. 
• The TREM (transaction reporting) obligation is activated when the CIF has reportable transactions according to section 45 of the Law 144(I)/2007. 
Therefore, and given the CRD part above, the CIF should acquire a digital signature according to the requirements set in the Commission’s Circular ΕΓ 144-2013-25 regardless if it’s activated or not. 
 

9. How should people residing abroad be certified?

How should people residing abroad be certified?
If the person authorized by your CIF is in Cyprus then any document requiring certification (i.e. a copy of the applicant’s ID/Passport) must be certified by a certifying officer. 

If the person is abroad then any document requiring certification (i.e. a copy of the applicant’s ID/Passport) must be certified by an embassy of any country member of the European Union or competent authorities of other countries according to International Treaties.
 
No certification is needed when a person submits the application acting for himself/herself.

10. How many people from the same CIF can acquire usb tokens (SSCD)?

How many people from the same CIF can acquire usb tokens (SSCD)?
Each CIF should acquire at least one usb token (SSCD). For the moment, the maximum number of usb tokens a CIF can acquire immediately is up to two. 

If more than two tokens (SSCD) are needed a request can be made at the Commission. The delivery time of those additional tokens varies. 

11. Should a CIF resent all the electronic forms (Excel, XML) which were sent prior to the implementation of the digital signature?

Should a CIF resent all the electronic forms (Excel, XML) which were sent prior to the implementation of the digital signature?
No, the obligation to send the digitally signed forms starts on October 25, 2013 and is not retroactive. 
 

12. If a person who has obtained a digital signature leaves the CIF, what happens with his/her signature?

If a person who has obtained a digital signature leaves the CIF, what happens with his/her signature?
Since the signature is issued on a physical person and not the CIF, then what happens to the digital signature after the person departs from the CIF is an internal matter that should be arranged between the CIF and the person involved. 
 

13. Can the application be submitted via a courier?

Can the application be submitted via a courier?
No, this option is not currently available. The application must be submitted in person (or by authorised representative) at the Commission’s offices.

14. What happens when a CIF decides to replace the authorised person for the digital signature?

What happens when a CIF decides to replace the authorised person for the digital signature?
The CIF should acquire a new certification and revoke the old one. However, no additional token is necessary to be purchased. The existing token can be transferred to the new authorised person.

15. Which are recurring fees and which are one-time costs?

Which are recurring fees and which are one-time costs?
The certification must be renewed annually. The token (SSCD) is a one-time purchase

16. If a person represents more than one CIF, how many token he/she can acquire? How many email addresses should be declared?

If a person represents more than one CIF, how many token he/she can acquire? How many email addresses should be declared?
Each certification belongs to only one person. In the case of a person who is a representative of more than one CIF, then each CIF should authorise this person by signing the Appendix A.2. Each person should declare one email address per CIF he/she represents. 
 
THE COMMISION
BOARD
VISION, MISSION & RESPONSIBILITIES
STRUCTURE
INTERNATIONAL AFFAIRS
SEMINARS & LECTURES
ANNUAL REPORTS
FINANCIAL STATEMENTS
PAYABLE FEES
EVENTS
INVITATION OF TENDERS
SOCIAL RESPONSIBILITY
RECRUITMENT (UPDT: 25.02.2016)
PUBLIC HOLIDAYS
CONTACT US
PUBLIC INFORMATION
BOARD DECISIONS
ANNOUNCEMENTS
CIRCULARS
WARNINGS TO INVESTORS
PRACTICAL GUIDES
CONSULTATION PAPERS
SEMINARS & TRAINING
CERTIFICATIONS
REGULATED ENTITIES
INVESTMENT FIRMS
UCITS & Management Companies
AIFM
AIF
REGULATED MARKETS
ISSUERS
ASP
DIGITAL SIGNATURE/SUBMISSION
RISK BASED SUPERVISION FRAMEWORK
REGULATORY FRAMEWORK
SERVICES AND MARKETS
COLLECTIVE INVESTMENT AND MANAGERS
ISSUERS AND SECURITIES
MARKET ABUSE
FINANCIAL CRIME
CySEC LAW
ΕΛΛΗΝΙΚΑ CONTACT USINVESTOR PROTECTIONLINKSRSS SERVICESITEMAP
© Copyright, All Rights Reserved. | DESIGNED & DEVELOPED BY CYSEC & DOT.CY