DISPATCH ·

CySEC CFD broker RFP template (Phase 4 per-archetype artefact)

Forty-second dispatch. First per-archetype RFP template. Operationally-actionable RFP document operators can adapt directly for CySEC CFD broker procurement combining universal dimensions plus relevant per-pillar dimensions plus per-archetype customisation. Covers Archetype A from the cross-archetype matrix refresh.

tags · phase-4 · rfp-template · cysec · archetype-a · operational-artefact

Why this dispatch exists

This is the forty-second dispatch and the seventeenth Phase 4 operationally-actionable artefact. The RFP scoring framework opener established the three-layer framework; the fifteen per-pillar evaluation toolkits operationalised per-pillar procurement. This dispatch opens the per-archetype RFP template sub-series with the CySEC CFD broker archetype template that operators can adapt directly for procurement processes.

Section 1: Requirement overview

The requirement is the CFD broker tech stack for an operator authorised under CySEC (Cyprus Securities and Exchange Commission) serving EU retail and professional clients under MiFID II passporting. The operator faces EU AMLR transition through July 2027, the August 2025 CySEC sanctions regime, MiFIR Article 26 transaction reporting obligations, and EU data residency under GDPR.

Section 2: Vendor evaluation categories required

Operator procures across the following pillars per the CySEC archetype dispatch:

  • Brokerage hosting (Equinix FR2 or Beeks FR2 for EU data residency)
  • Trading platform (MT5 default; cTrader for institutional positioning)
  • LP procurement (tier-1 prime broker or PoP layer)
  • Risk management (specialist at mid-market; bundled at lean)
  • KYC + AML (two-vendor pattern: primary KYC + separate ongoing screening)
  • RegTech (Nasdaq SMARTS or Eventus Validus for trade surveillance; Cappitech for MiFIR; Behavox or Smarsh for comms surveillance; CUBE or Corlytics for horizon scanning)
  • Broker CRM (B2Core or Match-Trader CRM)
  • Payments (specialist EU banking partner + 4-6 PSPs)
  • IB management (bundled CRM IB at lean; Cellxpert or Tapfiliate at mid-market)
  • Broker analytics (2-4 parallel products including Trading Central + Solitics)
  • Copy trading (cTrader Copy native if cTrader; Brokeree Social Trader otherwise)
  • Turnkey suites (B2Broker or Leverate at lean; unbundle at mid-market)

Section 3: Universal vendor requirements (apply to every vendor)

Vendors must respond to the five universal dimensions from the RFP scoring framework opener:

  1. U1 Pricing transparency - published pricing or concrete pricing ranges in RFP response.
  2. U2 Regulatory positioning - ISO 27001 + SOC 2 Type II + jurisdiction-specific certifications minimum.
  3. U3 Customer support quality - dedicated TAM + business-hours support minimum.
  4. U4 Vendor financial stability - public-company filings or sustained operating history disclosure.
  5. U5 Product roadmap visibility - annual roadmap minimum.

Section 4: Per-pillar requirements

Per-pillar requirements follow the per-pillar evaluation toolkits with CySEC-specific emphasis on:

  • KYC: Sumsub or Veriff primary with EU AMLR transition forward-compatibility; ComplyAdvantage for ongoing screening including August 2025 CySEC sanctions regime coverage.
  • RegTech: Cappitech as STRONG PICK for MiFIR delegated reporting; Eventus Validus or Nasdaq SMARTS for MAR trade surveillance.
  • Payments: specialist EU banking partner (Bank Frick, BCB Group, Clear Junction) plus EU SEPA + SEPA Instant rails per October 2025 mandate.

Section 5: CySEC archetype customisation (weight multipliers)

Per the Phase 4 opener customisation layer:

  • RT3 (transaction reporting) x 1.5 reflecting MiFIR Article 26 obligation centrality
  • KYC3 (ongoing screening) x 1.5 reflecting August 2025 CySEC sanctions regime
  • H1 (data residency) x 1.3 reflecting EU AMLR transition

Section 6: Disqualification thresholds checklist

Vendor automatic disqualification if score below 2 on any critical dimension:

  • ☐ Cappitech-equivalent MiFIR Article 26 capability for transaction reporting vendor
  • ☐ EU AMLR transition forward-compatibility for KYC vendor
  • ☐ Per-jurisdiction sanctions screening for ongoing screening vendor
  • ☐ EU data residency for hosting vendor
  • ☐ FXJunction-equivalent regulatory positioning automatic disqualification for copy trading
  • ☐ Match-Trade Crypto / ETNA Software automatic disqualification for crypto venue if applicable

Section 7: Vendor scoring rubric reference

Per-pillar demo evaluation rubrics from the per-pillar evaluation toolkits apply. CySEC-specific demo emphasis:

  • Cappitech MiFIR reporting demonstration with operator-provided test trade data
  • Per-jurisdiction sanctions screening demonstration including CySEC sanctions list
  • EU data residency verification for hosting procurement

Section 8: Reference customer validation

Required reference customers per pillar:

  • Hosting: minimum 2 CySEC operators with FR2 deployment
  • Trading platform: minimum 2 tier-1 CySEC operators with cTrader if procurement
  • KYC: minimum 2 CySEC operators with August 2025 sanctions regime experience
  • RegTech: minimum 2 CySEC operators with MiFIR delegated reporting tenure
  • Copy trading: minimum 2 CySEC operators with cTrader Copy or DupliTrade

Section 9: Integration testing scope

Per-pillar integration testing protocols apply with CySEC-specific scope:

  • MiFIR reporting integration testing with operator’s specific Cappitech configuration
  • August 2025 sanctions regime ongoing screening integration testing
  • EU SEPA Instant verification of payee UX integration testing

Section 10: Decision documentation references

Per-pillar decision documentation templates apply. CySEC-specific documentation:

  • EU AMLR transition forward-compatibility evaluation
  • August 2025 sanctions regime ongoing screening framework documentation
  • MiFIR Article 26 delegated reporting framework documentation

What comes next

This dispatch opens the per-archetype RFP template sub-series. Templates for the seven remaining archetypes (B-H) follow in this PR. Phase 4 corpus state after the per-archetype template sub-series will be 49 dispatches total.