CySEC Circular C556 on addressing AML/CFT Compliance – Insights from CySEC’s Recent Inspections
The Cyprus Securities and Exchange Commission (CySEC) has recently issued a Circular C656 highlighting the findings from its inspections of various regulated entities over the past two years. These inspections assessed compliance with the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 and CySEC’s Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing. The circular provides valuable insights into good practices and common deficiencies observed, offering a roadmap for entities to enhance their Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) frameworks.
A. Good Practices Identified
CySEC’s inspections revealed several commendable practices among regulated entities, which can serve as benchmarks for others aiming to strengthen their AML/CFT controls:
- Utilization of Local Knowledge: Supplementing commercially available databases with local knowledge and open-source internet checks proved effective in researching potential high-risk customers, including Politically Exposed Persons (PEPs).
- Clear Escalation Processes: Establishing clear processes for escalating the review and approval of high-risk and PEP customer relationships to senior management.
- Face-to-Face Interactions: Conducting face-to-face meetings with high-risk and PEP prospects before onboarding them as customers.
- Comprehensive Customer Files: Maintaining detailed customer files that cover risk assessment, documentation, verification, expected account activity, and profiles of the customer or business relationship.
- Robust Transaction Monitoring: Ensuring transaction and account monitoring considers up-to-date Customer Due Diligence (CDD) information, including expected activity, source of wealth, and source of funds.
- Active Involvement of Senior Management: Involving senior management and AML/CFT staff in decisions regarding the maintenance or termination of high-risk relationships.
- Updated Policies and Procedures: Keeping AML/CFT policies and procedures current to comply with evolving legal and regulatory obligations.
B. Common Weaknesses and Deficiencies
Despite the good practices, several weaknesses were commonly identified, which need immediate attention to mitigate AML/CFT risks:
- Risk Management and Procedures Manual: Manuals often contained generic descriptions rather than tailored procedures specific to the entity’s risks. In some cases, procedures for identifying and detecting unusual cash transactions were inadequate.
- Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD): Entities sometimes failed to construct comprehensive customer economic profiles or verify the identity of beneficial owners adequately. There was also a lack of additional information for high-risk customers.
- AML/CFT Risk Assessments: Risk assessments often did not consider guidelines from the European Banking Authority (EBA) or the Financial Action Task Force (FATF). In some instances, entities did not account for the risks posed by customers with Cypriot citizenship acquired through the Cyprus Investment Program.
- Source of Funds and Transactions Monitoring: Insufficient documentation to support customer transactions and initial source of funds was a recurrent issue. Entities need to gather detailed evidence and maintain updated customer profiles.
- Reporting of Suspicious Transactions: Compliance officers sometimes failed to examine internal reports adequately to determine if there was a suspicion of money laundering or terrorist financing.
- Record Keeping: Entities did not always ensure prompt availability of documents and information required by CySEC for regulatory duties.
CySEC’s circular serves as a crucial reminder for all regulated entities to review and enhance their AML/CFT policies, controls, and procedures. By addressing the identified deficiencies and adopting the highlighted good practices, entities can better align with regulatory expectations and effectively mitigate the risks associated with money laundering and terrorist financing.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
Latest Posts
A Quick Guide to IP Rights for Fintech Companies in Cyprus
A. IP Protection for Software Under Cyprus law, software or computer programs are considered literary works protected by copyright, specifically under...
New Rules for Crypto-Asset Service Providers (CASPs) in Cyprus: Key Updates
The Cyprus Securities and Exchange Commission (CySEC) has made an important announcement regarding regulating Crypto-Asset Service Providers (CASPs). Here’s...
The EU’s Digital Operational Resilience Act 2022/2554 (DORA)
Financial regulators have long faced the challenge of ensuring stability in financial markets, especially given the growing reliance on third-party systems,...