CySEC Circular C655: Findings of the assessment of Compliance Officers’ Annual Reports and Internal Audit Reports on the prevention of money laundering and terrorist financing, for the year 2022
The Cyprus Securities and Exchange Commission (CySEC) has published Circular No. C655, summarizing the findings from its 2023 assessment of Compliance Officers’ Annual Reports and Internal Audit Reports submitted by various regulated entities for the year 2022. The report underscores critical areas of non-compliance and provides detailed recommendations for improvement.
A. Targeted Entities
The circular addresses the following regulated entities:
- Crypto Asset Service Providers (CASPs)
- Cyprus Investment Firms (CIFs)
- Administrative Service Providers (ASPs)
- UCITS Management Companies (UCITS MC)
- Self-Managed UCITS (SM UCITS)
- Alternative Investment Fund Managers (AIFMs)
- Self-Managed Alternative Investment Funds (SM AIFs)
- Self-Managed Alternative Investment Funds with Limited Number of Persons (SM AIFLNP)
- Companies managing AIFLNPs
- Small Alternative Investment Fund Managers (Small AIFMs)
B. Scope of the Assessment
The assessment aimed to evaluate compliance with the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, and the CySEC Directive for the Prevention of Money Laundering and Terrorist Financing. The evaluation included the review of Compliance Officers’ Annual Reports and Internal Audit Reports submitted in 2023, reflecting the activities of the previous year.
C. Key Findings
CySEC identified several common weaknesses and deficiencies across the reports:
- Lack of Detailed Analysis: Many reports lacked sufficient analysis of the inspection methods used by Compliance Officers. Reports often provided results without explaining the methodologies, sample sizes, and the specifics of the inspections and reviews conducted.
- General Overviews: Some reports offered only general overviews rather than detailed descriptions of identified deficiencies, their seriousness, risk implications, and recommended corrective actions.
- Inadequate Customer Monitoring: Reports frequently did not provide adequate details on ongoing monitoring systems for customer accounts, including methods used and variations in monitoring based on customer risk categories.
- Insufficient Organizational Structure Information: The organizational structure and duties of the Compliance Officer’s department were often not sufficiently detailed.
- Incomplete Training Program Information: Information on recommended training programs for the upcoming year was frequently inadequate.
- Late Submissions: There were late submissions of Compliance Officers’ Annual Reports, Internal Audit Reports, and relevant Board of Directors (BoD) minutes.
D. Recommendations
CySEC has outlined several recommendations to address these deficiencies:
- Enhance Report Preparation: Ensure detailed and methodologically sound preparation of both Compliance Officers’ Annual Reports and Internal Audit Reports, including a thorough analysis of inspection methods and results.
- Improve Monitoring Systems: Establish robust systems for ongoing monitoring of customer accounts and transactions, providing detailed documentation of methods and findings.
- Detail Organizational Structure and Training: Include comprehensive information on the Compliance Department’s structure and staff duties, and clearly outline training programs for the next year.
- Adhere to Submission Deadlines: Comply with the specified timeframes for submitting reports and BoD minutes.
E. CySEC’s Expectations
CySEC expects all regulated entities to consider these findings and recommendations seriously when preparing their reports for 2023 and beyond. The Commission has emphasized that recurring weaknesses will be subject to rigorous compliance checks, and strict administrative sanctions may be imposed for non-compliance with the Law and Directive.
D. Conclusion
CySEC’s 2023 assessment report highlights significant areas for improvement in AML compliance and overall governance among regulated entities. By addressing the identified deficiencies and adhering to CySEC’s recommendations, entities can ensure robust compliance frameworks, thereby enhancing the integrity and trustworthiness of Cyprus’s financial sector.
E. How we can assist you
With ten years of experience in the financial services industry, our law firm is well-equipped to assist you with outsourced legal and compliance services. We provide comprehensive support and guidance for the preparation of annual CySEC reports, ensuring your compliance with all regulatory requirements.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
Latest Posts
A Quick Guide to IP Rights for Fintech Companies in Cyprus
A. IP Protection for Software Under Cyprus law, software or computer programs are considered literary works protected by copyright, specifically under...
New Rules for Crypto-Asset Service Providers (CASPs) in Cyprus: Key Updates
The Cyprus Securities and Exchange Commission (CySEC) has made an important announcement regarding regulating Crypto-Asset Service Providers (CASPs). Here’s...
The EU’s Digital Operational Resilience Act 2022/2554 (DORA)
Financial regulators have long faced the challenge of ensuring stability in financial markets, especially given the growing reliance on third-party systems,...