CySEC Circular on EBA Guidelines: Enhancing Anti-Money Laundering Measures for Crypto-Asset Service Providers
We would like to draw your attention to Circular C640 (the “Circular”), issued by the Cyprus Securities and Exchange Commission (the “CySEC”) on the 26th of April 2024, for the purposes of informing Regulated Entities, as these defined therein, about European Banking Authority’s Guidelines amending Guidelines EBA/2021/02 on customer due diligence and the factors credit and financial institutions
should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions under Articles 17 and 18(4) of Directive (EU) 2015/849 – Guidance to crypto-asset service providers to effectively manage their exposure to ML/TF risks
On January 16, 2024, the European Banking Authority (EBA) extended its Guidelines on ML/TF risk factors to CASPs, signifying a significant stride in the EU’s efforts to combat financial crime. The new Guidelines (EBA/GL/2024/01) underscore ML/TF risk factors and mitigating measures that CASPs need to adopt, recognizing the potential abuse of CASPs for illicit financial activities.
The risks associated with CASPs are manifold, ranging from the rapidity of crypto-asset transfers to the anonymity features embedded in certain products, heightening the susceptibility to ML/TF activities. Hence, CASPS must grasp these risks comprehensively and implement effective measures to mitigate them.
The amended Guidelines serve to equip CASPs with a framework for identifying these risks, offering a non-exhaustive list of factors indicating exposure to varying levels of ML/TF risk. By leveraging these risk factors, CASPs can gain insights into their customer base and pinpoint areas of vulnerability, thereby fine-tuning their mitigating measures, including the use of blockchain analytics tools.
Recognizing the interconnectedness of the financial sector, the Guidelines extend guidance to credit and financial institutions with CASPs as clients or exposure to crypto assets. This risk is exacerbated when institutions engage with unregulated crypto-asset service providers.
In essence, these Guidelines foster a unified understanding of ML/TF risks associated with CASPs and outline the requisite steps for CASPs and other financial institutions to manage these risks effectively. The amended Guidelines will come into effect on December 30, 2024.
In line with its overarching supervisory approach, CySEC urges all Regulated Entities to adhere to the Guidelines and demonstrate the appropriateness of their AML/CFT policies, controls, and procedures in light of identified ML/TF risks, thus ensuring robust measures to combat financial crime.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
Circular C589 – MONEYVAL’s report on money laundering and financing of terrorism risks in the world of virtual assets
We would like to draw your attention to Circular C589 (the “Circular”), issued by the Cyprus Securities and Exchange Commission (the “CySEC”) on the 18th of July 2023, for the purposes of informing Regulated Entities, as these defined therein, about MONEYVAL’s Report on money laundering and financing of terrorism risk in the world of virtual assets (the “Report”).
A. Purpose:
The Report purports to present in an integrated manner an overview of the money laundering and financing of terrorism risks in the world of virtual assets (the “VAs”) and their service providers in MONEYVAL members. In order to do this, the Report includes the following:
- horizontal analysis of MONEYVAL’s members’ level of compliance with the Financial Action Task Force (the “FATF”) Recommendation 15;
- an overview of the measures taken to regulate and supervise virtual asset service providers (the “VASPs”) sector; and
- features of the identified risks that criminals use VASPs and VAs to launder proceeds of crimes (i.e. exchanges, exchange offices, aggregators, and other cryptocurrency platforms including e-gaming, sports betting, and NTFs).
In particular, the Report integrates and analyses data obtained from MONEYVAL members across multiple issues, relating to (a) how members regulated the activity of issuance of Vas and operation of VASPs; (b) whether the Law Enforcement Authorities (LEAs) have adequate powers and tools to investigate, locate and impose interim measures in respect of Vas; (c) the types of VA platforms used for financial support of criminal activity; (d) examples of cases investigated by the relevant authorities with description of criminal schemes involving the virtual asset elements that have been identified; and (e) other data relevant to the goals of the study.
B. Main Provisions:
In view of the above, the Report has been structured into the following four (4) sections:
1. Horizontal review of compliance with FATF Recommendation 15:
FATF has published documents that are aimed at helping jurisdictions and the private sector to comply with the new AML/CFT requirements for VAs and VASPs (available here and here). Due to the peculiarities of the sector and the relatively recent adoption of the standard, the vast majority of MONEYVAL members have not yet fully implemented these requirements (i.e. of the 23 jurisdictions that have been assessed since June 2021 for their compliance with Recommendation 15, the majority require major or moderate improvements). In particular, further improvements are needed in assessing ML/TF risks, supervision, and the application of AML/CFT preventative measures.
2. Assessment of VA and VASP risks:
As already mentioned above, not all members have assessed the ML/TF risks posed by VAs and VASPs, or if such risk assessment has been conducted in many cases it lacks depth. In the case of Andorra that carried out its second national risk assessment back in 2020, it is noted that the risk assessment at the national level would start with an inventory (i.e. when VASPs must be licensed or registered, leaving the authorities with the tasks of estimating if and to which extent unregistered entities are still servicing clients in the respective jurisdiction) of the registered entities in the jurisdiction and determining the materiality of the VASP sector. However, in practice, jurisdictions experience challenges in identifying unregistered or unlicensed VASP activity in their jurisdiction.
In view of the above and following the first inventory of VASPs, a more in-depth analysis of the sector was undertaken. There is a risk that if the work conducted by Andorra indicates that there are no businesses operating domestically that should be registered, then VAs and VASPs become less of a focus. An assessment must be made about the use of VAs in the country even if there are no registered VASPs (for instance, whether customers in the domestic jurisdiction are obtaining services in another jurisdiction).
3. Risk-Based Approach Supervision of the VASP Sector:
The relevant section of the Report outlines the different approaches taken by members to license or register domestic VASPs and to implement a risk-based supervisory framework for the VASP sector. In brief, the following are noted:
- VAs is defined as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes and do not include digital representations of FIAT currencies, securities, and other financial assets that are already covered elsewhere in the FATF Recommendations.
- VASP is any natural or legal person that provides as a business activity one or more of the following activities or operations for or on behalf of another natural or legal person: (i) exchange between virtual assets and FIAT currencies; (ii) exchange between one or more forms of virtual assets; (iii) transfer of virtual assets; (iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and (v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
- The analysis shows that not all members included natural persons in the definition of VASPs.
- A risk-mitigating measure for VASP activity is the application of market entry controls and of adequate risk-based supervision for AML/CFT purposes in the sector.
- Recommendation 15 allows countries to choose between licensing or registration of VASPs, providing that at a minimum, VASPs would be required to be licensed or registered in the jurisdiction(s) where they were created.
- MONEYVAL members have implemented different approaches to supervision (i.e. licensing or registration authority is not always the same authority that conducts the AML/CFT supervision of VASPs).
- In supervising the VASP sector most of the MONEYVAL members are at the beginning of implementation. Not all supervisors are comprehensively resourced in terms of staffing and knowledge, and the risk-based approach is rarely tailored to a sector-specific risk assessment.
- The volume and flow of cross-border transactions is one important element that supervisors should consider when determining the risk of the VASP sector and conducting supervision activities.
- The availability of sanctions for VASP supervisors in MONEYVAL members differs in the scope and mounts of the sanctions that can be applied.
4. Law Enforcement and Operational Issues:
The capabilities and approaches of authorities in MONEYVAL countries to investigate ML/TF cases involving the use of VAs and to impose interim measures are examined in the relevant section of the Report. In particular, a number of case studies from the MONEYVAL region shed light on the use of VAs for money laundering purposes, such as the types of understanding crimes that are normally associated with such ML cases, as well as the modus operandi and typologies as to how such money laundering cases are perpetrated, are outlined within the Report. VAs are being used and can probably be used interchangeably with FIAT currencies when looking at typologies, as per the following investigated cases:
- Theft of VAs through “typosquatting” – Isle of Man (in cooperation with UK and Netherlands);
- Sale of fake VAs – Azerbaijan;
- Use of money mules – Latvia;
- Drug and arms dealing – Slovak Republic; and
- Laundering of drug trafficking proceeds – Malta.
C. Next Steps:
CySEC considers the Report to be of assistance to the Regulated Entities engaging or seeking to engage in VA activities, in understanding their AML/CFT risks and obligations and how they can effectively comply with these obligations.
To this end, it is expected by CySEC that all Regulated Entities will study the Report and take its content into account when assessing AML/CFT risks, thereby improving the effectiveness of the measures and procedures applied.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
Financial Action Task Force Statement Publications – February 2023
Paris, 24 February 2023 – The second Plenary of the FATF under the Presidency of T. Raja Kumar of Singapore concluded on 24/2/2023. Delegates from over 200 jurisdictions of the Global Network participated in these discussions at the FATF headquarters in Paris.
Following the statements issued since March 2022, the FATF reiterates that all jurisdictions should be vigilant to current and emerging risks from the circumvention of measures taken against the Russian Federation in order to protect the international financial system. The outcomes of the FATF Plenary, 22-23 February 2023 relate among others to the following matters:
FATF Statement on High-Risk Jurisdictions subject to a Call for Action:
Following FAFT’s statement of October 2022 on the list of “High-Risk Jurisdictions subject to a Call for Action- October 2022”, the latter proceeded with the issuance of a Publication on the 24th of February 2023, through which it urges all jurisdictions to apply enhanced due diligence, and, in the most serious cases, countries are called upon to apply counter-measures to protect the international financial systems from the money laundering, terrorist financing, and proliferation financing (the “ML/TF/PF”) risks emanating from the country. In particular, the FATF’s call for action on the following high-risk jurisdictions remains in effect:
A. Jurisdictions subject to a FATF call on its members and other jurisdictions to apply countermeasures.
-
- Democratic People’s Republic of Korea (DPRK)
- Iran
B. Jurisdiction subject to a FATF call on its members and other jurisdictions to apply enhanced due diligence measures proportionate to the risks arising from the jurisdiction.
-
- Myanmar
FATF Statement on Jurisdictions under Increased Monitoring:
On the 24th of February 2023, the FAFT issued a Publication in relation to the results of the progress review to identify new countries with strategic AML/CFT deficiencies, despite the challenged posed by Covid-19, based on which:
A. Jurisdictions no longer subject to increased monitoring:
-
- Cambodia
- Morocco
B. Jurisdictions with strategic deficiencies:
-
- Albania
- Barbados
- Burkina Faso
- The Cayman Islands
- (*) Democratic Republic of the Congo
- Gibraltar
- Haiti
- Jamaica
- Jordan
- Mali
- (*) Mozambique
- Nigeria (new)
- Panama
- Philippines
- Senegal
- South Africa (new)
- South Sudan
- Syria
- (*) Tanzania
- Turkey
- Uganda
- United Arab Emirates
- Yemen
* Chose to defer reporting; thus, the relevant Statements available, issued in October 2022 may not necessarily reflect the most recent status of the jurisdictions’ AML/CFT regimes.
FATF Statement on the Russian Federation:
On the 24th of February 2023, the FAFT issued a Statement in relation to its decision to suspend the membership of the Russian Federation, as the latter’s continuing and intensifying war of aggression against Ukraine runs counter to FATF’s core principles aiming to promote security, safety and the integrity of the global financial system. In particular, Russian Federation can no longer hold any leadership or advisory roles or take part in decision-making on standard-setting, FATF peer review processes, governance, and membership matters.
Other matters:
- Mutual Evaluation Reports: FATF has adopted a mutual evaluation report of Indonesia and Qatar that will be published by May 2023 following the completion of its quality and consistency review.
- Beneficial Ownership of Legal Persons: FATF Plenary has finalised a guidance document which will help countries implement the revised requirements of Recommendation 24 which requires countries to ensure that beneficial ownership information is held by a public authority or body functioning as a beneficial ownership registry or an alternative mechanism they will use to enable efficient access. The guidance will be published in March 2023.
- Beneficial Ownership of Legal Arrangements: FATF Plenary also agreed on enhancements to Recommendation 25 on legal arrangements to bring its requirements broadly in line with those for Recommendation 24 on legal persons to ensure a balanced and coherent set of FATF standards on beneficial ownership.
- Disrupting the financial flows from ransomware: FATF completed research that analyses the methods that criminals use to carry out their ransomware attacks and how they launder ransom payments. Relevant research will be published in March 2023 and will include a list of risk indicators that can help public and private sector entities identify suspicious activities related to ransomware.
- Improving implementation of FATF requirements for virtual assets and virtual asset service providers: Plenary agreed on a roadmap to strengthen the implementation of FATF Standards on virtual assets and virtual asset service providers, which will include a stocktake of current levels of implementation across the global network. In the first half of 2024, the FATF will report on steps FATF members and FSRB countries with materially important virtual asset activity have taken to regulate and supervise virtual asset service providers.
- Money Laundering and Terrorist Financing in the Art and Antiquities Markets: FATF has also finalised a report that explores the link between money laundering and art and antiquities which was published on the 27th of February 2023.
In case you have any questions, please do not hesitate to contact us for further professional assistance.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.