CySEC Circular on EBA Guidelines: Enhancing Anti-Money Laundering Measures for Crypto-Asset Service Providers
We would like to draw your attention to Circular C640 (the “Circular”), issued by the Cyprus Securities and Exchange Commission (the “CySEC”) on the 26th of April 2024, for the purposes of informing Regulated Entities, as these defined therein, about European Banking Authority’s Guidelines amending Guidelines EBA/2021/02 on customer due diligence and the factors credit and financial institutions
should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions under Articles 17 and 18(4) of Directive (EU) 2015/849 – Guidance to crypto-asset service providers to effectively manage their exposure to ML/TF risks
On January 16, 2024, the European Banking Authority (EBA) extended its Guidelines on ML/TF risk factors to CASPs, signifying a significant stride in the EU’s efforts to combat financial crime. The new Guidelines (EBA/GL/2024/01) underscore ML/TF risk factors and mitigating measures that CASPs need to adopt, recognizing the potential abuse of CASPs for illicit financial activities.
The risks associated with CASPs are manifold, ranging from the rapidity of crypto-asset transfers to the anonymity features embedded in certain products, heightening the susceptibility to ML/TF activities. Hence, CASPS must grasp these risks comprehensively and implement effective measures to mitigate them.
The amended Guidelines serve to equip CASPs with a framework for identifying these risks, offering a non-exhaustive list of factors indicating exposure to varying levels of ML/TF risk. By leveraging these risk factors, CASPs can gain insights into their customer base and pinpoint areas of vulnerability, thereby fine-tuning their mitigating measures, including the use of blockchain analytics tools.
Recognizing the interconnectedness of the financial sector, the Guidelines extend guidance to credit and financial institutions with CASPs as clients or exposure to crypto assets. This risk is exacerbated when institutions engage with unregulated crypto-asset service providers.
In essence, these Guidelines foster a unified understanding of ML/TF risks associated with CASPs and outline the requisite steps for CASPs and other financial institutions to manage these risks effectively. The amended Guidelines will come into effect on December 30, 2024.
In line with its overarching supervisory approach, CySEC urges all Regulated Entities to adhere to the Guidelines and demonstrate the appropriateness of their AML/CFT policies, controls, and procedures in light of identified ML/TF risks, thus ensuring robust measures to combat financial crime.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
Circular C589 – MONEYVAL’s report on money laundering and financing of terrorism risks in the world of virtual assets
We would like to draw your attention to Circular C589 (the “Circular”), issued by the Cyprus Securities and Exchange Commission (the “CySEC”) on the 18th of July 2023, for the purposes of informing Regulated Entities, as these defined therein, about MONEYVAL’s Report on money laundering and financing of terrorism risk in the world of virtual assets (the “Report”).
A. Purpose:
The Report purports to present in an integrated manner an overview of the money laundering and financing of terrorism risks in the world of virtual assets (the “VAs”) and their service providers in MONEYVAL members. In order to do this, the Report includes the following:
- horizontal analysis of MONEYVAL’s members’ level of compliance with the Financial Action Task Force (the “FATF”) Recommendation 15;
- an overview of the measures taken to regulate and supervise virtual asset service providers (the “VASPs”) sector; and
- features of the identified risks that criminals use VASPs and VAs to launder proceeds of crimes (i.e. exchanges, exchange offices, aggregators, and other cryptocurrency platforms including e-gaming, sports betting, and NTFs).
In particular, the Report integrates and analyses data obtained from MONEYVAL members across multiple issues, relating to (a) how members regulated the activity of issuance of Vas and operation of VASPs; (b) whether the Law Enforcement Authorities (LEAs) have adequate powers and tools to investigate, locate and impose interim measures in respect of Vas; (c) the types of VA platforms used for financial support of criminal activity; (d) examples of cases investigated by the relevant authorities with description of criminal schemes involving the virtual asset elements that have been identified; and (e) other data relevant to the goals of the study.
B. Main Provisions:
In view of the above, the Report has been structured into the following four (4) sections:
1. Horizontal review of compliance with FATF Recommendation 15:
FATF has published documents that are aimed at helping jurisdictions and the private sector to comply with the new AML/CFT requirements for VAs and VASPs (available here and here). Due to the peculiarities of the sector and the relatively recent adoption of the standard, the vast majority of MONEYVAL members have not yet fully implemented these requirements (i.e. of the 23 jurisdictions that have been assessed since June 2021 for their compliance with Recommendation 15, the majority require major or moderate improvements). In particular, further improvements are needed in assessing ML/TF risks, supervision, and the application of AML/CFT preventative measures.
2. Assessment of VA and VASP risks:
As already mentioned above, not all members have assessed the ML/TF risks posed by VAs and VASPs, or if such risk assessment has been conducted in many cases it lacks depth. In the case of Andorra that carried out its second national risk assessment back in 2020, it is noted that the risk assessment at the national level would start with an inventory (i.e. when VASPs must be licensed or registered, leaving the authorities with the tasks of estimating if and to which extent unregistered entities are still servicing clients in the respective jurisdiction) of the registered entities in the jurisdiction and determining the materiality of the VASP sector. However, in practice, jurisdictions experience challenges in identifying unregistered or unlicensed VASP activity in their jurisdiction.
In view of the above and following the first inventory of VASPs, a more in-depth analysis of the sector was undertaken. There is a risk that if the work conducted by Andorra indicates that there are no businesses operating domestically that should be registered, then VAs and VASPs become less of a focus. An assessment must be made about the use of VAs in the country even if there are no registered VASPs (for instance, whether customers in the domestic jurisdiction are obtaining services in another jurisdiction).
3. Risk-Based Approach Supervision of the VASP Sector:
The relevant section of the Report outlines the different approaches taken by members to license or register domestic VASPs and to implement a risk-based supervisory framework for the VASP sector. In brief, the following are noted:
- VAs is defined as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes and do not include digital representations of FIAT currencies, securities, and other financial assets that are already covered elsewhere in the FATF Recommendations.
- VASP is any natural or legal person that provides as a business activity one or more of the following activities or operations for or on behalf of another natural or legal person: (i) exchange between virtual assets and FIAT currencies; (ii) exchange between one or more forms of virtual assets; (iii) transfer of virtual assets; (iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and (v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
- The analysis shows that not all members included natural persons in the definition of VASPs.
- A risk-mitigating measure for VASP activity is the application of market entry controls and of adequate risk-based supervision for AML/CFT purposes in the sector.
- Recommendation 15 allows countries to choose between licensing or registration of VASPs, providing that at a minimum, VASPs would be required to be licensed or registered in the jurisdiction(s) where they were created.
- MONEYVAL members have implemented different approaches to supervision (i.e. licensing or registration authority is not always the same authority that conducts the AML/CFT supervision of VASPs).
- In supervising the VASP sector most of the MONEYVAL members are at the beginning of implementation. Not all supervisors are comprehensively resourced in terms of staffing and knowledge, and the risk-based approach is rarely tailored to a sector-specific risk assessment.
- The volume and flow of cross-border transactions is one important element that supervisors should consider when determining the risk of the VASP sector and conducting supervision activities.
- The availability of sanctions for VASP supervisors in MONEYVAL members differs in the scope and mounts of the sanctions that can be applied.
4. Law Enforcement and Operational Issues:
The capabilities and approaches of authorities in MONEYVAL countries to investigate ML/TF cases involving the use of VAs and to impose interim measures are examined in the relevant section of the Report. In particular, a number of case studies from the MONEYVAL region shed light on the use of VAs for money laundering purposes, such as the types of understanding crimes that are normally associated with such ML cases, as well as the modus operandi and typologies as to how such money laundering cases are perpetrated, are outlined within the Report. VAs are being used and can probably be used interchangeably with FIAT currencies when looking at typologies, as per the following investigated cases:
- Theft of VAs through “typosquatting” – Isle of Man (in cooperation with UK and Netherlands);
- Sale of fake VAs – Azerbaijan;
- Use of money mules – Latvia;
- Drug and arms dealing – Slovak Republic; and
- Laundering of drug trafficking proceeds – Malta.
C. Next Steps:
CySEC considers the Report to be of assistance to the Regulated Entities engaging or seeking to engage in VA activities, in understanding their AML/CFT risks and obligations and how they can effectively comply with these obligations.
To this end, it is expected by CySEC that all Regulated Entities will study the Report and take its content into account when assessing AML/CFT risks, thereby improving the effectiveness of the measures and procedures applied.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.
Strengthening Compliance: Safeguarding against Money Laundering Risks
A. Introduction:
In an increasingly interconnected and digital world, the fight against financial crimes, including money laundering, has taken center stage. As illicit activities continue to evolve and become more sophisticated, it is crucial for businesses to prioritize Anti-Money Laundering (AML) compliance. This article sheds light on the importance of AML measures, the risks associated with non-compliance, and how our law firm is dedicated to upholding AML standards while offering consulting services to organizations seeking to strengthen their AML frameworks.
B. The Significance of AML Compliance:
Anti-Money Laundering compliance refers to the comprehensive set of regulations, policies, and procedures designed to prevent the facilitation of money laundering and terrorist financing activities. Money laundering not only undermines the integrity of the global financial system but also aids criminal enterprises in disguising their illicit gains as legitimate funds. By complying with AML regulations, businesses not only protect their reputation but also contribute to maintaining the integrity of the financial system.
C. Risks of Non-Compliance:
The consequences of non-compliance with AML regulations are severe, ranging from reputational damage to financial penalties and legal consequences. Financial institutions and businesses failing to implement adequate AML controls can face substantial fines, regulatory sanctions, and potential loss of licenses (if applicable). Additionally, non-compliance may lead to damaged customer trust and adverse publicity, which can have long-lasting impacts on an organization’s bottom line.
D. Our Commitment to AML Compliance:
At Andria Papageorgiou Law Firm, we recognize the critical importance of AML compliance and the challenges businesses face in meeting regulatory obligations. With a team of experienced legal professionals specializing in AML, we are dedicated to assisting organizations in navigating the complex AML landscape, tailoring our services to their unique needs.
Our law firm offers comprehensive AML consulting services, helping clients establish robust AML frameworks and compliance programs. We collaborate closely with businesses across various sectors, providing guidance on risk assessment, policies and procedures development, staff training, and ongoing monitoring. By leveraging our expertise, organizations can ensure compliance with AML regulations, minimize risks, and safeguard their operations and reputation.
Recognizing that each business has unique AML requirements, our consulting services are tailored to meet specific needs. We work closely with clients to understand their operations, risk profile, and regulatory environment. We then develop customized solutions that address their specific challenges, ensuring an effective and efficient AML compliance program.
We understand that AML regulations are constantly evolving to keep pace with emerging risks. We remain up-to-date with the latest regulatory developments and industry best practices, ensuring our clients stay ahead of the curve. We proactively monitor changes in AML laws, guidelines, and enforcement actions, incorporating relevant updates into our consulting services to help clients maintain their AML compliance posture.
Further to all the above, we are also proud to announce that our esteemed Founder and Lawyer, Mrs. Andria Papageorgiou, has achieved an exceptional milestone in her professional career. Mrs. Papageorgiou has recently completed the prestigious International Compliance Association (ICA) Certification in Anti-Money Laundering (AML) for Institute of Certified Public Accountants of Cyprus and Cyprus Bar Association (CBA) Members, successfully passing the exam with Distinction. This accomplishment highlights her expertise and dedication to upholding the highest standards in AML compliance. The ICA Certification in AML is an internationally recognized qualification offered by the International Compliance Association (ICA). This certification equips professionals with the in-depth knowledge and skills necessary to combat the ever-evolving challenges posed by money laundering and terrorist financing activities.
E. Conclusion:
The fight against money laundering requires a proactive and comprehensive approach to ensure the integrity of the global financial system. By prioritizing AML compliance, businesses can mitigate risks, Andria Papageorgiou Law Firm, we are committed to helping organizations navigate the complex world of AML regulations through our tailored consulting services.
Should you have any further questions, please do not hesitate to contact us at info@apapageorgiou.com.
Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.