Skip to main content

CySEC issued Circular C550 to inform regulated entities of the common weaknesses/deficiencies and good practices identified during the onsite inspections performed during 2021 and 2022, in relation to the prevention of money laundering and terrorist financing.

Summary of good practices identified:

  • Updating AML/CFT policies and practices to ensure compliance with changing legal and regulatory requirements.
  • Data and information related to customer identification and transactions are immediately retrieved.
  • Approval of AML/CFT policies by the senior management with the necessary expertise and responsibility. AML/CFT and sanctions concerns are also being led by senior management, for instance through daily decision-making and employee interactions.
  • The use of automated systems for client due diligence (CDD), risk assessments, transaction/account monitoring to detect suspicious activity, and automated screening systems for gathering and evaluating data regarding their clients’ or beneficial owners’ histories.
  • The usage of local expertise and open-source internet searches to supplement commercial databases when examining possible high-risk consumers, such as PEPs.

List of common weaknesses/deficiencies identified:

  • Customer Due Diligence (CDD) Measures
    • Failure to construct and/or update a complete and proper customer economic profile.
    • Failure to verify the reliability of the customer’s source of funds and source of wealth.
    • Weaknesses in verifying the collected customer’s data and information, leading to inadequate customer economic profile-building.
    • Failure to collect sufficient evidence for the verification of customer’s main business activities and operations.
    • Reliance on the CDD information collected at the beginning of the business relationship and failure to ongoing update that information.
  • Enhanced Due Diligence (EDD) Measures
    • Despite the classification of specific customers as high risk, there was lack of evidence that the regulated entities collected additional information for the purpose of applying enhanced customer due diligence.
  • AML/CFT Risk Assessments
    • Failure to consider the Risk Factors Guidelines (Circular C276) and Risk-based Approach (RBA) Guidance for Trust and Company Service Providers (Circular C331) when conducting the customer’s AML/CFT risk assessment.
    • Failure to demonstrate an effective and thorough assessment of the ML/FT risks posed by customers related to the Cyprus Investment Program, thus not implementing appropriate CDD measures.
    • Failure to flag and properly assess published adverse information related to customers and/or their UBO’s.
  • Customers’ Screening and Transactions Monitoring
    • Customer’s background checks were not always recorded and documented.
    • Failure to collect supporting documentation on customer’s transactions conducted for the purpose of ensuring the maintenance of a satisfactory audit trail.
    • On the ASPs sector, loan agreements were obtained in some cases without a visible economic purpose.
    • Certain ASPs and Fund managers were found to rely on credit institutions for conducting customer transaction monitoring without applying appropriate internal processes.

Request more information