Recommended contact person
The Anti-Money Laundering (AML) directives, particularly the 4th and 5th directives issued by the European Union, have significantly reshaped the regulatory landscape for financial and corporate services across member states, including Cyprus.
These directives aim to enhance the prevention, detection, and reporting of money laundering and terrorist financing activities.
Cyprus, as a prominent financial hub, has taken extensive measures to integrate these directives into its legal framework, impacting various stakeholders, especially Corporate and Administrative Service Providers (ASPs) and Law Firms in the provisions of such services.
Overview of the 4th and 5th AML Directives
The 4th AML Directive (Directive (EU) 2015/849) marked a substantial step forward in tightening the regulatory regime against money laundering and terrorist financing within the EU. Key objectives included:
- Strengthening the risk-based approach to AML.
- Enhancing transparency concerning beneficial ownership.
- Expanding the scope of obliged entities.
- Increasing cooperation between Financial Intelligence Units (FIUs).
- Requirement for ongoing AML training of the employees of the obliged entities to assist on identifying operations relating to money laundering.
The 5th AML Directive (Directive (EU) 2018/843) built upon these foundations, introducing further refinements:
- Greater transparency and access to beneficial ownership information.
- Extended scope to include virtual currency exchanges and wallet providers.
- Stricter rules on prepaid cards.
- Enhanced customer due diligence measures.
Implementation in Cyprus
In Cyprus, the implementation of these directives involved substantial legislative updates and the establishment of robust regulatory frameworks. The primary legislative instruments include:
- The Prevention and Suppression of Money Laundering Activities Law.
- Various decrees and guidelines issued by the local Regulatory Bodies such as the Cyprus Securities and Exchange Commission (CySEC), the Cyprus Bar Association (CyBAR), the Institute of Certified Public Accountants of Cyprus (ICPAC), and the Central Bank of Cyprus.
The above-mentioned authorities including the Financial Intelligence Unite of Cyprus (MOKAS) are responsible for enforcing AML compliance in Cyprus and ensuring that obliged entities do not infringe the applicable laws with their operations. The implementation timeline saw gradual phasing in of requirements, with ongoing updates to address emerging risks and compliance challenges.
Impact on Corporate and Administrative Services
Lawyers and Corporate and Administrative Service Providers (ASPs) play a critical role in the Cypriot financial ecosystem, offering services such as company and trust formation, management, and administration. Under the 4th and 5th AML Directives, ASPs face stringent obligations to prevent their services from being exploited for money laundering or terrorist financing.
Key impacts include:
- Enhanced KYC and CDD procedures.
- Obligations to identify and verify beneficial owners.
- Increased scrutiny and reporting of suspicious transactions.
- Comprehensive record-keeping requirements.
Requirements for ASPs
Know Your Customer (KYC) Procedures
ASPs must implement robust KYC procedures to accurately identify and verify the identities of their clients. This includes:
- Collecting and verifying identity documents.
- Understanding the nature and purpose of the client relationship.
- Assessing the client’s risk profile.
Customer Due Diligence (CDD)
CDD measures involve continuous monitoring of client activities to detect and prevent suspicious behaviour. ASPs must:
- Conduct enhanced due diligence for high-risk clients.
- Maintain updated records of client information.
- Monitor transactions to ensure consistency with the client’s profile.
Record-Keeping
ASPs are required to retain records of all transactions and client information for a minimum of five years. This ensures that relevant data is available for regulatory review and investigation if necessary.
Reporting Obligations
ASPs must report any suspicious activities to MOKAS. Failure to report can result in severe penalties and damage to the provider’s reputation. Reports must be submitted promptly and contain detailed information about the suspicious activity and the individuals involved.
Impact on Clients
Identification and Verification Obligations
Clients must comply with identification and verification requirements, providing accurate and up-to-date information to ASPs. This includes:
- Personal identification documents (e.g. passport, ID card).
- Proof of address.
- Information on the source of funds.
Ongoing Monitoring Requirements
Clients are subject to ongoing monitoring by ASPs to ensure their activities remain consistent with their risk profiles. This requires cooperation and transparency from clients to avoid any red flags that could trigger further investigation.
Consequences for Non-Compliance
Clients who fail to comply with AML requirements may face several consequences, including:
- Suspension or termination of services by ASPs.
- Legal actions and fines.
- Difficulty in conducting future business within the EU.
Client Reactions and Obligations
Adapting to New Compliance Requirements
Clients must be proactive in adapting to the new compliance landscape. This involves:
- Implementing internal policies and procedures to ensure compliance.
- Regularly updating documentation and records.
- Cooperating fully with ASPs during KYC and CDD processes.
Training and Awareness Programs
To ensure compliance, clients should invest in training and awareness programs for their employees. These programs should cover:
- AML regulations and their implications.
- The importance of maintaining accurate records.
Legal and Financial Implications
Non-compliance with AML directives can have significant legal and financial implications for clients, including:
- Hefty fines and penalties.
- Legal actions and potential imprisonment for individuals involved.
- Reputational damage that can affect business operations and relationships.
Consequences of AML Violations
Administrative Penalties
Entities and individuals found in violation of AML regulations can face substantial administrative penalties. These penalties vary depending on the severity of the violation but can include:
- Fines reaching several thousand euros.
- Suspension or revocation of licenses.
- Restrictions on business activities.
Legal Repercussions
Severe breaches of AML regulations can lead to criminal charges, resulting in:
- Imprisonment for individuals involved.
- Criminal records that affect future business prospects.
- Legal battles that incur significant costs.
Impact on Business Operations
Violations of AML regulations can disrupt business operations, leading to:
- Loss of clients and business partners.
- Increased scrutiny from regulators and financial institutions.
- Damage to the company’s reputation and brand image.
Reporting Mechanisms
Entities Responsible for Receiving Reports
In Cyprus, the Financial Intelligence Unit responsible for all Suspicious Activity Reports (SARs) and Suspicious Transactions Reports (STRs) is MOKAS. . ASPs, once suspicion is identified or there are reasonable grounds to believe any transactions and/or activity performed by the client is suspicious, must submit the applicable report promptly and follow established protocols through the online system of MOKAS.
Process of Reporting Suspicious Activities
The reporting process involves several steps:
- Identification of suspicious activity and/or transaction by the ASP.
- Internal review and documentation of the activity and/or transaction.
- Submission of a detailed report to MOKAS, including all relevant information and supporting documents through the online portal.
Confidentiality and Data Protection
ASPs must ensure that all reports are handled confidentially, and data protection regulations are strictly adhered to. This includes safeguarding client information and ensuring that only authorized personnel have access to sensitive data.
The implementation of the 4th and 5th AML Directives in Cyprus has brought significant changes to the regulatory landscape, particularly for Lawyers and Corporate and Administrative Service Providers. ASPs must adhere to stringent KYC, CDD, record-keeping, and reporting obligations to prevent money laundering and terrorist financing. Clients, on the other hand, must comply with identification and verification requirements and adapt to ongoing monitoring procedures. Non-compliance with AML regulations can result in severe penalties, legal actions, and disruption of business operations. Therefore, both ASPs and clients must prioritize AML compliance to safeguard their interests and contribute to the integrity of the financial system.
For further information you may contact our team of experts at agp@agplaw.com.
The information provided by AGPLAW | A.G. Paphitis & Co. LLC is for general informational purposes only and should not be construed as professional or formal legal advice. You should not act or refrain from acting based on any information provided above without obtaining legal or other professional advice.