The Current Application Of Anti Money Laundering Regulations And Customer Due Diligence Procedures For Regulated Cyprus Investment Firms (“CIFS”)


  • Elena Gavrielidou, BA/BSc, MSc, LLB (Hons), Barrister (Lincoln’s Inn), Advocate
    Associate at C.D. Messios LLC

What is the importance of the proper implementation of Anti-Money Laundering guidelines for CIFs?

Money launderers can potentially exploit the services provided by any CIF in the normal course of its business. Invariably, when a CIF becomes an unwilling participant in money laundering however, the implications of such practices may potentially have adverse effects on a CIF’s reputation, and can result in the imposition of harsh sanctions, ranging from monetary fines to even imprisonment of the firms’ officials. Therefore, CIFs are encouraged to be proactive, in establishing a well-balanced Anti-Money Laundering (“AML”) policy, which is both compliant with the Cypriot regulatory framework, and can be practically implemented within a CIF’s normal course of business.

What is the relevant legal framework regarding Anti-Money Laundering in Cyprus?

In October 2005, the European Parliament and the EU Council adopted Directive 2005/60/ EC (the “EC AML Directive”) for the prevention of money laundering and terrorist financing activities. The EC Directive called for the harmonisation of the law of Member States in relation to money laundering and terrorist activities and called for the inclusion of more professional activities within its scope and the application of measures in prevention of money laundering and terrorist financing. As a consequence of this, in January 2008, the Cypriot AML legislation was consolidated and amended according to the EC AML Directive, with the enactment of Law 188(I)/2007, for the Prevention and Suppression of Money Laundering Activities, (the “AML Law”) which was further amended in June 2010 with Law 58(1)/2010. This AML Law and its subsequent amendment, form the current basis of Cypriot legislation relating to money laundering.

What is the relevance of Anti-Money Laundering practices in relation to CIFs?

The relevance of AML to the services provided by a regulated CIFs are clearly set out in Section 2 of the AML Law. Under this, those who carry on activities and services prescribed therein, have a legal obligation to implement the measures to prevent money laundering and terrorist financing. Activities and services prescribed under the AML Law are defined to cover a wide range of financial and other activities offered by CIFs, and include any type of “Financial Business” services, such as trading in stocks or securities, foreign exchange, financial futures and options, and transferable instruments.

How are CIFs regulated in Cyprus in relation to AML practices?

Under Cypriot law, the Cyprus Securities and Exchange Commission (“CySEC”) is the Cypriot Regulator responsible for approving and regulating CIFs. In addition to its regulatory role, CySEC has the authority to inspect, impose fines, amend and suspend licenses. Under Section 59(4) of the AML Law, CySEC is authorised to deal with money laundering matters in relation to CIFs, by issuing its own directives which are are binding and obligatory as to their application for the persons they are addressed to. In relation to AML practices, the relevant directive is Directive DI144-2007-08 Of The Cyprus Securities And Exchange Commission For The Prevention Of Money Laundering And Terrorist Financing, (“CySEC AML Directive”), which provides specific guidance, and internal policies in relation to the implementation of AML measures by CIFs.

What behaviour is criminalised under the legal framework in Cyprus in relation to Money Laundering?

The core rationale of the AML Law is the definition and criminalisation of the laundering of “proceeds”, generated from all serious criminal offences or terrorist financing activities. Under Section 4 of the AML Law every person who knows or ought to have known that any kind of property constitutes proceeds from a prescribed offence is guilty of an offence if he converts, transfers, moves, conceals or disguises the true nature, source or location of such property, for the purpose of concealing or disguising its illicit origin, or assists any person who is involved in the commission such an offence to evade the legal consequences of his actions.

The acquisition and possession of such property is also a crime, so is the participation, association or conspiring to commit such offences, or aiding and abetting, counselling or advising for the commission of such offence, or providing information with regard to investigations, to those involved in any of the laundering offences. Additionally, the failure to report money laundering activity is also an offence. Any person, who, in the course of his trade, profession, business or employment, acquires knowledge or reasonable suspicion that another person is engaged in money laundering must disclose this information. The said person is obliged to report this knowledge or suspicion to Unit of Combating Money Laundering (“MOKAS”), as soon as it is reasonably practicable after the information comes to his attention.

What does it mean to “know or ought to have known” of criminalised behaviour?

Although the term “knowledge” is not strictly defined in the AML Law, based on the general legal definition of ”knowledge” under Cyprus law, it can include both actual knowledge, the knowledge of circumstances that on the facts would push a person to making inquiries, and even the deliberate inaction in making the necessary enquiries with or without suspicion. Knowledge and its existence can be established on examination of objective real circumstances. See for example the case of Adronicou v Republic (2008) 2 CLR 486).

Where “knowledge” arises, is a CIF obliged to report to MOKAS?

Disclosure, in relation to CIFs falls under the supervision of CySEC, which calls for such issues to be handled by a CIF internally. CIF employees or persons whose activities are supervised by CySEC may make disclosures internally, to a Money Laundering Compliance Officer rather than to MOKAS, and such disclosure will have the same effect as if disclosure is made directly to MOKAS, in accordance to the internal procedures set up within the particluar CIF. The AML Law therefore stresses the need for each CIF to have a strong internal policy for combating money laundering hence the requirement for a Compliance Officer.

What are the legal implications for CIFs when a Money-Laundering related offense is committed?

Money Laundering offences are punishable with up to 14 years imprisonment or a fine of up to €500.000 or both, in cases where the offender knows that the property constitutes “proceeds” as described above. Alternatively, in the cases the offender ought to have known that the property constitutes “proceeds”, such behaviour is punishable with a maximum of 5 years imprisonment or a fine of up to €50.000. Additionally, the failure to report in these circumstances is punishable on conviction by a maximum of 5 years imprisonment or a fine not exceeding €5.000 or both of these penalties.

What are the obligations of CIFs in relation to Money Laundering prevention?

Under Section 58 of the AML Law CIFs are obliged to establish and maintain specific policies and procedures to ensure that their business (and the financial sector in general) is not being used for the purposes of money laundering. The AML Law provides for a two-step process through which this is to be achieved. The first process caters for the recognition and the reporting of any suspicious transactions as per the guidelines above. The second calls for the strict execution of Customer Due Diligence (“CDD”), as well as the associated obligation of competent record keeping procedures, which includes the provision of training to their employees in the recognition and handling of transactions suspected to be associated with money laundering.

To whom do these obligations fall within the CIF organisational structure?

This obligation falls primarily on the CIF’s senior management, most notably the Board of Directors, who must determine, record and approve the general policy principles of the CIF in relation to the prevention of money laundering and risk management through the establishment of an efficient CDD policy. The Board of Director of a CIF is responsible for appointing a Money Laundering Compliance Officer and determine his duties and responsibilities. Essentially the Money Laundering Compliance officer and department are responsible for implementing the AML and CDD policy developed by the senior management. The senior management is also under the obligation to continuously educate all of its employees, in communicating to the Compliance Officer any information

concerning transactions and activities for which they have knowledge or suspicion that might be related to money laundering and terrorist financing.

In which cases is a CIF obliged to adopt CDD measures?

The general requirements of the CDD that need to be adopted by a CIF are laid out in Section 60 of the AML Law. Persons carrying out financial or other activities adopt the identification procedures and the measures of due diligence in relation to their clients in the following cases: When they establish business relationships; when they carry out once off transactions amounting to €15.000 or more, (whether or not the transaction is carried out in a single operation or in several operations which appear to be linked); when there is suspicion of money laundering or terrorist financing regardless of the amount of the transaction; and hen there are doubts about the veracity or adequacy of the documents, data or information collected earlier for the identification of an existing client. It is noted that the term “business relationship” is defined in Section 2 of the AML Law, as “a business, professional or commercial relationship which is connected with the professional activities of persons engaged in financial and other business activities in accordance with this section and which is expected, at the time when the contact is established, to have an element of duration.” A CIF is therefore under a strict obligation to form is own internal policy that will prescribe effective ways to limit the risk of money laundering in any of the four occasions mentioned above.

What are the general requirements with regards to CDD?

The CCD policy of CIFs is set out very widely in Section 61(1) of AML and consists of firstly identifying the client and beneficial owner and verifying their on the basis of documents, data or information obtained from a reliable an independent source. What follows is the gathering of information on the purpose and intended nature of the business relationship. Of course, the CDD policy of any CIF should also include the conducting ongoing supervision of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the data and information held by the lawyer in connection with the client.

For the purposes of an effective CDD policy what constitutes “proof of identity”?

Under Section 61(3) of AML proof of identity is satisfactory if it is reasonably possible to establish that the customer is the person he claims to be and the person who examines the evidence is satisfied, in accordance with the procedures prescribed by the AML, that the customer is actually the person he claims to be. In terms of good practice when a CIF establishes an internal CDD policy, according to Section 21(1) of the CySEC Directive, no single form of identification can be fully guaranteed as genuine or representing correct identity and, consequently, the identification process will generally need to be cumulative.

What type of data should be obtained in the process of identifying a CIF client?

Section 21(2) of the SEC Directive defines the data on which verification is to be made as “those most difficult to be amended or obtained illicitly”, and needs to be issued or obtained from independent and reliable sources. A further separate requirement for an effective CDD is the separate verification of a person’s residential and business address (Section 21(3) of SEC Directive). Separate data should always be used to verify a client’s identity and a client’s home address (Section 21(3) of SEC Directive). Therefore CIFs must request identification documents which would eliminate – as far as reasonably practicable – any suspicion of counterfeiting, for example National Identity Cards or current Passports, and current Utility Bills as proof of address in order to determine the identity of the client and beneficial owner.

How does the CDD procedure differ in the case of CIFs that operate over the internet?

An additional obligation is placed on CIFs in the case where the clients’ transactions take place over the internet, telephone, fax or other electronic means which do not constitute face-to-face transactions. In such cases CIFs must apply reliable methods, procedures and control mechanisms relating to transactions through non face-to-face means so as to ensure that the CIF deals with the true owner or the signatory to the account. Such enhanced measures include obtaining additional documents, data or information for verifying customer’s identity, taking supplementary measures to verify or certify the documents supplied, or requiring confirmatory certification by an independent credit or financial institution covered by the EC AML Directive and ensuring that the first payment of the operations is carried out through an account opened in the customer’s name with a credit institution which operates in a country within the European Economic Area (Section 64(1)(a) of the AML Law).

When should the CDD procedure take place in relation to the establishment of a business relationship between the CIF and its clients?

The default timing for the verification of a client’s identity is defined in Section 62(1) of AML as “before the establishment of a business relationship or the carrying out of

[a] transaction”. A strict interpretation of the above section may dictate that under no circumstances can funds be received from any prospective customer before any real commercial contact of any significance takes place between a CIF and its Clients. However, as an exception to this, Section 62(2) of AML states that, by way of derogation from the general rule, the verification of the identity of the customer and the beneficial owner may be completed during the establishment of a business relationship if this is necessary not to interrupt the normal conduct of business and where there is little risk of money laundering or terrorist financing occurring.”

Where the above conditions apply, the same Section states that these procedures shall be completed “as soon as practicable after the initial contact.”

Is it therefore possible for the CDD identification to take place during the establishment of a business relationship instead of before?

Although there is limited guidance on this particular section of the Law, and despite the absence of any Cypriot case law on the matter, this Section of the Law may give the ability to CIFs to undertake their CDD having first taken funds from their prospective clients. Having in mind the prevelent business practises on web based platforms used by many CIFs this is worth noting.

More in this category: « Money Laundering



Log in to your account or