ARTICLE
21 August 2024

Analysis Of The 4th And 5th AML Directives In Cyprus

A|
AGPLAW | A.G. Paphitis & Co. LLC

Contributor

Established in 2006, AGP & Co is a highly reputable, dynamic, award winning and excellence driven Law Firm based in Cyprus with a strong international presence. It provides full service Legal, Corporate, FS Advisory & Regulatory Compliance/AML, Tax, Immigration and Real Estate services.
The Anti-Money Laundering (AML) directives, particularly the 4th and 5th directives issued by the European Union, have significantly reshaped the regulatory landscape for financial and corporate services...
Cyprus Government, Public Sector

The Anti-Money Laundering (AML) directives, particularly the 4th and 5th directives issued by the European Union, have significantly reshaped the regulatory landscape for financial and corporate services across member states, including Cyprus.

These directives aim to enhance the prevention, detection, and reporting of money laundering and terrorist financing activities.

Cyprus, as a prominent financial hub, has taken extensive measures to integrate these directives into its legal framework, impacting various stakeholders, especially Corporate and Administrative Service Providers (ASPs) and Law Firms in the provisions of such services.

Overview of the 4th and 5th AML Directives

The 4th AML Directive (Directive (EU) 2015/849) marked a substantial step forward in tightening the regulatory regime against money laundering and terrorist financing within the EU. Key objectives included:

  • Strengthening the risk-based approach to AML.
  • Enhancing transparency concerning beneficial ownership.
  • Expanding the scope of obliged entities.
  • Increasing cooperation between Financial Intelligence Units (FIUs).
  • Requirement for ongoing AML training of the employees of the obliged entities to assist on identifying operations relating to money laundering.

The 5th AML Directive (Directive (EU) 2018/843) built upon these foundations, introducing further refinements:

  • Greater transparency and access to beneficial ownership information.
  • Extended scope to include virtual currency exchanges and wallet providers.
  • Stricter rules on prepaid cards.
  • Enhanced customer due diligence measures.

Implementation in Cyprus

In Cyprus, the implementation of these directives involved substantial legislative updates and the establishment of robust regulatory frameworks. The primary legislative instruments include:

  • The Prevention and Suppression of Money Laundering Activities Law.
  • Various decrees and guidelines issued by the local Regulatory Bodies such as the Cyprus Securities and Exchange Commission (CySEC), the Cyprus Bar Association (CyBAR), the Institute of Certified Public Accountants of Cyprus (ICPAC), and the Central Bank of Cyprus.

The above-mentioned authorities including the Financial Intelligence Unite of Cyprus (MOKAS) are responsible for enforcing AML compliance in Cyprus and ensuring that obliged entities do not infringe the applicable laws with their operations. The implementation timeline saw gradual phasing in of requirements, with ongoing updates to address emerging risks and compliance challenges.

Impact on Corporate and Administrative Services

Lawyers and Corporate and Administrative Service Providers (ASPs) play a critical role in the Cypriot financial ecosystem, offering services such as company and trust formation, management, and administration. Under the 4th and 5th AML Directives, ASPs face stringent obligations to prevent their services from being exploited for money laundering or terrorist financing.

Key impacts include:

  • Enhanced KYC and CDD procedures.
  • Obligations to identify and verify beneficial owners.
  • Increased scrutiny and reporting of suspicious transactions.
  • Comprehensive record-keeping requirements.

Requirements for ASPs

Know Your Customer (KYC) Procedures

ASPs must implement robust KYC procedures to accurately identify and verify the identities of their clients. This includes:

  • Collecting and verifying identity documents.
  • Understanding the nature and purpose of the client relationship.
  • Assessing the client's risk profile.

Customer Due Diligence (CDD)

CDD measures involve continuous monitoring of client activities to detect and prevent suspicious behaviour. ASPs must:

  • Conduct enhanced due diligence for high-risk clients.
  • Maintain updated records of client information.
  • Monitor transactions to ensure consistency with the client's profile.

Record-Keeping

ASPs are required to retain records of all transactions and client information for a minimum of five years. This ensures that relevant data is available for regulatory review and investigation if necessary.

Reporting Obligations

ASPs must report any suspicious activities to MOKAS. Failure to report can result in severe penalties and damage to the provider's reputation. Reports must be submitted promptly and contain detailed information about the suspicious activity and the individuals involved.

Impact on Clients

Identification and Verification Obligations

Clients must comply with identification and verification requirements, providing accurate and up-to-date information to ASPs. This includes:

  • Personal identification documents (e.g. passport, ID card).
  • Proof of address.
  • Information on the source of funds.

Ongoing Monitoring Requirements

Clients are subject to ongoing monitoring by ASPs to ensure their activities remain consistent with their risk profiles. This requires cooperation and transparency from clients to avoid any red flags that could trigger further investigation.

Consequences for Non-Compliance

Clients who fail to comply with AML requirements may face several consequences, including:

  • Suspension or termination of services by ASPs.
  • Legal actions and fines.
  • Difficulty in conducting future business within the EU.

Client Reactions and Obligations

Adapting to New Compliance Requirements

Clients must be proactive in adapting to the new compliance landscape. This involves:

  • Implementing internal policies and procedures to ensure compliance.
  • Regularly updating documentation and records.
  • Cooperating fully with ASPs during KYC and CDD processes.

Training and Awareness Programs

To ensure compliance, clients should invest in training and awareness programs for their employees. These programs should cover:

  • AML regulations and their implications.
  • The importance of maintaining accurate records.

Legal and Financial Implications

Non-compliance with AML directives can have significant legal and financial implications for clients, including:

  • Hefty fines and penalties.
  • Legal actions and potential imprisonment for individuals involved.
  • Reputational damage that can affect business operations and relationships.

Consequences of AML Violations

Administrative Penalties

Entities and individuals found in violation of AML regulations can face substantial administrative penalties. These penalties vary depending on the severity of the violation but can include:

  • Fines reaching several thousand euros.
  • Suspension or revocation of licenses.
  • Restrictions on business activities.

Legal Repercussions

Severe breaches of AML regulations can lead to criminal charges, resulting in:

  • Imprisonment for individuals involved.
  • Criminal records that affect future business prospects.
  • Legal battles that incur significant costs.

Impact on Business Operations

Violations of AML regulations can disrupt business operations, leading to:

  • Loss of clients and business partners.
  • Increased scrutiny from regulators and financial institutions.
  • Damage to the company's reputation and brand image.

Reporting Mechanisms

Entities Responsible for Receiving Reports

In Cyprus, the Financial Intelligence Unit responsible for all Suspicious Activity Reports (SARs) and Suspicious Transactions Reports (STRs) is MOKAS. . ASPs, once suspicion is identified or there are reasonable grounds to believe any transactions and/or activity performed by the client is suspicious, must submit the applicable report promptly and follow established protocols through the online system of MOKAS.

Process of Reporting Suspicious Activities

The reporting process involves several steps:

  • Identification of suspicious activity and/or transaction by the ASP.
  • Internal review and documentation of the activity and/or transaction.
  • Submission of a detailed report to MOKAS, including all relevant information and supporting documents through the online portal.

Confidentiality and Data Protection

ASPs must ensure that all reports are handled confidentially, and data protection regulations are strictly adhered to. This includes safeguarding client information and ensuring that only authorized personnel have access to sensitive data.

The implementation of the 4th and 5th AML Directives in Cyprus has brought significant changes to the regulatory landscape, particularly for Lawyers and Corporate and Administrative Service Providers. ASPs must adhere to stringent KYC, CDD, record-keeping, and reporting obligations to prevent money laundering and terrorist financing. Clients, on the other hand, must comply with identification and verification requirements and adapt to ongoing monitoring procedures. Non-compliance with AML regulations can result in severe penalties, legal actions, and disruption of business operations. Therefore, both ASPs and clients must prioritize AML compliance to safeguard their interests and contribute to the integrity of the financial system.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More