AML compliance

AML compliance for CySEC regulated entities

As the international financial ecosystem evolves with the entrance of new participants, the introduction of new products, new financial instruments and even new asset categories – such as crypto-assets – we have seen laws and regulations become more demanding when it comes to the suppression of money laundering and terrorism financing (ML/TF). This has been the case for the European financial markets and their regulators, which constantly endeavour to mitigate new and existing threats, by building more robust AML regulatory frameworks and requirements.

In this commentary, the SALVUS Regulatory Compliance team provides important information concerning the Anti-Money Laundering (AML) framework in Cyprus and discusses:

1. What is AML and why is it important for CySEC regulated entities?
2. Measures CySEC regulated entities must consider
3. Good AML practices for CySEC regulated entities
4. AML Compliance Officer – duties & responsibilities
5. Upcoming regulatory changes

1. What is AML and why is it important for CySEC regulated entities?

Anti-money laundering refers to all the rules, procedures and controls established to prevent and manage any actions of concealing funds derived from illegal activities, with the purpose of reintroducing them back to the financial system as legitimate. In Cyprus, AML is enforced pursuant to the Cyprus AML Law and respective EU AML Directives.

The Cyprus Securities and Exchange Commission (CySEC) is the European national competent authority (NCA) responsible for the oversight of the AML compliance by the entities in Cyprus under its supervision. Following EU legislation and guidelines, Cyprus Investment Firms (CIF), Crypto-asset Services Providers (CASP), and other CySEC regulated entities are required to develop and follow appropriate measures to suppress money laundering and preserve the organisation’s compliance and alignment with that of the national and European financial system.

2. Measures CySEC regulated entities must consider

To achieve AML compliance, CySEC regulated entities such as CIF, must create and establish strong internal AML cultures comprised of persons, practices, and tools to implement the provisions of the AML regulatory framework. Such practices include:

  • A Risk-Based Approach (RBA) which recognises that money laundering risk varies across different customers, geographical areas, services and products;
    • RBA’s significance lies with its application, where it allows entities in producing cost-effective mechanisms by promoting the prioritisation of efforts and actions as per the likelihood of money laundering.
  • Customer Due Diligence (CDD) which is applied to ensure the establishment of beneficial business relationships, by evaluating and verifying a customer’s identity and intended nature of business;
    • Know your Customer (KYC) procedures for collecting the correct type of information and documents, as well as applying ongoing monitoring of customers play a pivotal role in the entire CDD process.
  • AML risk scoring which is the identification and assessment of the money laundering risks associated with each business relationship or occasional transaction;
    • by examining different risk factors and weighing them as per the impact they impose on the entity’s operations and repute.

3. Good AML practices for CySEC regulated entities

In its effort to enhance the AML measures enacted by regulated entities, CySEC often provides guidance by sharing good practices identified through its onsite and desk-based inspections, including:

  • Allocation of adequate resources and maintenance of proper records for the ongoing screening of the European Union (EU) and United Nations (UN) sanctions;
    • before and after the establishment of a business relationship.
  • The implementation of a multivariant AML risk assessment system, resulting in the
    • correct client categorisation,
    • efficient resource allocation,
    • proper application of enhanced due diligence (EDD) measures,
    • reduction of the overall money laundering risk.
  • Enhanced and continuous client monitoring resulting in the limitation of onboarding risky customers and reducing the overall money laundering risk imposed on the entity.
  • Targeted AML training of the staff based on their duties and responsibilities, including specific typologies and red flags indicated by relevant authorities such as the Financial Action Task Force (FATF).
  • Regular update of the AML policies and procedures based on regulatory developments.
  • Efficient record keeping that enables immediate access and retrieval of client identification and transaction records.

4. AML Compliance Officer – duties & responsibilities

The appointment of an AML Compliance Officer (AMLCO) consists of an obligation for regulated entities under the oversight of CySEC. The AMLCO belongs hierarchically to the senior levels of management and is entrusted with appropriate authority and resources to perform its duties and responsibilities most efficiently. Regarding the prevention of money laundering and terrorism financing the AMLCO:

  • Designs internal practices, measures, procedures, and controls by allocating the appropriate responsibility to each department.
  • Develops and establishes the customer acceptance policy based on which the entity conducts its client onboarding procedure.
  • Prepares a risk management and procedures manual that outlines the entity’s AML operations, as well as the relevant risk limits.
  • Monitors the correct and effective implementation of the policies designed to mitigate money laundering risk.
  • Receives and evaluates information provided by employees regarding knowledge or suspicion of activities related to money laundering or terrorism financing.
  • Acts as the primary point of contact with the financial intelligence unit, MOKAS, and is the person responsible for the submission of suspicious transaction reports and facilitating any enquiries received by the unit in this matter.
  • Is responsible for the preparation and maintenance of a reliable client list, based on the customers’ AML risk categorisation, which is used for the application of proper CDD measures.
  • Is responsible for completing all AML reporting obligations including among others, the monthly prevention statement and the annual AML report.

It is worth noting that any person appointed as an AMLCO at a CySEC regulated entity is required to pass the CySEC AML exam and become qualified for undertaking AML compliance duties and responsibilities.

5. Upcoming regulatory changes

Important AML regulatory developments are expected both on an EU and a national level. The creation of a new EU authority for transforming the AML supervision throughout the EU and enhancing cooperation between national financial intelligence units. The new EU AML Authority (AMLA) will be the central authority responsible for the coordination of national competent authorities for ensuring the correct and consistent application of EU AML rules and regulations.

Furthermore, the anticipated 6th AML/CFT Directive (AMLD 6) is coming to replace the 4th AML/CFT Directive (AMLD 4), currently in force, by considering the introduction of the AMLA and augmenting rules regarding national supervisory authorities and financial intelligence units.

Lastly, the revision of Regulation 2015/847/EU on transfers of funds will incorporate provisions for tracing transfers of crypto assets which is considered an important step forward in regulating the space of crypto assets. In this context, CySEC as the designated authority for the AML supervision of Crypto-Asset Services Providers (CASP) operating in and from the Republic of Cyprus, is expected to release a revised AML Directive to guide CASP entities through their AML compliance requirements.

Final thoughts

To conclude, it is of high importance that stakeholders of CySEC regulated entities remain aware of their obligations and responsibilities against the CySEC AML law and new AML regulatory and operational developments through targeted training.

SALVUS Funds in cooperation with the Institute for Professional Excellence (IforPE) offer The Most Complete™ CySEC AML Certification preparation course for persons interested in successfully becoming certified AML compliance officers. Additionally, our collaboration with IforPE extends to the development of self-study Continuous Professional Development (CPD) courses, geared toward investment services professionals. As part of our CPD courses offered on the IforPE platform, we also specifically design courses suitable for AML compliance professionals working at CIF and other CySEC regulated entities:

Furthermore, the SALVUS Regulatory Compliance team is able to support Investment Firms and Funds, Crypto-Asset Services providers (CASP), as well as Payment and Electronic Money Institutions (EMI) in achieving AML compliance with national and European AML legislation requirements through its complete AML Review service.

Please contact us at info@salvusfunds.com or call us at +357 7000 7898 if you require guidance on AML compliance procedures or are interested in successfully preparing for the CySEC AML certification exam.


Should you be interested to read more about Anti-Money Laundering, Customer Due Diligence or Crypto-Asset Services Providers, please visit the selected articles below:

The information provided in this article is for general information purposes only. You should always seek professional advice suitable to your needs.

Share this post