CySEC AML compliance

AML Compliance Culture for CySEC Regulated Entities

Entities authorised and supervised by the Cyprus Securities and Exchange Commission (CySEC) face a significant challenge in ensuring compliance with the Anti-Money Laundering (AML) Framework. This challenge hinges on the cultivation of a robust compliance culture. It involves implementing measures and controls at both organisational and departmental levels, as well as fostering a culture of individual responsibility.

Over the past decade, entities regulated by CySEC have been obligated to meet a plethora of regulatory requirements addressing substantial risks related to money laundering and terrorist financing (ML/TF). Given the continuously evolving landscape of ML/TF practices and methods, it is imperative that relevant stakeholders remain vigilant and proactive in identifying and mitigating these risks.

Throughout this article, the SALVUS Regulatory Compliance team delves into the AML Regulatory Framework that applies to CySEC regulated entities and anticipated regulatory updates. Additionally, the team emphasises the importance of a robust compliance culture and the effective assessment and management of the ML/TF risks. The article centers on the following key areas:

1. The AML regulatory framework
2. Upcoming regulatory developments
3. The compliance culture
4. Assessment & management of the ML/TF risks

We regularly share bite-sized insights on LinkedIn such as those found in this article

1. The AML regulatory framework

As a European Union (EU) member, Cyprus is obligated to maintain consistent rules and practices, in line with other EU Member States, to prevent money laundering and terrorist financing. To achieve this, Cyprus evaluates and incorporates AML European Directives into its national legislation in a manner that avoids conflicts with existing national laws and regulations.

At the national level, Cyprus enforces compliance with the Prevention and Suppression of Money Laundering and Terrorist Financing Law 188(I)/2007, which was enacted in 2007. This law undergoes periodic amendments to address regulatory developments and to tackle money laundering and terrorist financing risks. To ensure adherence to this law, regulated entities receive guidance from competent authorities in the form of complementary directives.

2. Upcoming regulatory developments

The sixth directive is primarily designed to replace the fourth and fifth EU AML Directives, with a core focus on effectively mitigating emerging risks and enhancing transparency. Alongside this directive, a new regulation is under development, with a particular emphasis on customer due diligence and beneficial ownership.

Additionally, preparations are underway for a revision of Regulation (EU) 2015/847, which pertains to the information accompanying fund transfers, in order to enable the tracing of crypto assets. In this context, CySEC has introduced an updated version of the Monthly Prevention Statement, which now applies to Crypto-Asset Services Providers (CASP). This new version mandates the disclosure of:

  • Detailed information on cash deposits of at least EUR 10,000, encompassing:
    • cash, including currency and bearer-negotiable instruments.
    • commodities used as highly liquid stores of value.
    • crypto assets that have undergone mixing at some time in the past.
    • anonymity-enhanced tokens, such as privacy coins.
  • Statistical data concerning suspicious reports submitted to the Financial Intelligence Unit (FIU) pertaining to the aforementioned deposits exceeding EUR 10,000.

We further anticipate the creation of a new European-level AML Authority (AMLA) to oversee AML/CFT matters and facilitate stronger collaboration among European FIUs.

3. The compliance culture

An organisation’s commitment to AML/CFT compliance relies heavily on cultivating a culture of compliance at all levels. In investment and financial institutions, a strong compliance culture is built upon several key factors:

  • Appointment of an Anti-Money Laundering Compliance Officer (AMLCO) – a dedicated AMLCO to supervise the day-to-day AML/CFT activities.
  • Implementation of Internal Policies, Controls, and Procedures – these are designed with a risk-based approach, considering AML risk assessments and the firm’s risk tolerance.
  • Regular Reporting to the Board of Directors – providing updates on AML matters and the function’s effectiveness through frequent reports, and at least annually.
  • Assignment of an Independent Internal Auditor – tasked to monitor and evaluate the effectiveness of implemented policies, controls, and procedures.
  • Employee Training Program – tailored AML/CFT training is provided to employees, considering their specific roles and responsibilities.

We stress that the responsibility for maintaining an effective AML/CFT compliance culture falls on the Management Body and Senior Management, ensuring appropriate management of ML/TF risks.

4. Assessment & management of the ML/TF risks

Business-wide risk assessments must be conducted in order to understand the ML/TF risks to which an obliged entity is subject to. To obtain a holistic view the firm is required to collect adequate information and ensure that all risk factors are identified.

In specific business relationships and transactions, additional customer due diligence (CDD) measures may be necessary. Ongoing monitoring of customer profiles and transactions, using a risk-based approach, helps in the early detection and mitigation of suspicious behaviour.

Final thoughts

Compliance with the AML/CFT framework has been an essential requirement for European investment and financial institutions for several years. Money launderers and terrorism financiers are continually seeking ways to exploit financial and capital markets for their objectives. To combat this, firms must stay well-informed and equipped to fulfil their responsibilities within the AML/CFT framework and adapt to regulatory changes.

Professionals working in Cyprus Investment Firms and Funds, Payment Institutions, and other entities regulated by CySEC, or the Central Bank of Cyprus (CBC) must maintain a deep understanding of the AML/CFT framework. SALVUS Funds, in collaboration with the Institute for Professional Excellence (IforPE), offers self-study, self-paced courses such as

These courses are designed to provide professionals with the knowledge needed to implement regulatory updates and enhance company policies and procedures. Participants have also the opportunity to explore CySEC Circulars C516 and C550 and learn from deficiencies and best practices identified through CySEC’s reviews and inspections. Additionally, the SALVUS Regulatory Compliance team has prepared courses to introduce participants to the Markets in Crypto Assets (MiCA) Regulatory Framework.

The SALVUS Regulatory Compliance team stands ready to support newly established and existing Cyprus Investment Firms, Crypto Asset Service Providers and other entities regulated by CySEC or the CBC. We can assist in developing and adopting effective AML/CFT policies and procedures, ensure compliance with reporting obligations, and navigate the complex regulatory landscape with confidence and efficiency.

Contact us at info@salvusfunds.com if you require support with your AML/CFT requirements and reporting obligations or if you have any questions about our courses with the IforPE.


Should you be interested to read more about Crypto Asset Service Providers, the AMLCO Annual Report or the AML risk-based approach, please visit the selected articles below:

The information provided in this article is for general information purposes only. You should always seek professional advice suitable to your needs.

Share this post