fbpx

CySEC Circular C655: Effective AMLCO & Internal Audit Reporting

CySEC Circular C655: Effective AMLCO & Internal Audit Reporting

The Cyprus Securities and Exchange Commission (CySEC) has issued Circular C655, detailing the findings from its recent assessment of Compliance Officers’ Annual Reports and Internal Audit Reports for the prevention of Money Laundering and Terrorist Financing (ML/TF) for the year 2022. This review is a critical part of CySEC’s ongoing effort to ensure that regulated entities adhere to the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, and the CySEC’s AML/CFT Directive. The results revealed a series of common weaknesses, requiring immediate corrective actions by regulated entities. 

In this article the SALVUS Regulatory Compliance team analyses the key weaknesses identified in the Internal Audit and Compliance Officers reports along with future compliance expectations, including:  

1. Weaknesses in AML Compliance Officer’s Annual Reports 
2. Findings related to Internal Audit Reports 
3. Further Circular Compliance Expectations 
4. How can SALVUS assist you? 


We regularly share bite-sized insights on LinkedIn such as those found in this article

1. Weaknesses in AML Compliance Officer’s Annual Reports 

CySEC’s assessment of AML Compliance Officers’ Annual Reports uncovered several recurring deficiencies across various financial institutions. Some of the notable weaknesses include: 

  • Insufficient Methodology Descriptions: Many reports lacked detailed explanations of the methods used to conduct inspections and reviews and adequate information on high- risk customers and their transaction details, 
  • Deficiencies in how reports addressed the implementation of financial sanctions imposed by the United Nations (UN) and the European Union (EU), 
  • Failure to provide adequate details on the systems used for ongoing customer monitoring,  
  • Lack of information on upcoming training programs for AML Compliance Officers or details on the organisational structure of the AML Department, 
  • No information provided in the reports by internally managed Investment Funds and external Investment Fund Managers, stating that they were not operational during the assessed period,  
  • Failure to include details on the number, origin, and type of high-risk customers, along with comparative data from the previous year,  
  • Lack of adequate information on customer account monitoring, including the methods used, risk-based variations, timing of monitoring, and documentation practices, and 
  • Missing implementation timeframe of the corrective measures by the Board of Directors’ (BoD) minutes, accompanying the AML Compliance Officers’ Annual reports. 

To this end, addressing these identified weaknesses necessitates a comprehensive and methodical approach to reporting. It is essential for AML Compliance Officers to provide detailed and systematic evaluations of all aspects of AML/CFT compliance, ensuring thorough documentation and analysis. This will not only enhance the effectiveness of compliance programs but also align with best practices and regulatory expectations. 

2. Findings related to Internal Audit Reports 

In its review of Internal Audit Reports submitted by the obliged entities, CySEC identified several critical areas of non-compliance. Specifically, certain Administrative Service Providers (ASP) with branches or subsidiaries outside the European Economic Area (EEA) failed to include key findings related to the effectiveness of the AML/CFT measures at these branches. Finally, many regulated entities did not submit their Internal Audit Reports and BoD minutes within the required timeframes outlined by CySEC.  

These findings highlight the need for stricter adherence to regulatory obligations to ensure effective AML/CTF practices and compliance with established reporting deadlines. 

Contact us at info@salvusfunds.com if you require support with your AML/CFT regulatory compliance obligations or are interested in our Internal Audit services.

3. Further Circular Compliance Expectations 

In light of the findings, it is imperative that regulated entities take proactive steps to meet future compliance expectations as outlined by the Law and Directive, as well as CySEC’s relevant Circulars: 

  • Circular C033: Compliance Officers must ensure that Annual Reports are meticulously prepared and provide a thorough evaluation of the entity’s adherence to AML/CFT regulations, including information on the abovementioned gaps.  
  • Circular C186: Internal Auditors are required to conduct a comprehensive review, assessing the effectiveness and adequacy of the entity’s policies, procedures, and controls related to AML/CTF. This evaluation is essential for ensuring that all mechanisms are robust and fit for purpose. 
  • Circular C191: The BoD is responsible for taking timely action to correct any identified deficiencies and implementing appropriate measures within a clear timeframe. Additionally, it is their obligation to oversee the full integration of these requirements into the entity’s operational framework, ensuring future compliance is maintained through adequate systems and controls. 

These actions are not just immediate compliance requirements, but set the foundation for future regulatory alignment, ensuring that entities are well-prepared to meet evolving expectations in the financial sector. 

Final Thoughts 

With Circular C657 CySEC aims to raise awareness to financial institutions and all regulated entities to start enforcing better practices when it comes to their AML/CFT policies and procedures.  

CySEC urges all obliged entities to consider the aforementioned observations when drafting their Reports for the 2023 calendar year and beyond, ensuring they fully adhere to the applicable laws. It is important to note that the Law mandates stringent administrative penalties for any failure to comply with its provisions and those of the Directive, and CySEC will readily enforce these penalties if necessary. 

To this end, obliged entities shall be cautious that common and recurring weaknesses and deficiencies identified will be the subject for rigorous compliance checks by CySEC.  

4. How can SALVUS assist you? 

At SALVUS, we recognize the challenges and barriers involved in navigating and implementing regulatory guidance. Our Regulatory Compliance team at SALVUS is highly knowledgeable about CySEC’s standards and along with our Anti-Money Laundering Consulting service, SALVUS is equipped to assist regulated entities in upgrading their Compliance Officer’s Annual and Internal Audit Reports.  

By working closely with our clients, we design customised strategies that cater to their unique needs and business goals. With our in-depth expertise in Cyprus’s financial regulatory environment, SALVUS is the trusted partner for institutions aiming to successfully adapt to regulatory changes and enhancements. 

On that account, SALVUS Funds in cooperation with the Institute for Professional Excellence (IforPE) has designed a self-study CPD course titled ‘How to prepare the AMLCO Annual Report in 2024’. The course is suited and recommended for Compliance and AML professionals employed in entities regulated by the Cyprus Securities and Exchange Commission (CySEC).  

Please contact us at info@salvusfunds.com if you require support with your AML/CFT regulatory compliance obligations or are interested in our Internal Audit services; our Regulatory Compliance and Internal Audit teams stand ready to assist you. 

#StayAhead

Should you be interested to read more about the AMLCO Annual Report or the Anti-Money Laundering procedures, please visit the SALVUS authored articles below: 

The information provided in this article is for general information purposes only. You should always seek professional advice suitable to your needs.

Share this post

Visit us at iFX Expo Dubai 2025 – Booth 9, 14-16 January 2025

X