Cyprus Securities and Exchange Commission (CySEC) has identified several areas where regulated entities, including local investment firms and crypto services providers need to improve their anti-money laundering and counter-terrorist financing (AML/CFT) reporting practices.
Cyprus Regulated Firms Need to Address Key Reporting Issues
In a circular issued today (Wednesday), CySEC outlined common weaknesses found in Compliance Officers' Annual Reports and Internal Audit Reports for 2022, submitted by various financial entities under its supervision, including Cyprus Investment Firms (CIFs), Crypto Asset Service Providers (CASPs) and more.
“Particularly, it was observed that the information provided in the Compliance Officers’ Annual Reports is merely the result of the inspections and reviews performed with no reference to the method of the inspections and reviews that were conducted,” CySEC commented.
The regulator also noted that some reports lacked detailed descriptions of identified deficiencies in AML measures. CySEC argues in the document that general overviews are not enough. It wants to see specifics on weaknesses, their implications, and proposed remedial actions with implementation timelines.
Another area of concern was inadequate information on high-risk customers. The regulator emphasized the need for comparative data on the number, origin, and type of high-risk clients, year-over-year.
The circular also stressed the importance of thorough documentation on systems for ongoing account monitoring. Regulated entities should also present sufficient information on the next year's training program for the Compliance Officer and staff, and provide adequate information on the Compliance Officer's Department structure and duties. What is more, companies like CIFs and CASPS should ensure that Board of Directors' minutes include implementation timeframes for corrective measures addressing identified issues.
CySEC Fights Windmills
The regulator's findings are part of its annual risk-based assessment, which aims to ensure that financial institutions maintain strong defenses against money laundering and terrorist financing. This isn't the first time CySEC has highlighted this issue; a similar assessment was observed over three years ago. Although the regulator is taking action, these measures seem not to be producing the intended effects.
CySEC warned that recurring weaknesses would undergo "rigorous compliance checks" and reminded entities of potential administrative sanctions for non-compliance. This is not just a threat, as such penalties have been paid in the past. For example, in February, CySEC fined Fintailor Investments €200,000 for potential breaches of regulations related to the prevention of money laundering. A few months earlier, Freedom Finance paid €50,000 in a similar case.
The latest penalty imposed by the regulator, amounting to €200,000, was however not for breaches related to AML/CFT but for offering excessively high financial leverage. CySEC claimed that IC Markets offered clients leverage of 1000:1, significantly higher than European regulations allow. However, IC Markets denied the grounds of the regulator's decision, announcing plans to appeal.