New CySEC requirements

2nd of February 2015

CySEC circular on anti-money laundering compliance reports

Cyprus investment firms, UCITS management companies, alternative investment fund managers and providers of corporate and fiduciary management services regulated by the Cyprus Securities and Exchange Commission (“CySEC”) are required to submit to CySEC an annual report by their appointed anti-money laundering compliance officer.

The purpose of the report is to inform the board of directors of the entity concerned of the effectiveness of its policy, practices, measures, procedures and controls for the prevention of money laundering and terrorist financing, to identify any weaknesses and to set out proposed corrective measures, together with a timetable for implementation. CySEC regards this report as a significant tool for assessing regulated entities’ compliance with their obligations regarding the prevention of money laundering.

In advance of the end of the current financial and reporting year, CySEC has issued a circular to entities it regulates reminding them of their obligations and highlighting areas it has identified as requiring attention. In particular, reports are required to cover all the issues listed in paragraph 10(4) of CySEC Directive DI144-2007-08 of 2012 regarding the prevention of money laundering and terrorist financing. Reports must deal exclusively with anti-money laundering issues and should not be part of any other report that the regulated entity is obliged to prepare, such as a general compliance report. The circular, which is available on the CySEC website, includes an appendix detailing the areas to be covered.

In the event of failure to comply with the requirements the regulated entity, its board of directors and the compliance officer are subject to sanctions under the Prevention and Suppression of Money Laundering and Terrorist Financing Laws of 2007-2013, which include a fine of up to €200,000 and suspension or revocation of the entity’s licence.

Use of payment service providers by Cyprus Investment Firms

The Investment Services and Activities and Regulated Markets Law, Law 144(I) of 2007, requires Cyprus Investment Firms (“CIFs”) that hold clients’ funds to take every possible measure to protect their clients’ interests. The Cyprus Securities and Exchange Commission (“CySEC”) has issued detailed guidance to CIFs regarding these obligations in its Directive DI144-2007-01 of 2012, which requires CIFs to have adequate arrangements in place to minimize the risk of the loss or diminution of clients’ assets, as a result of misuse, fraud, poor administration, inadequate record keeping or negligence.

CySEC has recently issued a circular reminding CIFs that maintain a merchant account for the clearing or settlement of payment transactions that any such merchant account must be completely segregated and may not be used by anyone other than the CIF. In no circumstances may CIFs’ merchant accounts be used by connected persons or third parties, as this does not provide the required degree of segregation and protection of client funds.

CIFs must ensure that clients’ funds are transferred to clients’ bank accounts immediately after the clearing or settlement of the relevant transactions.

In order to minimise the risk of loss, CIFs must exercise all due skill, care and diligence in the selection and periodic review of the payment service providers with whom merchant accounts are maintained. Only payment service providers licensed and regulated by a competent authority of an EU Member State or of a third country applying the same standards are to be used. For purposes of transparency CIFs should include on their website a list of the payment service providers they use and the relevant supervisory authority. In their assessments of capital adequacy and large exposures, CIFs are required to apply the provisions of the relevant CySEC Directive and EU regulation to any balances they have with payment service providers. The circular notes that payment service providers do not fall under the definition of institutions as defined in article 4(3) of Regulation (EU) 575/2013.

CIFs that are not currently complying with these requirements are required to take corrective measures as soon as possible and in any event no later than 12 March 2015.