Member of Financial Action Task Force? No, but Cyprus is a member of MONEYVAL.

On FATF blacklist? No.

Member of Egmont? Yes.

Anti-Money laundering background

The financial services and international business sector in Cyprus is one of the vital pillars of the Cyprus economy. That being said, Cyprus aims to be in full compliance with the AML European framework, and in this respect constantly implements changes in its local laws to align with EU directives and regulations.

Cyprus' latest MONEYVAL evaluation was during May 13-24, 2019. MONEYVAL's 2019 assessment report, published on December 31, 2019, illustrated that Cyprus has a good understanding of the money laundering and terrorist financing risks, and has implemented measures to mitigate some of the main risks in an effective manner. Such measures include domestic co-operation/co-ordination between competent authorities whose responsibilities include addressing such risks, as well as the collaboration of Cyprus with other countries on the matter. Emphasis is given to the rapid development of risk-mediating measures by the Financial Intelligence Unit (MOKAS) and the banking sector.

MONEYVAL rated Cyprus as "compliant" or "largely compliant" with 14 out of 16 of the "Core" and "Key" recommendations and this is considered a significant achievement for the government and the competent authorities.

It is important to note that during October 2018, Cyprus published the first National Risk Assessment of Money Laundering and Terrorist Financing Risks (NRA). The Competent Authority responsible to oversee the NRA project was the Advisory Authority against Money Laundering and Terrorist Financing, which provided its findings to the Council of Ministers accordingly.

During November 2021 the Ministry of Finance of the Republic of Cyprus published the National Risk Assessment (the NRA) on Money Laundering and Terrorist Financing (ML/TF) risks of virtual assets (VA) activities and virtual asset service providers (VASPs). The findings and recommendations of NRA were taken into account in the drafting of the primary and secondary legislation on AML/CFT enacted in 2021 for the transposition of the Fifth AML Directive into local law, for this respective sector. The NRA has been published on the Ministry of Finance's website, as per the provisions of art 57 of the Prevention and Suppression of Money Laundering and Terrorist Financing Law and in accordance with the EU AML/CFT directives.

It is worth noting that Cyprus is also one of the 45 countries within the OECD which has successfully implemented transparency and effective exchange of information for tax purposes, agreed to standards relating to taxation, and adopted the organisation's Common Reporting Standard in the early 2000s. These are all steps which help to combat tax evasion and improve international tax and financial transparency.

Legislation on prevention of money laundering activities

Cyprus' first AML legislation was the Concealment, Investigation and Confiscation of Income from Certain Criminal Acts Law of 1996. The Prevention and Suppression of Money Laundering Activities Law 2007 (188(I)/2007) as amended from time to time (the "Cyprus AML Law" or the "Law") transposed the EU's Fifth AML Directive (2018/843) through the Law 61(I)/2021. This broadens the scope of AML oversight under Directive 2005/60/EC, to include new areas such as external threats to domestic markets and introduces more rigorous rules regarding ultimate beneficial ownership, with the ultimate goal of establishing transparent public registers.

Objectives of the Cyprus AML Law

The principal objectives of Cyprus' AML Law are to prevent the laundering of proceeds of serious criminal offences ("predicate offences"), including terrorist financing and related activities, to detect and prosecute money laundering activities and to provide for the restraint and confiscation of illicit funds. The Law makes money laundering or assisting in it a criminal offence. It also established MOKAS.

According to the Law, no person shall, in the course of a financial business that he carries on in or from Cyprus, form a business relationship, or carry out a one-off transaction with or on behalf of another, without applying the prescribed procedures with regard to identification, record-keeping and internal reporting as set out in the Law

Entities under scrutiny

A number of financial institutions, organisations and professional bodies, whose profession or business encompass a high risk of being involved in money laundering offences, such as banking institutions, cooperative societies, investment firms, stockbroking firms, accountants, insurance companies, real estate agents, advocates, trust and company service providers, money transfer services and dealers in precious metals and precious stones as well as casinos (referred to as "sensitive professionals") fall within the ambit of the Law.

The Law details what constitutes "Financial Business" and "Other Business" which are subject to its provisions. Undertakings engaged in these activities are obliged to operate effective procedures for customer identification, record-keeping and internal reporting, and to appoint an appropriate person as the money laundering compliance officer (MLRO).

The Law also contains powers to confiscate the assets of persons who are convicted of a predicate offence, and to restrain the assets of such persons and of persons who are reasonably suspected of involvement in money laundering activities.

Regulatory authorities

Prevention of money laundering activities falls within the ambit of the respective regulatory body (for example, the Central Bank of Cyprus for credit institutions, the Cyprus Bar Association for lawyers, the Institute of Certified Public Accountants of Cyprus for accountants, and the Cyprus Securities and Exchange Commission for capital markets). In addition, MOKAS is the second-tier body responsible for preventing, investigating and prosecuting money laundering and terrorist financing across all relevant businesses and professions.

Unit for Combating Money Laundering (MOKAS)

MOKAS is a government agency within the Attorney General's department and is composed of governmental lawyers from the Attorney General's office, police officers and customs officers. An officer from the Attorney General's office leads MOKAS, and its purpose is to prevent money laundering activities. The Law provides for mandatory reporting of suspicious transactions to MOKAS.

MOKAS is responsible for analysing and investigating information related to suspected money laundering activities that the institutions provide subject to the Law, and, for facilitating the prosecution of offences under the Law. It is also responsible for conducting inquiries into any suspicion in relation to the financing of terrorism. In connection with its investigations it has the power to apply to the court for freezing orders, confiscation orders and disclosure orders which lift bank secrecy.

Moreover, section 55(2)(c) of the Law gives MOKAS authority to request and receive information or documentation with regard to the ultimate beneficial owners of legal or other entities including trust funds or settlements. MOKAS also has the power to request information on the business relationship and the beneficiaries of bank accounts or bank balances, and any other information or data related to certain suspicious transactions which are in the possession of persons involved in financial business, or any other business or, of the public sector. Further to this, where necessary for the purposes of analysing suspicious transactions which might be connected to offences related to the laundering of profits from illegal activities, terrorist financing or tracing of illegal proceeds, this power may be exercised without the need of obtaining a disclosure order.

This authority can be also exercised in the event that MOKAS receives relevant inquiries from a counterpart overseas.

MOKAS is obliged to prepare and publish an annual report with regard to its activities.

KYC principles

Undertakings transacting relevant financial business must put in place and operate know-your-customer (KYC) procedures. The identity of all customers must be verified, apart from relevant domestic organisations, that are themselves subject to the Law, and banks and credit institutions incorporated in countries whose anti-money laundering procedures are equivalent to those applying in Cyprus. Verification of identity must take place before any business relationship is established or any transaction is executed. The KYC exercise currently includes the establishment of an economic profile for the customer and verification of source of wealth and source of funds.

Transposition of the Fifth and Sixth EU Anti-Money Laundering Directives into Cyprus AML Law

As noted above, further amendments have been introduced to the Cyprus AML Law in respect of the Fifth EU Money Laundering Directive, with the most recent having been adopted on the April 20, 2021. The Law introduced some very important changes as outlined below:

The increase of the threshold for people holding a controlling interest over 25%

The Law provides that a shareholding of 25% plus one share, or an ownership interest of more than 25%, in an entity held by a natural person or group of persons acting together is an indication of direct significant control. A shareholding of 25% plus one share or an ownership interest of more than 25% held by one or more corporate entities controlled by the same natural person or group of persons acting together is an indication of indirect significant control.

It is further understood that significant "control via other means may include a shareholder's agreement, the exercise of dominant influence, influence through family links or other types of connection with decision-makers, the holding of negotiable shares or convertible stock, and the power to appoint senior management or any other way" as per the Guidance Manual published by the Registrar of Companies in 2021.

The increase of the controlling interest threshold from the previous level of 10% plus to 25% plus, was a change welcomed by regulated professionals in AML compliance. It greatly simplified the rigorous processes needed to establish whether or not a controlling interest exists.

Changes to the definition of Politically Exposed Persons (PEPs)

The Law defines a Politically Exposed Person as a natural person who has been entrusted with a prominent public function, or a close relative or a person known to be a close associate of the individual concerned. It defines the term " prominent public function" as follows:

  • heads of state, heads of government, ministers and deputy ministers;
  • members of parliament or of similar legislative bodies;
  • members of the governing bodies of political parties;
  • members of supreme courts, of constitutional courts or of other high-level judicial bodies whose decisions are not subject to further appeal except in exceptional circumstances;
  • members of courts of auditors or of the management board of the Cyprus Central Bank;
  • ambassadors, chargés d'affaires and high-ranking officers in the armed forces;
  • members of the administrative, management or supervisory bodies of State-owned enterprises;
  • directors, deputy directors and members of the board or equivalent instrument of an international organisation.
  • mayors.

It makes clear that middle-ranking or lower-ranking roles do not come within the scope of the above definition.

A close relative of a PEP includes their spouse or a person equivalent to a spouse, their parents, their children and their children's spouses or equivalents to a spouse. A close associate of a PEP includes individuals who are known to have joint beneficial ownership with the PEP of legal entities or legal arrangements, or any other close business relations, or individuals who have sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of the PEP.

Broadening of the scope of the Law

Obliged entities are the regulated persons and businesses subject to the requirements of the Law. In addition to the regulated professionals previously covered, such as banks, financial organizations, auditors, lawyers and administrative service providers, the Law introduces new categories, namely providers of gambling services and estate agents, persons trading in high-value goods as well as any person trading goods who accepts payment in cash of more than EUR 10,000, either in a single transaction or a series of connected transactions.

Predicate offences

The Law replaces the previous definition of a predicate offence; all criminal offences that are punishable by imprisonment that exceeds one year from which proceeds in any form were generated that may become the subject of a money laundering offence. The new Law provides that any criminal offence constitutes a predicate offence. Therefore, tax offences which are criminal offences, now constitute predicate offences for the purposes of the Law.

Revision of provisions relating to disclosure or "tipping off"

Section 48 of the Law has been amended to increase the maximum penalty for "tipping off" to imprisonment for up to two years, a fine of up to EUR 50,000 or both. The new section 48 also illustrates that a professional adviser such as an auditor or a lawyer who attempts to deter a client from engaging in illegal activity does not commit any offence of "tipping off".

Due diligence exercise and verification of identity

Section 61 of the Law is amended to allow obliged entities to adopt a risk-based approach on the conduct of the customer due diligence they are required to undertake regarding verification of identity, corporate structure, ultimate beneficial owners and source of funds. An extension to those processes is the adoption of EU electronic identification and trust services under regulation 910/2014, or any other secure remote or electronic identification process that is regulated, recognised, approved or accepted by a Competent Authority of the Republic will suffice. In addition, the Law's provisions extending due diligence requirements to life or investment insurance contracts.

The most recent amendments to the Law dictate that in the event that the beneficial owner identified is a senior executive officer of the entity, the regulated entity shall ensure the reasonably necessary steps for the verification of the identity of the natural person, who holds senior executive role, and keeps a record of the actions taken, as well as any difficulties identified during the verification process. Failure to meet the necessary steps may lead to the commission of an offence by the said regulated authority.

Creation of a central register of UBOs of companies and other legal entities

Section 61A of the Law replicates the wording of the requirement of the directive that the national authorities "are required to obtain and hold adequate, accurate and current information on their beneficial ownership, including the details of the beneficial interests held." In the course of AML due diligence on companies or other legal entities, obliged entities must obtain the requisite information to establish the identity of the beneficial owner.

This information must be submitted to a central register of beneficial owners, which has been operational since March 13, 2021. The detailed provisions regarding the establishment and operation of the register and access to it are set out in regulations issued under the Law.

The police, the Customs Department, the Tax Department and the Unit for Combatting Money Laundering and Terrorist Financing (MOKAS) and the competent Supervisory Authorities (Cyprus Bar Association, the Central Bank, the Cyprus Securities and Exchange Commission, the Institute of Certified Public Accountants, the Real Estate Registration Council, the National Betting Authority and the National Gambling and Casino Supervisory Authority) will have direct access to the information kept in the register.

Obliged entities will have access to the information for the purposes of their due diligence and KYC procedures.

The public authorities have unrestricted real-time access to the register for the purposes of carrying out their duties, without the companies concerned being informed of the authorities' enquiry. Information may be exchanged with equivalent authorities overseas.

Pursuant to the Fifth AML EU Directive and the Law, the general public will have access to the name, the month and the year of birth, the nationality and country of residence of the beneficial owner, and the nature and extent of the beneficial owner's rights. Access to this information will be regulated by the Processing of Personal Data (Protection of the Individual) Law. There are also provisions allowing information on individuals to be exempted from access on a case-by-case basis, if access would expose the beneficial owner to the risk of deception, abduction, extortion, violence or intimidation, or if the beneficial owner is a minor or an incapable person.

In cases where the shareholding structure of a Cyprus entity leads to a Cyprus registered trust, only the name of the trust will be subject to disclosure on the Company Register given that trust(s) are reportable to a separate registry, namely the Trust Register.

ECJ judgment on UBO public registers

Following the judgment of the European Court of Justice in joined cases C-37/20 and C-601/20 of November 22, 2022, the Registrar of Companies officially announced that access to the Register of Beneficial Owners for the general public is suspended as of November 23, 2022.

According to the above-mentioned judgment of the ECJ, article 1, point 15(c) of Directive (EU) 2018/843 of the European Parliament and the Council of May 30, 2018, which provides for access to the information on the beneficial ownership of legal entities to any member of the general public, is invalid as it constitutes a serious interference with the fundamental rights of respect for private life and to the protection of personal data, enshrined in articles 7 and 8 respectively, of the Charter of Fundamental Rights of the European Union.

The relevant information on UBOs will continue to be provided with the applicable procedure to the competent and supervisory authorities per article 61A, as well as to the obliged entities, with the applicable procedure by submitting additionally a solemn declaration confirming that the information on the beneficial owners is requested within the context of performing customer due diligence.

It should be noted that the obligation of companies and partnerships to submit and update their beneficial ownership information is not affected and remains valid.

Creation of a central trust register

The Law, under section 61C introduces a requirement for trustees of any express trust governed by Cyprus Law or any other analogous legal arrangement to obtain and hold adequate, accurate and up-to-date information on beneficial ownership of the trust or arrangement, including the identity of the settlor, the trustees, the protector (if any), the beneficiaries or class of beneficiaries and any other natural person exercising effective control over the trust.

The information referred to in the paragraph above must be held in a Central Register when the trust generates tax consequences in Cyprus. The public authorities and Supervisory Authorities will have the same access as to the register of ultimate beneficial owners (see above). Obliged entities will also have access for the purposes of customer AML due diligence. There is no provision regarding access by persons with a legitimate interest.

Section 61C of the Law provides for the creation of the Central Trust Register, specifically for Cyprus registered trusts and "similar legal arrangements". The Trust Register will be maintained and supervised by Cyprus Securities and Exchange Commission (CySEC), requiring a detailed disclosure of information to be submitted in relation to trusts and other similar legal arrangements such as:

  • The name of the trust.
  • Jurisdiction of incorporation and /or establishment.
  • Governing law.
  • Date of termination (if any).

The above represents only a few examples of the information required.

Additionally, the following basic information regarding the trustee, settlor, protector and beneficiaries (all considered as beneficial owner(s)) must also be submitted for registration with to the above-mentioned register such as: (i) the name and surname of the beneficial owner, (including father's name); (ii) date and place of birth; (iii) nationality(ies); (iv) residential address, etc.

All the above submissions are subject to evidential proof in support of the information provided, i.e., valid passports and other identification methods.

Creation of a central crypto-asset service providers register

CySEC is the supervisory authority under section 61E which maintains and observes a register of crypto-asset service providers, and such register is made public. Parties/entities are registered on the register who (a) provide or conduct services from Cyprus, regardless of whether they are also registered in another member state for the services they provide, and (b) provide or conduct services in Cyprus, exempting parties/entities which are registered in another member state.

"Crypto-asset service provider" under section 2 means a person who provides the following services or activities to another person, directly or on behalf of another, as follows:

(a) exchange between cryptocurrencies and documentary currencies;

(b) exchange between crypto-assets;

(c) the management, transfer, transfer, retention, and / or safekeeping, including custody, of cryptocurrencies or cryptographic keys or means enabling control over cryptocurrencies;

(d) offering and / or selling cryptocurrencies, including the initial public offering; and

(e) participation and / or provision of financial services related to the distribution, offering and / or sale of cryptocurrencies, including the initial public offering.

Penalties

Section 4 of the Law provides that every person who knows, or should have known, that any kind of asset is the proceeds of a predicate offence is guilty of an offence if he does any of the following:

  • Converts, transfers or removes such property for the purpose of concealing or disguising its illicit origin or of assisting any person who is involved in the commission of a predicate offence to evade the legal consequences of his actions.
  • Conceals or disguises the true nature, source, location, disposition, movement, rights with respect to property or ownership of this property.
  • Acquires, possesses or uses such property.
  • Participates in, associates or conspires to commit, or attempts to commit and aids and abets and provides counselling or advice for the commission of any of the offences referred to above.
  • Provides information with respect to investigations that are being performed for laundering offences for the purpose of enabling the person who acquired a benefit from the commission of a predicate offence to retain the proceeds or the control of the proceeds of the offence.

On conviction, a person who knowingly commits such an offence is subject to imprisonment of up to 14 years, a fine of up to 500,000 euros or both. A person who did not know that the property was the proceeds of a predicate offence, but should have known, is subject to imprisonment of up to five years, a fine of up to 50,000 euros or both. Failure to report a suspicion of money laundering activities is punishable by imprisonment of up to five years, a fine of up to 5,185 euros or both.

Further to the aforementioned penalties, a court may also decide that a person found guilty of the above, may also be excluded from public benefits or aid; be temporarily or permanently (a) excluded from accessing public funding, (b) banned from conducting commercial activity; (c) excluded from processing a liquidation; and (d) subject to closure of the premises used to commit the offence.

Three parameters are also considered aggravating in deciding the severity of the offence when penalties are imposed: (i) the offense was committed in the scope of a criminal organisation, (ii) the default entity is a regulated entity and has committed the offense in the course of its professional activities; and (iii) the asset that is the subject of money laundering is of significant value.

Duty to report suspicious activities — legally bound individuals and entities

Organisations that carry out "relevant financial business", which is widely defined and includes all banking, money transmission and investment activities, are required to take adequate steps to prevent their services being misused for money laundering.

Such organisations and their employees must promptly report any knowledge or suspicion of money laundering to a police officer or to MOKAS. The Law requires any person who, in the course of his trade, profession, business or employment, acquires knowledge or reasonable suspicion that another person is engaged in money laundering, to report his knowledge or suspicion as soon as is reasonably practical.

After the initial disclosure, relevant organisations are expected to follow any instructions that MOKAS gives, particularly as to whether or not to execute or suspend a transaction. No liability for a breach of any contractual or other obligation is attached to a bank that refrains from, or delays, executing a customer's order on instructions from MOKAS. Any person who prejudices the investigation of money laundering offences by "tipping off", that is making a disclosure, either to the person who is the subject of a suspicion or to a third party, knowing or suspecting that the authorities are carrying out such an investigation, is guilty of an offence under the Law.

The Law requires organisations that carry out relevant financial business to retain records that concern customer identification and details of transactions for use as evidence in any possible investigation into money laundering for five years from the completion of the relevant business or, if MOKAS conducts an investigation, until MOKAS confirms that the case has been closed. Retention may be in electronic or other form as long as it allows all relevant information to be retrieved without delay.

In addition to ad hoc reporting of suspicious transactions, all banks in Cyprus are required to submit a monthly report to the Central Bank of Cyprus of amounts in excess of EUR 10,000 or its equivalent, which their customers deposit in cash, and of incoming and outgoing funds transfers in excess of EUR 500,000 or its equivalent.

Sixth AML Directive

During March 2022 the AML Law was further amended to transpose the provisions of the Sixth AML Directive. The amendments to the AML Law mostly relate to the enforcement procedure and measures to be undertaken to better enforce, supervise and coordinate the EU's rules in this area. It is worth noting that upon this amendment the Law introduces a new article 55A, which provides for the exchange of information between competent authorities of member states as well as the introduction of a new article 61Z, which provides for the exchange of information with Europol.

Anti-bribery and corruption laws

Cyprus has a comprehensive legal framework for deterring and punishing bribery and corruption. The main measures are as follows:

  • The Prevention of Corruption Law, Cap 161 of 1920 as amended by Law 97(I)/2012. This was introduced when Cyprus was a British colony and continues to have effect. It prohibits bribery of public officials.
  • The Civil Servants Law of 1/1990 (as amended from time to time) governs the conduct of civil servants in general. It makes specific provision regarding bribery of public officials at sections 69 and 70.
  • The Criminal Code, Cap 154 (as amended from time to time) is a compilation of criminal law provisions. It specifically provides for criminal sanctions for bribery of public officials in sections 100 to 103 and of witnesses in section 118.
  • The Law Sanctioning the Criminal Law Convention on Corruption No. 23(III) of 2000 and Law 22(III) of 2006 transpose the provisions of the Criminal Law Convention on Corruption 1999, aligning Cyprus law with best practice in the field of bribery of foreign public officials, bribery in the private sector, trading in influence, money laundering of proceeds from corruption offences, account offences, participatory acts and corporate liability.
  • The Law Providing for Registration, Funding of Political Parties and Other Similar Matters No. 20(I) of 2011 establishes a legal framework for political parties in Cyprus, covering their legal status and registration requirements, and rules concerning the transparency of their financial administration. Moreover, the supervision of the financing of political parties has been entrusted to the Auditor General, an independent institution under the Constitution of Cyprus.

Cyprus is also a signatory to the following international anti-corruption conventions:

  • United Nations Convention against Corruption (UNCAC), New York, October 31, 2003, entered into force December 14, 2005, ratified by Cyprus February 23, 2009.
  • Agreement for the Establishment of the International Anti-Corruption Academy as an International Organisation (IACA), Vienna, September 2, 2010, entered into force March 8, 2011, ratified by Cyprus August 19, 2011.
  • Criminal Law Convention on Corruption, Strasbourg, January 27, 1999, entered into force July 1, 2002, ratified by Cyprus January 17, 2001 (the Criminal Law Convention on Corruption).
  • Additional Protocol to the Criminal Law Convention on Corruption ratified on November 21, 2006, entered into force on March 1, 2007.
  • Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime, Strasbourg, November 8, 1990, entered into force September 1, 1993, ratified by Cyprus on November 15, 1996.
  • European Framework Decision No. 2003/568/JHA, Combating Corruption in the Private Sector.
  • Cyprus is also a member of the Group of States against Corruption of the Council of Europe (GRECO).

Originally published by Thomson Reuters.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.