AML: Customer verification and depositsSalvus Team
The Cyprus Securities Exchange Commission (CySEC) following a series of updates and issuing circulars along with relevant directives, is arguably putting emphasis on proactively encouraging firms to ensure compliance with the Anti-Money Laundering and Financing Terrorism (AML/CFT) Law. CySEC’s main objective is to ensure the establishing of high standards for investor protection, as well as the application of best practices by obliged entities.
In continuation of this, on the 24th of March 2020, CySEC issued Circular C367, replacing Circular C157. In it, CySEC provides explicit guidance for the interpretation of articles 62 (1) and 62 (2) on the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (the ‘Law’).
Within the latest circular, CySEC focuses on the obligation of all obliged entities towards the verification of the identity of customers and beneficial owners.
SALVUS believes in and commits to staying ahead. In all our commentaries, we share the gist of such Circulars for our clients and our readers.
This commentary further allows our team to provide further guidance and tips in relevant key concepts for candidates preparing towards the CySEC Anti-Money Laundering (AML) Certification.
Customer due diligence (CDD) measures and procedures
The associated risks arising from the complexity of the financial instruments, securities and group structures are increasing, as the financial sector expands. Therefore, the identification and verification procedures are necessary to be detailed enough to recognise a suspicious transaction.
The customer due diligence (CDD) measures and procedures are necessary in order to
- identify and verify the customer’s and beneficial owner’s identity
- via a reliable and independent source,
- and necessary to understand the structure of the legal entity or trust (if any),
- obtain information on the purpose and intended nature of the business relationship,
- including the amount of deposits, the duration, and the frequency of transactions,
- monitor the business relationship,
- ensure all documents and information collected are up to date.
* The CDD measures applied by the obliged entities, such Cyprus Investment Firms (CIF) shall be based on the principle of proportionality.
Construction of a customer economic profile
The primary aim of an obliged entity is to request and collect adequate data and information as needed to construct an economic profile for its customer.
It is a vital part for the Know Your Customer (KYC) procedure. The quantity and quality of the requested data and information must adequately satisfy
- the purpose and the reason for requesting the establishment of a business relationship,
- the anticipated account turnover, the nature of the transactions, the expected origin of incoming funds to be credited in the account and the expected destination of outgoing transfers/payments,
- the customer’s size of wealth and annual income and description of the main business or operations.
It is further worth noting that
- it is never acceptable to use the same verification data or information for verifying the customer’s identity and its home address.
- a person’s residential and business address is an essential part of customers’ identity.
- entities should apply identification procedures and CDD measures to new customers and existing customers at appropriate times and on a risk-sensitive basis.
Timing of application of Customer due diligence (CDD) measures
The verification of the identity of the customer and the beneficial owner
- shall take place before
- the establishment of a business relationship or
- the carrying out of a transaction.
- may be allowed to be completed during the establishment of a business relationship
- in order not to interrupt the normal conduct of business, as long as the customer is assessed and classified as low risk.
- the customer’s verification is completed the soonest possible after the initial contact.
- may be allowed to open an account with a credit or financial institution, if there are adequate safeguards to ensure that transactions are not carried out until full compliance with the CDD requirements (including transactions in transferable securities).
Acceptance of deposits and CDD procedures
Obliged entities must accept deposits only when the customer has provided the required data and information for the
– full identification of the customer,
– construction of a customer economic profile,
– completion of the suitability test or the completion of the appropriateness test (where applicable).
Customer classification as low risk
The verification of the identity of the customer and the beneficial owner, may be allowed to be completed during the establishment of a business relationship, when there is low risk of money laundering (ML) and terrorism financing (TF) AND as a minimum all of the following conditions are met:
- the total deposits of the customer within one or many accounts held within the obliged entity, must not exceed the amount of 2,000 EUR,
- the deposits are made via credit institutions and from an account held in the customer’s name,
- the duration for completion of the customer’s verification must not exceed 15 days from the initial contact*,
* Initial contact means when the customer accepts the terms and conditions, or when the customer makes the first deposit – whichever comes first.
** the obliged entity should have in place adequate procedures in order to collect the required verification data and information within the allowed timeframe and to keep at low levels the percentage of unverified customers.
Unable to comply with the Customer Due Diligence (CDD)
In the cases where the obliged entity is unable to comply with the Customer due diligence (CDD), then the obliged entity must
- terminate the business relationship,
- return the funds* held on the customer’s account back to the same account the customer initiated the deposit,
- consider making a suspicious transaction report to the Unit.
* The returned funds include any profits the customer has gained and deduct any losses incurred.
** It is worth mentioning that funds cannot be withheld, and the accounts cannot be frozen, unless there is a suspicion of money laundering and the Unit will instruct for the next steps.
To conclude, it is highly important all procedures concerning customer’s accounts and funds to be explicitly stated within the entity’s internal policies and procedures.
If you are interested to know more about Anti-Money Laundering procedures and obligations, please read our previously published articles which the team at SALVUS authored to provide guidance for
– the creation of a strong AML compliance culture within the organization, the obligations of all stakeholders and their annual training requirements.
– the relevant risk indicators to look for suspicious activity, the reporting process and the personal ML offences on failure to report a suspicious transaction.
We remain at your disposal should you have any questions, regarding this article or any other matter of compliance and regulation.
SALVUS is ready to support you comply with the regulation through our Anti-Money Laundering (AML) expertise, while our team can get you or your team successfully prepared for the AML certification exam. All our workshops count towards your CPD requirement hours for 2020 – contact us at [email protected].
The information provided in this article is for general information purposes only. You should always seek professional advice suitable to your needs.