CySEC Circular C550

CySEC Exposes AML/CFT Compliance Gaps in Circular C550

CySEC Reveals Common AML/CFT Compliance Failures Among Regulated Entities: Circular C550

The Cyprus Securities and Exchange Commission (CySEC) has recently issued a Circular C550, which aims to inform regulated entities about common weaknesses and deficiencies identified in relation to the prevention of money laundering and terrorist financing. The circular highlights key areas where improvements are needed to ensure full compliance with the Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Law and Directive.

In response to the circular, CX Financia  has prepared a comprehensive summary to provide a clear and concise overview of the key requirements and obligations imposed by the circular. The summary aims to help regulated entities ensure that they are fully compliant with the regulations and meet the expectations of the regulatory body.


Applicable entities

The Circular C550 applies to the Regulated Entities as described below:

  • Cyprus Investment Firms (‘CIFs’)
  • Administrative Service Providers (‘ASPs’)
  • UCITS Management Companies (‘UCITS MC’)
  • Self-Managed UCITS (‘SM UCITS’)
  • Alternative Investment Fund Managers (‘AIFMs’)
  • Self-Managed Alternative Investment Funds (‘SM AIFs’)
  • Self-Managed Alternative Investment Funds with Limited Number of Persons (‘SM AIFLNP’)
  • Companies with sole purpose the management of AIFLNPs
  • Small Alternative Investment Fund Managers (‘Small AIFMs’)
  • Crypto Asset Service Providers


Consolidating good practices identified

Companies that are excelling in AML/CFT compliance have been found to:

  • Keep their policies and procedures up-to-date to ensure they comply with the latest legal and regulatory obligations.
  • Retrieve records of customer identification and transaction data quickly and efficiently.
  • Have senior management who take responsibility for AML/CFT and sanctions issues and communicate this to staff through everyday decision-making.
  • Implement automated systems for CDD, risk assessments, transaction monitoring, and customer/beneficial owner background checks.
  • Use local knowledge and open-source internet checks, where available, to supplement commercially available databases when researching potential high-risk customers.

These are some great practices that can help you stay ahead of the game when it comes to AML/CFT compliance. Consider incorporating them into your own processes to improve your performance and stay in line with regulatory expectations!


Common weaknesses/deficiencies identified

During their onsite inspections, they identified some common weaknesses and deficiencies in AML/CFT compliance that Regulated Entities need to be aware of:


Customer Due Diligence (CDD) Measures

Some Regulated Entities failed to collect complete and proper customer economic profiles, including information on income, expected turnover, source of funds, and wealth size. Others collected verification documentation without verifying its reliability or obtaining supplementary information from reliable independent sources. In some cases, there were weaknesses in the risk-based approach processes for verifying customer data and information, leading to poor economic profile-building.

  1. Nature of Business: Although a general statement on the nature of business was provided, some Regulated Entities didn’t collect evidence to verify customers’ main business activities and operations. This broad and generalized description or lack of accurate information can lead to the Regulated Entity not fully understanding the risks associated with the customers’ business activities, reducing their ability to monitor transactions satisfactorily.


  1. Ongoing Updating: Some Regulated Entities relied on CDD information collected at the beginning of a business relationship to construct a customer’s economic profile, but failed to update it as the relationship evolved or following a triggering event like adverse media or a material change in the customer’s status.


Enhanced Due Diligence (EDD) Measures

Despite classifying certain customers as high risk, some Regulated Entities failed to adequately apply enhanced due diligence measures to mitigate the potential ML/TF risk. CySEC found that in some cases, there was insufficient evidence to suggest that Regulated Entities obtained additional information beyond what is mandated by the AML/CFT Law, in order to properly assess and manage the risks associated with high-risk customers.


AML/CFT Risk Assessments

Regulated entities failed to use the Risk Factors Guidelines and Risk-based Approach (RBA) Guidance for Trust and Company Service Providers (TCSPs) when conducting AML/CFT risk assessments, leaving them vulnerable to regulatory non-compliance.

Failing to assess the risks posed by customers who have acquired Cypriot citizenship under the Cyprus Investment Program (CIP) and not implementing appropriate CDD measures. This omission puts Regulated Entities at risk of being infiltrated by money launderers and terrorists.

Neglecting to consider published adverse information about customers and/or beneficial owners, thereby missing out on valuable opportunities to identify risks and mitigate them before they cause harm.


Customers’ Screening and Transactions Monitoring

Keeping a proper record of background checks conducted on customers is a vital aspect of Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) compliance. However, in some instances, Regulated Entities failed to document the results of the background checks carried out through screening databases. This lapse could lead to missed opportunities to investigate ‘false-positive’ matches, and the need for a comprehensive audit trail to ensure the matches were resolved as ‘false-positive’.

Furthermore, CySEC identified that Regulated Entities had not maintained proper documentation of supporting documents of the customer’s transactions carried out. This flaw could result in an incomplete audit trail of transactions and put the Regulated Entity at risk of non-compliance with AML/CFT regulations.

In the ASPs sector, it was found that some loan agreements obtained as supporting documentation of transactions lacked an apparent economic or financial purpose. Moreover, CySEC also noticed that some ASPs and Fund Managers relied heavily on credit institutions for conducting their customer’s transaction monitoring without the application of adequate internal transaction monitoring mechanisms.


Why to Comply?

Failure to comply with AML/CFT obligations will result in administrative sanctions enforced by CySEC. By taking heed of the identified areas of concern and ensuring compliance with AML/CFT laws, Regulated Entities can protect themselves from reputational damage and financial loss, while contributing to the wider fight against financial crime.



How can CX Financia help?

At CX Financia, we understand the importance of ensuring compliance with Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) regulations. Our team of experienced professionals is dedicated to providing effective compliance solutions to help Regulated Entities mitigate risks related to money laundering, identity theft, financial fraud, and terrorist financing.

We offer a range of compliance services including risk assessments, policy and procedure development, training and awareness programs, and regulatory reporting.  We work  closely with our clients to develop customized solutions that meet their unique compliance needs.

Contact us to learn more at [email protected] or call us at +357 22052920.



Get the latest business news, directly to your inbox