The meeting was requested by the Cyprus Fiduciary Association, following the various issues raised during the CFA Think Tank that took place on April 5th, 2017, regarding latest developments in the AML Directive and the latest on-site visits of CySEC. The meeting was attended by the following:
- CySEC: Demetra Kalogerou, Andreas Andreou, Charalambos Paraskeva, Marinela Georgiadou
- CFA: Christos Michael, George Ioulianos, Athena Yiallourou, Michalis Loizou
Starting the meeting, CFA representatives noted that there are several matters that need to be clarified with the regulator in order to be able to advise and guide the members of the Association, accordingly. In addition, these matters need to be clarified so that CySEC can address the issues with the other two Regulators in order to obtain the same level of monitoring throughout the ASP sector.
The following issues were discussed:
- Risk Based Approach (What are the minimum requirements? What are the expectations of the regulator? Is there any particular form or program which can be used?)
As per CySEC representatives’ recommendations, the consultation paper of the Joint Committee of the European Supervisory Authorities (October 2015) can be used as a base for the drafting of a Risk Based program of the ASPs, as well as certain recommendations that will be included in the amended Cyprus AML Legislation (which should be completed by the end of June 2017).
Following the request for more specific guidelines from the Regulators, CySEC representatives suggested CFA, after the issuance of the new Legislation, to provide CySEC with a draft document stipulating the minimum factors for an acceptable Risk Based Approach for review and comments. As suggested, the document should be negotiated with the other two supervisory authorities in order to address a common approach to the subject.
- Transaction Monitoring
CFA members mentioned that ASPs are not Financial Institutions, like Banks and Investment Entities, and that real-time monitoring of monetary transactions is not within the scope of the services provided.
Although it is understood that as Directors there is obligation to have knowledge and maintain control of an entity’s activities in order to prevent the misuse of the entity for illegal purposes, daily control of monetary transactions is very difficult to achieve due to the volume of the work and the nonexistence (at least in Cyprus) of an automated system which will allow such a detailed record keeping.
Several suggestions were mentioned, e.g. Excel spreadsheets for each client, Quarterly monitoring by Bank account reconciliation, etc. CySEC representatives insisted that this is an obligation of the ASPs and monetary transactions should be controlled at all times. They have requested CFA to present to them a report of how other Regulators deal with this particular requirement and provide suggestions for discussion.
- 4th AML Directive
CFA representatives noted that the consultation paper was sent to the members with short notice for comments (on Friday 26/5/2017 for Thursday 1/6/2017) and more time should have been provided. Nevertheless, members of the AML & Compliance Affairs Committee of CFA have prepared a paper with suggestions for CySEC, which will be delivered before the noted deadline.
- Source of Income/ Source of Wealth
After discussion, it was resolved that the required information should be documented in relation to the risk factor of the client and that there are a number of documents and public information, which can be obtained in this respect, e.g. CV, Bank Statements, Title deeds, Tax Return, Internet search findings, other information systems (SPARK, World Check, Feasibility studies, Kroll reports etc.).
All documented evidence should be duly recorded in support to the above.
- Record Keeping
It was clarified that in relation to AML, the record keeping period is at least 5 years except of accounting information which should be kept for 7 years, as per Tax Law requirements.
Other matters discussed:
- Ms. Kalogerou informed us that she had a meeting with members of the Cyprus Organisation for Standardisation regarding ISO certifications that can apply to the financial sector. Particularly, they mentioned the ISO 27/2001 standard, which is in compliance with the new Personal Data Protection Act that will be applicable from 1/2018 to all EU countries. She mentioned that a recommendation will follow from CySEC to all regulated entities in this respect.
- Christos Michael made reference to another ISO standard (34/2001) that is suggested for all companies that would like to have the ‘Fund Administrator’ licence. Ms Kalogerou stated that the new legislation is still under review and that the requirements for fund administrators are still to be examined.
Closing the meeting, Ms Kalogerou stated the important role of CFA and that it would be ideal if all CySEC regulated entities were members of the Association. Ms Kalogerou said that the Commission will find the ways to suggest the CFA membership to its regulated entities.