The Cyprus Securities and Exchange Commission (CySEC) has issued a circular notifying entities it regulates of the most common weaknesses, deficiencies and best practice standards identified during its latest round of onsite inspections in relation to the prevention of money laundering and terrorist financing.
The inspections found a significant improvement in the internal procedures applied by regulated entities to prevent money laundering and terrorist financing compared with earlier years. Nevertheless, some common weaknesses were encountered, which CySEC is bringing to regulated entities’ attention so that corrective action can be taken. These included:
insufficient verification of sources of customers’ wealth and funds;
failure to ensure that data collected on customers is kept up to date;
weaknesses in the application of enhanced due diligence measures, particularly relating to high-risk customers and non-face-to-face customers;
disregard of the prescribed time limit of 15 days for completing the customer’s identity verification process.
In addition, in order to assist regulated entities to improve their systems, controls and procedures, CySEC is sharing the best practice standards identified during inspections, including:
not accepting payments in cash;
returning deposited funds to customers through the same bank account from which they originated, always in the same name of the customer;
using automated electronic systems for identifying customers and conducting ongoing customer due diligence;
monitoring customer transactions to detect and investigate unusual activity;
maintaining an adequately resourced compliance function.