Know-Your-Customer: the protagonist in the fight against money laundering in Cyprus

Money laundering, being the conversion of criminal proceeds into assets not being able to be traced back to the underlying laundering offence, is undoubtedly a scourge against the global financial system, sapping the legal order and institutions, corrupting the society and individuals and empowering the organized crime. It is absolutely impossible to estimate how much billions of dollars are laundered all over the world every year despite the unrelenting global efforts, and this fact alone indicates the magnitude of this phenomenon.

Cyprus has come a long way in cleaning up its act and enforce strict Anti-Money Laundering Regulations, enjoying the rewards of having an efficient domestic Financial Intelligence Unit, called “Mokas”.

Cyprus is a member of the Moneyval Committee of the Council of Europe, which is an associated member of the Financial Action Task Force (FATF). Cyprus’ anti-money laundering legal framework and systems have been assessed many times by the Moneyval Committee and was found to be in full compliance with the FATF 40+9 Recommendations.

Cyprus has signed and ratified, so far, the following international conventions:

• 1990 Council of Europe Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime;
• 2005 Council of Europe Convention on Laundering, Search, Seizure and the Confiscation of the Proceeds from Crime and on the Financing of Terrorism;
• The United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances;
• UN Convention Against Corruption which was ratified in 2008 with Ratification Law No. 25(III)2008.

And as a member state of the European Union is in full harmonization with the following European directives and framework decisions:

• Directive 91/308/EEC of 10 June 1991 on the Prevention of the use of the financial system for the purpose of Money Laundering;
• Directive 2001/97/EC of the European Parliament and of the Council of 4 December 2001 on the prevention of the use of the financial system for the purpose of money laundering;
• Directive 2005/60/EC of the European Parliament and of the Council 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing;
• EU Council Framework Decisions on freezing and confiscation;

Domestically, the Law of the Republic of Cyprus 188(I)/2007, which was further amended in June 2010 with Law No.58(1)/2010, (“the Law”), regulates the professional activities and services of a number of “sensitive” professionals of high risk including, but not limited to, banks, auditors, external accountants and tax advisors, independent lawyers, and service providers for trust services, fiduciary, nominee and company services to third parties (the “Service Providers”).

The Law constitutes a comprehensive and efficient basis for the combat against money laundering since it contains the necessary provisions for both the prevention and suppression of the money laundering, and the tracing, freezing and confiscation of assets.

Activities and services prescribed under Section 2 of the Law are defined to include a wide range of financial and other activities, but those most likely to be relevant to lawyers are:

• providing services relating to the issue of securities;
• providing advice or services on capital structure, industrial strategy;
• mergers or the purchase of undertakings;
• providing safe custody services;
• providing any services to clients including carrying out audit activities, secretarial, nominee directors/secretary, accounting/bookkeeping services and providing tax advice;
• forming companies or other legal persons;
• acting as director or secretary of a company, a partner of a partnership, or a holder of a similar position in relation to other legal persons or legal mechanisms so that another person may carry out such duties;
• providing a registered office, business address, correspondence or administrative address and other related services for a company, a partnership or any other legal person or legal mechanism;
• acting as a trustee of an express trust or a relevant legal mechanism so that another person carries out such duties;
• acting as nominee shareholder for another person or a legal mechanism so that another person carries out such duties.

It should be noted that lawyers are not bound to disclose “privileged information” which is defined in section 44 of the Law. “Privileged information” means communication between an advocate and a client for the purpose of obtaining professional legal advice or professional legal services in relation to legal proceedings whether these have commenced or not, which would in any legal proceedings be protected from disclosure by virtue of the privilege of confidentiality under the law in force at the relevant time; provided that a communication between an advocate and a client for the purposes of committing a prescribed offence shall not constitute privileged information; provided that a communication between an advocate and a client for the purposes of committing a prescribed offence shall not constitute privileged information.

Predicate offences are:

• All criminal offences punishable with imprisonment exceeding one year, as a result of which proceeds have been derived which may constitute the subject of a money laundering offence as defined by section 4 below
• Financing of Terrorism offences as these are specified in Article 4 of the Financing of Terrorism (Ratification and other provisions) Laws of 2001 and 2005, as well as the collection of funds for the financing of persons or organizations associated with terrorism
• Drug Trafficking offences, as these are specified in section 2 of the Law.
• Section 4 provides the money laundering offences, and reads as follows:

Every person who (a) knows or b) at the material time ought to have known that any kind of property constitutes proceeds from the omission of a predicate offence, carries out the following activities:

1. converts or transfers or removes such property, for the purpose of concealing or disguising its illicit origin or of assisting in any way any person who is involved in the commission of the predicate offence to carry out any of the above actions or acts in any other way in order to evade the legal consequences of his actions;
2. conceals or disguises the true nature, the source, location, disposition, movement of and rights in relation to, property or ownership of this property;
3.  acquires, possesses or uses such property;
4. participates in, associates, co-operates, conspires to commit, or attempts to commit and aids and abets and provides counseling or advice for the commission of any of the offences referred to above;
5. provides information in relation to investigations that are carried out for laundering offences for the purpose of enabling the person who acquired a benefit from the commission of a predicate offence to retain the proceeds or the control of the proceeds from the commission of the said offence;

commits an offence punishable by fourteen years’ imprisonment or by a pecuniary penalty of up to Euro 500.000 or by both of these penalties in the case of (1) above and by five years’ imprisonment or by a pecuniary penalty of up to Euro 50.000 or by both in the case of (2) above;

Persons engaged in financial and other business apply customer identification procedures and customer due diligence measures in the following cases:

• When establishing a business relationship in Cyprus;
• When carrying out occasional transactions amounting to 15,000 Euro or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked;
• When there is a suspicion of money laundering or terrorist financing, regardless of the amount of the transaction;
• When there are doubts about the veracity or adequacy of previously customer identification data.

The Law requires all Cypriot Business to establish systems and procedures in connection with the following:

• Client identification procedures and client due diligence;
• Record-keeping procedures in relation to clients’ identity and their transactions;
• Procedures of internal reporting to a competent person (e.g. a Money Laundering Compliance Officer) appointed to receive and consider information that give rise to knowledge or suspicion that a client is engaged in money laundering or terrorist financing activities and to MOKAS as provided by the Law;
• The thorough examination of every transaction that is considered to be of high risk due to its nature and especially complicated or unusually large transactions and all transactions that are being executed with no profound economic reason;
• Other internal control and communication procedures for the purpose of preventing money laundering and terrorist financing;
• Measures for making employees aware of all the above procedures to prevent money laundering and terrorist financing and of the relevant legislation; and
• Provision of training to their employees in the recognition and handling of transactions suspected to be associated with money laundering or terrorist financing.

The Service Providers are under the obligation to establish and maintain adequate and appropriate control systems, policies and procedures to guard against their business and the financial system in general, being used for the purposes of money laundering or financing of terrorism and to ensure the reporting of any cases that may be known or suspected. More specifically, according to sections 58-65 of the Law, such control systems, policies and procedures should be in relation to:

• “Know-Your-Customer” (KYC) implementation and due diligence;
• Record-keeping;
• internal reporting and reporting to MOKAS;
• internal control, risk assessment and risk management;
• Scrutiny of vulnerable , large or unusual or suspicious transactions;
• Keeping employees fully informed and educated on the legislation as well as trained on the procedures and systems implemented;

In essence these procedures are designed to achieve two purposes: firstly, to facilitate the recognition and reporting of suspicious transactions and, secondly, to ensure the strict implementation of KYC and the maintenance of adequate record keeping procedures.

Failure to comply with any of the requirements of the Law for the implementation of procedures as set out above is subject to an administrative fine of up to €200.000, which is imposed by the competent supervisory authority. In case the offence continues, an additional administrative fine of up to €1.000 is imposed for every day during which the offence continues.

More specifically, lawyers have according to the Law, the following main obligations:

• Obligation to identify and report suspicious transactions (section 27);
• Obligation not to disclose information for suspicion, knowledge, interrogation or investigation (tipping off) (section 48);
• Obligation for adopting Client identification procedures, record keeping procedures and client due diligence (sections 58-65);
• Obligation to appoint internally a Reporting and Compliance officer;
• Obligation to train and educate partners and staff 6) Obligation for thorough examination of a transaction of high risk or without an obvious financial purpose.

As mentioned above already for all service providers, failure of the lawyer to comply with implementation of procedures (sections 58-65) will result to an administrative fine of up to €200.000 imposed by the Cyprus Bar Association being the supervisory authority for lawyers in Cyprus. In case the offence continues, an additional administrative fine of up to €1.000 is imposed for every day during which the offence continues.Failure to report (Section 27) is punishable on conviction by a maximum of five years of imprisonment or a fine not exceeding the amount of €5.000 or both. It should be noted that the reporting of suspicious transactions under section 27 does not constitute a breach of confidentiality. Tipping off (Section 48) is punishable on conviction by a maximum of five years of imprisonment.Furthermore, a lawyer who fails to comply with the requirements of the Law is referred to the Disciplinary Board of the Cyprus Bar Association which decides accordingly. This is irrespective of whether money laundering or terrorist financing has taken place or not.

In business relationships, the lawyer will need to obtain a good working knowledge of a client’s business and financial background as well as information on the purpose and intended nature of the business relationship in order to provide an effective service. This will provide evidence of identity at an early stage in the relationship. It is for each lawyer to decide what document(s) a prospective client should be required to produce as evidence of identity. A copy of such document(s) should be taken and retained. Where this is not possible, the relevant details should be recorded on the prospective client’s file. An ongoing client due diligence on the business should be done, including scrutiny of transactions undertaken throughout the course of that relationship, to ensure that the transactions being conducted are consistent with the lawyer’s knowledge of the client, their business and risk profile and, where necessary, the source of funds.

Records kept must be reviewed and updated. All lawyers should seek satisfactory evidence of identity of those for whom they provide services (a process referred to in the relevant European Directive as verification of identity). If satisfactory evidence of identity has not been obtained in a reasonable time, then “the business relationship or one-off transaction in question shall not proceed any further”. This means that the lawyer should refrain from providing the requested service or performing the transaction.

In some circumstances, failure by a client to provide satisfactory evidence of identity may, in itself, lead to a suspicion that he/she is engaging in money laundering. The lawyer should then seriously consider reporting the case to MOKAS.

It would be wise to see how the term “beneficial owner” is defined under the Law, in order to be able to understand how the KYC is applicable:

Beneficial Owner means the natural person or natural persons, who ultimately own or control the customer and/or the natural person on whose behalf a transaction or activity is being conducted. The beneficial owner shall at least include:

• In the case of corporate entities:
• the natural person or natural persons, who ultimately own or control a legal entity through direct or indirect ownership or control of a sufficient percentage of the shares or voting rights in that legal entity, including through bearer share holdings, a percentage of 10% plus one share be deemed sufficient to meet this criterion;
• the natural person or natural persons, who otherwise exercise control over the management of a legal entity.
• In the case of legal entities, such as foundations and legal arrangements, such as trusts, which administer and distribute funds:
• Where the future beneficiaries have already been determined, the natural person or natural persons who is the beneficiary of 10% or more of the property of a legal arrangements or entity;
• Where the individuals that benefit from the legal arrangement or entity have not yet to be determined, the class of persons in whose main interest the legal arrangement or entity is set up or operates;
• The natural person or natural persons who exercise control over 10% or more of the property of a legal arrangement or entity.

Service Providers should apply the following enhanced customer due diligence measures, in addition to the other measures referred to above:

• Where the customer has not been physically present for identification purposes, apply one or more of the following measures:
• Obtain additional documents, data or information for verifying customer’s identity;
• Take supplementary measures to verify or certify the documents supplied, or requiring confirmatory certification by a credit or financial institution covered by the EU Directive.
• Ensure that the first payment of the operations is carried out through an account opened in the customer’s name with a credit institution which operates in a country within the European Economic Area.
• In respect of cross-frontier correspondent banking relationships with credit institutions-customers from third countries, it is required to:
• Gather sufficient information about the credit institution customer to understand fully the nature of the business and the activities of the customer and to assess, from publicly available information, the reputation of the institution and the quality of its supervision;
• Assess the systems and procedures applied by the credit institution-customer for the prevention of money laundering and terrorist financing;
• Obtain approval from senior management before entering into correspondent bank account relationship;
• Document the respective responsibilities of the person engaged in financial or other business activities and of the credit institution-customer.
• With respect to payable-through accounts, must be ensured that the credit institution-customer has verified the identity of its customers and performed ongoing due diligence on the customers having direct access to the correspondent bank accounts and that it is able to provide relevant customer’s due diligence data to the correspondent institution, upon request.
• In respect of transactions or business relationships with politically exposed persons (PEPs) residing in a country within the European Economic Area or a third country (such as Russia and CIS), it is required from persons engaged in financial or other business activities to:
• have appropriate risk-based procedures to determine whether the customer is a politically exposed person;
• have senior management approval for establishing business relationships with such customers;
• take adequate measures to establish the source of wealth and source of funds that are involved in the business relationship or transaction;
• conduct enhanced ongoing monitoring of the business relationship.

Enhanced customer due diligence measures must be taken in all other instances which due to their nature entail a higher risk of money laundering or terrorist financing.

It should be noted that Service Providers may rely on third parties for applying the requirements in respect of customer identification procedures and customer due diligence measures; however the ultimate responsibility for meeting those requirements shall remain with the Service Provider.

The fact that in 2010, MOKAS investigated 989 cases of money laundering, as compared to 115 cases in the year 2000 only proves exactly how seriously and efficiently the Cyprus authorities deal with money laundering.

A strict domestic regulatory framework and supervision can certainly achieve much to fight money laundering.

On the other hand, this success will tend to push money laundering to other less regulated and supervised jurisdictions, which at the end of the day, it only proves the need to overcome the numerous obstacles (such as the conflicted regulatory philosophies, the differences in structure and in development of financial systems, and the limited resources) which exist between the various countries all over the world, and move forward to achieve a truly global Anti-Money Laundering regime and effective cooperation against money laundering.

Contributed by: Georgia Constantinou Panayiotou who may be contacted by completing the form below

Share and Enjoy