Author Archives: CFA Office

Prioritise your time …it is your most precious resource

The Thomson Reuters annual report on the cost of compliance, published late in 2018 for the 9th year, has again highlighted a major challenge faced by Compliance Officers as coping with continuing regulatory changes.[1]

The report states that during 2017, Thomson Reuters Regulatory Intelligence captured 56,321 regulatory alerts from over 900 global regulatory bodies averaging 216 updates a day.

Referring to the number of hours per week compliance teams expect to spend tracking regulatory developments the report states that, this year’s results show a slight uptick, with two thirds of firms (66 percent) expecting the amount of regulatory information published by regulators and exchanges to be slightly or significantly more over the next 12 months.

Two examples of the many legislations that companies need to comply with are The Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007-2018 (enacting the EU’s 4th directive on AML), which came into effect in Cyprus on April 3rd 2018, and the General Data Protection Regulation (GDPR), which came into effect on May 25th, 2018. GDPR caused a lot of consternation and confusion across all businesses in Cyprus, about just what should be done to comply. The 4th AML Directive, though affecting a narrower spectrum of companies, spearheaded a change in approach from simple record keeping for AML purposes, to a more sophisticated risk based approach to AML.

Speaking at the AML & Compliance – Current Developments Seminar, in April 2019, Yiannis Pettemerides, Freelance Compliance Advisor, said, “The AML Directive is not a difficult law, but it is a very time-consuming law requiring compliance teams to gather a lot of information about companies, sources of finances, and background checks on associated persons.”

So how can compliance professionals cope?

They could take the advice offered by American lawyer Jason E. Brown, a Partner with Ropes & Gray LLP, in a paper published by the European Institute of Management and Finance who said “… [compliance officers] “need to understand regulators’ enforcement priorities and strategically deploy their compliance resources to address those priorities.” [2]

Of the varied resources available, our advice is to prioritise your time … it is your most precious resource.

Time is not an easily increased resource. Budgetary constraints may mean adding more personnel is prohibitive while on the other hand finding well-qualified and experienced personnel in the current market presents a recruitment challenge.  Therefore, if increasing resources is not an option, compliance officers need to deploy their time strategically and work to mitigate time-consuming activities.

“Divide your time according to the evaluated risk rating of your clients. Spend 90% of your time on your high risk clients, and the remaining 10% on your normal and low risk clients.” Yiannis Pettemerides, Freelance Compliance Advisor, advised the seminar attendees. But, even when you heed this advice you still need to create and maintain records for all your clients on which to base your evaluations.

Gathering data and ensuring its quality is key to deploying a risk-based approach to compliance. To reduce pressure on your time and optimise data capture, find tools that help you by removing the need for duplicating data entry. Data gathered by company administration and banking activities should be readily available for compliance assessments and reporting.

To benefit from this type of cross-disciplinary collaboration you need an integrated approach to storing and accessing your data. One that also provides you with tools for generating the required reports such as group structures, client statistics and auditors’ reports, delivers alerts about suspect transactions, companies nearing or exceeding their Economic Profile limits, and reduces the time required for compliance monitoring and reporting.

The less time you spend creating records, maintaining Excel and Visio files and calculating beneficial ownership percentages, the more time you have to research clients and sources of financial transactions, activities that should form the core of your compliance activities.

Author: Claire Philpott, Senior Business Consultant, Moebius Limited.

[1] COST OF COMPLIANCE 2018, Stacey English, Susannah Hammond,

[2] European Institute of Management and Finance, ‘challenges-for-todays-compliance-officers-in-investment-firms-alternative-investment-funds’ <>

CFA Informative Circular #1/2018

Meeting of the Parliamentary Committee of Energy, Commerce, Industry and Tourism held on Tuesday 9th October 2018

A. Subject: Summary of proposed amendments to current legislation (in translation):

  • The Companies (Amended) Law no.2 of 2018
  • The General and Limited Partnership and Trade Names (Amended) Law of 2018
  • The Companies (Amended) Regulations of 2018
  • The Companies (Fees) (Amended) Regulations of 2018
  • The General and Limited Partnership and Trademarks (Amended) Regulations of 2018
  • The inward and outward Redomiciliation (amended) Regulations of 2018
  • The Societa Europea (SE) Regulations of 2018

B. Aim of the proposed amendments:

  • In the context of advancing the Registrar of Companies department, the proposed legislation effectively seeks to restructure submission forms connected to companies, partnerships, trade names, foreign or European companies, as well as the internal procedures followed by the department.
  • The proposed legislation ultimately seeks to simplify all procedures, decrease administrative costs involved, as well contribute towards Cyprus becoming a more attractive destination to the business world, especially when it comes to initiating business activity. Ultimately this aims to enhance the overall competitiveness of the jurisdiction and the utmost compliance to the current legislation.

C. Content of the amendments:

In practical terms, the key amendments to note are the following:

  • Stamp duty 0.6% on the authorized share capital is abolished entirely as a measure to increase competitiveness of the jurisdiction and attract new business;
  • Submission forms are now accompanied with explanatory notes to ensure correct completion is achieved – Contents are simplified.
  • Procedure to remove the word ‘limited’ is simplified: does not require the consent of the Ministry any longer. Included in HE1 form.
  • HE1 shall now be extensive to include registered address, secretary, members, share capital and list of attached documents. Affidavit requirement is removed.
  • HE2: introduction of a penalty for late submission (14 days)
  • HE12: introduction of a penalty for late submission (14 days)
  • HE57: introduction of a penalty for late submission (14 days)
  • HE32: introduction of a penalty for late submission (28 days)
  • HE4: introduction of a penalty for late submission (14 days)
  • Introduction of template regarding mergers, objection to company strike off.
  • Provision for the creation of an electronic newspaper of the ROC department
  • Publications should no longer be made in the Gazette, rather than the electronic newspaper of the Registrar.
  • Introduction of the concept of administrative reinstatement of a company within 24 months of strike off: this is a new concept introduced via the amendments by which any interested party (employee, creditor, tax office etc) may apply to the ROC within 24 months to reinstate the company WITHOUT having to resort to the court.
  • AE5/AE6/AE8: introduction of a penalty for late submission.
  • Trade names/partnerships: if they omit to provide documents requested by the ROC within 6 months, then they are removed from the registry.
  • Simplification of requirements for natural persons registering trade names.
  • Redomiciliations: MEA and ME1 are now consolidated – simplified / abolishment of requirement to submit a separate list of officers and members – it will now be part of the form for completion. ME2 and ME3 shall also be under one document.
  • Abolishment of affidavit requirement for the initiation of business activity (incorporations/redomiciliations/branches/SE formation/public companies).
  • Allotments made in kind: no longer need to provide supporting documentation.

D. Comments:

  • Amendments to be voted by the Parliament in October/November.
  • It was agreed by all members and representatives that the amendments seem beneficial to the current regime, and they opt for a much-needed modernization of the internal procedures followed by the Registrar of Companies department.
  • The new amendments focus on the electronic system of submission and given the success to implement, are expected to create a user friendly and efficient system.
  • Certain forms (such as HE1 for example) can only be implemented subject to installation of new software by the Registrar which is expected to be completed within 3 years from now, which can potentially be a disadvantage as to how soon the new amendments can be adopted.
  • Overall the submission documents are transformed, re-designed and consolidated in an efficient and comprehensive manner, explanatory notes contribute towards minimizing mistakes and circulation of documents through returns, clarifications etc.
  • Most important amendments were noted to be the mechanism of administrative reinstatement without the need of court order, the elimination of 0.6% stamp duty on the authorized share capital and the introduction of penalties for late submission.
  • The new regime seems very promising indeed, however always subject to how effectively and quickly it can be implemented, considering it is conditional on the replacement of the ROC software.
  • It was further noted that if the amendments are voted for, a period of 1 (one) year shall be allowed for full compliance, until all the relevant bodies are fully informed and ready to implement.

On Behalf of

CFA Legal & Tax Committee

23rd October 2018

Disclaimer: The information provided hereby by the Cyprus Fiduciary Association is for informational purposes only and is intended as guidance. The proposed changes/amendments are still subject to approval by the Parliament of the Republic of Cyprus and can be subject to changes or further amendments. Information provided hereby should not be construed as legal/investment/tax/economic advice and should not be relied upon as such. There are no representations or warranties made as to the accuracy of any information provided therein. The Cyprus Fiduciary Association will not accept any liability for any loss or damage arising as a consequence of reliance on such information. The Association does not guarantee that the information included is correct, accurate, complete or non-misleading and specific advice should be sought.


August 03 2018 | Contributed by Elias Neocleous & Co LLC

Corporate Tax, Cyprus

Shell and letter-box companies
Tax factors
Fundamentals of substance and ways to enhance it

Recent developments have underlined the need for businesses to have real substance in order to operate and benefit
from tax residence in Cyprus. Lack of proper substance may not only lead to the denial of benefits under double tax
agreements or EU directives, but may also mean that the company is unable to operate a bank account in Cyprus.

Shell and letter-box companies

On 14 June 2018 the Central Bank of Cyprus issued a circular to credit institutions that it regulates, advising them
against opening new bank accounts or continuing existing accounts with companies that are regarded as so-called
‘shell’ or ‘letter-box’ companies. These guidelines are due to be incorporated into the Central Bank’s Anti-money
Laundering Directive in the near future.
A ‘shell’ company is defined in the circular as an entity which is not publicly traded and which:
• has no physical presence in its country of domicile, apart from a mailing address;
• has no established economic activity, little to no independent economic value and no documentary evidence to
the contrary;
• is registered in a jurisdiction in which companies are not required to file independently audited financial
statements; or
• has a tax residence in a jurisdiction recognised as a tax haven or has no tax residence.

‘Physical presence’ implies having real management located within a country, carried out by individuals possessing
the knowledge and experience needed to run the business. The existence of employees is another factor indicating
physical presence. While it may be necessary and useful for other reasons, representation by means of nominee
services provided by agents (eg, lawyers or corporate service providers) does not constitute physical presence.
The guidelines stipulate that trading companies with no effective place of business and management, and hence no
substance, will not be permitted to maintain bank accounts in Cyprus. Further, trading companies incorporated in
jurisdictions recognised as tax havens must become tax resident in an appropriate tax jurisdiction in order to
continue banking in Cyprus.
These restrictions do not apply to holding companies which own investments in shares, intangible or other assets,
including real estate or ships, companies undertaking group financing activities or acting as group treasurer or
companies established to facilitate currency trades, asset transfers or corporate mergers, provided that their
beneficial ownership is identifiable and they demonstrate that they are engaged in legitimate business.
Banks may opt to engage in a business relationship with a shell-company client, but must be able to justify their
decision and record this justification in the client file. They will need to follow a risk-based approach in dealing with
such clients. Banks are required to carry out a review of their customers to identify such companies, and must inform
the Central Bank by 31 July 2018 of the results of the review and whether they intend to continue their business
relationship with the entities concerned.

Tax factors

In addition to pressures from the banking authorities, tax authorities around the world are becoming increasingly
assertive and sophisticated, and are ready to challenge what they perceive to be abusive structures and arrangements.
With increased transparency and automatic exchange of information, Cyprus companies which do not have real
substance run tax risks, including the risk of:
• having their Cyprus tax residency status questioned;
• losing the benefits of Cyprus tax residence; and
• becoming liable to tax elsewhere.
A company lacking sufficient management and capital may be entirely disregarded by foreign tax authorities, running
the risk that – in addition to any taxes payable by the company in Cyprus – its income is imputed to the beneficial
owners in their own country and taxed there. The availability of a notional interest deduction in Cyprus incentivises
companies to increase their capital and economic substance, and to benefit from reduced taxation on new equity.
Companies with transactions with related parties increasingly face transfer pricing challenges, making transfer
pricing a compliance priority for entities carrying out cross-border transactions. Under the detailed transfer pricing
rules introduced in 2017, companies must demonstrate real substance in Cyprus in the form of adequate management
and capital.

Fundamentals of substance and ways to enhance it

The key pillars of substance are sufficiency of management and capital.
‘Sufficient management’ means having adequate corporate governance arrangements and directors with the skills,
knowledge and experience to run the business, who demonstrably make the important business decisions in Cyprus.
They must spend adequate time on the business of the company and must have real decision-making powers. They
must not be directed by company shareholders, but rather should act independently in the interests of the company.

Depending on the size of the business, the existence of an office in Cyprus, facilities and employees can be key to
enhancing substance. The operation of bank accounts, accounting and HR functions should take place in Cyprus. The
company may also actively take part in the local business community by joining:

• the Chamber of Commerce;
• the Cyprus International Businesses Association; or
• similar bodies.

The optimum degree of presence will be determined by the needs of the business. For example, if a holding company
holds only one investment and the only decision is to declare a dividend once a year, or if a financing company has
only one loan which is assessed once a year, the physical presence required is much less than for a larger business.
‘Sufficiency of capital’ means that the company has enough capital buffer to assume the risks of its operations.
Therefore, the company is not a mere conduit or proxy, and the profits or losses from the operations evidently belong
to it alone.

Any decisions made to enhance substance in Cyprus may also have an effect in other jurisdictions. Consequently,
these issues should be considered altogether, in the context of the entity or the group of which it is a part.
For further information on this topic please contact Michalis Loizou at Elias Neocleous & Co LLC by telephone (+357
25 110 110) or email ( The Elias Neocleous & Co LLC website can be accessed at

The materials contained on this website are for general information purposes only and are subject to the
ILO is a premium online legal update service for major companies and law firms worldwide. In-house
corporate counsel and other users of legal services, as well as law firm partners, qualify for a free

Michalis Loizou
Elias Neocleous & Co LLC

VAT Seminar: Holding companies and VAT: From A to Z (21 February 2018)

The Cyprus Fiduciary Association is organising one (1) independent half-day seminar (4 hours) titled “Holding companies and VAT: From A to Z”.

The seminar represents the ultimate A to Z guide for all professionals that handle VAT for Cyprus companies and other legal entities, such as accountants at all levels, financial controllers, tax consultants, tax managers and more. The Cyprus holding company is perhaps the most important tool offered in tax planning at the Cyprus level. The VAT treatment and potential VAT implications of such a holding entity have become increasingly complicated mainly due to decisions of the European Court of Justice.

When does a Cyprus holding company carry out economic activities for VAT purposes? When is a holding company obligated to apply the reverse charge principal, and when is it not? To what extent can a holding company claim input VAT? Are dividends considered to be an exempt form of income for VAT purposes?

  • Wednesday, 21 February 2018 – Columbia Plaza Venue Centre, Limassol

Please find below the brochure of the event along with the respective registration form. The registration deadline is Tuesday, February 20th.

CFA 2018 Seminar 1 – Brochure

CFA 2018 Seminar 1 – Registration Form

The 4th Professional Services Forum (17 November 2017)

On November 17th 2017, the Cyprus Fiduciary Association organised at the Hilton Park Hotel (Nicosia) the Fourth Professional Services Forum called “International Trends of Professional Services to International Businesses and HNWI and the Future of the Sector in Cyprus”.

The Forum aimed to bring together peer-level leaders from the tertiary sector of the Cypriot economy to present and discuss the latest developments and trends in the field. Now an established annual event, this year’s conference took a new approach to incorporate professionals from the broader spectrum of the industry. Cyprus is recognized as an international centre of excellence for the provision of professional services and this year’s event wanted to provoke constructive thinking within the local sector to help maximize the industry’s potential. The governing bodies of major corporations must reassess their corporate strategies in their continuous and ever-challenging quest to minimize costs and augment their returns. One of the themes of this year’s conference was to explore new sectors and new geographical opportunities within the professional services field in Cyprus.

The speakers presented topics of key interest to the International Business sector providing an overview of the international developments in wealth management of high net worth and ultra high net worth individuals, through the overview of international tax trends and transfer pricing. In addition, there was an analysis of the international and local data that have defined the Professional Services sector in recent years. Speakers also emphasised on the global private banking trends, tax regulatory implications and investment trends and the dynamic of Cyprus as a business and investment centre.

The 4th Professional Services Forum brought together banking and financial institutions, accounting/ audit/ tax companies, asset management, investment companies and law firms, as well as various international Financial Centre Executives.

For more information on the 4th Professional Services Forum, you may visit the website of IMH who was the coordinator of the event.

1 10 19 11 12 13 17 14 18 9 5 4 3 2     16    8                            7                     6

Intellectual Property (IP) Tax Regime


Cyprus proposed new legislation for its intellectual property (IP) tax regime, known as the IP box regime. This is an amendment of the regime introduced by Cyprus in 2012, bringing it in line with new EU requirements and OECD (Organisation for Economic Co-operation and Development) rules against base erosion and profit shifting.

While the amended IP box regime may not benefit businesses quite as extensively as before, it still gives Cyprus a competitive edge and safeguards Cyprus’ future as a center for IP structuring.

Key provisions of the new IP box regime

The new regime applies to intangible assets developed after 1 July 2016, owned by a Cyprus entity, registered in its name either in Cyprus or abroad, and that satisfies the following criteria:

1. Qualifying intangible assets

Previously, qualifying assets were widely defined and included copyrights (literary works, dramatic works, musical works, scientific works, artistic works, sound recordings, films, broadcasts, published editions, databases, publications and software programs); patented inventions; trademarks and service marks; and designs or models applicable to products.

The new regime narrows the range of assets that qualify. Broadly speaking, a ‘qualifying intangible asset’ now means an asset which is acquired, developed or exploited by a person  to further a business (excluding intellectual property associated with marketing) and which is the result of research and development activities.

These assets include patents (as defined in the Patents Law); computer software; and other IP assets that are non-obvious, useful and novel. The person exploiting the asset must not generate annual gross revenue over €7.5 million, and if the person is a group company, the group’s revenue must not exceed €50 million.

2. Qualifying profits

Not all of a business’s profits will qualify for a favourable tax treatment. ‘Qualifying profits’ are defined as the proportion of a business’s overall income equivalent to the portion of the qualifying expenditure incurred for the qualifying intangible asset.

3. Overall income

80% of the overall income derived from the qualifying intangible asset is treated as a deductible expense.

Overall income includes royalties from the use of a qualifying intangible asset; license fees from the operation of a qualifying intangible asset; and capital gains from the sale of a qualifying intangible asset.

4. Qualifying expenditure

One of the main reasons for introducing the new regime is to ensure an entity only benefits from favourable tax treatment on IP profits if that same entity has incurred expenditure developing the IP.

‘Qualifying expenditure’ is defined as the total research and development costs incurred in any tax year, wholly and exclusively for the development, improvement or creation of a qualifying intangible asset, providing such costs directly relate to the qualifying intangible asset.

This includes wages and salaries; direct costs; general expenses relating to installations used for research and development; expenses for supplies relating to research and development; and costs associated with research and development that have been outsourced to non-related persons.

Excluded from the definition are costs for the acquisition of intangible assets; interest paid or payable; costs relating to the acquisition or construction of immovable property; amounts paid or payable directly or indirectly to a related person to conduct research and development, regardless of whether these amounts relate to a cost sharing agreement; and costs which are not directly connected to a qualifying intangible asset.

Transitional arrangements

Under Cyprus’s previous IP box regime, businesses could reduce their tax on gross income derived from an intangible asset by 80% (after deduction of direct costs and amortisation over five years). This could result in an effective tax rate of 2.5% or lower.

For businesses within the regime before the proposed changes on 1 July 2016, transitional provisions allow them to continue benefiting on the same basis until 30 June 2021 for intangible assets which were:

  1. acquired before 2 January 2016;
  2. acquired from a related person between 2 January 2016 and 30 June 2016 and at the time of acquisition were benefiting under the IP box regime or a similar scheme in another state;
  3. acquired from an unrelated person between 2 January 2016 and 30 June 2016; or
  4. developed between 2 January 2016 and 30 June 2016.

The transitional rules only apply to assets which were already generating income or had completed development as at 30 June 2016.

Conclusion: an international context for the IP box regime

In today’s digital age, countries battle to attract leading technology, design and media businesses. Alongside robust protection for intellectual property (IP), monetary incentives are a key tactic. The most notable of these is favourable tax treatment on profits generated from IP exploitation.

In light of such IP regimes, the OECD and the EU have both introduced rules to prevent businesses exploiting loopholes in local and international tax law. In particular, they want to ensure businesses only benefit from a favourable IP income tax rate if those businesses have incurred expenses developing the IP.

Cyprus, together with many other jurisdictions, has now amended its IP box regime so it complies with the new international provisions. With these changes, Cyprus continues its compliance of OECD requirements for tax transparency and information sharing and demonstrates active support for the OECD’s global measures to tackle aggressive tax planning and avoidance.

The IP tax regime was introduced on 1 July 2016.


Laura Michael
Director of Client Accounting – Vistra (Cyprus) Ltd
Member of the CFA Tax & VAT Committee 

Know Your Customer: Will technology provide the ultimate solution?

A business challenge of escalating complexity and business risk

In the past, before the globalization of banking, the 9/11 terrorist attacks, and the financial crisis of 2008 increased the pressure to clamp down on money laundering activities, KYC procedures and regulations were more relaxed and less complex.

Nowadays, professional and financial services companies face a dual challenge of enhancing customer experience and increasing their satisfaction, while at the same time they are required to fulfil a complex set of constantly changing legal, KYC and due diligence requirements.

According to a survey[1] conducted by Thomson Reuters in 2016, a very high percentage (89%) of corporate customers has claimed that they did not have a good KYC experience. Moreover, the particular survey highlighted a 22% increase in the time required for on-boarding a new client, and it is estimated that this will further increase by an additional 13% in 2017 mainly due to increased pressure from regulatory authorities. Another interesting finding of the study is that service providers recognize the need to continuously adjust their processes in order to keep-up with changes in regulations. More specifically, 87% of banks and 56% of investment managers consider regulation changes the most influential factor for their KYC services.

Given the high level of customers who are reporting that they have not had a good KYC experience, it is clear that service providers are facing challenges that need to be overcome so that they avoid losing customers or engaging them into a process that has a negative impact on their overall experience.

What are the main challenges?

Creating a balance between the need to undergo an administration intense exercise of collecting KYC information without sacrificing either the efficiency or the experience when on-boarding new clients, is a challenge that needs to be addressed by all service providers.

Another challenge that must be addressed is the need to keep records up-to-date as requested by the regulatory authorities and to review them properly in a timely manner – a complex administrative process that needs to be based on accurate and timely reminders. As far as KYC documents are concerned, companies are required to ensure accuracy of their records whilst at the same time controlling access to them. Namely, a balance between making documents available to part of the organisation without exposing sensitive information to unauthorised personnel should be maintained so that organisations avoid data leaks and protect confidentiality.

Finally, the collection of information from multiple sources that provide access to due diligence data and the addition of these to the relevant data storage is another challenging task that organisations need to address if they are to optimise the whole KYC process. This is a challenge that should be addressed wisely as it can raise the relevant costs of the whole process.

In response to the above challenges, companies are seeking tools that will enable them to reduce the impact of the KYC process on their business by increasing their KYC effectiveness. In recent years we have observed a shift in the data collection process of the Compliance Officer from being predominantly paper based to being on-line and system based. The technology market has been quick to identify an opportunity for software solutions, with a plethora of KYC and compliance solutions promoted in the market place.

Parameters that shape a comprehensive technology solution

The abundance of advertised KYC solutions requires businesses to carefully assess and decide which one can support their organisation’s efforts for optimising their KYC processes.

An organisation that is able to optimise, both in terms of cost and time, their KYC process will without a doubt differentiate from the rest and thus have a competitive advantage. To capitalise on this opportunity each organisation should assess the KYC solutions available to identify the best fit to optimise their process and suit their business needs.

The list below consists of the parameters for optimisation that should be taken into consideration through the assessment process.

  • A KYC solution should be easily configurable so that it integrates all the business units that interact in the client on-boarding process.
  • A KYC solution needs to be flexible enough to provide the ability for automating complicated business workflows.
  • A KYC solution needs to be able to integrate with multiple, well-reputed sources that are being used for the collection of KYC specific data (e.g. Sanctions, PEPs, etc.). More specifically, it needs to be a solution that efficiently captures, stores and presents KYC data with limited disruption or input of the end user.
  • Finally, a KYC application should be flexible enough so that it can be easily adjusted to the changes that are commonly introduced by regulators.

A look into the possible future

Although today there are sophisticated solutions that can satisfy the basic needs of a mainstream organisation, there is nothing that solves the issue of the replication of the work that exists when establishing a new business relationship. To be specific, at the moment there is no option of cross-institution identity verification and as a result, each institution must individually verify the identity of its clients

Blockchain, an emerging technology of a distributed database, appears to promise a solution to this issue. Essentially, with Blockchain, the verification of a client takes place only once and the final result is cryptographically stored in Blockchain and available for anyone with access to the Blockchain to use during their verification purposes. This offers professional service providers the opportunity to get rid of labour intensive multi-step KYC processes as they could have the option to access a distributed database that will provide them with the requested results of these processes. More specifically, all the information relating to the client’s identity will become available to organisations with the appropriate permissions via a distributed database considered as a single source of “truth”.

While Blockchain technology appears to provide a dream solution to every Compliance Officer there is still a long way to go before it will become generally adopted. Even though this emerging and growing technology has strong advocates, its value still needs to be proven since there are serious challenges that need to be considered before its general adoption becomes a reality.

Whilst compliance is gradually moving from a paper based to a computerised process, the ultimate technological solution will only be available if the relevant authorities support the move to a single solution that institutions can access/update.

To conclude, the KYC process poses a challenge that organisations need to carefully address. For service providers the adoption of innovative solutions that automate the on-boarding of new clients can unlock the opportunity for differentiation. The high demand for KYC solutions is at the same time an incentive for the technology industry to develop innovative, integrated KYC solutions that will help organisations overcome this challenge.


Chrysostomos Filippou
Business Development Manager | Moebius Limited (CFA Supporter 2017)

[1] Thomson Reuters, 2016. Thomson Reuters 2016 Know Your Customer Surveys Reveal Escalating Costs and Complexity, London/New York: Thomson Reuters.

CFA Circular (June 2017) – Meeting with CySEC (30/5/2017)

The meeting was requested by the Cyprus Fiduciary Association, following the various issues raised during the CFA Think Tank that took place on April 5th, 2017, regarding latest developments in the AML Directive and the latest on-site visits of CySEC. The meeting was attended by the following:

  • CySEC: Demetra Kalogerou, Andreas Andreou, Charalambos Paraskeva, Marinela Georgiadou
  • CFA: Christos Michael, George Ioulianos, Athena Yiallourou, Michalis Loizou

Starting the meeting, CFA representatives noted that there are several matters that need to be clarified with the regulator in order to be able to advise and guide the members of the Association, accordingly. In addition, these matters need to be clarified so that CySEC can address the issues with the other two Regulators in order to obtain the same level of monitoring throughout the ASP sector.

The following issues were discussed:

  1. Risk Based Approach (What are the minimum requirements?  What are the expectations of the regulator? Is there any particular form or program which can be used?)

As per CySEC representatives’ recommendations, the consultation paper of the Joint Committee of the European Supervisory Authorities (October 2015) can be used as a base for the drafting of a Risk Based program of the ASPs, as well as certain recommendations that will be included in the amended Cyprus AML Legislation (which should be completed by the end of June 2017).

Following the request  for more specific guidelines from the Regulators, CySEC representatives suggested CFA, after the issuance of the new Legislation, to provide CySEC with a draft document stipulating the minimum factors for an acceptable Risk Based Approach for review and comments. As suggested, the document should be negotiated with the other two supervisory authorities in order to address a common approach to the subject.

  1. Transaction Monitoring

CFA members mentioned that ASPs are not Financial Institutions, like Banks and Investment Entities, and that real-time monitoring of monetary transactions is not within the scope of the services provided.

Although it is understood that as Directors there is obligation to have knowledge and maintain control of an entity’s activities in order to prevent the misuse of the entity for illegal purposes, daily control of monetary transactions is very difficult to achieve due to the volume of the work and the nonexistence (at least in Cyprus)  of an automated system which will allow such a detailed record keeping.

Several suggestions were mentioned, e.g. Excel spreadsheets for each client, Quarterly monitoring by Bank account reconciliation, etc. CySEC representatives insisted that this is an obligation of the ASPs and monetary transactions should be controlled at all times.  They have requested CFA to present to them a report of how other Regulators deal with this particular requirement and provide suggestions for discussion.

  1. 4th AML Directive

CFA representatives noted that the consultation paper was sent to the members with short notice for comments (on Friday 26/5/2017 for Thursday 1/6/2017) and more time should have been provided. Nevertheless, members of the AML & Compliance Affairs Committee of CFA have prepared a paper with suggestions for CySEC, which will be delivered before the noted deadline.

  1. Source of Income/ Source of Wealth

After discussion, it was resolved that the required information should be documented in relation to the risk factor of the client and that there are a number of documents and public information, which can be obtained in this respect, e.g. CV, Bank Statements, Title deeds, Tax Return, Internet search findings, other information systems (SPARK, World Check, Feasibility studies, Kroll reports etc.).

All documented evidence should be duly recorded in support to the above.

  1. Record Keeping

It was clarified that in relation to AML, the record keeping period is at least 5 years except of accounting information which should be kept for 7 years, as per Tax Law requirements.

Other matters discussed:

  • Ms. Kalogerou informed us that she had a meeting with members of the Cyprus Organisation for Standardisation regarding ISO certifications that can apply to the financial sector. Particularly, they mentioned the ISO 27/2001 standard, which is in compliance with the new Personal Data Protection Act that will be applicable from 1/2018 to all EU countries. She mentioned that a recommendation will follow from CySEC to all regulated entities in this respect.
  • Christos Michael made reference to another ISO standard (34/2001) that is suggested for all companies that would like to have the ‘Fund Administrator’ licence. Ms Kalogerou stated that the new legislation is still under review and that the requirements for fund administrators are still to be examined.

Closing the meeting, Ms Kalogerou stated the important role of CFA and that it would be ideal if all CySEC regulated entities were members of the Association. Ms Kalogerou said that the Commission will find the ways to suggest the CFA membership to its regulated entities.

Criminal Liability under Cyprus Law for the Infringement of EU Restrictive Measures

On 31 July 2014, the European Union (EU) adopted a package of restrictive measures targeting sectorial cooperation and exchanges with the Russian Federation. The package consists of measures aimed at limiting access to EU capital markets for Russian State-owned financial institutions, an embargo on trade in arms, an export ban for dual-use goods for military end use and end users, and restrictions on access to certain sensitive technologies, particularly in the oil sector. The main EU Regulation is 833/2014 of 31 July 2014 concerns restrictive measures in view of Russia’s actions destabilizing the situation in Ukraine, as amended (the “Regulation”). The Regulation has, inter alia, applied restrictions on access to the capital markets for certain financial institutions and other entities (the “Listed Entities”), which are listed in the annexes to the Regulation.

The Regulation applies within the territory of the EU or to any EU nationals, whether inside or outside EU territory, and covers any legal person or entity incorporated under the laws of any member state and also any legal person in respect of any business done within the EU. Such persons or entities are not allowed to provide investment services to Listed Entities. The term “investment services” has been defined broadly as to include the reception and transmission of orders in relation to one or more financial instruments, execution of orders on behalf of clients, dealing on own account, portfolio management, investment advice, underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis and any service in relation to the admission to trading on a regulated market or trading on a multilateral trading facility. It is suggested that the use of broad definitions in the Regulation is deliberate and is intended to apply to a wide range of activities. The definitions of transferable securities and money-market instruments are also broadly drafted, as the EU aims to ensure that the relevant sanctions have an extensive effect.

The restrictive measures imposed by the Regulation do not themselves create criminal offences but it is for the member states to create criminal offences while implementing the relevant sanctions in their domestic legal systems. The Regulation provides that member states shall lay down the rules on penalties applicable to infringements of the provisions of the Regulation and shall take all measures necessary to ensure that they are implemented. In April 2016, the Republic of Cyprus enacted the Law concerning the Application of the Provisions of the Resolutions or the Decisions of the UN Security Council (Sanctions) and the Decisions and Regulations of the Council of the European Union (Restrictive Measures) (the “Sanctions Law”) under which Cyprus has introduced specific measures and penalties for the breach and/or non-compliance with the Regulation and any sanctions approved by the executive or legislative bodies of the EU.

Pursuant to the Sanctions Law, the competent authorities, as those are defined by Article 59 of the Prevention and Suppression of Money Laundering Activities Law (2007-2016), are those responsible for monitoring and supervising in their respective area of responsibility.

The Sanctions Law provides that the penalties for breach of the sanctions or the restrictive measures of the EU are imprisonment not exceeding two years or a fine not exceeding €100,000 or both for natural persons and a monetary fine not exceeding €300,000 for legal entities.

EU regulations are in their entirety part of the acquis and are binding and of immediate application in the internal legal order of the EU member states. Therefore, the possible criminal liability for infringement of the restrictive measures prior to the enactment of the Sanctions Law must also be examined. It is commonly argued that any breaches of the restrictive measures prior to April 2016 constituted criminal offences under section 136 (disobedience of law) and 137 (disobedience of legal orders) of the Cyprus Criminal Code. The penalties under section 136 are up to two years of imprisonment and/or a maximum of €2,563 fine, while section 137 provides for imprisonment of two years, unless otherwise expressly provided.

It is important to note that no cases have been prosecuted for possible breach of the EU restrictive measures in Cyprus so far. It is also worth noting that the Regulation provides that actions by natural or legal persons shall not give rise to liability of any kind on their part, if they did not know, and had no reasonable cause to suspect, that their actions would infringe the measures set out in the Regulation.

The Ministry of Foreign Affairs has underlined that it is the responsibility of every EU citizen to verify and ensure that their activities do not infringe and/ or circumvent the EU restrictive measures. CFA members are advised to remain updated with the latest developments on this matter and perform rigorous checks on their clients to ensure that all services offered by them are in compliance with the applicable laws and the Regulation. Also, the relevant checks should be undertaken to establish that their clients, or affiliated or controlled entities thereof, are not sanctioned or Listed Entities.


Stella Strati
Limited Partner – Corporate Finance, Pageserve Ltd
President of the Legal & Corporate Affairs Committee

Stylianos Trillides
Legal Consultant, Pageserve Ltd

Compliance, AML and the 4th Directive: ‘The Only Constant in Life is Change’

The multiple developments and changes of the last couple of years in relation to the Service Providers’ financial environment, together with actions that need to be taken in order to ensure prevention on the one hand and monitoring on the other,  are enough to make one understand completely what Heraclitus meant by his famous statement that  “The only constant in life is change”.

Since the implementation of  Law 196(I)/2012 regulating Companies providing Administrative Services (ASPs) and Related Matters, ASPs and their Regulators have also come within the scope of the Prevention and Suppression of Money Laundering Activities Law of 2007 and its relevant amendments.

Recent local and international developments show that money laundering and terrorist financing threats are changing rapidly and the evolution of technology providing easy access to everyone, including criminals, imposes the necessity for the constant change of international and local legislation in order to counter these new threats. The leaked ‘Panama Papers’, terrorist attacks, corruption at all levels of authority and country sanctions are just some of the recent events and issues which have affected the international financial sector, without taking into consideration the additional social and other negative effects on society.

Following the adoption of a new set FATF (Financial Action Task Force) recommendations in February 2012, the European Union proceeded in May 2015 with the issuance of directive 2015/849 (The 4th EU AMLD) which all member states are obliged to implement by 26/6/2017.

The main changes of the 4Th Directive and how they affect ASPs’ day-to-day work:

1. Risk

ASPs are required to identify, understand, and mitigate their risk, documenting any such risk assessment and keep records of the assessments/updates of risk they undertake. Regulators should be in the position to understand the reasoning of each risk assessment upon any supervision. Each client will need to be assessed according to a specific documented procedure taking into consideration as a minimum risk factors including those relating to their customers, countries or geographic areas, products, services, transactions or delivery channels

The above change abolishes the existing High Risk categories i.e. Trusts, Bearer Shares, non-face-to-face clients and obliged entities will be fully accountable for any decision they make as to the Risk categorisation of each client.

Under the 4th Directive only Politically Exposed Persons – local and international – will by default remain marked as High Risk.

2. Public access to Beneficial Ownership of legal entities.

ASPs should hold available information on the beneficial ownership of all entities under their administration which information will be available to both competent authorities and their regulators.

With the implementation of the 4th directive, Cyprus, must allow public access to beneficial ownership information in an adequate, coherent and coordinated way, through central registers.  The EU directive also requests that this information remain publicly available through the national registers for 10 years after the striking off of a company from the company register. Although the final decision on how the Cyprus public register will be held and the terms and conditions under which access will be allowed are not yet specified, this is an issue that ASPs should definitely take into consideration and maintain updated records, which can be easily uploaded upon implementation.

3. Tax Crimes

These are now considered as a predicate offence for money laundering. Although under Cyprus AML law, this is already applicable, ASPs should ensure that, through their Manual Procedures and monitoring of transactions, suspicious actions of tax evasion are investigated and necessary supportive documents/measures be kept on record to avoid any such risk.

4. Gambling

Whereas until now only casino-related services were considered high-risk and thus extra care should be applied, the new era includes the entire gambling sector. ASPs should be alert for any entities related to gambling and ensure that such entities are duly regulated and their transactions monitored.

5. High-Risk Third Countries

The EU 4th Directive and EU regulation 2016/1975 empower the European Union to identify high-risk third countries, instead of maintaining a list of acceptable third countries, as exists today. Although an initial list of high-risk third countries has been drafted, no conclusive list is still available, so ASPs should ensure that, upon the risk assessment of their entity, a client’s country risk is evaluated taking into consideration whether it presents substantial money laundering and terrorist financing risks, if it fails to address these deficiencies and the level of corruption is high.

6. Administrative Sanctions.

The revised Directive contains a range of sanctions that Member states should ensure are available for systematic breaches of key requirements of the Directive, mainly in relation to customer due diligence, record keeping, suspicious transaction reporting and the internal monitoring and controls of client transactions.

Considering that the above points are only a handful of the measures that need to be taken by ASPs, who face a real danger of being exploited and of facing not only administrative sanctions but, most importantly, of jeopardizing their reputation and facing legal action, ASPs should ensure that they work in an ethically correct environment, even though, as many have observed, no system will ever be totally immune to money laundering.


Athena Yiallourou
Compliance Officer, Trident Trust Company (Cyprus) Ltd
President of the CFA AML & Compliance Affairs Committee