Compliance, AML and the 4th Directive: ‘The Only Constant in Life is Change’

The multiple developments and changes of the last couple of years in relation to the Service Providers’ financial environment, together with actions that need to be taken in order to ensure prevention on the one hand and monitoring on the other,  are enough to make one understand completely what Heraclitus meant by his famous statement that  “The only constant in life is change”.

Since the implementation of  Law 196(I)/2012 regulating Companies providing Administrative Services (ASPs) and Related Matters, ASPs and their Regulators have also come within the scope of the Prevention and Suppression of Money Laundering Activities Law of 2007 and its relevant amendments.

Recent local and international developments show that money laundering and terrorist financing threats are changing rapidly and the evolution of technology providing easy access to everyone, including criminals, imposes the necessity for the constant change of international and local legislation in order to counter these new threats. The leaked ‘Panama Papers’, terrorist attacks, corruption at all levels of authority and country sanctions are just some of the recent events and issues which have affected the international financial sector, without taking into consideration the additional social and other negative effects on society.

Following the adoption of a new set FATF (Financial Action Task Force) recommendations in February 2012, the European Union proceeded in May 2015 with the issuance of directive 2015/849 (The 4th EU AMLD) which all member states are obliged to implement by 26/6/2017.

The main changes of the 4Th Directive and how they affect ASPs’ day-to-day work:

1. Risk

ASPs are required to identify, understand, and mitigate their risk, documenting any such risk assessment and keep records of the assessments/updates of risk they undertake. Regulators should be in the position to understand the reasoning of each risk assessment upon any supervision. Each client will need to be assessed according to a specific documented procedure taking into consideration as a minimum risk factors including those relating to their customers, countries or geographic areas, products, services, transactions or delivery channels

The above change abolishes the existing High Risk categories i.e. Trusts, Bearer Shares, non-face-to-face clients and obliged entities will be fully accountable for any decision they make as to the Risk categorisation of each client.

Under the 4th Directive only Politically Exposed Persons – local and international – will by default remain marked as High Risk.

2. Public access to Beneficial Ownership of legal entities.

ASPs should hold available information on the beneficial ownership of all entities under their administration which information will be available to both competent authorities and their regulators.

With the implementation of the 4th directive, Cyprus, must allow public access to beneficial ownership information in an adequate, coherent and coordinated way, through central registers.  The EU directive also requests that this information remain publicly available through the national registers for 10 years after the striking off of a company from the company register. Although the final decision on how the Cyprus public register will be held and the terms and conditions under which access will be allowed are not yet specified, this is an issue that ASPs should definitely take into consideration and maintain updated records, which can be easily uploaded upon implementation.

3. Tax Crimes

These are now considered as a predicate offence for money laundering. Although under Cyprus AML law, this is already applicable, ASPs should ensure that, through their Manual Procedures and monitoring of transactions, suspicious actions of tax evasion are investigated and necessary supportive documents/measures be kept on record to avoid any such risk.

4. Gambling

Whereas until now only casino-related services were considered high-risk and thus extra care should be applied, the new era includes the entire gambling sector. ASPs should be alert for any entities related to gambling and ensure that such entities are duly regulated and their transactions monitored.

5. High-Risk Third Countries

The EU 4th Directive and EU regulation 2016/1975 empower the European Union to identify high-risk third countries, instead of maintaining a list of acceptable third countries, as exists today. Although an initial list of high-risk third countries has been drafted, no conclusive list is still available, so ASPs should ensure that, upon the risk assessment of their entity, a client’s country risk is evaluated taking into consideration whether it presents substantial money laundering and terrorist financing risks, if it fails to address these deficiencies and the level of corruption is high.

6. Administrative Sanctions.

The revised Directive contains a range of sanctions that Member states should ensure are available for systematic breaches of key requirements of the Directive, mainly in relation to customer due diligence, record keeping, suspicious transaction reporting and the internal monitoring and controls of client transactions.

Considering that the above points are only a handful of the measures that need to be taken by ASPs, who face a real danger of being exploited and of facing not only administrative sanctions but, most importantly, of jeopardizing their reputation and facing legal action, ASPs should ensure that they work in an ethically correct environment, even though, as many have observed, no system will ever be totally immune to money laundering.


Athena Yiallourou
Compliance Officer, Trident Trust Company (Cyprus) Ltd
President of the CFA AML & Compliance Affairs Committee