Findings of the assessment of Compliance Officers’ Annual Reports and Internal Audit Reports on the prevention of money laundering and terrorist financing, for the year 2020 - Circular C516
The Cyprus Securities and Exchange Commission (the ‘CySEC’) has released the findings of its annual risk-based assessment of Compliance Officers’ Annual Reports and Internal Audit Reports (the ‘Reports’) for the year 2020. The CySEC has identified some common weaknesses and deficiencies in these Reports and with Circular C516 asks regulated entities to apply immediate corrective measures.
The purpose of the annual risk-based assessment is to review and assess the regulated entities’ compliance with their obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (L.188(I)/2007), as amended (the ‘Law’) and CySEC’s Directive for the Prevention of Money Laundering and Terrorist Financing (the ‘Directive’), CySEC. In carrying out these assessment reviews, CySEC evaluated regulated entities’ adherence to the requirements set out in the Law and Directive and to the instructions/guidance set out in Circulars C033, C186, C191.
Common weaknesses and deficiencies identified in Compliance Officers’ Annual Reports on the prevention of money laundering and terrorist financing and the relevant BoD minutes, include among others, insufficient analysis of the method of inspection and review by the compliance officer, including the method used for documenting the ongoing monitoring of customers’ accounts and transactions; omitting of key issues from previous years that are still pending; and omitting comparative data to the previous year of Internal Suspicion Reports and Compliance Officer Reports to MOKAS. For a detailed report on weaknesses and deficiencies in Compliance Officers Annual Reports, Internal Audit Reports, and respective BoD Minutes, please refer to CySEC Circular C516.
In addition, some Compliance Officers’ Annual Reports that were submitted by external Investment fund managers provided only consolidated information for all funds under management instead of a detailed analysis that is required for each fund under management (AIF and RAIF), while other Compliance Officers’ Annual Reports, submitted by internally managed Investment Funds and external Investment Fund Managers, gave no information in the said reports because they were not operational during the assessed period.
In relation to the content of the respective BoD minutes accompanying the Compliance Officers’ Annual Reports, in some cases, the said minutes did not include specific measures decided for the correction of all the weaknesses and/or deficiencies identified in the said Reports and the implementation timeframe of these measures as provided in paragraph 10(3) of the Directive.
Regarding the Internal Audit Reports on the prevention of money laundering and terrorist financing and the relevant BoD minutes, submitted by CIFs, ASPs, Internally Managed Investment Funds and External Investment Fund Managers, the CySEC found that the BoD minutes did not always include specific measures decided for the correction of all the weaknesses and/or deficiencies identified in the Internal Audit Reports and the implementation timeframe of these measures, as per paragraph 6 of the Directive.
The Cyprus Securities & Exchange Commission expects
all regulated entities to consider the above-mentioned findings when preparing the Reports for the calendar year 2021 and onwards, to ensure full compliance with the Law and the Directive and stresses on the fact that the Law provides strict administrative sanctions in case of non-compliance with the requirements of the Law and the Directive.
If you have questions or need further advice please do not hesitate to contact us to discuss how we can help you.
Written by Constantinos Constantinides, Director of Financial Associates International FAI Comply