We would like to draw your attention to CySEC’s Circular C189 (“the Circular”) dated 22.02.17. Through the Circular, CySEC informs the Regulated Entities that, in carrying out a risk-based assessment of the AMLCOs’ Annual Reports and the Internal Auditors’ Annual Reports on the Prevention of Money Laundering and Terrorist Financing for the year 2015 and the relevant minutes of the Board of Directors that were submitted to CySEC in 2016, the following weaknesses / deficiencies were identified by CySEC:
A. With regards to the content of the AMLCOs’ Annual Reports:
- Insufficient analytical reference to the inspections and reviews performed by the AMLCO;
- Insufficient reference to the specific enhanced due diligence measures applied by the Regulated Entity in relation to high-risk customers;
- Insufficient reference to information in relation to the systems and procedures applied by the Regulated Entity for the ongoing monitoring of customers’ accounts and transactions;
- Insufficient information on the specific way / method with which the adequacy and effectiveness of staff training has been assessed.
B. With regards to the content of the relevant Board minutes accompanying the AMLCOs’ Annual Reports:
It has been noted that, on some occasions, minutes neither include the measures decided for the correction of any weaknesses and / or deficiencies identified in the said Reports nor the implementation timeframe of these measures, as per Section 10(3) of the AML Directive.
C. With regards to the content of the Internal Auditors’ Reports:
- Insufficient compliance with the provisions of Section 6 of the AML Directive, regarding the scope of the Internal Audit report that did not sufficiently cover all the key areas regarding the policy, practices, measures, procedures and control mechanisms applied by the Regulated Entities for the prevention of money laundering and terrorist financing;
- Insufficient reference to prior years’ findings or recommendations; their rectification or not within the reference year; and the key issues from previous years that are still pending.
D. With regards to the content of the relevant Board minutes accompanying the Internal Auditors’ Reports:
It has been noted that, on some occasions, minutes do not include the measures that need to be taken to ensure the rectification of any weaknesses and / or deficiencies which have been detected in the said Reports, including implementation timeframes of these measures.
CySEC expects that all regulated entities will take into account the abovementioned findings when preparing the Reports for the year 2016 and onwards in order to ensure full compliance with their obligations emanated by the Law and the Directive.