CySEC has deployed a risk-based assessment of the AMLCOs’ and the Internal Auditors’ Annual Reports for the year 2016, that were submitted to CySEC in 2017. Having carried out these assessments, the following common and recurring weaknesses and deficiencies were identified:
- AMLCOs’ Annual Reports on the prevention of ML and TF and the relevant BoD minutes
- Insufficient application of Circular C186 and Paragraph 6 and 10 of AML Directive, regarding the content of the report’s Executive Summary;
- Insufficient analytical reference to the method of the AMLCO’s inspections and reviews;
- Insufficient reference to the Enhanced due–diligence measures applied by the Regulated Entities in relation to high–risk clients;
- Insufficient reference to the systems and procedures applied by the Regulated Entities for the ongoing monitoring of clients’ accounts and transactions;
- Insufficient reference to the specific method with which the adequacy and effectiveness of staff training has been assessed, and reference to the results;
- The BoD minutes in some occasions did not include implementation timeframes of the measures to be taken for the correction of deficiencies identified in the AMLCO’s report.
- Internal Auditors’ Annual Reports on the prevention of ML and TF and the relevant BoD minutes
- In some occasions the scope of the report did not sufficiently cover all the key areas regarding policy, practices, measures, procedures and control mechanisms applied by the Regulated Entities and no reference was made on prior years’ findings and recommendations;
- The BoD minutes in some occasions did not include implementation timeframes of the measures to be taken for the correction of deficiencies identified in the Internal Auditor’s report.
CySEC’s expects that: Regulated Entities will take into account the above-mentioned findings when preparing the Reports for the year 2017 and onwards, in order to ensure full compliance with their obligations emanated by the AML Law and the AML Directive.