Relevant to: Regulated Entities1
Circular C601 (“the Circular”) dated 12/10/2023 is issued following EBA’s Guidelines on the use of Remote Customer Onboarding Solutions under Article 13(1) of Directive (EU) 2015/849.
Through Circular C601, CySEC wishes to inform to inform the Regulated Entities that the EBA has published its Guidelines on the use of Remote Customer Onboarding Solutions under Article 13(1) of Directive (EU) 2015/849 (‘Guidelines’).
The key takeaways from CySEC’s Circular C601 can be found below:
- The Guidelines set common EU standards on the development and implementation of sound, risk sensitive initial Client Due Diligence (“CDD”) processes in the remote customer onboarding context. They set out:
- the steps institutions should take when adopting or reviewing solutions to comply with their obligations under Article 13(1) points (a), (b) and (c) of Directive (EU) 2015/849 (the ‘AMLD’) to onboard new customers remotely;
- the steps institutions should take when relying on third parties in accordance with Chapter I, Section 4 of the AMLD; and
- the policies controls and procedures institutions should put in place in relation to customer due diligence (CDD) as referred to in Article 8(3) and (4) point (a) of the AMLD where the CDD measures are performed remotely.
- Some of the key points that institutions should have in mind when using remote onboarding solutions are:
- Put in place and maintain policies and procedures to comply with their obligations under Article 13(1) (a) and (c) of the AMLD in situations where the customer is onboarded remotely. These policies and procedures should be risk-sensitive and set out specific details.
- Carry out a pre-implementation assessment of the remote customer onboarding solution.
- When verifying identity, guidance around ensuring the process is reliable and real-time in nature, such as use of one-time passwords, biometric data collection, phone calls with customers, etc. are encouraged.
- Apply quality assurance testing to ensure the ongoing adequacy and reliability of remote customer onboarding solutions, etc.
- CySEC has adopted the Guidelines, under section 61(1) of the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, as amended (the ‘AML/CFT Law’), which transposes Article 13(1) of the AMLD.
- CySEC brings to the attention of the Regulated Entities that the Guidelines apply since 02.10.2023 provided that they do not conflict the CySEC’s Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing (the ‘AML/CFT Directive’).
- It is also noted that the AML/CFT Directive is currently under an amendment procedure to reflect the provisions of the Guidelines.
Should you need more information or assistance with implementation of the EBA’s guidelines, you can email us at info@mnkriskconsulting.com or call us at 25-508201.
[1]Cyprus Investment Firms (‘CIFs’), Administrative Service Providers (‘ASPs’), UCITS Management Companies (‘UCITS MC’), Self-Managed UCITS (‘SM UCITS’), Alternative Investment Fund Managers (‘AIFMs’), Self-Managed Alternate Investment Funds (‘SM AIFs’), Self-Managed Alternative Investment Funds with Limited Number of Persons (‘SM AIFLNP’), Companies with sole purpose the management of AIFLNPs, Small Alternative Investment Fund Managers (‘Small AIFMs’), Crypto Asset Service Providers.