Global Regulations and Requirements for KYC Onboarding
(powered by KYCC small icon KYC-Chain)

Contact us

namedate of birthaddressoccupationsignature specimenphotographpermanent address
namedate of birthaddressoccupationsignature specimenphotographpermanent address
full nameregistration addresslatest reports&accountscertificate of incorporationcompany's memorandum copyarticles of associationidentification documents of directorsidentification of beneficiary shareholder
Cypriot Identity Card
Central Bank of Cyprus
Cyprus Securities and Exchange Commission (“CySEC”)
The Institute of Certified Public Accountants of Cyprus (“ICPAC”) has issued a Directive for the Prevention & Suppression of Money Laundering & Terrorist Financing Laws of 2007 and 2010 that serves as
Cyprus is being assessed by MoneyVal Council Of Europe. The latest report was released in September 2011
Yes, occasional transactions under EUR15,000 whether the transaction is carried out in a single operation or in several operations which appear to be linked.
should provide documentary evidence for their full name, date of birth, the address at which they can be located, their profession or occupation and specimen signature. An official document bearing a photograph of the person should be obtained. It is important that the current permanent addres
should provide documentary evidence of full name, registration address, a copy of the latest report and accounts, a copy of the certificate of incorporation/certificate of trade or equivalent, a copy of the company’s Memorandum and Articles of Association and other certificates issued by the Registrar of Companies, a group structure to identify individuals who control over 10% of the entity’s shares or voting rights, and the names of the directors. The identification of directors and beneficial shareholders is in line with the requirements for individual clients.
Due diligence measures comprise identifying and verifying the identity of the beneficial owner owning or controlling more than 10% of the shares or voting rights of the client.
According to paragraph 64-(1) of the Law: Enhanced due diligence measures should be in place in respect of the following customers: a) where the customer has not been physically present for identification purposes; b) in respect of cross-frontier correspondent banking relationships with current institutions to customers from third countries; and c) in respect of transactions or business relationships with politically exposed persons (‘PEPs’) residing in a country within the European Economic Area or a third country. According to paragraph 64-(2) of the Law: “Enhanced customer due diligence measures must be taken in all other instances which due to their nature entail a higher risk of money laundering or terrorist financing.”
According to paragraph 5.61 of the Directive, if the prospective client is a PEP, the firm should obtain senior management approval for establishing business relationship. In addition, according to paragraph 4.55 of the Directive, the firm should establish the source of wealth and source of funds for PEPs and also conduct ongoing monitoring on the business relationship. Paragraph 5.62 of the Directive states that the firm should pay special attention when PEPs originate from a country which is widely known to face problems of bribery, corruption and financial irregularity and whose anti-money laundering laws and regulations are not equivalent to international standards. With regards to the issue of corruption, a useful source of information is the Transparency International Corruption Perceptions Index which ranks countries and territories based on how corrupt their public sector is perceived to be.
According to 64 (b) of the Law, in respect of cross-frontier correspondent banking relationships with credit institutions to customers from third countries, it is required to: a) gather sufficient information about the credit institution customer to fully understand the nature of the business and the activities of the customer and to assess, from publicly available information, the reputation of the institution and the quality of its supervision; b) assess the systems and procedures applied by the credit institution customer for the prevention of money laundering and terrorist financing; c) obtain approval from senior management before entering into correspondent bank account relationships; d) document the respective responsibilities of the person engaged in financial or other business activities and of the credit institution customer; and e) with respect to payable-through accounts, it must be ensured that the credit institution-customer has verified the identity of its customers, and performed ongoing due diligence on the customers having direct access to the correspondent bank accounts and that it is able to provide relevant customers’ due diligence data to the correspondent institution, upon request.
If the client is a non-Cypriot resident who is not seen face-to-face, then a professional adviser in the client’s home country could be used to confirm identity, or a copy of the passport authenticated by an attorney or consulate, or verification details covering true name, permanent address and verification of signature could be checked with a reputable credit or financial institution or professional advisor in the prospective client’s home country.
According to 6.05 of the Directive, any knowledge or suspicion of money laundering or terrorist financing should be promptly reported to MOKAS.
No, because according to paragraph 6.01 of the Directive for the Prevention & Suppression of Money Laundering & Terrorist Financing Laws of 2007 and 2010, the types of transactions which may be used
According to the Law: “(27-(1)) A person who a) knows or reasonably suspects that another person is engaged in laundering or financing of terrorism offences; and b) the information on which that knowledge or reasonable suspicion is based, comes to his attention in the course of his trade, profession, business or employment shall commit an offence if he does not disclose the said information to the Unit as soon as is reasonably practicable after it comes to his attention. 27-(3) No criminal proceedings shall be brought against a person for the commission of the offences referred to in subsection (1), without the expressed approval of the Attorney General. 27-(4) An offence under this section shall be punishable by imprisonment not exceeding five years or by a pecuniary penalty not exceeding EUR5,000 or by both of these penalties.”
According to paragraph 70 of the Law: “Persons engaged in financial and other business activities refrain from carrying out transactions which they know or suspect to be related with money laundering or terrorist financing before they inform the Unit of their suspicion. It is provided that, if it is impossible to refrain from carrying out the transaction or is likely to frustrate efforts to pursue the beneficiaries of a suspected money laundering or terrorist financing operation, the persons engaged in financial or other business activities, must inform the Unit immediately afterwards.”
Local legislation does not cover monitoring transactions outside Cyprus
In accordance with the Central Bank of Cyprus "Directive on a Framework of Principles of Operation and Criteria of Assessment of Banks’ Organisational Structure, Internal Governance and Internal Control Systems of 2006 to 2012" (“the CBC Directive”) banks should submit to the Central Bank of Cyprus a report prepared by external auditors/consultants every three years, on the assessment of the adequacy of the internal control System on an individual company as well as consolidated group basis. Under the CBC Directive, the external auditor/consultant assesses the internal control environment (including systems) with regard to the banks' management of the risk of money laundering and terrorism financing
the report must be provided every 3 years
the report is submitted by the external auditor/consultant to the Bank. The Bank is subsequently responsible for its submission to the Central Bank of Cyprus
under a financial statement audit, a bank's AML systems and controls are not explicitly reported on
Under the CBC Directive, it is not explicitly required for the external auditor/consultant to perform sample testing of KYC files and SAR reports, or to examine risk assessments. However, the external auditor/consultant may judge it necessary to perform such sample testing in the assessment of the Bank's internal control environment with regard to the management of the risk of money laundering and terrorism financing.
yes there is a separate definition of “sensitive data”. Sensitive data means data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, participation in, association and trade union membership, health, sex life and sexual orientation, as well as on criminal charges or convictions. The collection and processing of sensitive data is prohibited. Any collection or processing of sensitive data requires the consent of the data subject, e.g. in order to go through with a contract with the consent of the data subject e.g. in employment contracts, insurance contracts etc.
For KYC purposes the Law provides that the processor can process personal and sensitive data with the consent of the data subject. Personal data can be processed without the consent of the data subject in case that the processing is necessary in order for the processor to be in compliance with a law or regulation of the EU and in case the processing is necessary for the performance of a contract to which party is the data subject or to take steps at the request of the data subject prior to entering an agreement (s 5.) In addition, according to the Anti-Money Laundering Law in terms of processing of data: a) persons engaged in financial or other business must apply adequate and appropriate systems and procedures in relation to the identification and due diligence as to the customer in accordance with the provisions of this Law; and b) criminal records and medical data fall under the definition of sensitive data. As stated in question 29(c), the collections and processing of sensitive data is prohibited. However, under section 6(2), as mentioned above, there are some exceptions to this prohibition. Those exceptions include medical data and criminal records. Section (6)(2)(f) Medical data: processing of medical data is allowed when the processing of that data related to medical data and is executed by a person whose profession is to provide health services and who is subject to a duty of confidentiality or other related codes of conduct, provided that such processing is necessary for medical prevention, diagnosis, cure or management of health. Section 6(2)(g) Criminal data: processing of criminal records is allowed when such processing is concerned with the detection of offences, criminal convictions, security measures and investigation of mass destruction and is necessary to serve national need and national security, to serve the needs of forensic or correctional policy of the Republic or organisation or institution that is authorised for that purpose by the Republic.
professional adviser at homecopy of passportverification details w/ true namepermanent addressverification of signature
Compulsory at 12.
EUR 15,000
Unit for Combating Money Laundering (“MOKAS”)
The documents must be certified true copies of the originals
Transfer of personal data within the EU is free. For a transfer to a third country, a license must be obtained from the Commissioner of Protection of Personal Data.
The Data Protection Law applies here the same way as described above. The Banking Law 66(I)/1997 (as subsequently amended) allows a licensed credit institution to obtain information from their customers in order to open an account such as their identification i.e. name, identity number or passport number. All persons that work for the Central Bank and their representatives of the Central Bank auditors or experts are bound by the obligation of professional secrecy. The Central Bank may exchange information with the competent authorities of different Member States in accordance with this law and in accordance with other laws or instructions or regulation applicable to credit institutions by the EU like Article 31 and 35 of Regulation (EU) No 1093/2010.