CySEC launches consultation on use of RegTech under its AML framework

On 15 October 2020, the Cyprus Securities and Exchange Commission (CySEC) issued Consultation Paper 02-2020 (theCP) launching a consultation designed to improve the application of regulatory technology (RegTech) to customer due diligence (CDD) by obliged entities under CySEC’s supervision.

Under the Prevention and Suppression of Money Laundering and Terrorist Financing as in force (the AML Law), obliged entities must identify and verify the identity of individual and undertakings with whom they seek to do business as part of the CDD process. Specifically, obliged entities must identify the customer and verify the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source, and identify the beneficial owner and take reasonable measures to verify that person's identity.

The CP consults on a proposed amendment to Annex IV of CySEC’s Directive on The Prevention of Money Laundering and Terrorist Financing (the CySEC AML Directive) by explicitly incorporating the possibility of using RegTech, subject to certain conditions. The use of such methods is implicitly recognised in the rules, but other sections look potentially outdated compared to, and possibly inconsistent with, Cyprus’ obligations to implement a risk sensitive approach under the Fourth and Fifth EU AML Directives.

The amendment aims at expanding guidance on the use of RegTech for the purposes of conducting CDD for the non-face-to-face (NFTF) identification and verification of the identity of individuals, provided such methods can sufficiently reduce the ML/TF risks on a reasonable, consistent and demonstrable basis.

The submission of responses should be made no later than 20 November 2020 to the CySEC Policy Department via email at policy@cysec.gov.cy.

CySEC’s press release can be found here.

The Consultation Paper can be found here.