CySEC consults on use of regtech to bolster AML framework
The Cyprus Securities and Exchange Commission (CySEC) has today launched a consultation regarding the application of regulatory technology to customer due diligence (CDD).
The regulator notes that firms have shifted from traditional face-to-face interactions to engaging with their customers via online channels, a trend that was fortified by the implications of the Covid-19 pandemic. Although the structural shift in how regulated firms engage with their customers has benefits, such business relations pose material risks of exposure to money laundering and terrorist financing (ML/TF).
Under Article 61(1)(a) and 61(1)(b) of Law 188 of 2007 on the Prevention and Suppression of Money Laundering and Terrorist Financing as in force (the ‘AML Law’), obliged entities (and their third-party providers) are required to identify and verify the identity of an individual with whom they seek to do business as part of the CDD process, CySEC explains.
In particular, obliged entities must identify the customer and verify the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source, and identify the beneficial owner and take reasonable measures to verify that person’s identity so that the obliged entity is satisfied that it knows who the beneficial owner is.
The application of new regulatory technology to carry out the CDD process can help fulfil the requirements of the AML Law for those customers who may not live in close physical proximity to the obliged entity providing the respective services, as is often the case. The current AML Law, however, provides for no explicit means for obliged entities to use digital identification systems to help mitigate ML/TF risks, despite the promise such regulatory technology provides in strengthening CDD and AML/CFT controls.
That is why, CySEC’s CP-02-2020 consults on a proposed amendment to Annex IV of CySEC’s Directive on the Prevention of Money Laundering and Terrorist Financing by explicitly incorporating the possibility of using such regulatory technology (Innovative Methods).
The amendment aims to expand the use of Innovative Methods for the purposes of conducting CDD for the non-face-to-face (NFTF) identification and verification of the identity of individuals, given that such methods can sufficiently reduce the ML/TF risks on a reasonable, consistent and demonstrable basis. Such risks include the idiosyncratic risks inherent in the technology employed, but also the risks relevant to the specific customer.
In defining potential Innovative Methods, CySEC believes they may include, inter alia, the dynamic real-time contactless selfie, Big Data and certificates from public or private regulated bodies produced by means of Distributed Ledger Technology (where available) or other tamper- proof and time stamped method. These technologies have been subject to further exploration by CySEC via its Innovation Hub.
Comments are accepted no later than 20 November 2020. They should be submitted to the CySEC Policy Department by email at policy@cysec.gov.cy.