The financial landscape in the European Union (EU) is continually evolving, and regulatory frameworks are frequently updated to keep pace with new challenges and technologies. One significant recent development is the amendment of the Anti-Money Laundering (“AML”) Directive by the Cyprus Securities and Exchange Commission (“CySEC”) through the issuance of Directive 282/2024. This new directive introduces crucial changes, particularly regarding the addition of a more comprehensive definition of „identification document“ and the replacement of the derogation rule for onboarding clients via video call with a maximum deposit of EUR 2,000 annually.
- Expanded Definition of „Identification Document“
Directive 282/2024 marks a significant expansion in the types of acceptable „identification documents“ for AML purposes. Previously, the acceptable identification documents were limited to passports and national identity cards. This limited scope often led to practical challenges in verifying the identities of individuals who might not possess these specific forms of documentation.
Under the new directive, the definition of „identification document“ has been broadened to include a variety of government-issued documents which includes the full name and date of birth of the individual and bears their photograph. These now encompass:
- National identity cards
- Passports
- Driver’s licenses
- Residence permits
This expanded definition aims to provide more flexibility and inclusivity in the identification process, making it easier for financial institutions to comply with AML requirements while accommodating a wider range of clients. By including documents such as driver’s licenses and residence permits, CySEC is enhancing the robustness of the verification process and helping to prevent identity fraud.
- Replacement of the Derogation Rule for Video Call Onboarding
Another major change introduced by Directive 282/2024 is the replacement of the derogation rule that previously allowed clients to be onboarded via video call with a maximum deposit of EUR 2,000 per annum. This rule was initially designed to facilitate easier onboarding while still imposing a cap to mitigate risk. However, the rapid advancement of digital technology and the increasing sophistication of financial crimes necessitated a reevaluation of this approach.
Directive 282/2024 eliminates this derogation, mandating more stringent measures for remote onboarding. Under the new rules, video call verification is still permitted, but without the leniency of a capped deposit amount. Instead, financial institutions are now required to apply comprehensive Know Your Customer (KYC) procedures regardless of the deposit amount. The Obligated Entity (“OE”) must inform the CySEC of the electronic method for remote verification and validation of client identities that it will use, prior to its use.
This includes:
- Enhanced due diligence (EDD) for higher-risk clients or transactions
- Use of advanced biometric verification techniques
- Cross-referencing identification documents with authoritative databases
The removal of the EUR 2,000 cap underscores CySEC’s commitment to robust AML practices, ensuring that all clients undergo rigorous verification procedures before engaging in any financial transactions. This change aims to close potential loopholes that could be exploited for money laundering or terrorist financing activities.
Further explanation on the rationale adopted can be found on p.42f. of the EBA Guidelines on the use of Remote Customer Onboarding Solutions under Article 13(1) of Directive (EU) 2015/849 (the “EBA Guidelines”): ‘In conclusion, when using nonqualified trust services and those identification processes regulated, recognised, approved, or accepted by the national relevant authority, it should be up to the credit and financial institutions to assess and make sure that they still meet the standards established in the EBA guidelines. To ensure a robust approach to remote customer onboarding, the Guidelines set out the safeguards institutions should apply in those cases’.
- Implications for Financial Institutions
The amendments introduced by Directive 282/2024 have significant implications for financial institutions operating under CySEC’s jurisdiction. Institutions must now revise their internal policies and procedures to align with the new requirements. Key steps include:
- Updating client onboarding protocols to incorporate the expanded definition of identification documents.
- Investing in advanced technologies for secure and reliable video call verifications.
- Training staff on the new regulatory requirements and the importance of thorough KYC and EDD processes.
By adhering to these updated guidelines, financial institutions can enhance their AML compliance frameworks, thereby contributing to a safer and more transparent financial system.
The CySEC has published a Policy Statement on the enhancement of the non-face-to-face (“NFTF”) customer onboarding process with electronic methods (“PS” or “Policy Statement”) to outline its new rules on digital onboarding. The purpose of this Policy Statement is to present how the initial policy suggestions laid down in CP-02-2020 have been crystallised, following the publication of the EBA Guidelines and the evaluation of the feedback received. In essence, this PS clarifies how an electronic method for the remote identification and verification of customers’ identity (“RCOS”) have to be selected and implemented by OEs for NFTF Customer onboarding purposes, while observing the requirement of Section 61(1)(a) of the AML/CFT Law for ‘data and information from a reliable and independent source’. Furthermore, this PS provides detailed guidance on the interplay between CP-02-2020 and the documents used for its production on the one hand and the subsequently issued EBA Guidelines on the other hand.
- Conclusion
Directive 282/2024 marks a critical advancement in the EU’s ongoing efforts to combat money laundering and financial crime. Through the expanded definition of „identification document“, CySEC is reinforcing the integrity of the financial system. Financial institutions must proactively adapt to these changes, ensuring that their AML practices are robust, up-to-date, and capable of addressing contemporary challenges.
The content of this article is valid as at the date of its first publication. It is intended to provide a general guide to the subject matter and does not constitute legal advice. We recommend that you seek professional advice on your specific matter before acting on any information provided. For further information or advice, please contact Stephanos Ayiomamitis, Partner at our Limassol Office, Tel +357 25363685 or email stephanos.ayiomamitis@kyprianou.com.