Know Your Customer or Why Do We Request So Much Information On You

Initially, the procedure named “Know your customer” (KYC) was used as a term within the scope of the bank and stock exchange regulation for financial institutions and bookmaker’s offices and any other companies processing individuals’ funds, which meant that they should identify and prove identity of a counterparty as well as identify a source and beneficiaries of funds in order to determine legitimacy of the monetary funds before carrying out a financial transaction. Such practice helps to prevent money laundering, terrorist financing and tax evasion.

In this article, we are going to consider the KYC procedure of the companies providing fiduciary services in Cyprus (Administrators). Korpus Prava Corporate Services Ltd. is one of such companies

The KYC procedure is provided for by the following Cyprus legislative acts:

  • The Law Regulating Companies Providing Administrative Services and Related Matters of 2012 (L.196 (I)/2012) and the Amending Law 109(I)/2013 wef. 09/09/2013;
  • The Prevention and Suppression of Money Laundering Activities Law (Law 188(I)/2007. This Law brings the Cyprus laws into line with the EU Third Directive;
  • The Directive of the Cyprus Securities and Exchange Commission for the Prevention and Suppression of Money Laundering and Terrorist Financing (DI 144-2007-08 of 2012).

The latter places Administrators on the same footing as financial institutions, in particular, as regards requirements to the KYC procedure and accepting customers for servicing. Requirements to the financial institutions are provided for by the abovementioned regulations as well as EU Directives.

The KYC procedure is based on the risk estimations as well as basic identity information for customer identification. The companies aim to assess the risk of each individual customer’s involvement in illegal activity.

The basic standard KYC aspects are as follows:

  • Customer identification;
  • Accepting customer for servicing;
  • Transaction monitoring;
  • Risk management.

Identification of the customer, both at company registration and at transfer of the customer’s company for servicing, represents an important phase of the KYC procedure. When accepting the customer, the Administrator shall request information and documents related to an individual customer himself/herself as well as to his/her future or existing business. After obtaining information and relevant documents the Compliance officer reviews the same, assess risks and makes decision on whether the customer is to be accepted or not. If a new customer does not provide the Administrator with all the required information, the latter shall be entitled to refuse servicing the customer. If the customer whose company is already being serviced fails to provide all the required documents or information regarding himself/herself personally or his/her company’s activity, the Administrator shall cease business relations with such customer.

Client acceptance policy shall be developed by the Administrator incompliance with the laws and corporate policy. When accepting the customers, the Administrator categorizes risks and decides to which customers it may provide its services. The Cyprus Administrator shall not accept the customer for servicing in the following cases:

  • If the client fails to provide documents and information required for identification of his/her personality, uses fictional names or is an anonymous customer;
  • If the client is on the “Specially Designated Nationals List” of the US Office of Foreign Assets Control (OFAC SDN) and/or United Nations;
  • The client fails to confirm the source of his/her income including that invested in the company and/or it is impossible to confirm legitimate nature of the client’s income;
  • The client was or is a suspect, defendant and/or convict in connection with the economic crimes, terrorist financing, fraud, money laundering;
  • By the decision of the Administrator’s Compliance officer.

When accepting the client the Compliance officer assesses the level of risk to which the client and his/her business are exposed. There are three basic risk levels: high, medium and low. The risks are also classified as: customer risks, company risks and geographic/exposition risks. A number of factors such as the customer’s behavior, history and nature of conduct of business, customer’s political activity shall be taken into account when determining the customer risks. When considering company risks such factors as the company structure, duration of its activity, its turnover and nature of its activity shall be reviewed. Such factors as jurisdiction of the customer’s place of location and his/her company’s registration shall be taken into account when considering geographic/exposition risks.

High Risk Customers

In the context of the customer risks the customer may be assigned a high level of risk in the following circumstances: Detection of behavioral risks: customer is represented by third parties, was identified other than through a personal meeting; customer fails to clearly define the purposes of registration (transfer) of the company, describe the expected transactions diagram; customer fails to confirm his/her source of income; company has a lot of related accounts; customer is of ill repute, mass media contain negative information on the customer; a prior Suspicious Activity Report (SAR) or a  Currency Transaction Report (CTR) related to the company. Detection of business risks to which the following activities are related: activity connected with the production and trade of arms, precious metals, objects of art, antiques, luxury items, realtors’ activity, non-regulated profit making organizations, non-regulated charitable foundations, currency exchange,  companies providing financial intermediary services, online gambling (via the Internet), cash transactions. Detection of the customer’s relation to any political activity as well as his/her connections with any politically exposed persons.

In the context of the company risks the customer may be assigned a high level of risk in the following cases: Detection of structural risks: complicated company structure with no sufficient grounds therefore, presence of bearer shares, trust accounts, registration of the company in the offshore centers, company accounts opened in favor of 3 persons. Companies incorporated less than a year ago are classified among the companies with high risk exposure. The company’s turnover related to one specific transaction exceeds the expected turnover by over 30%.

In the context of the geographic risks the customer may be assigned a high level of risk if the company is incorporated in the state which is specified on the following lists established by the Central Bank of Cyprus, Directive of the Cyprus Securities and Exchange Commission 2005/60/ЕU:

  • States which are not members of the Financial Action Task Force (FATF) or other similar organizations such as MONEYVAL group of the Council of Europe;
  • States listed on the sanctions lists of the abovementioned groups due to non-compliance with FATF requirements (;
  • States under sanctions imposed by the European Union and UN Security Council, International Money Laundering Information Network (IMOLIN) and International Monetary Fund (IMF).

The customer shall be assigned a high level of risk if:

  • His/her company owns immovable property and/or registered office situated within the states specified in the sanction lists;
  • Majority of the beneficiaries or shareholders of his/her company live or reside in the states specified in the sanction lists;
  • Any other customer’s relation to the states specified in the sanction lists is detected.

Low Risk Customers

The customer shall be assigned a low level of risk in the following cases:

  • The Company is a credit or financial institution specified in the EU Directive;
  • The Company is a credit or financial institution registered in the state situated outside the European Economic Area (EEA);
  • The Company which complies with the EU Directive requirements as confirmed by the decision of the Anti-Money Laundering and Terrorist Financing Advisory Committee;
  • The Company which is supervised for the purpose of ensuring compliance with such requirements;
  • The Company is public, its securities are quoted on the regulated market within the EEA states as well as in the other states, if such Company discloses data on its activity in accordance with the laws;
  • The organization represents a national authority of the EEA states
  • The Company transfers pension contributions in accordance with the laws;
  • The Company has no nominal structures (shareholders, directors), the Company’s activity is clear and transparent, evokes no suspicions (confectionary production, supply of toys, medical equipment, etc.), the Company has a physical office, employ;yees.

Medium Risk Customers

In all other cases, the customer shall be assigned a medium level of risk.

When assessing risks and making decision on whether to accept the customer the Compliance officer shall make a comprehensive decision taking into account all the information and documentation provided by the customer which not always may be based exclusively on the formal definition of the level of risk. For instance, if the customer was not introduced in person but a shareholder of the serviced company is represented by a large public company data on which is open to public, the Compliance officer may accept the customer in accordance with the simplified procedure provided for such persons by the laws.

The Compliance officer monitors the company activity while it is being serviced by the Administrator, regularly monitors transactions on the company’s bank accounts, verifies legitimacy of each and every transaction, conformance to the declared business profile of the company, is entitled to request additional documents and information on the counterparties. The Compliance officer manages risks through identifying the customer’s personality, his and his company business activity. Such measures are aimed at prevention of involving the Administrator in any illegal activity.

It must be noted that tightening KYC procedure on Cyprus, which took place relatively recently is connected with tightening national laws under the influence of EU and USA. For example, provision of corporate and fiduciary services is a regulated type of activity on Cyprus since 2012 which performance requires a special license. Of course, such client acceptance procedure may confuse the businessmen who worked with this jurisdiction before and are not accustomed to such close attention. However, such measures promote upgrade of business environment, improve Cyprus reputation as a jurisdiction in the global business community, bring Cyprus to the European level making it a territory attractive in terms of investment.

Irina Otrokhova

Chief Compliance Officer

Corporate Services

Korpus Prava (Cyprus)

Other Articles on Topics
See Also Articles from the Issue
AML 4.0

Anti-money laundering and anti-terrorism financing methods and forms (hereinafter – AML) have evolved along with the crimes against which they are aimed. Updating these measures and forms is a task that remains in the agenda of both government and non-government organizations of the world.

October 10, 2015

Shipping in Cyprus

Cyprus has one of the largest registered merchant fleets of the World. This achievement has been accomplished due to the many advantages of the flag. Cyprus offers a very attractive package of economic advantages and a wide range of professional services and therefore is classified among the best shipping countries in the world.

October 10, 2015

Import Substitution: Problems and Prospects of International Isolation of the Russian Economy

Notorious events in the Crimea and in the southeast of Ukraine have caused major changes in European and American economic policy concerning the Russian business and, subsequently and promptly, reciprocal measures on the part of the Russian administration.

October 10, 2015

Tax Amnesty – Is It Worth Coming Out of Shadow?

People and mass media named this law "tax amnesty" long before it was executed and even before the bill was introduced to the State Duma. This law was anticipated, logical and, what's more important, it was mentioned by the President in his Address to the Federal Assembly.

October 10, 2015

Is Hong Kong a good place for you to set up your business in Asia?

Hong Kong has grown from a fishing village with an unpopulated territory in the early nineteenth century to become one of the most important financial centers of the world with a population of seven million. Before achieving the status Hong Kong has today, it has gone through various transitions.

October 10, 2015

VAT without Borders: Higher Justice

This article continues a series of publications about the system of imposition of value-added tax in the European Union. This issue is dedicated to a number of court decisions adopted by the highest judicial authority of the European Community regarding VAT imposition in 2013-2015.

October 10, 2015

New Reality: Plan to Combat Delusion of Taxation Basis and Withdrawal of Profits from Taxation

For years the Organisation for Economic Co-operation and Development (OECD) has advocated a policy of improved international tax co-operation between governments.

October 10, 2015

Concept of the “Beneficial Owner of Income” in the Russian Reality

In the context of the present-day reality, the regulatory agencies start paying closer attention to all the financial transaction and money payments performed by the residents of the Russian Federation in favor of the foreign counterparties. If earlier taxpayers could count on protection from our law enforcement agencies, now they may no longer rely on judicial protection when such cases are considered.

October 10, 2015