CYPRUS FIDUCIARY ASSOCIATION Seminar on Risk Assessment, Sanctions - - PowerPoint PPT Presentation

www.cfa.org.cy 1 www.cfa.org.cy 1

Seminar on Risk Assessment, Sanctions and Transaction Monitoring CYPRUS FIDUCIARY ASSOCIATION

www.cfa.org.cy 2

Abacus Limited

• Established in 2001
• Made in Cyprus
• 140 members of staff
• One of the leading service providers in Cyprus
• Regulated by ICPAC for Accounting and Fiduciary services
• Perform Advisory and Compliance services as well
• Core values:

– Experience – Professionalism and – Integrity

www.cfa.org.cy 3

How we can help

• Company trainings
• Executive trainings
• Compliance Officer trainings
• AML manual creation
• Risk assessment grid creation
• Advisory work on specific issues
• Review and assessment of current AML controls
• Assistance in creation of forms, checklists and

documents

www.cfa.org.cy 4

Nassos Paltayian - Current Projects & Activities

• Father of 2 babies
• Head of Compliance (Abacus)
• Information Security Officer (Abacus)
• Leading the DNFBPs module for the National Risk Assessment
• Founding member and currently Vice Chairing the ACAMS

Cyprus Chapter

• Vice Chair of ICPAC Compliance committee
• Member of CFA AML committee
• HRDA Approved trainer
• Performing trainings & presentations on relevant matters raising

awareness

• Cycling, Running, Reading, Liverpool & APOEL

www.cfa.org.cy 5

Outline

• Introduction
• Part 1 – Risk Based Approach
• Part 2 – Restrictive Measures
• Part 3 – Transaction Monitoring
• Questions and Answers
• Conclusion

www.cfa.org.cy 6

Risk Based Approach

www.cfa.org.cy 7

RBA is fundamental to comply with: A) AML Law, B) 4th EU Directive and C) FATF recommendations

Risk Based Approach (RBA)

www.cfa.org.cy 8

Risk Based Approach

www.cfa.org.cy 9

• Countries,

Competent authorities, Organisations, firms should: a)identify, b)assess and understand the ML/TF risks to which they are exposed to and c)design controls and measures to effectively and efficiently mitigate and manage the risks

• Not a “zero failure” approach
• Tailored approach to be more effective and efficient

Risk Based Approach Principles

www.cfa.org.cy 10

Risk Based Approach Principles

• A Compliance program should be Risk Based by law
• Assess risks of the company and each client
• High risk: High allocation of resources on that area
• Low risk: Low allocation of resources on that area
• Not acceptable: Deterring factors to accept a client
• Flexible – Effective – Proportional
• Every time we have a significant change in the client

set up, risk must be reassessed

www.cfa.org.cy 11

Risk Based Approach Principles

• How much risk are we facing?
• How much risk can we take?
• How much risk do we want to take?
• How much risk will we take?

For ALL levels EU, Cyprus, Sector & firm

www.cfa.org.cy 12

Application of Risk Based Approach

www.cfa.org.cy 13

Application of Risk Based Approach

REMINDER! Obliged entities should: a)identify, b)assess and understand the ML/TF risks to which they are exposed to and c)design controls and measures to effectively and efficiently mitigate and manage the risks

www.cfa.org.cy 14

Application of Risk Based Approach

Challenges in application: a) Culture of compliance and adequate resources b) Significant variation in services and clients c) Appropriate mitigation measures d) Transparency of beneficial ownership on legal persons and arrangements. e) Risk of criminality

f) TCSPs are vulnerable

www.cfa.org.cy 15

Application of Risk Based Approach

Challenges in application continued g) Sound understanding of risks (Over/under estimation of risks) h) Exercise of judgment i) Building expertise through experience and training

www.cfa.org.cy 16

Application of Risk Based Approach

Design of risk assessments

www.cfa.org.cy 17

Application of Risk Based Approach

a) Design of risk assessments

• It always starts at the National Risk Assessment!
• What is the NRA? What are its results?

Then we zoom in….. What is the firm’s risk assessment? What is the client’s risk assessment?

www.cfa.org.cy 18

Application of Risk Based Approach

• Risk appetite is a strategic decision and this is

reflected in policies and procedures

• A statement/client acceptance policy to be

approved by the Board of Directors

• Top management must be involved!
• The tone at the top must point the direction

www.cfa.org.cy 19

Application of Risk Based Approach

• Establish categories/questions to be assessed
• Ideally closed questions to avoid subjectivity
• For each category/question:

– Establish what is not acceptable as client – Identify high risk elements – Identify low risk elements – Allocate a score for Low, Normal, High and Not acceptable

www.cfa.org.cy 20

• Allocation of scores can be really tricky!
• Scoring of each client must be grouped to

classes required by your regulator

• Some characteristics may classify the client by

default as high risk (e.g PEP, High Risk Countries)

• Some characteristics may be Not Acceptable

Application of Risk Based Approach

www.cfa.org.cy 21

Application of Risk Based Approach

www.cfa.org.cy 22

b) Implementation

• Pilot testing is a MUST
• Ensure Risk Assessment is balanced and reflective
• Test – Calibrate – Test – Calibrate – Test -

Implement

• Attributes:

a) Flexible b) Effective c) Proportional

Application of Risk Based Approach

www.cfa.org.cy 23

• Proportionate risk assessment

Weight given to risk categories vary given the size, sophistication, nature and scope of services provided by the firm. Firms need to independently assess the weight to be given to each risk factor. These criteria be considered holistically and not in isolation.

Application of Risk Based Approach

www.cfa.org.cy 24

• What is appropriate now may not be in the

future

• Dynamic environment
• Risk Assessment process must be up to date with

risks faced (i.e. restrictive measures/sanctions) Therefore Maintenance is crucial!

Application of Risk Based Approach

www.cfa.org.cy 25

Risk assessment - Specific on key parameters: Identify and assess the risks of ML/TF using the following risk factors:

• Client
• Service
• Geographical
• Delivery channels

Determine extend of measures based on risk identified  Allocate relevant resources & more effective  Each risk assessment is unique remember it is a tailored approach!

Application of Risk Based Approach

www.cfa.org.cy 26

Client

Application of Risk Based Approach

www.cfa.org.cy 27

Low Risk (a) Companies listed on the stock exchange subject to disclosure requirements - adequate transparency of the beneficial owner (b) Public administrations or enterprises (c) Clients residing in lower risk geographical areas High Risk (a) The business relationship conducted under unusual circumstances (b) Clients residing in higher risk geographical areas (c) Companies or arrangements - personal asset-holding vehicles (d) Companies having nominee shareholders or bearer shares (e) Cash-intensive business. (f) The ownership structure of the company appears unusual or very complex, given the nature of the company's activities

Application of Risk Based Approach – Client risk

www.cfa.org.cy 28

Client risk factors to consider:

• Client sectors susceptible to ML
• PEPs or associates PEPs
• Conducting business in unusual and or unclear manner
• Complex structures (incl. unclear control structures, bearer

shares, informal arrangements etc)

• Activity changes without explanation
• Abnormal business cycles
• Payment of invoices by 3rd unassociated parties without

explanation

• Lack of contact

Application of Risk Based Approach – Client risk

www.cfa.org.cy 29

Client risk factors to consider:

• Frequent and/or inexplicable changes in
• wnership/name/directors/service providers/auditors/lawyers etc
• Unreasonable choice of TCSP Vs Size, location, specialization of

TCSP

• Reluctance to provide information
• Tight timeframes re. transactions resulting to absence of proper

and diligent reviews

• Exclusive use of virtual assets preserving anonymity
• Previously convicted clients/representatives of clients/associates
• f clients

Application of Risk Based Approach – Client risk

www.cfa.org.cy 30

Application of Risk Based Approach

www.cfa.org.cy 31

Low Risk (a) Life insurance policies where premiums are low (b) Pension insurance contracts, not providing early redemption option and the contract can not be used as a guarantee (c) Pension or similar schemes offering retirement benefits to employees, where contributions are paid by deduction from wages and the transfer of members' interest is prohibited (d) Financial products or services that provide appropriately defined and limited services to certain types

• f clients, for financial inclusion purposes

(e) Products where the risks of money laundering and financing of terrorism are limited by other factors, such as the amount of money or ownership transparency, such as certain types of electronic money High Risk (a) Private banking (b) Products or transactions that may favour anonymity (c) Non face to face business relationships or transactions, without the physical presence of the parties, without certain safeguards such as electronic signatures (d) Payments received from unknown or unrelated third parties (e) New products & business practices, including new delivery mechanisms, as well as the use of new or emerging technologies for both new and pre-existing products

Application of Risk Based Approach – Service risk

www.cfa.org.cy 32

Service risk factors to consider:

• Provision of services which may be misused to obscure ownership or real

economic purpose

• Director services, Trustee services Vs Book keeping, Secretarial services
• Services where ASPs may represent the client’s standing, reputation and

credibility to third parties, without a sound knowledge of the client’s affairs.

• Transactions using unusual means of payment (e.g. precious metals or stones).
• Frequent capital contributions without legitimate reason
• Abnormal POAs (e.g General, without expiration, irrevocable)
• Transactions involving closely connected persons and for which the client

provides inconsistent or irrational explanations

Application of Risk Based Approach – Service risk

www.cfa.org.cy 33

Service risk factors to consider:

• Existence of suspicion of fraudulent transactions, or improperly accounted for.

These might include:

• i. Over and under invoicing of goods/services.
• ii. Multiple invoicing of the same goods/services.
• iii. Falsely described goods/services – over and under shipments (e.g.

false entries on bills of lading).

• iv. Multiple trading of goods/services
• Attempts by settlor, trustee or BO to enter into fraudulent transactions or

transactions to fraudulently evade tax

Application of Risk Based Approach – Service risk

www.cfa.org.cy 34

Application of Risk Based Approach

Geographical

www.cfa.org.cy 35

Low Risk (a) Member States of the European Union (b) 3rd countries with effective AML/CTF systems (c) 3rd countries which are recognized by reliable sources having low-level in bribery or other criminal activities (d) 3rd countries which effectively apply regulations for the prevention of ML/TF accordingly to FATF recommendations according to reliable sources (i.e mutual evaluations, detailed report assessments) High Risk (a) Countries with lack of effective systems preventing ML/TF according to reliable sources (i.e mutual evaluations, detailed report assessments) (b) Countries with high levels of bribery or other criminal activities. (c) Countries subject to sanctions, trade barriers or similar measures imposed by the EU or UN or any other body. (d) Countries providing funding or support to terrorist activities or in their territory act terrorist organizations

Application of Risk Based Approach – Geographical risk

www.cfa.org.cy 36

Geographical risks to consider:

• Countries identified by credible sources to provide funding or support for

terrorist activities or have terrorist organisations operating within them.

• Countries identified by credible sources as having significant levels of organised

crime, corruption, or other criminal activity, including illegal drugs, human trafficking and smuggling and illegal gambling.

• Countries subject to sanctions, embargoes or similar measures issued by

international organisations such as the UN

• Countries identified by credible sources as having weak governance, law

enforcement, and regulatory regimes, including countries identified by FATF statements as having weak AML/CFT regimes

• Countries identified by credible sources to be uncooperative in providing

beneficial ownership information

• Countries that permit the use of bearer shares, thereby allowing beneficial
• wnerships to be obscured.

Application of Risk Based Approach – Geographical risk

www.cfa.org.cy 37

Geographical risk factors may be assessed (amongst

• thers) with respect to the following client connections:
• Origin, or current location of, the source of funds
• Country of incorporation or establishment of the trustee of the trust or entity
• r other legal arrangement
• Location of the major operations or assets
• Origin of main associates or other links of the client
• Country in which any of the following is a citizen, resident or tax resident:

i) Settlor, ii) Beneficiary, iii) Protector iv) Other natural person exercising effective control over the trust v) Any beneficial owner or natural person exercising effective control over the company or other legal entity.

Application of Risk Based Approach – Geographical risk

www.cfa.org.cy 38

Application of Risk Based Approach

Delivery Channels

www.cfa.org.cy 39

Application of Risk Based Approach – Delivery channels

• Delivery channels of the provided services, influence the

ML/TF risk. The identity and credibility of a client may be more difficult to assess depending on the means of providing the services.

• Firms should take into consideration the risks posed by a

given delivery channel when performing their Client Risk

• Assessment. Where higher risk levels are identified, firms

should establish mitigating controls.

www.cfa.org.cy 40

Application of Risk Based Approach

If you do not document it…. it never happened!!!

www.cfa.org.cy 41

Other Key factors

a) PEP b) High Risk Countries c) Other High Risk Clients

www.cfa.org.cy 42

Other Key factors - PEPs

www.cfa.org.cy 43

a) Politically Exposed Persons (PEPs)

Politically Exposed Persons means a natural person who is or who has been entrusted with prominent public functions and includes the following: a) Heads of State, heads of government, ministers and deputy or assistant ministers b) Members of parliament or of similar legislative bodies c) Members of the governing bodies of political parties d) Members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances e) Members of courts of auditors or of the boards of central banks f) Ambassadors, charges d’affaires and high-ranking officers in the armed and security forces

Other Key factors

www.cfa.org.cy 44

g) Members of the administrative, management or supervisory bodies of State-

• wned enterprises

h) Directors, deputy directors and members of the board or equivalent function of an international organization i) Μayors The definition is extended to include specific categories identified as PEP’s.

• Immediate family members (the spouse, any partner considered as equivalent

to the spouse, the children and their spouses or partners, the parents)

• Close associates (any natural person who is known to have joint beneficial
• wnership of legal entities or legal arrangements, or any other close business

relations a PEP or who is known to be connected with a PEP in any other close business relationship, any natural person who has sole beneficial ownership pf a legal entity (e.g. a company) or legal arrangement (e.g. a trust) which is known to have been set up de facto for the benefit of a PEP).

Other Key factors

www.cfa.org.cy 45

Additionally, a 12-month period is set as a minimum time to take into consideration when assessing whether a person no longer poses a risk associated to politically exposed persons (Article 64(1)(γ)(ii) of the Law). Of course, this does not mean that a person ceases to be considered as a PEP if a 12-month period passed from holding his/her PEP position. This is at the discretion of the Compliance Officer of each firm as to whether that person will continue to be considered as PEP. In cases where the BO of a client is a PEP or where a PEP exercises control over the client, firms should by default treat the client as high risk from a ML/TF perspective. In such cases, Enhanced Due Diligence measures should apply.

Other Key factors

www.cfa.org.cy 46

Other Key factors – High risk countries

www.cfa.org.cy 47

b) High Risk Countries

• EU Commission adopted a list of 15 third countries

that present strategic deficiencies in their AML and CTF frameworks and categorised as high risk in accordance with the risk assessment foreseen by section 58A of our AML Law

• FATF – Public Statements (High risk countries)
• Sanctions – EU, UN & US list

Other Key factors

www.cfa.org.cy 48

Other Key factors

c) Other High Risk clients Depending on the classification derived following the risk assessment

www.cfa.org.cy 49

Due Diligence

19 April

www.cfa.org.cy 50

• Firms need to set out specific requirements for

gathering KYC information and documentation enabling them to asses the risk.

• High risk  Enhanced Due Diligence (EDD)

Due Diligence

www.cfa.org.cy 51

Due Diligence

www.cfa.org.cy 52

a) Enhanced Due Diligence (EDD)

• EDD should be performed for higher risk categories
• f clients, business relationships or transactions.
• EDD procedures must be customised according to

areas that pose higher risk.

Due Diligence

www.cfa.org.cy 53

Enhanced Due Diligence (EDD) measures may include:

i. Escalated awareness of firm’s employees regarding the business relationship with the client - including enhanced briefing of client teams. ii. Increase of the approval process regarding the establishment of a business engagement (CEO or Managing Director)

• iii. Obtaining additional information on UBO, Settlor, trustee, person exercising

control, other (e.g occupation, overall wealth, information available through public databases, internet) and more frequent update

• iv. Obtain more detailed info on reasons for intended or performed transactions

carried out by the client as well as the nature of the business relationship v. Obtaining more detailed info and documentation on the source of funds or source of wealth of the settlor or BO

• vi. Corroborate to have a more thorough risk profile
• vii. Increasing the frequency and intensity of transaction monitoring

Due Diligence

www.cfa.org.cy 54

Due Diligence

www.cfa.org.cy 55

Due Diligence

High risk area on client profile EDD measures to mitigate risk Non-face to face More identity verification or video call PEP Additional details and supporting documentation on source and size of wealth High net worth client Additional details and supporting documentation on source and size of wealth Business relationship with high risk 3rd countries Deeper and sophisticated transaction monitoring

Examples of customization of procedures:

www.cfa.org.cy 56

Due Diligence

www.cfa.org.cy 57

b) Simplified Due Diligence (SDD) SDD measures may be applied in exceptional cases, considered on a case by case basis, ensuring that the business relationship or transaction presents a low risk for ML/TF. In the case of SDD, certain adjustments can be made to reflect the low risk assessment, such as:

• the source of information obtained for identification/verification scope
• the timing of implementation of client due diligence procedures
• the frequency of planned client due diligence updates
• the frequency & level of transaction monitoring

SDD should NOT be applied in all Low risk clients! Under no circumstances a client transaction monitoring stops! Due Diligence

www.cfa.org.cy 58

Other applications of Risk Based Approach

RISK BASED APPROACH

www.cfa.org.cy 59

Other applications of Risk Based Approach

Other applications of RBA

a) Staff training procedures b)Staffing requirements c) Use of technology d)Compliance department resources, systems and human capital Proportionality principle should be in mind!

www.cfa.org.cy 60

Outline of approach:

a) KYC on client identifying true owners, source and size

• f wealth and other

b) Understand the nature of work c) Understand the commercial rationale of work d) Risk grade the client e) Obtain further documentation/information if needed (EDD) f) Be attentive to red flags g) Document your work! Due Diligence

www.cfa.org.cy 61

30 minutes break

www.cfa.org.cy 62

Restrictive measures

www.cfa.org.cy 63

Restrictive measures – Cy Law

Cyprus Legislation

United Nations Security Council's Resolutions and Decisions (Sanctions) and Decisions and Regulations of the Council of the European Union (Restrictive Measures) Act of 2016 (58 (I) / 2016) Article 4 (1) of the above mentioned Law, provides for the following penalties in case that any person contravenes any of the provisions of the Resolutions / Decisions / Regulations of the Security Council and/or the Council of the European Union:

(a) natural person, imprisonment up to 2 years or fine up to EUR 100K or both, (b) legal person, a fine not exceeding EUR 300K The prosecution of any person may take place only upon the approval of the Attorney General of the Republic

www.cfa.org.cy 64

Restrictive measures - EU

www.cfa.org.cy 65

Restrictive measures - EU

Restrictive measures compliance is a live issue among the competent authorities (June 2018) –circulars by CBC, CySEC, CBA and ICPAC

• A. EU restrictive measures on Ukraine crisis
• B. EU restrictive measures on Iran (including EU Response –

Blocking regulation)

www.cfa.org.cy 66

Restrictive measures - EU

• EU restrictive measures are Cyprus Sanctions
• EU restrictive measures map – www.sanctions.eu
• The Council of Ministers on Feb 2016 established in

Cyprus the Unit for the Implementation of restrictive measures/sanctions in the Financial Sector which examines licensing (etc) requests within the financial sector and it is chaired by the Head of Directorate of Administration and Finance (Mr Kyriakos Kakouris)

www.cfa.org.cy 67

Restrictive measures - EU

www.cfa.org.cy 68

Restrictive measures - EU

• A. EU restrictive measures on Ukraine crisis

Overview:

a) Arms embargo and ban on supply of “dual use of goods” b) Restrictions on “designated persons” i. Freezing of “funds” and economic resources” ii. Prohibition on “making funds available” iii. Visa restrictions and travel bans c) Sectoral restrictions d) Blacklisting of Crimea and Sevastopol business Note: Significant ambiguities exist in the terminology and the risk of misinterpretation is high therefore ALWAYS you should advise Compliance Officer/Legal expert for several issues.

www.cfa.org.cy 69

Council Regulations (EU):

a) Council Regulation (EU) 208/2014 dated 5 March 2014 – after the events at Maidan b) Council Regulation (EU) 269/2014 dated 17 March 2014 listing pro-secessionist politicians in Crimea, Donbas and Russia as well as high profile Russian businessmen - after the events at Crimea and Sevastopol c) Council Regulation (EU) 692/2014 dated 23 June 2014 provides the prohibition on Crimea imports or exports - after the events at Crimea and Sevastopol

Restrictive measures - EU

www.cfa.org.cy 70

d) Council Regulation (EU) 833/2014 dated 31 July 2014 (reinforced on 8 Sep and 4 Dec 2014) - after the events of Luhansk and Donetsk:

• state-owned credit institutions, oil & gas firms,

military and aviation companies - after the events in Crimea & Sevastopol

• restrictions on access to capital and lending
• restrictions on oil exploration

EU Renews sanctions every 6 months – last renewed Jan 2019

Restrictive measures - EU

www.cfa.org.cy 71

Focus on Council Regulation (EU) 833/2014 dated 31 July 2014 (reinforced

• n 8 Sep and 4 Dec 2014)
• 1. Prohibited to directly or indirectly purchase, sell, provide investment

services for or assistance in the issuance of, or otherwise deal with transferable securities and money-market instruments, issued after 1 August 2014 by: a)SBERBANK b)VTB BANK c)GAZPROMBANK d)VNESHECONOMBANK (VEB) and e)ROSSELKHOZBANK f)All direct or indirect subs (>50%) of entities mentioned (a)-(e) g)any legal person, entity or body acting on behalf, or at the direction,

• f an entity within the categories (a)-(f)

Restrictive measures - EU

www.cfa.org.cy 72

No prob to trade shares in the secondary market issued prior to July 2014 and assuming that they are not part of a buyback and reissue schemes

Restrictive measures - EU

www.cfa.org.cy 73

• 2. It shall be prohibited to directly or indirectly purchase, sell,

provide investment services for or assistance in the issuance of,

• r otherwise deal with transferable securities and money-market

instruments issued after 1 August 2014 by: a)ROSNEFT b)TRANSNEFT c)GAZPROM NEFT d)OPK OBORONPROM UNITED e)AIRCRAFT CORPORATION f)URALVAGONZAVOD g)All direct or indirect subs (>50%) of entities mentioned (a)-(f) h)any legal person, entity or body acting on behalf, or at the direction, of an entity within the categories (a)-(g)

Restrictive measures - EU

www.cfa.org.cy 74

• 3. It shall be prohibited to directly or indirectly make
• r be part of any arrangement to make new loans or

credit to any legal person, entity or body referred above, after 1 August 2014 with some exceptions

• 4. No claims valid in connection with any contract or

transaction if they are made with any of the entities referred to in points 1, 2 and 3 above.

Restrictive measures - EU

www.cfa.org.cy 75

EU issued on 4 May 2018 Best practices guide on implementation of Restrictive measures Outline various criteria whereby Ownership and Control may be assessed. Note A natural person may have control over a company without owning 50%+ voting shares

Restrictive measures - EU

www.cfa.org.cy 76

Restrictive measures - EU

www.cfa.org.cy 77

• B. EU restrictive measures on Iran

2015 to present: Restrictive measures reduced following the Joint Comprehensive Plan of Action (JCPOA) August 2018: EU Blocking statute on US snapback – EU officials amended “blocking” regulation designed to shield European firms from the effect of U.S. sanctions. Blocking statute was originally deployed during 1996 re. Cuba Now includes Iran Key questions unaddressed e.g. how the rule would work in practice (especially in case of secondary sanctions) There are two EU restrictive measures regimes:

• Human rights abuses: Council Regulation (EU) 359/2011
• NPT breaches: Council Regulations (EU) 267/2012

Restrictive measures - EU

www.cfa.org.cy 78

JCPOA

• Restrictions on financial transfers removed
• Removal of 34 individuals and 298 entities from asset freeze
• Banking activities between Iran and the EU permissible
• Iran rep offices, branches or subsidiaries by EU institutions possible
• Provision of insurance and reinsurance to non-listed entities allowed
• Supply of financial messaging services (SWIFT) enabled
• Purchase of crude oil, petroleum and petrochemical products allowed
• Investment & dealings with shipping, aviation and transport liberalised
• Tx in public and public-guaranteed bonds with Iranian non-listed entities

permitted

Restrictive measures - EU

www.cfa.org.cy 79

Overall:

• Restrictive measures are here to stay
• Restrictive measures are becoming more

complex

• Criminal offences possible, penalties can

be high

• Navigating restrictive measures

compliance is therefore fundamental

Restrictive measures - EU

www.cfa.org.cy 80

Sanctions – UN

www.cfa.org.cy 81

Sanctions – UN

UN Sanctions -> Security Council has authority to issue sanctions

• UN member states must comply
• Cyprus is part of UN
• China, France, Russia, UK and US UNSC

Permanent Members

• P5 are veto holders: relevant to Russian and

Syrian sanctions

• UNSC Committees: notifications on licences and

panel of experts report on developments

www.cfa.org.cy 82

Sanctions - US

www.cfa.org.cy 83

Sanctions - US

• A. US Sanctions on Russia for Ukraine crisis
• B. US Sanctions on Iran

US left the JCPOA in November 2018

www.cfa.org.cy 84

Sanctions - US

• A. US Sanctions on Russia for Ukraine crisis

Types of US sanctions: 1.“Blocking” sanctions freeze assets of designated persons (Special Designated Nationals – SDN) 2.Sectoral Sanctions restrict access to US capital markets by designated persons in Russia’s finance, defence and energy sectors – similar with EU (Sectoral Sanctions Identifications – SSI) 3.“Secondary” sanctions target certain activities of non-US persons with or for the benefit of US-sanctioned persons and others

www.cfa.org.cy 85

Sanctions - US

• 1. “Blocking” sanctions

Earlier designations (before 6 April 2018)

• Executive Order 13660 (Ukraine-focused sanctions):

Persons contributing to the instability of Eastern Ukraine

• Executive Order 13661 (Russia-focused sanctions):

Russian governmental officials, businessmen and companies with close ties to the Russia government

• Executive Order 13685 (Crimea Embargo):

Investments in Crimea

www.cfa.org.cy 86

Sanctions - US

April 2018 the OFAC added the following individuals and entities on SDN

i) 7 Russian individuals and 12 Entities under their direct and indirect control:

a.Oleg Deripaska  GAZ Group (23 October 2018)  B-Finance Ltd (5 June 2018)  Basic Element Ltd (5 June 2018)  Russian Machines (5 June 2018)  Agroholding “Kuban” (5 June 2018) b.Igor Rotenberg  Gazprom Burenie (5 June 2018)  NPV Engineering (5 June 2018) c.Suleiman Kerimov d.Andrey Skoch e.Viktor Vekselberg (Renova Group - 5 June 2018) f.Kirill Shamalov (Ladoga Management - 5 June 2018) g.Vladimir Bogdanov

www.cfa.org.cy 87

Sanctions - US

ii) 17 Russian state officials and managers of state-owned entities iii) 2 state-owned entities

 Rosoboronexport and  Russian Financial Corporation Bank

www.cfa.org.cy 88

Sanctions - US

Russia – Sectoral sanctions

• Directive 1 prohibits US person transactions in new debt or new equity of designated Russian

banks or subsidiaries

• Directive 2 prohibits US person transactions in new debt of designated Russian oil companies
• r subsidiaries
• Directive 3 prohibits US person transactions in new debt of designated Russian defence

companies or subsidiaries

• Directive 4 prohibits US persons from providing goods, non-financial services or technology

in support of exploration or production for deepwater, Arctic offshore or shale projects that:

• Have the potential to produce oil in Russia or its territorial waters and involve a designated Russian

energy company; or

• If initiated after 29 January 2018, have the potential to produce oil anywhere if a designated entity

holds at least a 33% interest

www.cfa.org.cy 89

Sanctions - US

Russia – “Secondary” sanctions

• Secondary sanctions seek to deter non-US persons from engaging in targeted Russia-related

activities

• Blocking sanctions (SDN designation) may be imposed on a non-US person for engaging in

any of the following activities:  Knowingly violating or causing a violation of US sanctions against Russia (Section 228

• f CAATSA)

 Facilitating a “significant” transaction for a sanctioned Russian person or his or her close relatives (Section 228)  Committing serious human rights abuses in Russia (Section 228)  Being responsible for or “materially” assisting in acts of “significant corruption” in Russia (Section 227)

www.cfa.org.cy 90

Sanctions - US

• OFAC determines whether a transaction is “significant” for the purpose of Section 228 of

CAATSA based on 7 parameters:

• the size, number and frequency of the transaction(s)
• the nature of the transaction(s)
• The level of awareness of management and whether the transaction(s) are part of a

pattern of conduct

• The nexus between the transaction(s) and a blocked person
• The impact of the transaction(s) on statutory objectives
• Whether the transaction(s) involve deceptive practices
• Such other factors that the Secretary of the Treasure deems relevant on a case-by-case

basis If a US person requires specific license, transaction is considered “significant” Transactions with SSI entity are not “significant” unless “deceptive”

www.cfa.org.cy 91

Sanctions - US

“Secondary sanctions” can reach non–US companies - Global Reach of US sanctions BE AWARE - companies engaging in certain activities may become sanctions targets although no

• ne sanctioned yet under these secondary sanctions authorities.

Cyprus is keen to foster positive relations with the US – especially after the visit of US Treasure Assistant Secretary for TF (Q2-2018)

www.cfa.org.cy 92

Sanctions – US - Developments

Developments:

• Lifted sanctions from En+, Rusal and EuroSibEnergo (Unprecedented!) - Congress expected

to make “life difficult”

• Putin list was established on January 2018
• New targets from “Putin list” were expected in q1 2019
• Congress is expected to increase pressure on Trump administration re. new targets since they

are overdue

• Defending American Security from Kremlin Aggression Act (DASKA) & Defending Elections

from Threats by Establishing Redlines Act (DETER) pending in Congress

www.cfa.org.cy 93

Sanctions - US - Developments

Defending American Security from Kremlin Aggression Act (DASKA) (Senator Lindsey Graham)

• Financial Institutions - SDNs or Correspondent banking restrictions on 1 or more of:

a) Sperbank d) VEB g) Promsvyazbank b) VTB e) Bank of Moscow c) Gazprombank f) Rosselkhozbank

• Oligarchs & Senior Political figures “Putin list” – SDNs
• 5 or more “Menu sanctions” on:

a) Persons investing in energy projects outside Russia (>250 mil) supported by SOE b) Persons providing services, goods, tech or support to new crude oil production projects in Russia >1m USD per Tx or >5m USD per 12 months c) Anyone engaged in significant Tx with parties that have the capacity to support cyber activities

• New reports – Revised “Putin list”, New sanctions every 90 days, Report on Putin personal assets &

Net worth, Report on Russia’s war crimes in Syria

• Russian sovereign debt restrictions & Real estate reporting on large Tx

www.cfa.org.cy 94

Sanctions – US - Developments

Defending Elections from Threats by Establishing Redlines Act (DETER) (Senators Marco Rubio & Chris Van Hollen)

• Financial Institutions - SDNs or Correspondent banking restrictions on 3 or more of:

a) Sperbank d) VEB b) VTB e) Bank of Moscow c) Gazprombank f) Rosselkhozbank

• Energy companies – SDNs on 2 or more of:

a) Gazprom b) Rosneft c) Lukoil

• Oligarchs & Senior Political figures “Putin list”, Defense & Intelligence sector – SDNs
• Russian SOEs (>25% interest by Russian Gov) SDNs in the following fields:

a) Railway b) Metals & Mining c) Aerospace d) Air carriers

• Any new >20% acquisitions by Russian SOEs - SDNs
• Russian sovereign debt restrictions

www.cfa.org.cy 95

Sanctions – Iran

www.cfa.org.cy 96

Sanctions – Iran

• B. US Sanctions on Iran

Iran – JCPOA Effect on US Sanctions Refresher

a) Primary sanctions (“Trade embargo”) – Many entities removed

US companies and individuals must not deal directly or indirectly with:

• Government of Iran and its controlled entities
• Goods and services of Iranian origin
• Goods and services for export to Iran
• SDNs of Iran (human rights, missile tech)
• Re-exports of US-origin items to Iran are prohibited

b) Primary sanctions affecting non-US subsidiaries – Introduction of General License H - They apply to

persons “owned or controlled” by a US person

c) Secondary sanctions – Mostly suspended

• Restrict non- US companies from undertaking certain trading activities with Iran
• Imposition of secondary sanctions may lead to restrictions on access to US Financial system, disqualification

from US government contracts and blocking of company property

www.cfa.org.cy 97

Sanctions – Iran

• On 8 May 2018, the US government announced the full reinstatement within 6 months of

the sanctions waived under the JCPOA.

• Non-US companies owned or controlled by US companies will no longer be able to trade with

Iran

• OFAC Recently replaced General License H with an updated license authorising wind-

down of existing activities until 4 November 2018

• Little effect on US-Iran trade, which was already mostly prohibited.
• Iran-related SEC reporting obligations remain in place
• Secondary sanctions targeting activities by non-US persons with or involving Iran will be

reinstated, following a wind-down period.

www.cfa.org.cy 98

Sanctions – Iran

Some secondary sanctions became fully effective 6 August 2018

• Supply of certain goods, services and software to Iran (i.e. coal, graphite, certain metals, software for

integrating industrial processes, goods and services to Iran’s automotive sector)

• Trade with Iran in golds and precious metals
• Certain financial transactions involving Iran (i.e. sale or supply of US dollar banknotes to Iranian

government, purchase or sale of Iranian rials, purchase of subscription to or facilitation of issuance of Iranian sovereign debt)

On 4 November 2018 other secondary sanctions fully effective:

• “Significant” dealings with the government of Iran and entities that it controls
• Certain transactions with Iran’s port operators, shipping and shipbuilding sectors
• Certain transactions involving petroleum or Iran’s energy sector (including i.e. purchase or transport
• f petroleum products, petrochemicals from Iran - sale of refined petroleum to Iran - certain

investments in Iran’s energy sector - Insurance, reinsurance and underwriting services related to the Iranian petroleum sector and certain other activities

• Transactions with the Central Bank of Iran and Iranian Financial Institutions (i.e. significant

transactions by FFIs, provision of financial messaging services)

Iranian FI and government-owned entities will be moved to the SDN list and tagged as “Subject to Secondary Sanctions”

www.cfa.org.cy 99

Sanctions – Iran

Impact for Non-US Companies

a) Waivers provided by JCPOA will not be recognised after relevant wind-down period b) Non-US banks risk losing US correspondent banking privileges if they continue to support non-US companies’ dealings with Iran c) International energy companies and oil importers, including Sinopec and Total, have

• ngoing dealings with Iranian energy industry which could give rise to secondary sanctions

risks d) Iran-related reporting to the SEC by affiliates with US-listed securities may present greater risks

www.cfa.org.cy 100

Sanctions – Iran

US sanctions on DPRK:

• 31 Jan 19 - OFAC fined 1m USD E.l.f. Beauty (cosmetics company) for violations
• Eyelashes made in China, with help from Korea…!
• Significant new development since we may see something similar in Iran or

Russian sanctions

www.cfa.org.cy 101

Transaction Monitoring

www.cfa.org.cy 102

Transaction monitoring

KYC

Practical Implementat ion What to keep an eye out for Actions to be taken

www.cfa.org.cy 103

Transaction monitoring

www.cfa.org.cy 104

Transaction monitoring

KYC & Due Diligence –Client Identification & verification –Client proof of address –Client screening for PEP, Sanctions & Adverse Media –Other relevant information

www.cfa.org.cy 105

Transaction monitoring

Economic Profile

– Principal Activities – Countries of operation – Purpose of business relationship – Source of Funds – Source and Size of Wealth – Size of Income – Anticipated Turnover – Incoming Funds – Outgoing Transfers – Other relevant information

www.cfa.org.cy 106

Transaction monitoring

Implementation issues to consider:

• Realistic Economic Profile establishment
• Development of quality assurance and control

measures for the client

• Comparison of actual client activities with the

anticipated activities declared

• Review and update client economic profile,

depending on the risk rating

www.cfa.org.cy 107

Transaction monitoring – Where to keep an eye on

www.cfa.org.cy 108

Transaction monitoring

Keep an eye on – Agreements – Power of Attorney – Bank payments – BOD resolutions – Counterparty checks – Consistency of transactions with the economic profile – Look at the whole picture

www.cfa.org.cy 109

Transaction monitoring

Agreements (Loan Agreements, SPAs, other)

• Mandate of person giving instructions (if any)
• Check details of the company (name, registration number &

date) – Remember 1MDB case!

• Check details of the directors/persons signing (name,

nationality, passport number & date)

• Supporting documentation mentioned in agreement
• Validity of transaction
• Counterparty check
• Transactions consistency with the economic profile (activities,

amounts, jurisdictions, other)

Document your review!

www.cfa.org.cy 110

Transaction monitoring

Power of Attorney

• Mandate of person giving instructions
• Check details of the company (name, registration number & date)
• Check details of the attorneys (name, passport number, nationality)
• Attorney check (KYC, screening, google, other)
• Validity of transaction (expiry date)
• Supporting documentation
• Transaction consistency with the economic profile (activities,

amount, jurisdiction, other)

Document your review!

www.cfa.org.cy 111

Transaction monitoring

Bank payments

• Mandate of person giving instructions
• Supporting documentation
• Type and purpose of payment
• Receiver/Third party check (KYC, screening, google)
• Transaction consistency with the economic profile

(activities, amount, counterparty, jurisdiction)

• Bank Signatory details (in not member of our firm)

Document your review!

www.cfa.org.cy 112

Transaction monitoring

Red Flags example

• A client not being a Financial Institution is granting a loan to a

third party (not part of the group)

• Authorize the Attorney to take any action on behalf of the

company in a high risk third country which is not connected with the profile of the company

• A client with business activities of holding of investments (real

estate) in Russia proceeds with a large amount of payment to a company that UBO is a Minister of Russian Federation

www.cfa.org.cy 113

Transaction monitoring

In case of identification of suspicious transactions, documents or activities Actions to be taken:

• Internal investigation or review of transaction
• Examine whether the transaction is suspicious with

group

• File and internal STR – SAR to Compliance Officer (if the

transaction is suspicious)

• Always beware of Tip off offence!

www.cfa.org.cy 114

Transaction monitoring

If you do not document it…. it never happened!!!

www.cfa.org.cy 115

Transaction monitoring

Record keeping

• 5 years as per the AML Law
• In case of filing STR & SAR, court case or any other

suspicion the record keeping may exceed 5 years (Soon in legislation) Strongly recommended to establish a record retention policy and ensure implementation of provisions, including destruction of documents!

www.cfa.org.cy 116

Transaction monitoring

www.cfa.org.cy 117

Questions

www.cfa.org.cy 118

Contact Details

Nassos Paltayian BA, ACA, CAMS, ISO27001 LI, HRDA accredited +357 22555800 +357 22555898 nassos.paltayian@abacus.com.cy

www.cfa.org.cy 119 www.cfa.org.cy 119

Thank you!

CYPRUS FIDUCIARY ASSOCIATION Business Address: 1, Menandrou Street, Frosia House, 4th floor, Office 401, 1066 Nicoais, Cyprus P.O. Box 58159, 3731 Limassol, Cyprus Tel.: +357 22 256263 Fax: +357 22 256364 E-mail: info@cfa.org.cy Website: www.cfa.org.cy