The Cyprus Securities and Exchange Commission (the ‘CySEC’), has issued a Circular on the 5th November 2018 (Circular C286), to inform the Regulated Entities that the Financial Action Task Force (FATF) has published a Risk-Based Approach Guidance for the Securities Sector.
Some of the characteristics of securities sectors, such as a high level of interaction, high volumes, speed and anonymity may create opportunities for criminals to launder the proceeds of crime. Each of the activities and services offered by the securities sector participants presents different money laundering and terrorist financing (ML/TF) risks. This Guidance highlights some of these risks depending on the securities products and services involved and the measures to be put in place to mitigate such vulnerabilities.
The Guidance aims to support the design and implementation of the risk-based approach for securities products and services, by providing specific guidance and examples for securities providers and their supervisors. It highlights that the ML/TF risk assessment should reflect the nature, size and complexity of the business. It also stresses the important role of the senior management in fostering and promoting a culture of compliance with anti-money laundering and counter-terrorist financing measures.
The CySEC encourages the Regulated Entities to take duly account and to read the Guidance, which will assist them in the assessment of ML/TF risk and implementation of applicable AML/CFT measures.
It is worth noting that the Guidance issued by FATF defines a “security provider” as:
“…means any natural or legal person who is, or is required to be licensed or registered by a competent authority, to provide securities products and services as a business. Securities providers range from those that largely interact with retail investors, such as retail stockbrokers, wealth managers and financial advisors, to those serving a largely institutional market like clearing members, prime brokers, global custodians, subcustodians and depository banks including securities depository participants. This is not an exhaustive list of all securities providers, and in some instances a securities provider may assume more than one of the above roles. One characteristic, particularly of larger securities providers, is that they may perform a diverse set of activities through different legal divisions or entities within the same group. These different group entities may be subject to different regulatory and statutory requirements and the group’s risk-based approach will need to consider this carefully.”
Executive summary
- The risk-based approach (RBA) is central to the effective implementation of the FATF Recommendations. It means that supervisors, financial institutions, and intermediaries identify, assess, and understand the money laundering and terrorist financing (ML/TF) risks to which they are exposed, and implement the most appropriate mitigation measures. This approach enables them to focus their resources where the risks are higher.
- The FATF RBA Guidance aims to support the implementation of the RBA, taking into account national ML/TF risk assessments and AML/CFT legal and regulatory frameworks. It includes a general presentation of the RBA and provides specific guidance for securities providers and for their supervisors. The Guidance was developed in partnership with the private sector, to make sure it reflects expertise and good practices from within the industry.
- The Guidance describes various types of securities providers that may be involved in a securities transaction and their business models. It also sets out key characteristics of securities transactions that can create opportunities for criminals, and measures that can be put in place to address such vulnerabilities.
- The development of the ML/TF risk assessment is a key starting point for the application of the RBA by securities service providers. It should be commensurate with the nature, size and complexity of the business. The most commonly used risk criteria are country or geographic risk, customer risk, product or service risk and intermediary risk. The Guidance provides examples of risk factors under these risk categories.
- The Guidance highlights that it is the responsibility of the senior management of securities providers to foster and promote a culture of compliance as a core business value. They should ensure that securities providers are committed to manage ML/TF risks before establishing or maintaining business relationships.
- The Guidance clarifies the role and responsibilities of intermediaries that may provide services on behalf of securities providers to customers of securities providers, customers of intermediaries or both. It highlights that the nature of the business relationship between the securities provider, the intermediary and any underlying customers will affect how ML/TF risks should be managed. This includes clarifying when the FATF’s Recommendations on reliance apply.
- The Guidance clarifies that when determining the type and extent of CDD to apply, securities providers should understand whether its customer is acting on its own behalf or as an intermediary on behalf of its underlying customers. Even when CDD is the responsibility of the intermediary, an understanding of the intermediary’s customer base can often be a useful element in determining the risk associated with the intermediary itself. The level of understanding should be tailored to the perceived risk level of the intermediary